Service Security, Privacy & Compliance
Log Management & Analysis
In cloud environment, operator's cost for cloud management increased because of complexity by virtualization technology and various platform technology. Getting a complete view of cloud environment is harder than an existing system environment. In the situation, log data from machines and components is important element to get an overview of system, and log is also useful for trouble shooting, performance tuning and security analytics. However existing analytics approach have a issue against large scale log data. We are focusing wide basic technologies, log collection, log retention, sequence/correlation mining and user interface, and tackling the issue.
A company is required not only log collection and retention but also a capability of detection for accident, malicious behaviour and things like that as compliance. Anomaly detection is not easy for event a system of one company, and it's more difficult in cloud environment that have multiple type of users who have complexity authorization. In order to address the problem, we need to consider new security analytics model and are trying to detect them.
Data Security for content protection in distributed environment
In modern manufacturing industries, such as automobiles, airplanes, and aerospace, product development is a collaborative process among many companies in distributed environments. In such cross-enterprise environments, the companies must share engineering information, such as specifications, Bill of Materials, and test environments. It is very important that the companies only exchange the necessary information to protect their own Intellectual Property. In this project, we are researching on data security for content protection in such distributed environments.
In modern manufacturing industries, such as automobiles, airplanes, and aerospace, product development is a collaborative process among many companies in distributed environments. Following are security requirements for contents to be shared in such cross-enterprise environments.
- Only contents granted by the owners can be shared with other partner companies, and fine-grained access policy can be defined to each partner.
- Contents are protected without using a central server.
In many cases, contents are developed in "no one knows everything" condition in distributed environments. Contents need to be securely managed in such environments.
- Contents should be managed by using virtual single master data
If the owner prepares for a version of the content to be shared with a specific company, it will complicate the version control, especially in case the version is updated. Therefore, it is necessary that the content can be shared by multiple companies while using just one single master.
- Contents should be securely shared regardless of the content sharing method.
There are several methods to share contents, such as via e-mail, DB, or off-line media like DVD. Each company has its own policy for data sharing, and it is often difficult to have a common interface to share contents in cross-enterprise environment. Therefore, contents should be able to be shared regardless of the content sharing method.
- Illegally re-distributed contents should be traced.
Even if contents are illegally re-distributed, intentionally or non-intentionally, such contents should be traced and the traitors should be pointed out. This will deter such illegal distribution as well.
IBM Tokyo - Research researches focuses on data security which satisfies all of the requirements discussed, taking advantage of various IBM technologies, such as broadcast encryption and datahiding.
Figure-1 shows an example. A content is created by one or more content owners. Each owner divides the master data into parts that constitute the minimum unit of the access control policy, and each part is encrypted based on a special key management system IBM invented. Each client who shares the content can decrypt only parts of the content granted by the owner. By this method, contents can be shared as virtual single master, and each owner need not prepare for separate version for each company to share. This makes management of the content very simple and easy for each owner.
Content is distributed in one-way communication regardless of distribution method, including mail, DB sharing, or off-line media, such as DVD. Since master data is encrypted using the technology IBM invented, and contents can be managed in distributed environment, no central server is necessary.
Furthermore, by combining with IBM data leakage protection technology (add link here), each owner can define fine-grained access policy to each partner, such as printing, screen copying.
However, even if we protect content by encryption, it is very hard to prevent from illegal distribution of the photo images of the decrypted content displayed in PC taken by a digital camera. Even in such circumstances, we can trace the traitor, by embedding invisible mark that can pinpoint the traitor. Such invisible marks used to be applicable only to image data, but our research focuses on embedding such invisible marks even to model and BoM.
Data Security & Privacy for Connected Vehicle
In the next generation of mobility, people, vehicle, device, and society are inter-connected, and various kinds of data are exchanged among them in order to produce valuable data and experience. As the the inter-connected (and so inter-dependent) system is increasingly important, the secure, proper, and reliable data handling is must. For example, when providing personalized service according to the history of driving record, how can we make sure the integrity of the history? How can we protect privacy of driver? How can we deal with the data disclosure within a limitation defined in individual's contract or consent? This is only part of the issues to be solved to realize better connected vehicle system. We are tackling a variety of security and privacy issues for connected vehicle, such as encryption, authenication, identity anonymization, privacy preserving data masking for location and trace.