Dr SSL says intelligent data is the future of computer security

David M Williams
Monday, 18 May 2009 14:35

Business IT - Security

Elgamal says that fundamentally people forgot we want to protect data itself. At the end of the day, only the right people should have the right access to the right data – no matter where and how that data appears within an organisation.

Thinking about how to catch confidential data leaving a company has brought Elgamal’s keen mind around to the view that data leakage is a whole-of-industry problem.

Elgamal proposes the solution is to make data itself smart, so that a piece of data or a file on disk has knowledge itself of which entities are able to see it and modify it.

If this were attainable, he argues, we would have a much better security model that does not depend on any protocol (like SSL, for example.)

In fact, this model would be superior all around, he believes. Management of information would be much easier. There would be less data leakage. The tax on infrastructure is greatly reduced.

I asked Dr Elgamal if what he was proposing was already seen, perhaps in a limited way, with Digital Rights Management – or DRM. He responded that there are crossovers. Inside a file within his conceptual model you will embed authorisation rights, although it need not be as fine-grained as DRM.

The major way they differ, however, is that DRM solutions are all pretty much part of the application model and not the data. A PDF file or piece of music (for instance) is not necessarily secure because of something inherent within the file itself but because application programs respect the DRM protocols.

DRM can still be circumvented in various ways, but Dr Elgamal certainly sees it as a step in the right direction. (Lest we receive complaints, please do understand Dr Elgamal’s research is not focused on protecting the copying of music but company data.)

“You can’t fix the world in a day and a half,” he said. “It takes many steps in the right direction.”