Synopsis: Security: Security: Security:

smart business, company, home smart city information security, security technology gamification, simulation and optimisation technology e-learning systems big data data mining software development remote monitoring

Romania and Croatia is directions of specialization like cloud-based services or ICT security. The mining and raw material industry offer an opportunity for international cooperation with Bosnia and herzegovina

is convenient for users but also locks users in at the expense of security, privacy and openness:

enhancing cybe-security and mainstreaming digitalisation. The Digital Agenda for Europe20 Innovation Union21, and Horizon 202022 present an integrated approach to help the EU economy become more competitive,

Prescription Pricing Authority NHS Pensions Agency Dental practice Board NHS Logistics Authority NHS Counter Fraud and Security Management Service Authority.

the impact of legacy ICT Part Four 27 4. 25 The IT service provider is responsible for the disaster recovery and perimeter security arrangements and for carrying out regular disaster recovery

and the Authority assesses its compliance against the NHS-wide Information Governance Toolkit. 13 No major security incidents were reported in 2011-12.

Security processes The legacy ICT system meets government security standards (accreditation) in a cost-effective manner

and its security controls ensure the confidentiality, availability and integrity of data. External security risk assessments are carried out regularly.

No bespoke security systems or processes are required. Technology Applications The legacy ICT system fully integrates with the wider ICT environment using standard protocols or common application programme interfaces.

and security patches systematically. Test facilities exist that replicate the production environment exist or can easily be created

22 Building security and trust...26 Legal uncertainties...28 E-business adoption challenges: lessons from EBIP...

SMES also face generic barriers to adoption including trust and transaction security and IPR concerns,

policy responses, 3 october. 5 Trust infrastructure Get the regulatory infrastructure right for trust, security, privacy and consumer protection.

Essential are a culture of security to enhance trust in the use of ICT, effective enforcement of privacy and consumer protection,

OECD (2002), Guidelines for the Security of Information systems and Networks: Towards a Culture of Security;

OECD (1999), Guidelines for Consumer Protection in the Context of Electronic commerce; OECD (1998), Ministerial Declarations on the Protection of Privacy in Global networks, on Consumer Protection in the Context of Electronic commerce and on Authentication for Electronic commerce adopted in Ottawa in 1998 C (98) 177, Annexes 1

security (including spam and viruses), privacy and consumer protection. Intellectual property protection of ICT innovations and digital products is necessary to build the confidence among SMES that is essential

organisational, security, trust and management skills in addition to ICT skills) in conjunction with education institutions, business and individuals.

and security and trust factors (security and reliability of e-commerce systems, uncertainty of payment methods, legal frameworks.

such as on-line security. In Canada, among businesses that did not buy or sell over the Internet,

%40%50%Do not trust technology/security Customer's access to Internet is insufficient It w ould not pay off No skilled personnel Does not apply to the type of enterprise/product Micro firms w ith 0

Building security and trust Lesser known SMES are at a clear disadvantage in terms of buyer confidence compared with large multinationals with highly recognisable brand names.

consumers who use credit cards for on-line transactions are concerned highly about security, protection of credit-related information and secure system firewalls.

Statistical surveys show that security issues (viruses, hackers) are among the most important perceived barriers to Internet use by businesses (B2b and B2c),

for face to face interaction 38.7 31.5 38.3 32.6 30.2 32.5 31.0 28.3 30.6 33.8 Concern about privacy of data or security issues 47.4 61.1 48.1 48.4 55.1

transaction security, legal structures, IPR issues) were of lower concern on average but were seen more often as being negative, particularly in areas such as protection of IPRS and general legal structures.

On the other hand, in the confidence area, large firms were more negative about transaction security (they are also more likely to be transacting on-line than small firms),

especially when consultation services are provided to help develop business strategies based on realistic assessments of benefits and costs. 37 Security,

confidence building and the legal framework Business and consumer confidence in the security and trustworthiness of on-line transactions is essential to the development of e-commerce.

High levels of concern about on-line security, changes in technologies and the overall on-line environment are reflected in the 2002 OECD Guidelines for the Security of Information systems and Networks:

Towards a Culture of Security, a revision of the 1992 OECD Guidelines on Security of Information systems.

and security in on-line transactions, for example by introducing and demonstrating authentication and digital signature systems. 39 E-procurement,

and general framework policies including access to infrastructure, a seamless legal/regulatory environment, on-line security,

Address security trust and confidence through broad policy frameworks, regulatory and self-regulatory tools, trustworthy technologies and affordable redress mechanisms.

progress report, DSTI/IND/PME (2002) 7/ANN/FINAL, OECD, Paris. OECD (2002e), Guidelines for the Security of Information systems and Networks:

Towards a Culture of Security, OECD, Paris. OECD (2002f), Guidelines for Protecting Consumers from Fraudulent and Deceptive Commercial Practices Across Borders, OECD, Paris. OECD (2003a), Broadband driving growth:

as well as contracts dealing with certain securities. Article 9 (3) of the ECD obliges the Member States to regularly inform the Commission about the contracts for which the equivalence principle does not apply.

Typical trustmark systems consist of an accreditation mechanism with an independent supervisor for an online trader to meet the trustmark's requirements (including creditworthiness, security mechanisms, price transparency, provision of information, customer service, data protection

in particular by improving the mutual recognition, interoperability and security of these systems. A large majority of stakeholders confirmed the need for regulatory measures regarding the mutual recognition and acceptance of e-identification and authentication throughout the EU. In 2012,

a lack of payment security and data protection, and finally uncertainties relating to liability in case of unauthorised payments or unsatisfactory deliveries.

This raises the question of the security of payments: a lack of trust is symptomatic,

and both merchants and consumers experience failures in the security of payments. All relevant market actors seem willing to address this problem

while realising that there is a trade-off between the level of security and convenience for the consumer.

It is important that the perceived lack of security does not continue to hamper e-commerce, especially at a cross-border level.

More competition More choice and transparency for consumers More innovation More payment security and customer trust Each of these objectives would benefit from a more integrated European market for card,

Finally, the Paper deals with payment security and data privacy and the possibilities for improvements in this area.

The Commission has also been involved in the discussions within the Internet Governance Forum (IGF) on issues such as the sustainability and security of the Internet.

Providing all public services, especially security, health education and economic services through web portals and applications; Becoming a pilot area for new technologies such as 4g and 5g, Wimax, IPTV, Wi-fi points and Basaksehir mobile applications;

When it is very busy the system can be geared up to a higher light level, enabling surveillance of the crowd for security reasons.

But it will also inevitably raise questions of privacy and security. Dealing with the ownership of the data is an important aspect,

0 1 4 security for operators and goods; by increase safety and security, intra-logistics processes will

thus be improved. The Wellbeing Services Use Case The City of the Future Living Lab is involved in the ELLIOT Project within several use case scenarios (23.

The first Bulgarian prototype (TEMEO) of the cardio belt monitored online 24 hours per day was developed three years ago by Security Solutions Institute.

security is becoming a large concern for the consumer. While users are great lovers of integrated devices,

the security issues enhance the need of combining devices to ensure fighting cybercrime. One way to avoid the need of two electronic devices to ensure security is checking from the payment device itself that is actually using it.

This means being able to recognise some significant properties of the human being, such as fingerprints, iris, DNA,

Integrating a wallet into a smart phone needs a high level of security to protect from cybercrime.

and Security across the world'(8), 9.)‘Technology, innovation and entrepreneurship as drivers of knowledge societies'(9).(1) The area of‘Financial and Economic system'refers to financial and economic aspects of the effects of climate change.

Tilly 2007).(8) The area‘equity and security across the world'refers to equity and security as being basic prerequisites to foster

and support sustainable development (see, for example: UNDP 2011; Barth 2011a. 9) The area of‘technology, innovation and entrepreneurship as drivers of knowledge societies'emphasises the fact that a sustainable development in knowledge societies can only be achieved

and entities participating in the Chilean securities and insurance markets. Such mechanism enforces compliance with all laws

security, storage, and privacy are addressed. This requires a focus on transparency from the citizen's perspective.

but it also raises the security risk of large withdrawals, notwithstanding privacy concerns. This is an instance where open ideation of the design challenge can generate new potential solutions.

Education, Health, Security, Citizenship, Agribusiness, Regional Development, Public Management, Logistic Infrastructure, Innovation and Technology, Environment, Energy Infrastructure,

including the municipality of Eindhoven, Polyground, the Dutch Institute for Technology Security and Safety, the association Crimi-Nee, Philips Lighting, Vinotion and the TU/e Intelligent Lighting Institute.

Lighting, for instance, is regulated highly on security issues, and a company such as Curana has no idea how to cope with these challenges.

Lighting, for instance, is regulated highly on security issues, and a company such as Curana has no idea how to cope with these challenges.

Infrastructure includes physical infrastructure for transportation, communication (e g. broadband), energy/water as well as institutions for security, health education and the legal system.

) Market rules Standards Framework conditions Infrastructure Facilities for transport, communication, energy/water Institutions for security, health education, legal system (e g. employment and bankruptcy law) Economic stability Right

Since the European culture is said to favour security, the risk of failure may be an important impediment to start

EEN) Framework conditions Infrastructure Physical infrastructure Focus on European dimension of physical infrastructure Ensure broadband internet access Institutions for security

Infrastructure includes physical infrastructure for transportation, communication (e g. broadband), energy/water as well as institutions for security, health education and the legal system.

) Market rules Standards Framework conditions Infrastructure Facilities for transport, communication, energy/water Institutions for security, health education, legal system (e g. employment and bankruptcy law) Economic stability Right

Since the European culture is said to favour security, the risk of failure may be an important impediment to start

EEN) Framework conditions Infrastructure Physical infrastructure Focus on European dimension of physical infrastructure Ensure broadband internet access Institutions for security

and Objectives Socially diverse local communities located in well-planned development can foster a sense of place, pride, security and neighbourliness.

Promote best practice in line with the EU 2020 Digital Agenda with regard to interoperability, security, speedy access to Broadband,

Security of energy supply at a competitive price is a cornerstone of future sustainable development within the region.

Ensure security of energy supply in order to support economic and social development; Source energy at a price that does not adversely affect competitiveness;

and which provides security of generation capacity within the Southeast. The building of appropriately located gas fired peaking plants with a capacity of between 50-100 MW,

The potential of a new interconnector to the UK or mainland Europe will strengthen the security of supply

Promote best practice in line with the EU 2020 Digital Agenda with regard to interoperability, security, speedy access to Broadband,

security and justice, can be sustained in an era of ageing populations, global warming and much greater diversity.

Priority Areas for Publicly-performed Research 2013-17 A Future Networks & Communications H Food for Health B Data Analytics, Management, Security & Privacy I Sustainable Food Production

Priority Areas for Publicly-performed Research 2013-17 A Future Networks & Communications H Food for Health B Data Analytics, Management, Security & Privacy I Sustainable Food Production

New materials, Production and automation technology, Cleantech, and Security. These fields present the regional strength in regional publicly funded R&d and industrial activity.

services, online safety and security, intelligent energy networks and smart energy services. To best harness EU funding from these various financial instruments, one of the key challenges for management authorities is

cities, trust, security, etc; b) have a sectoral focus targeting ICT industrial and technological leadership in R&d&i fields such as Key Enabling Technologies (KETS),

telecommunications and software, computer programming, mecatronics, security, e-health, ITC for transport, new media, irrespectively networks of the future, internet services, software and visualization, media network and 3d

networks, cybernetic security, safe software systems, mobile applications design, etc. Horizontal priorities The Northeast regional Smart Specialization Strategy is designed to operate at 4 levels:

Geophysics ICT Mathematics Materials (new) Veterinarian Environment Nanotech Naval Optics Patrimony Health Security Socioeconomic Space Textiles Agro-Food ICT Intelligent

sys. Health Energy Pharmaceuticals Environment Security Space Materials Biotechnologies Transport Socioeconomic 13 Panels 90 Micro-visions 29 domains+Exploratory Online

ICT Analysis, management and security of big data Future internet Software development technologies, instruments, and methods High performance computing and new computational models A3.

Health, Space and Security, and Heritage and cultural identity. Process: http://www. poscce. research. ro/ro/node/node/nid/2438 Project version Dec. 2013 Public debate (mandatory according to the law of transparency) version Apr

2014 Smart specialization fields Bioeconomy ICT Energy & Environment Eco-technologies Public interest priorities Health Security & Space National heritage & identity, cohesion and cross-cultural

linkages Smart specialization fields Bioeconomy ICT, Security & Space Energy, Environment & Climate changes Eco-nano-technologies & Advanced Materials Public interest priorities Health National

heritage & identity Emerging technologies RIS3 Priorities 16 ICT, Security & Space Focus on changes related to Smart Specialization so far Micro-vision fiches after refining (see the Annex for the full process:

Security; Intelligent Systems; Socioeconomics; Space medicine Science; Transport ICT Rationale: ICT prioritized for information security & space security because of new info regarding the sectoral strategies (not available at the time of the first version;

RO is external border of UE. Energy & Environment Energy, Environment & Climate change Rationale:

"In terms of technological capability Romania has the potential for regional clusters in ICT, nanosciences and nanotechnologies, automotive, security and new production technologies".

Security; Intelligent Systems; Socioeconomics; Space medicine Science; Transport)- Prioritization and version Dec. 2013. Public debate-National R&d institutes-Romanian Academy-Private companies-Changes as for version Apr. 2014.

providing relevant content and ensuring necessary preconditions for information, education and security. Starting from the fundamental pillars of the strategy we developed a set of indicators accompanied by the related target values,

education and security (preconditions-the degree of digital alphabetization of the population-%of employees with experience in using computers

and services (i e. secure Web services in EU) to enjoy high levels of security and confidence, a balanced regulatory framework with well defined rights,

These include (i) keeping operational security and quality of supply, (ii) enabling the new operations at the distribution level (including non--discriminatory and effective real-time grid capacity monitoring and management of injections/withdrawals),(iii) market based congestion management,(iv

Innovative Society and Security IT Services The next steps We are moving forward in the process with the help of a consultant.

information and communication technologies, security, biotechnology and logistics. The industrial policy of the Regional Government has established four main priorities in the support of emerging clusters:

The region's ICT sector has specialisation capacities in the fields of mobility and security.

ICT sector specialized in mobility and security. Building the evidence base for RIS3 (II) SWOT Analysis Knowledge Digital Society 15 Weaknesses Large region with difkicult orography:

and urgent, from ageing societies, climate change, to energy efficiency and security...but there is a clear lack of exploitation of innovative solutions to address these social challenges.

and they have a certain security and knowledge of what the future will Hold in turn in the neoliberal or Anglo-saxon model,

2004), mechanisms for ensuring trust and security (Kippert & Swiercz, 2007; Garrison & Posey, 2006), easy-to-use environments, social computing,

Computer security Checklist for Non-Security Technology Professionals, Journal of International Technology and Information management, 15 (3), 87-91.

In ICT, how will we manage the security and privacy of personal data with global digital content doubling every eighteen months,

and zero breaches of security. This will also lead to many Zero initiatives like zero emails, zero time business incubation,

Includes the entire smart solutions ecosystem in energy, infrastructure, transportation, buildings, security, governance, education and healthcare.

nuclear power will continue to present significant opportunities for players that can successfully address the dominant issues of safety and security.

or more employees via their website were company introduction (90.5%),privacy policy statement or certification related to website security (65.2%)and access to catalogues and price lists (52.8%).

related to website security 65.2 Access to product catalogues or price lists 52.8 Links or references to the social media profiles of the company 34.7 Possibility of electronic submission of complaint forms 26.4 Posting vacancies

and security as defined in the regulation on data protection and processes it only for the explicit and legitimate purposes declared

of which underlie the Commission's security decisions and provisions established by the Directorate of Security for these kind of servers and services.

The information you provide will be treated as confidential and aggregated for analysis. Data verification and modification In case you want to verify the personal data

such as interactions with the real world through sensor/actuator networks, network virtualization and cloud computing, enhanced privacy and security features and advanced multimedia capabilities.

Foundations-Architectural Issues-Socioeconomic Issues-Security and Trust-Experiments and Experimental Design Future Internet Areas-Networks-Services-Content Applications FIA Budapest will be the seventh FIA

Security and Trust Introduction to Part III...163 Security Design for an Inter-Domain Publish/Subscribe Architecture...

167 Kari Visala, Dmitrij Lagutin, and Sasu Tarkoma Engineering Secure Future Internet Services...177 Wouter Joosen, Javier Lopez, Fabio Martinelli,

and Fabio Massacci Towards Formal Validation of Trust and Security in the Internet of Services...

security including trust and privacy. The content of this area includes eight chapters covering some of the above architectural research in Future Internet.

privacy, licensing, security, provenance, consistency, versioning and availability; it glues together reusable information fragments into meaningful structured and integrated documents without the need of a predefined schema.

Lack of data integrity, reliability and trust, targeting the security and protection of data; this issue covers both unintended disclosure and damage to integrity from defects or failures,

Security requirements of the transmission links: Communications privacy does not only mean protecting/encrypting the exchanged data

v. Security of the whole Internet Architecture. The Internet architecture is not intrinsically secure and is based on add-ons to, e g. protocols,

On the other hand, mobility is realized still in most cases by means of dedicated/separated architectural components instead of Mobile IP. see Subsection 3. 5. Point 6 Accountability of resource usage and security without impeding

see Subsection. 3. 5. Point. 2 Security: see Subsection. 3. 5 point 5, Subsection 3. 1. Point. 2 and 3. Generality e g. support of plurality of applications

Trust and Security. The authors would like to acknowledge and thank all members of the group for their significant input and the EC Scientific Officers Isidro Laso Ballesteros, Jacques Babot, Paulo De Sousa, Peter Friess, Mario Scillia

and promises security and increased manageability. We define In-Network clouds as an integral part of the differentiated Future Internet architecture,

Applications compliant with these framework services share common security metadata, administration, and management services. The DOC enables the following functions across the orchestration plane:

Since each domain may have different SLAS, security and Towards In-Network Clouds in Future Internet 23 administrative policies,

monitoring and measuring, road safety, security/identity checking, video surveillance, etc. Predictions state that there will be 225 million cellular M2m devices by 2014 with little traffic per node but resulting significant growth in total,

However, from a management system perspective, the scope of this scenario rely in the fact on how the use of semantic models capturing knowledge relating to security functionality

and addressing functionality and associated security mechanisms that are required to enable dynamic looselycoupled systems. The number of participants can be m:

A comprehensive security framework provides functions for the realization of a variety of different trust relationships.

privacy, licensing, security, provenance, consistency, versioning and availability; it glues together reusable information fragments into meaningful structured and integrated documents without the need of a predefined schema.

privacy, licensing, security, provenance, consistency, versioning and availability 5. IDN glues together reusable information fragments into meaningful structured and integrated documents without the need of a predefined schema.

when the exponential growth of small and/or mobile devices and sensors, of services and of security requirements began to show that current Internet is becoming itself a bottleneck.

The follow-up of Nets, Netse 5 proposes a clean-state approach to properly meet new requirements in security, privacy and economic sustainability.

A so-called Supervisor and Security Module (not shown for clarity reason in Fig. 2) is embedded in each Cognitive Manager supervising the whole Cognitive Manager and,

at the same time, assuring the overall security of the Cognitive Manager itself (e g.,, including end-to-end encryption, Authentication, Authorization and Accounting (AAA) at user and device level, Service Security, Intrusion Detection, etc..

Another key role of this module is to dynamically decide, consistently with the application protocols,

Low latency, low jitter, bandwidth, addressing, delivery guarantee, management, mobility, Qos and security. The changing needs of the entities may vary depending on the context of the entities in communication,

OVM (Ontology for Vulnerability Management) to support security needs 35; Netqosont (Network Qos Ontology) to meet the needs of service quality 27;

and studies concerning the unique identification of the entities and the formalization of security mechanisms for the Entity Title Model.

IEEE/IFIP New Technologies, Mobility and Security Conference (2009) 24 Pereira, J. H. S.,Kofuji, S. T.,Rosa, P. F.:

IEEE/IFIP New Technologies, Mobility and Security Conference (2009) 25 Pereira, J.,Sato, L.,Rosa, P.,Kofuji, S.:

An Ontological Approach to Computer system Security. Information security Journal: A Global Perspective (2010) 36 Wong, W.:

6) The investigation of (European) regulation for e-services markets and security regulations;(7) The investigation of the physical environment of e-services in terms of availability, worldwide vs. highly focused (cities),

since detailed and specific security demands, electronic identities, or Quality-of-Experience (Qoe) will outline societal requirements to be met by technological support means,

and has some security benefit. As a counterexample, IPV6 deployment has a cost to the end host to support the dual stack,

But for some protocols the wider scenario requires extra critical functionality for example, security features, if the initial scenario is trusted within a domain.

and quantifying security risks in organizations. The situations analyzed by the aforementioned methodologies are associated often with certain kinds of tussles.

and politicians as well as security and trust experts. 4 Survey of Work on Social and Economic Tussles as Highlighted in FP7 Projects In this section, SESERV looks at specific projects in the FP7 Future Networks project portfolio,

but no mechanism has been suggested to deal with this security problem and the fears that it raises among end-users.

Security and Trust Part III: Future Internet Foundations: Security and Trust 163 Introduction If you are asking for the major guiding principles of Future Internet technology and applications,

the answer is likely to include sharing and collaboration. Cloud computing, for instance, is built on shared resources and computing environments,

it also raises security and privacy concerns and introduces additional protection needs. The Future Internet is characterized by deliberate exposure of precious information

The challenge is to design security and trust solutions that scale to Future Internet complexity and keep the information and resource owner in control, balancing potentially conflicting requirements while still supporting flexibility and adaptation.

as well as providing assurance about security properties of exposed services and information. 164 Part III: Future Internet Foundations:

Security and Trust The chapters presented in the Security and Trust section of this volume look at the challenges mentioned above from three different angles.

which address potential security issues from the beginning, but also imply the need for novel solutions like integrity and availability.

The chapter, Security Design for an Inter-domain Publish/Subscribe Architecture by K. Visala et al. looks into security implications of a data-centric approach for the Future Internet,

The authors introduce a security architecture based on self-certifying name schemes and scoping that ensure the availability of data

It is a good example of how clean-slate approaches to the Future Internet can support security needs by design,

The second group of chapters investigates the provision of assurance of the security properties of services and infrastructures in the future Internet.

The provision of evidence and a systematic approach to ensure that best security practices are applied in the design

Such a discipline is required to particularly emphasize multilateral security requirements, the composability of secure services,

The authors propose security support in programming and execution environments for services, and suggest using rigorous models through all phases of the SDLC, from requirements engineering to model-based penetration testing.

Their considerations lead to the identification of Future Internet specific security engineering research strands. One of the major ingredients of this program, the provision of security assurance through formal validation of security properties of services, is investigated in detail in the chapter‘Towards Formal Validation of Trust and Security in the Internet of Services by R

. Carbone et al. They introduce a language to specify the security aspects of services and a validation platform based on model-checking.

A number of distinguished features ensure the feasibility of the approach to Future Internet scenarios and the scalability to its complexity:

The two chapters demonstrate the way towards rigorous security and trust assurance in the future Internet addressing one of the major obstacles preventing businesses

Security and Trust 165 chapters looks into specific instances of the information sharing and collaboration principle and introduces novel means to establish their security.

The chapter Trustworthy Clouds underpinning the Future Internet of R. Glott et al. discusses latest trends in cloud computing and related security issues.

but also faces new security risks, from the breach of separation between tenants to the compliance challenge in case of distribution over different regulatory domains.

and provide an outlook to their mitigation, embedded in a systematic security risk management process. In cloud computing,

With the three groups of chapters, this section of the book provides directions on how security

The Author (s). This article is published with open access at Springerlink. com. Security Design for an Inter-Domain Publish/Subscribe Architecture Kari Visala1, Dmitrij Lagutin1,

In this paper we present a security design through the network stack for a data-centric pub/sub architecture that achieves availability, information integrity,

and examine the minimal trust assumptions between the stakeholders in the system to guarantee the security properties advertised.

and the security design presented here covers all these as a whole. In this paper we refine and extend our work in 5

Our security goals concur with 1 except that confidentiality and privacy are expected to be handled on top of the network layer

The security goals are: Availability, which means that the attackers cannot prevent communication between a legitimate publisher and a subscriber inside a trusted scope.

The Security Design for an Inter-Domain Publish/Subscribe Architecture 169 scope must be trusted by the communicating nodes to function as promised and much of the security of our architecture is based on this assumption as we explain in 5. Scopes are identified with a special type

Here the security model only guarantees the integrity of the association between an identifier and its content.

but they are assumed not to have a long life-time as the security mechanism is coupled with the identifier.

Security Design for an Inter-Domain Publish/Subscribe Architecture 171 Fig. 1. Publications can refer to other publications persistently using long-term Aids.

in order to keep the publica Security Design for an Inter-Domain Publish/Subscribe Architecture 173 tion data or pending subscription alive.

We refer to our work in 5 for a detailed description of the rendezvous security mechanisms.

Thus we claim that the deployment of new transport functionality in the network to be run at branching points of graphlets can be done scalably. 5 Related Work This section covers related work for publish/subscribe systems and network layer security solutions.

Security issues of the content-based pub/sub system have been explored in 7. The work proposes secure event types

Security Design for an Inter-Domain Publish/Subscribe Architecture 175 5. 1 Security Mechanisms Most of existing network layer security proposals utilize hash chains

Accountable Internet Protocol (AIP) 11 aims to improve security by providing accountability on the network layer.

Security issues and requirements for Internet-scale publish-subscribe systems. In: HICSS'02, Hawaii, USA (2002) 2. Visala, K.,Lagutin, D.,Tarkoma, S.:

Roles and Security in a Publish/Subscribe Network architecture. In: ISCC'10, Riccione, Italy (2010) 6. Clark, D.,Wroclawski, J.,Sollins, K.,Braden, R.:

of service engineering and security engineering. Generic solutions that ignore the characteristics of Future Internet services will fail,

in order to jointly enable the security and trustworthiness of Future Internet services. 1 Introduction 1. 1 Future Internet Services The concept named Future Internet (FI) aggregates many facets

and security breaches in these services may lead to large financial loss and damaged reputation. 1. 3 Research Focus on Developing Secure FI Services Our focus is on the creation and correct execution of a set of methodologies, processes and tools for secure software development.

in order to link security concerns with business needs and thus supporting a business case for security matters.

1) security requirements for FI services,(2) creating secure service architectures and secure service design,

and compose-able services,(4) enabling security assurance, integrating the former results in (5) a risk-aware and cost-aware software development life-cycle (SDLC),

Both the security assurance programme and the programme on Risk and Cost aware SDLC will interact with each of the initial three activities,

and techniques that we consider useful for engineering secure Future internet services. 2 Security Requirements Engineering The main focus of this research strand is to enable the modeling of high-level requirements that can be expressed in terms of

The need for assurance in the future Internet demands a set of novel engineering methodologies to guarantee secure system behavior and provide credible evidence that the identified security requirements have been met from the point of view of all stakeholders.

The security requirements of Future Internet applications will differ considerably from those of traditional applications.

and each one will have his own security requirements. Hence, eliciting, reconciling, and modeling all the stakeholders'security requirements become a major challenge 5. Multilateral Security Requirements Analysis techniques have been advocated in the state of the art 14

but substantial research is needed still. In this respect, agent-oriented and goal-oriented approaches such as Secure Tropos 12 and KAOS 8 are recognized currently well as means to explicitly take the stakeholders'perspective into account.

Furthermore, it is important that security requirements are addressed from a higher level perspective, e g.,, in terms of the actors'relationships with each other.

Unfortunately, most current requirements engineering approaches consider security only at the technological level. In other words current approaches provide modeling and reasoning support for encryption, authentication, access control, non-repudiation and similar requirements.

Such deployments inherit security risks from the classical Internet and, at the same time create new and more complex security challenges.

Examples include illicit tracking of RFID tags (privacy violation) and cloning of data on RFID tags (identity theft).

The definition of techniques for the identification of all stakeholders (including attackers), the elicitation of high-level security goals for all stakeholders,

and the identification and resolution of conflicts among different stakeholder security goals; The refinement of security goals into more detailed security requirements for specific services and devices;

The identification and resolution of conflicts between security requirements and other requirements (functional and other quality requirements;

The transformation of a consolidated set of security requirements into security specifications. The four objectives listed above obviously remain generic by nature,

one should bear in mind though that the forthcoming techniques and results will be applied to a versatile set of services,

so security enforcement mechanisms are indispensable. The design phase of the software service and/or system is a timely moment to enforce

and reason about these security mechanisms, since by that phase one must have grasped already a thorough understanding of the application domain

The security architecture for the system must enforce the visible security properties of components and the relationships between them.

assess and reason about security mechanisms at an early phase in the software development cycle. The research topics one must focus on in this subarea relate to model-driven architecture and security, the compositionality of design models and the study of design patterns for FI services and applications.

The three share the common ambition to maximize reuse and automation while designing secure FI services and systems.

The integration of security aspects into this paradigm is called the so modeldriven security 6, leading to a design for assurance methodology in

which every step of the design process is performed taking security as a primary goal. A way of carrying out this integration includes first decomposing security concerns,

so that the application architecture and its security architecture is decoupled. This makes possible for architects to assess more easily tradeoffs among different security mechanisms,

simulate security policies and test security protocols before the implementation phase, where changes are typically far more expensive.

In order to achieve this, it is needed first to convert the security requirements models into a security architecture by means of automatic model transformations.

These transformations are interesting since whilst requirements belong to the problem-domain, the architecture and design models are within the solution-domain,

so there is an important gap to address. In the context of security modeling, it is extremely relevant to incept ways to model usage control (e g.,

, see 21,22, 18), which encompasses traditional access control, trust management and digital rights management and goes beyond these building blocks in terms of definition and scope.

further research is necessary to find out what kind of security architecture is required in the context and how to carry out the decomposition of such fairly novel architectures.

Until this point in the software and service development process, different concerns security among them of the whole application have been separated into different models,

each addressing different concerns even different security sub-architectures for different security requirements it is required to assure that the composition of all these architectures is accomplished

There are large catalogues and surveys on security patterns available 26,13, but the FI applications yet to come

both from a general perspective and from a security perspective for security-critical software systems. 4 Security Support in Programming Environments Security Support in Programming Environments is not new;

The search for security support in programming environments has to take this context in account.

The requirements and architectural blueprints that will be produced in earlier stages of the software engineering process cannot deliver the expected security value

unless the programs (code) respect these security artefacts that have been produced in the preceding stages. This sets the stage for model driven security in which transformations of architecture and design artefacts is essential,

as well as the verification of code compliance with various 184 W. Joosen et al. properties. Some of these properties have been embedded in the security specific elements of the software design;

other may simply be high priority security requirements that have articulated such as the appropriate treatment of concurrency control and the avoidance of race conditions in the code,

as a typical FI service in the cloud may be deployed with extreme concurrency in mind. Supporting security requirements in the programming code level requires a comprehensive approach.

The service creation means must be improved and extended to deal with security needs. Service creation means both aggregating

and composing services from preexisting building blocks (services and more traditional components), as well as programming new services from scratch using a state-of-the-art programming language.

One could argue that security support for service creation must focus on and enable better static verification.

and building blocks that facilitate effective security enforcement at run-time. Dependent on the needs and the state-of-the-art this may lead to interception and enforcement techniques that simply ensure that the application logic consistently interacts with underpinning security mechanisms such as authentication or audit services.

Otherwise, the provisioning of the underpinning security mechanisms and services (e g. supporting mutual non repudiation, attribute based authorization in a cloud platform etc.)

will be required as well for many of the typical FI service environments. Next we further elaborate on the needs

and hosted by various organizations and providers), each with its own security characteristics. The business compositions are very dynamic in nature,

Secure Service Programming Many security vulnerabilities arise from programming errors that allow an exploit. Future Internet will further reinforce the prominence of highly distributed and concurrent applications,

making it important to develop methodologies that ensure that no security hole arises from implementations that exploit the computational infrastructure of the Future Internet.

and revisit methods from language-based security, in particular type systems, to enforce best-practises currently used

while still maintaining security. 4. 3 Platform Support for Security Enforcement Future Internet applications span multiple trust domains,

In effect, the security enforcement techniques that are triggered by built-in security services and by realistic in the FI setting,

and from a security perspective, the SOP is not strong enough to achieve the appropriate application isolation.

Supporting Security Assurance for FI Services. Assurance will play a central role in the development of software based services to provide confidence about the desired security level.

Assurance must be treated in a holistic manner as an integral constituent of the development process

and artefacts satisfy their functional and security requirements and constraints. Obviously the security support in programming environments that must be delivered will be essential to incept a transverse methodology that enables to manage assurance throughout the software and service development life cycle (SDLC.

The next section clarifies these issues. 5 Embedding Security Assurance and Risk management during SDLC Engineering secure Future Internet services demands for at least two traversal issues,

security assurance and risk and cost management during SDLC. 5. 1 Security Assurance The main objective is to enable assurance in the development of software based services to ensure confidence about their trustworthiness.

Our core goal is to incept a transverse methodology that enables to manage assurance throughout the software development life cycle (SDLC.

Early detection of security failures in Future Internet applications reduces development costs and improves assurance in the final system.

and applying assurance methods and techniques for early security verification. These methods are applied to abstract models that are developed from requirements to detailed designs.

One main area of research is stepwise refinement of security by developing refinement strategies, from policies down to mechanisms, for more complex Engineering Secure Future Internet Services 187 secure protocols, services, and systems.

where functional and security-related design aspects can be refined independently. Model composition must preserve the refinement relation and component properties.

Our aim is to offer developers support for smoothly integrating security aspects into the system development process at any step of the development.

but also the ability to deal with more complex primitives and security properties. Moreover, the Dolev-Yao attacker model 9 used by these tools needs to be extended to include new attack possibilities such as adaptive corruptions

Security Assurance in Implementation. Several assurance techniques are available to ensure the security at the level of an implementation.

Security policies can be implemented correctly by construction through a rigorous secure programming discipline. Internet applications can be validated through testing.

Moreover, implementations can be monitored at run-time to ensure that they satisfy the required security properties.

automated generation in XML-based input data to maximize the efficiency in the security testing process,

Security concerns are specified at the business-level but have to be implemented in complex distributed and adaptable systems of FI services.

in order to guarantee that security concerns are taken correctly into account through the whole SDLC. A chain of techniques and tools crossing the above areas is planned.

Security Metrics. Measurements are essential for objective analysis of security systems. Metrics can be used directly for computing risks (e g.,

Security metrics in the future Internet applications become increasingly important. Service-oriented architectures demand for assurance indicators that can explicitly indicate the quality of protection of a service,

evolving security requirements, etc.,both during system development and operation. Based on the modular approach to risk and cost analysis one needs methods to manage the dynamics of risks.

The methodology of this strand spans the orthogonal activities of security requirement engineering, secure architecture and design,

During security requirements engineering risk analysis facilitates the identification of relevant requirements. Furthermore, methods for risk and cost analysis offer support for the prioritization and selection among requirements through e g. the evaluation of trade-off between alternatives or the impact of priority changes on the overall level of risks and cost.

In the identification of security mechanisms intended to fulfil the security requirements risk and cost analysis can be utilized in selecting the most cost efficient mechanisms.

The following architecture and design phase incorporates the security requirements into the system design. The risk and cost models resulting from the previous development phase can at this point be refined

Such cost metrics may also be used in combination with security metrics for the optimization of the balance between risk and cost.

and in supporting the identification of means for risk mitigation based on security metrics. 190 W. Joosen et al. 6 Conclusion We have advocated in this paper the need

and the opportunity for firmly establishing a discipline for engineering secure Future Internet Services, typically based on research in the areas of software engineering, security engineering and of service engineering.

Model-based security analysis in seven steps a guided tour to the coras method. BT Technology Journal 25,101 117 (2007) 5. Bresciani, P.,Perini, A.,Giorgini, P.,Giunchiglia, F.,Mylopoulos, J.:

Model-driven security in practice: An industrial experience. In: Schieferdecker, I.,Hartman, A. eds. ECMDAFA 2008.

and analysis of security protocols. In: Gupta, A.,Malik, S. eds. CAV 2008. LNCS, vol. 5123, pp. 414 418.

On the security of public key protocols. In: Proceedings of the 22nd Annual Symposium on Foundations of Computer science, WASHINGTON DC, USA, pp. 350 357.

Proceedings of the 2000 IEEE Symposium on Security and Privacy, WASHINGTON DC, USA, pp. 246 255.

Modelling security and trust with secure tropos. In: Integrating Security and Software engineering: Advances and Future Vision, IDEA (2006) 13.

Group, O.:Security design pattern technical guide, http://www. opengroup. org/security/gsp. htm 14.

G urses, S f.,Berendt, B.,Santen, T.:Multilateral security requirements analysis for preserving privacy in ubiquitous environments.

In: Proc. of the Workshop on Ubiquitous Knowledge discovery for Users at ECML/PKDD, pp. 51 64 (2006) 15.

Extracting relations among security patterns. In: SPAQU'08 (Int. Workshop on Software Patterns and Quality)( 2008) 18.

Security services architecture for secure mobile grid systems. Journal of Systems Architecture. In Press (2010) 24.

Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21 (1), 2003 (2003) 25.

A survey on security patterns. Progress in Informatics 5, 35 47 (2008) Towards Formal Validation of Trust and Security in the Internet of Services Roberto Carbone1, Marius Minea2, Sebastian Alexander M odersheim3

, Serena Elisa Ponta4, 5, Mathieu Turuani6, and Luca Vigan`o7 1 Security & Trust Unit, FBK, Trento, Italy 2 Institute e-Austria, Timi¸soara, Romania 3 DTU, Lyngby

, Denmark 4 SAP Research, Mougins, France 5 DIST, Universit`a di Genova, Italy 6 LORIA & INRIA Nancy Grand Est, France 7

and security impact of an option, a minor change, a combination of functionalities, etc.,due to the subtle and unforeseeable situations and behaviors that can arise from this panoply of choices.

The formal verification of trust and security of the Internet of Services will significantly boost its development

techniques and tools are provided to ensure security. Deploying services in future network infrastructures entails a wide range of trust and security issues

but solving them is extremely hard since making the service components trustworthy is not sufficient:

and associated exploits that are already plaguing complex web-based security-sensitive applications, and thus severely affect the development of the future internet.

Moreover, security validation should be carried out at all phases of the service development process, in particular during the design phase by the service designers themselves or by security analysts that support them in their complex tasks,

so as to prevent the production and consumption of already flawed services. Fortunately, a new generation of analyzers for automated security validation at design time has been recently put forth;

this is important not just for the results these analyzers provide, but also because they represent a stepping stone for the development of similar tools for validation at service provision and consumption time,

thereby significantly improving the all-round security of the Ios. In this chapter, we give a brief overview of the main scientific and industrial challenges for such verification tools,

the AVANTSSAR Validation Platform (or AVANTSSAR Platform for short) is integrated an toolset that has been developed in the context of the AVANTSSAR project (www. avantssar. eu, 4) for the formal specification and automated validation of trust and security of service

and service infrastructures, enhance their security and robustness, and thus increase the development and public acceptance of the Ios. We proceed as follows.

some of the main features of specification languages and automated validation techniques that have been developed for the verification of trust and security of services.

and reasoning about trust and security of SOAS is complex due to three main characteristics of service orientation.

Towards Formal Validation of Trust and Security in the Internet of Services 195 Second, SOAS are also distributed systems,

SOAS and their security requirements are continuously evolving: services may be composed at runtime, agents may join or leave,

The security properties of SOAS are, moreover, very diverse. The classical data security requirements include confidentiality

Various languages have been proposed to model trust and security of SOAS, e g.,, BPEL 24, p calculus 19, F#5, to name a few.

One needs a language fully dedicated to specifying trust and security aspects of services, their composition,

++which we have defined to be close to specification languages for security protocols/services and to procedural and object-oriented programming languages.

they can be used to describe service workflows and steps in security protocols. For instance, an employee (Alice) changing group membership at the command of her manager (Peter) can be formalized as:

Finally, we need to model the security properties. While this can be done by using different languages,

we may require a separation of duty property, namely that for privacy Towards Formal Validation of Trust and Security in the Internet of Services 197 purposes,

Rather, novel and different validation techniques are required to automatically reason about services, their composition, their required security properties and associated policies.

and the heterogeneous security contexts is to integrate different technologies into a single analysis tool,

When security constraints are to be respected, it can be very complex to discover or even to describe composition scenarios.

and is constructed with respect to security goals using the techniques we developed for the verification of security protocols. 3. 2 Model Checking of SOAS Model checking 13 is a powerful and automatic technique for verifying concurrent systems.

and, more recently, important results have been obtained for the analysis of security protocols. In the context of SOAS, a model-checking problem is the problem of determining

whether a given model representing the execution of the service under scrutiny in a hostile environment enjoys the security properties specified by a given formula.

these security properties can be complex, requiring an expressive logic. Most model-checking techniques in this context make a number of simplifying assumptions on the service

Yet we might be interested in establishing the security of a service that relies on a less insecure channel.

In fact, services often rely on transport protocols enjoying some given security properties (e g. TLS is used often as a unilateral or a bilateral communication authentic and/or confidential channel

thus important to develop model-checking techniques that support reasoning about communication channels enjoying security-relevant properties, such as authenticity, confidentiality, and resilience.

by supporting reasoning about LTL formulae, allows one to reason about complex trace-based security properties.

In particular, the AVANTSSAR Platform integrates a bounded model-checking technique for SOAS 1 that allows one to express complex security goals that services are expected to meet as well as assumptions on the security offered by the communication channels. 3. 3 Channels

It is, Towards Formal Validation of Trust and Security in the Internet of Services 199 of course,

and security requirements of a goal service and a description of the available services (including a specification of their security-relevant behavior,

in order to build an orchestration of the available services that meets the security requirements stated in the policy.

and a security goal formally specified in ASLAN, and automatically checks whether the orchestration meets the security goal.

If this is the case, then the ASLAN specification of the validated orchestration is given as output,

Towards Formal Validation of Trust and Security in the Internet of Services 201 Vulnerability: Policy:

Trust and Security CS: Composed Service CP: Composed Policy S: Service insecure P Policy Composed service/policy CP CS Secured service/policy TS Wrapper CS CP secure Services feedback BPMN

and Industry Migration The landscape of services that require validation of their security is very broad.

and the security mechanisms that implement them independently of their use in particular workflows. There is thus a clear advantage in having a language allowing the specification of policies via clauses (e g.,

Classes of properties that have been verified include authorization policies, accountability, trust management, workflow security, federation and privacy.

the OASIS SAML security standard is written in natural language that is often subject to interpretation. Since the many configuration options, profiles, protocols, bindings, exceptions,

it is hard to establish which message fields are mandatory in a given Towards Formal Validation of Trust and Security in the Internet of Services 203 profile and

to perform the same security-critical operations as the legitimate token user. Formal validation of trust and security will become a reality in the Internet of Services

only if and when the available technologies will have migrated to industry, as well as to standardization bodies (which are driven mostly by industry 204 R. Carbone et al

First, in the trail of the successful analysis of Google's SAML-based SSO, an internal project has been run to migrate AVANTSSAR results within SAP Netweaver Security

and identity provider services fulfill the expected security desiderata in the considered SAP relevant scenarios.

For instance, the authentication flaw in the SAML standard helped SAP business units to get major insights in the SAML standard than the security considerations described in Towards Formal Validation of Trust

and Security in the Internet of Services 205 there and helped SAP Research to better understand the vulnerability itself

The AVANTSSAR technology has been integrated also into the SAP Net-Weaver Business Process Management (NW BPM) product to formally validate security-critical aspects of business processes.

and development of a security validation plug-in that enables a business process modeler to easily specify the security goals one wishes to validate such as least privilege

A scalability study has also been conducted on a loan origination process case study with a few security goals

as it allows for validating all the potential execution paths of the BP under-design against the expected security desiderata.

In particular, the migration activity succeeded in overcoming obstacles for the adoption of model-checking techniques to validate security desiderata in industry systems by providing an automatic generation of the formal model on

as well as highlighting the model-checking results as a comprehensive feedback to a business analyst who is neither a model-checking practitioner nor a security expert.

the security validation plug-in is listed currently in the productization road-map of SAP products for business process management. 6 Conclusions

and security of the Ios. The research innovation put forth by AVANTSSAR aims at ensuring global security of dynamically composed services

Together, all these research efforts will result in a new generation of tools for automated security validation at design time

These advances will significantly improve the all-round security of the Ios, and thus boost its development and public acceptance.

LTL Model Checking for Security Protocols. Journal of Applied Non-classical logics, special issue on Logic and Information security, 403 429 (2009) 2. Armando, A.,Carbone, R.,Compagna, L.,Cu'ellar, J.,Pellegrino

Proceedings of the 6th ACM Workshop on Formal Methods in Security Engineering (FMSE 2008), pp. 1 10.

Automated Validation of Trust and Security of Service-Oriented Architectures. FP7-ICT-2007-1, Project No. 216471, http://www. avantssar. eu, 01.01.2008 31.12.2010 5. Bhargavan, K.,Fournet, C.,Gordon, A d.:

Verified Reference Implementations of WS-Security Protocols. In: Bravetti, M.,N'u nez, M.,Zavattaro, G. eds.

A security tool for web services. In: de Boer, F. S.,Bonsangue, M m.,, Graf, S.,de Roever, W.-P. eds.

Static validation of security protocols. Journal of Computer security 13 (3), 347 390 (2005) 9. Boichut, Y.,H'eam, P.-C.,Kouchnarenko, O.:

Safely composing security protocols. Formal Methods in System Design 34 (1), 1 36 (2009) 16.

Proceedings of the 19th MFPS, ENTCS 83, Elsevier, Amsterdam (2004) Towards Formal Validation of Trust and Security in the Internet of Services 207 17.

On the Security of Public-Key Protocols. IEEE Transactions on Information theory 2 (29)( 1983) 18.

Abstraction by Set-Membership Verifying Security Protocols and Web Services with Databases. In: Proceedings of 17th ACM conference on Computer and Communications security (CCS 2010), pp. 351 360.

The Open-source Fixed-Point Model Checker for Symbolic Analysis of Security Protocols. In: Aldini, A.,Barthe, G.,Gorrieri, R. eds.

The Transport Layer Security (TLS) Protocol, Version 1. 2. IETF RFC 5246 (Aug. 2008) 27.

This article introduces upcoming security challenges for cloud services such as multi-tenancy, transparency and establishing trust into correct operation,

and security interoperability. For each of these challenges, we introduce existing concepts to mitigate these risks

and security architectures and mechanisms. 4 For which the Internet pioneer Vint Cerf has suggested recently the term Intercloud J. Domingue et al.

Trust and security are regarded often as an afterthought in this context, but they may ultimately present major inhibitors for the cloud-of-clouds vision.

and discuss the complex trust and security requirements. Furthermore, we survey existing components to overcome these security and privacy risks.

We will explain the state-of-the-art in addressing these requirements and give an overview of related ongoing international,

and Security Limitations of Global Cloud Infrastructures 2. 1 Cloud Security Offerings Today According to the analyst enterprise Forrester research and their study Security and the Cloud 17 the cloud security market is expected to grow to 1

1. securing commercial clouds to meet the requirements of specific market segments 2. bespoke highly secure private clouds 3. a new range of providers offering cloud security services to add external security to public clouds

Other cloud providers also adapt basic service security to the needs of specific markets and communities.

This allows tailor made solutions to specific security concerns-in particular in view of the needs of larger customers.

In the same way, the base security of Microsoft public cloud services is adapted to the targeted market.

even though they offer only limited base security and largely transfer responsibility for security to the customer.

Therefore in parallel to the differentiated security offerings via bespoke private or community clouds, there is also a growing complementary service market to enable enhanced security for public clouds.

Here a prime target is the small to mid-size enterprise market. Examples for supplementary services are threat surveillance (e g.

For the security objectives when adopting clouds for hosting critical systems we believe that today's datacenters are the benchmark for new cloud deployments.

For security this argument leads to two requirements for cloud adoption by enterprises: The first is that with respect to security and trust,

new solutions such as the cloud or cloud-of-clouds will be compared and benchmarked against existing solutions such as enterprise or outsourced datacenters.

We will use these requirements in our subsequent arguments. 3 New Security and Privacy Risks and Emerging Security Controls Cloud computing being a novel technology introduces new security risks 7 that need to be mitigated.

As a consequence cautious monitoring and management of security risks 13 is essential (see Figure 1 for a sketch following 12.

We now survey selected security and privacy risks where importance has been increased by the cloud and identify potential security controls for mitigating those risks. 1. Survey of Risks 2. Design of Controls 3. Implement. of Controls 4. Monitoring of Effectiveness Fig. 1. Simplified Process for Managing

Security Risks 12) Trustworthy Clouds Underpinning the Future Internet 213 3. 1 Isolation Breach between Multiple Customers Cloud environments aim at efficiencies of scale by increased

sharing resources between multiple customers. As a consequence, data leakage and service disruptions gain importance and may propagate through such shared resources.

An important requirement is that data cannot leak between customers and that malfunction or misbehavior by one customer must not lead to violations of the service-level agreement of other customers.

and moderate all undesired information flows 19.214 R. Glott et al. 3. 2 Insider Attacks by Cloud Administrators A second important security risk is the accidental

since security controls need to strike a balance between the power needed to administrate and the security of the administrated systems.

A practical approach to minimize this risk is to adhere to a least-privilege approach for designing cloud management systems.

Due to the corresponding logging, the security auditors can later determine which employee has held what privileges at any given point in time.

security incidents are largely invisible to a customer: Data corruption may not be detected for a long time. Data leakage by skilled insiders is unlikely to be detected.

the right to correction and deletion as well as the necessity of reasonable security safeguards for the collected data.

Transparency, technical and organizational security safeguards and contractual commitments (e g.,, Service Level Agreements, Binding Corporate Rules.

Also, the cloud service provider could prove to have an appropriate level of security measurements by undergoing acknowledged auditing

Security Integration and Transparency. The third challenge is to allow customers to continue operating a secure environment.

This means that security infrastructure and systems within the cloud such as intrusion detection event handling and logging, virus scans,

and access control need to be integrated into an overall security landscape for each individual customers. Depending on the type of systems,

but may also require security technology within the cloud. One example is intrusion detection: In order to allow customers to'see'intrusions on the network within the cloud and correlate these intrusions with patterns in the corporate network,

From a security perspective, this will raise new challenges. Customers need to provide a consistent security state over multiple clouds

and provide means to securely fail-over across multiple clouds. Similarly, services will be composed from underlying services from other clouds.

As such, it can rely on security and privacy mechanisms that were developed for service-oriented architectures and outsourcing.

We surveyed security risks that gain importance in this setting and surveyed potential solutions. Today, demand for cloud security has increased

but the offered security is limited still. We expect this to change and clouds with stronger security guarantees will appear in the market.

Initially they will focus on security mechanisms like isolation, confidentiality through encryption, and data integrity through authentication.

However, we expect that they will then move on to the harder problems such as providing verifiable transparency,

to integrate with security management systems of the customers, and to limit the risks imposed by misbehaving cloud providers and their employees.

Acknowledgments. We thank Ninja Marnau and Eva Schlehahn from the Independent Centre for Privacy Protection Schleswig-Holstein for substantial and very helpful input to our chapter on privacy risks.

Virtualizing networking and security in the cloud. SIGOPS Oper. Syst. Rev. 44,86 94 (2010), doi:

ACM Workshop on Cloud computing Security (CCSW'09), pp. 85 90. ACM Press, New york (2009) 7. Cloud Security Alliance (CSA:

Top threats to cloud computing, version 1. 0. March 2010), http://www. cloudsecurityalliance. org/topthreats/csathreats. v1. 0. pdf 8. Computer and Communication

Proceedings of the 2010 ACM workshop on Cloud computing security workshop, Chicago, Illinois, USA. CCSW'10, pp. 77 86.

Security and the cloud: Looking at the opportunity beyond the obstacle. Forrester research (October 2010) 18.

Cloud computing and security. Lecture Univ. Stuttgart (November 2009) 26. Weichert, T.:Cloud computing und Datenschutz (2009), http://www. datenschutzzentrum. de/cloud-computing/Data Usage Control in the future Internet Cloud Michele Bezzi and Slim Trabelsi SAP Labs

On top of this a wide variety of applications has different requirements with regard to quality, reliability and security from the underlying networks.

The control and verification of service level agreements (SLAS) between domains as well as inter-domain security have to be addressed in federated testbeds as well as in the real Internet.

and data exchange among providers (e g. 8). Intrusion detection systems can increase situation awareness (and with this overall security) by sharing information.

Applications, Security, Safety, and Architectures. IEEE Communications Surveys 2 (1)( 1999), http://www. comsoc. org/pubs/surveys/1q99issue/psounis. html 17.

Trust Management and Security, privacy and data protection mechanisms of distributed data. An addressing scheme, where identity and location are embedded not in the same address.

Support of security, reliability, robustness, mobility, context, service support, orchestration and management for both the communication resources and the services'resources.

even greater challenges appear, with many concerns relevant to privacy, security and governance and with a diversity of issues related to Internet's effectiveness and inclusive character.

security and data protection with transparent and democratic governance and control of offered services as guiding principles (10,11). 1. 1 Autonomicity

Dependability and security; scalability; services (i e.:cost, service-driven configuration, simplified services composition over heterogeneous networks, large scale and dynamic multi-service coexistence, exposable service offerings/catalogues;

In addition, security risks currently present in network environments request for immediate attention. This could be achieved by building trustworthy network environments to assure security levels

and manage threats in interoperable frameworks for autonomous monitoring. 1. 2 The Vision of a Modern Self-Managing Network The future vision is that of a self-managing network

whose nodes/devices are designed in such a way that all the so-called traditional network management functions, defined by the FCAPS management framework (Fault, Configuration, Accounting, Performance and Security) 14,

security, reliability and Enhanced Network Self-Manageability in the Scope of Future Internet Development 283 robustness.

service levels and application management, security, ongoing maintenance, troubleshooting, planning, and other tasks ideally all coordinated and supervised by an experienced and reliable entity (known as the network administrator).

In this context, we argue that the performance, control, security and manageability issues, considered as non-priority features in the 70s 3 should be addressed now 6. In this chapter,

and Qos, including manageable security services. A new layered architecture for the Control and Management Plane that allows dynamic services composition

The proposed architecture also addresses two major security aspects: secure operation of the VI provisioning process,

and provisioning dynamic security services, to address challenge#5. Fig. 1 shows the reference model of our architecture as it has been modeled in the context of the GEYSERS project.

security, compute power and energy efficiency. In order to enable realistic and effective reasoning at provisioning and run time,

Management, Mobility, Qoe, Qos and Security. This ontology at the intermediate layers is represented in FINLAN by the Net-Ontology and the DL-Ontology (Data link) layers.

One application example is the encryption for security at the intermediate layer. In this example in the actual TCP IP protocols architecture, the layers 3 and 4 are not able to understand the security need in a context

and its complexities usually must be controlled by the Application layer. However, in FINLAN, the Application layer can inform semantically this security need to the Net-Ontology layer.

By this, the related complexities can be handled at the Net-Ontology layer level, instead of the Application layer level.

delivery guarantee, Qos, security and others. 2. 1 Collaboration to the Autoi Planes One of the Autonomic Internet project expectations is to support the needs of virtual infrastructure management to obtain self management

which can cover heterogeneous networks and services like mobility, reliability, security and Qos. The FINLAN project can contribute in its challenges,

Through the FINLAN Net-Ontology layer, requirements such as Qos and Security, can be requested to the network,

Security"/>owl: Individual><owl: Individual rdf: about="&entity; Multimediaconference"><rdf: type rdf: resource="&entity; Content"/>hasneedof rdf:

IEEE/IFIP New Technologies, Mobility and Security Conference (2009) 8 Pereira, J. H. S.,Kofuji, S. T.,Rosa, P. F.:

IEEE/IFIP New Technologies, Mobility and Security Conference (2009) 9 Pereira, J. H. S.,Kofuji, S. T.,Rosa, P. F.:

A large number of additional specifications such as WS-Addressing, WS-Messaging and WS-Security complement the stack of technologies.

The architecture also relies on autonomous systems to supply users with the necessary infrastructure and a security framework.

media caching, security, etc. Thus, the HB, which can be seen as the evolution of today's Home Gateway,

routing/forwarding and security. The goal of the Virtual CAN layer is to offer to higher layers enhanced connectivity services,

which together with the associated managers and the other elements of the ecosystem, offer content-and context-aware Quality of Service/Experience, adaptation, security,

allowing association with the correct CAN. 3. 2 Content-Aware Networks (CAN) The SPS may request the CANP to create multi-domain VCANS in order to benefit from different purposes (content-aware forwarding, Qos, security

Specialization of VCANS may exist (content-type aware), in terms of forwarding, Qos level of guarantees Qos granularity, content adaptation procedures, degree of security, etc.

and offer Qos specific treatment. 3. 3 CAN Layer Security The aim of the security subsystem within the CAN Layer is twofold:

a selection of three degrees of security, being: public traffic, secret content, and private communications.

In public traffic no security or privacy guarantees are enforced. Secret content addresses content confidentiality and authentication by applying common cryptographic techniques over the packets'payload.

The adopted strategy is to evaluate the required end-to-end security along all CAN domains and discretely apply the security mechanisms only where necessary to guarantee the required security level,

with respect to the security degree invoked. The evaluation algorithm considers the user flow characteristics CAN policies and present network conditions.

In order to attain the required flexibility, the related security architecture was designed according to the hop-by-hop model 7 on top of the MANES routers.

The second objective will pursue a content-aware approach that will be enforced by MANE routers over data in motion.

Such security enforcement will be done accordingly to policies and filtering rules obtained from the CANMGR. In turn, CANMGR will compute policies

and traffic filtering rules by executing security related algorithms over information gathered by the monitoring subsystem.

Content-aware security technologies typically perform deep content inspection of data traversing a security element placed in a specific point in the network.

MANE's related security functions are then to perform attacks'identification (e g. port-scan, IP spoofing,

security, and monitoring features, in cooperation with the other elements of the ecosystem. The chapter has indicated also the novel business opportunities that are created by the proposed Media-Ecosystem.

security and privacy as well as IPR protection; operation and research monitoring as well as experiment control; and the issue of defining

with to the aim of blending the fruition of the city's natural 442 H. Schaffers et al. and cultural heritage with safety and security in urban spaces.

and prioritisation of the cultural heritage in their city and also to an exploration of the privacy and security issues that are central to the acceptance and success of Future Internet services for the safety of urban environments.

The extensive use of ICT is also empowering the development of essential services for health, security, police and fire departments, governance and delivery of public services.

Specific information management policies should also be addressed to ensure the required level of security and privacy of information.

Public Safety and Security: sensor-activated video surveillance systems; locationaware enhanced security systems; estimation and risk prevention systems (e g. sensitivity to pollution, extreme summer heating.

as well as security, privacy, and trust 12 13. Cross-domain NG Iot platforms may foster the creation of new services taking advantage of the increasing levels of efficiency attained by the reuse of deployed infrastructures.

trust, security, and privacy) in a standard, easy and flexible way. Now that a number of different approaches towards future GSDP are being addressed in several EU research projects such as SOA4ALL, SLA@SOI, MASTER, NEXOF-RA, etc.

Telco2. 0 (TID) Common Testbed/Gateway Testbed management Testbed Access Interface Testbed Portal Overlay Enabler Security, Privacy and Trust Smart Santander

Node WISELIB User Developed App Tinyos Contiki Sunspot Opencom Middleware Mobility support Horizontal support Federation support Security, Privacy and Trust Fig

i) Access control and IOT Node Security subsystem, ii) Experiment Support Subsystem, iii) the Facility Management Support Subsystem,

< Back - Next >

Overtext Web Module V3.0 Alpha
Copyright Semantic-Knowledge, 1994-2011