Dr. Koltuksuz’s A VERY BRIEF BIOGRAPHY:
Dr. Koltuksuz was
born in 1961, received his Masters Degree from the Computer Engineering
Department of Aegean University with a thesis of “Computer Security Principles”
in 1989. Earned his Ph.D. from the same Institution with a dissertation thesis
of “Cryptanalytical Measures of Turkey Turkish for
Symmetrical Cryptosystems” in 1995. And, appointed as an Assistant Professor
subsequently.
He moved to Izmir Institute of Technology,
Department of Computer Engineering in 1996 and became a full-time, tenured
Associate Professor within the same institution in 1999. Dr. Koltuksuz run the Information Systems Strategy and Security
Laboratory (IS3 Lab) in Iztech.
He joined to the department of Computer
Engineering of the College of Engineering of Yaşar
University in September 2009.
Dr. Koltuksuz’s semiar
abstract:
Subject: The Foundations
of the Computer Security Problem
Assoc.
Prof. Koltuksuz, A., Ph.D.
ahmet.koltuksuz@yasar.edu.tr
Yaşar University
College of Engineering,
Dept. of Computer Engineering
İzmir, Turkey
It is quite evident that the need
for security metrics; that are deeply rooted in mathematics, grows rapidly as
the security budgets are becoming demanding more than ever. Apart from already
known security metrics for cryptosystems such as FIPS 140-2(3), the cardinality
of the set of security metrics can be expressed in a single digit integer.
According to the International
Systems Security Engineering Association, the good metrics are those that are
specific, measurable, attainable, repeatable, and time dependent. A security
metrics model consists of three components, which are
• the object being measured,
• the security objectives the
object is being measured against and,
• the method of measurement.
Although many models for security
metrics have been proposed, the question is whether it can be done or not. In
other way of saying, is it possible to define a security metric for any given
information system?
Defining a security metric for an
information system other than the symmetrical cryptosystem is very hard due to
fact that there is neither a mathematically proven theory nor any definition
for semantic information. This furthermore means that we do not know what we
are trying to measure. So now, some questions for semantic information are as
follows:
• What exactly is semantic
information?
• How can we measure it? What
would be the unit?
• Is it continuous or
discrete? Any proofs?
• Is it deterministic or
stochastic?
• Would it be possible to
process it in a finite state machine if it is continuous and/or stochastic?
• How many dimensions will it
take to define it on the condition that it is in continuous domain?
Although the aforementioned
questions have been circulating around for sometime there seems no clear-cut
answers yet. One possible answer as to why not, might be due to fact that all
of our attempts to define the unit for semantic information and, even to define
the information itself, stems from the three dimensional Euclidean geometry; by
which we have based our solution attempts so far.
Trying to define information
and/or knowledge in a three dimensional space as a scalar entity is not
fruitful. Even though the four dimensional space is known since Riemann, we
have yet to include it in our definitions for information and/or knowledge.
Therefore, the solution seems to redefine the semantic information in a
higher-dimensional space.
One of the fields on which four
dimensionally defined semantic information would be utilized, is security
policy creation. It would be possible to express any security policy through
tensor analysis once the security metrics, now in multi-dimensions, are obtained
as matrices.
Time:
Wednesday, March 23rd of 2011, 11:15-13:15 hrs
Place: RUT, Building B, Rm. 107