The Open Source Business Challenge - and...

9 Nov 2005. W. Caelli (QUT) 1

The Open Source Business Challenge- and Opportunity

Seminar to the: Department of Information Systems and Operations Management (ISOM), CODEUniversity of Auckland. Auckland. New Zealand.(Tuesday 8 November, 2005)

Prof William J (Bill) Caelli, AOAssistant Dean (Strategy & Innovation)Faculty of Information TechnologyQueensland University of TechnologyBrisbane. Qld. 4000 AUSTRALIA( Email: [email protected] URL: http://www.isi.qut.edu.au )


RETHINKINGRETHINKINGTHE GLOBAL THE GLOBAL ICT ICT BUSINESSBUSINESSENVIRONMENTENVIRONMENT


Open Source……………….

1. New Orleans – RedHat – “coming of age”2. Open Source – Open Systems

– Open Interfaces (GOSIP Legacy?)3. Changing Face of Software Industry – Music?4. Security and Open Source – SELinux, etc5. China/India and the “Atlantic Coalition”6. Southern Hemisphere – 20107. Opportunities – Australia/NZ



1. New Orleans – RedHat –“coming of age”

2. Open Source – Open Systems – Open Interfaces (GOSIP Legacy?)

3. Changing Face of Software Industry – Music?4. Security and Open Source – SELinux, etc5. China/India and the “Atlantic Coalition”6. Southern Hemisphere – 20107. Opportunities – Australia/NZ



• vendor confidence• RedHat first convention• New Orleans - June 2005

• Enter IBM• LINUX - market growth

• coming of age ?



Information Week 9 June 2003



OCTOBER 3, 2005

SPECIAL REPORT: OPEN SOURCE

Open Source: Now It's an EcosystemThis software movement is branching into not just mainstream business applications but also the associated services. And VCs are eager to help…

….. the next frontier of the open-source movement: business applications.



MARKET GROWTH & ACCEPTANCE• LINUX/BSD/Minix distributions • RedHat, RedFlag, IBM, Novell/SUSE, etc) • integrated systems• add-on systems / tools market• BPM / CRM / ERP• scientific / engineering / technical markets• vertical markets

• healthcare, banking/finance, etc• government – acceptance ?

• Australia, New Zealand, USA, UK, etc



• Open source = open systems =

open interfaces• GOSIP – Lesson to be learned!(Government Open Systems Interconnection Profile)• “… further development to provide further

specific guidance to Agencies and suppliers..”• Australian Government – 1990 (UK base)

• too prescriptive (later TCP/IP change)• Example:

• POSIX – Microsoft Windows’NT 3.51



TheGOSIPlesson

Remnants!


BUT………

Need to avoid the

Multi-vendor differencesMultiple API standards

UNIXUNIXConfusionConfusion





– Open Interfaces (GOSIP Legacy?)3. Changing Face of Software Industry

– Music?4. Security and Open Source – SELinux, etc5. China/India and the “Atlantic Coalition”6. Southern Hemisphere – 20107. Opportunities – Australia/NZ



• Software industry • towards service base?

• “compose & perform”• Research – develop – install – operate

• Per-usage charging• Software “utility”

• Mainframe – timesharing legacy!• Outsourcing - offshoring




– Open Interfaces (GOSIP Legacy?)3. Changing Face of Software Industry – Music?4. Security and Open Source –

SELinux, etc5. China/India and the “Atlantic Coalition”6. Southern Hemisphere – 20107. Opportunities – Australia/NZ


“ I just don’t trust banking online.”

Sept. 32005


“…. rules of the game have changed…..

… teams working …. design, test, update…

… spyware…”

APEC – OECD Workshop 5-6 Sept. 2005

Mikko Hypponen, Chief Research OfficerF-Secure Corp., Finland


Keylogger: Bancos.NLKeylogger: Bancos.NL2,700 different bank sites..

check .. token ..session “piggybacking”

(Vasco / Chip&Pin)

APEC – OECD Workshop 5-6 Sept. 2005

Mikko Hypponen, Chief Research OfficerF-Secure Corp., Finland


Brian ValentineSenior Vice-PresidentMicrosoft WindowsDevelopment

“..I’m not proud…We really haven’t doneeverything we could toprotect our customers…. Our products justaren’t engineered for security”Computerworld (Australia)September 16, 2002.Page 14.


MICROSOFT (Mundie, 8 Oct. 2002, RSA, Paris)MICROSOFT (Mundie, 8 Oct. 2002, RSA, Paris)• Question: 25 years to go “trustworthy” ?• Reply:

• “Customers wouldn’t pay for it until recently.• “Information officers ..only recently begun to

demand security.”• “.. Only in last 10 years that Microsoft has

attempted to play in the security-requiringworlds of banking, payroll and networkedsystems…”

VENDOR ESCAPE:


“Windows 2000 ….. once in kernel mode,• operating system and • device driver code

has complete access to system space memory and can bypass Windows 2000 security..…the bulk of the Windows 2000 operating system code runs in kernel mode…”

D Solomon & M Russinovich“Inside Microsoft Windows 2000” (Third Edition)

OS/2 !


15 March 2004


SELINUX

Unfortunately, existing mainstream operating systems lack the critical security feature required for enforcing separation: mandatory access control (MAC)…

….DAC mechanisms are fundamentally inadequate for strong system security.

NSA - 2001

• CIO/CSO understand mandatory accesscontrol (MAC) ?


Securing Online Transactionswith a Trusted Digital Identity

Dave Steeves - [email protected] Software EngineerMicrosoft’s Security Business & Technology UnitSystem Protection Products Team

© 2005. Microsoft Corporation. All rights reserved.

Microsoft Slides

W. Caelli (QUT) 279 Nov 2005.

Goals1. Enable customers to securely perform

online transactions on an insecure machine, over a hostile internet

Bellua Cyber Security Conference 20052. Find more secure scenarios which are

enabled with a trusted digital identityTIPPI Workshop


Secure Online Banking


Securing Online Transactions Recap

Current Online Transaction ModelsThreats Still Exist

SolutionOne Time Secret per TransactionKeep Secret Off Untrusted Device

Reduces Attack SurfaceAttack vectors localized

Hardware Hacking/Physically PresentTempest Attacks

Break Crypto

W. Caelli (QUT) 309 Nov 2005.© 2005. Microsoft Corporation. All rights reserved.

Microsoft is a registered trademark of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Microsoft Slides



• NSA NSA –– 2000 2000 • no commodity OS secure or suitable• SELinux project

• DAC is dead!DAC is dead!• Unsuitable in age of global interconnection

and dynamic devices• Mainframe legacy



• Microsoft Microsoft • Microsoft – 2003 – Palladium/NGSCB

• change the hardware base• Microsoft – June 2005 (Dave Steeves)

• add a PINPad• Microsoft – 2005 – ““SingularitySingularity””

• MACMAC•“B means Business”




– Open Interfaces (GOSIP Legacy?)3. Changing Face of Software Industry – Music?4. Security and Open Source – SELinux, etc5. China/India and the

“Atlantic Coalition”6. Southern Hemisphere – 20107. Opportunities – Australia/NZ


22 August 2005


….beyond the “Atlantic coalition”

Chinese Prime Minister Wen Jiabao, on a tour of India's technology capital, called for closer cooperation to launch the "Asian century" of information technology.India's software skills combined with China's dominance in hardware can trigger a shift in the global technological landscape…... 10 April 2005



SOUTHERN HEMISPHERE 2010SOUTHERN HEMISPHERE 2010• open source acceptance in:

• South America• Africa• South-East Asia

• cost (TCO)? - BUT…….• independency• development of indigenous industry• trust



• Open source management systemsOpen source management systems• Network management• Simplicity for the CIO/CSO

•• SecuritySecurity• SELinux• Management utilities

• Integration with business systems• Vertical marketsVertical markets

• Healthcare (NZ lead!)• Banking/finance• Government/public sector


Open Source……………….• EducationEducation

• Growing demand• USA / Asia / EC• Pacific opportunity

• R&DR&D• “Open Source, Systems and

Interfaces Institute” (OSSII)• Need for an “institute”• Grow SMEs• Assist SMEs



THANK YOU

QUESTION & DISCUSSION

The Open Source Business Challenge - and...

Documents

Transcript of The Open Source Business Challenge - and...