effectsplus july event report
DESCRIPTION
TRANSCRIPT
1
Information Technology Solutions
Clustering
EFFECTSPLUS CONSORT IUM
Waterford institute Of Technology
ATOS
Hewlett-Packard Limited (HPLB)
SAP (AG)
Universita Degli Studi Di Trento
REPORT AUTHOR
Frances Cleary , Waterford Institute
Of technology ([email protected])
REPORT CONTRIBUTORS
Nick Wainwright (HP) , Jim Clarke
(WIT) , Keith Howker (WIT) , Michele
Bezzi ( SAP) , Volkamr Lotz (SAP),
Isabe)l Vinagre Torres ( ATOS) ,
Pedro Soria Rodriguez( ATOS), Nick
Papanikolaou ( HP), Roland Reike ,
Fabio Martinelli, workshop atten-
dees.
Effectsplus 2nd Cluster Event July 4th & 5th 2011 VU University, Amsterdam
2
Information Technology
Clustering
EFFECTSPLUS CONSORT IUM
Waterford institute Of Technology
ATOS
Hewlett-Packard Limited (HPLB)
SAP (AG)
Universita Degli Studi Di Trento
Table Of Contents
Objectives of 2nd Cluster Meeting ………………… … … … … … … … … … … … 3.
Networking & coordination Session ………………… … … … … … … … … … … … 5.
Services and Clouds Cluster Report ………………… … … … … … … … … … … … 9.
Systems and Networks Cluster Report ………………… … … … … … … … … … … … 11
.
Special Interest Groups: policy and Monitoring ………………… … … … … … … … 14.
Trust and security Research Roadmap session ………………… … … … … … … … … 15.
Innovation Potentials & gaps for FP7 Trust and security projects ………………… … 17.
Effectsplus 2012 Wider collaboration event (CSPEF2012) ………………… … … … ..18.
Head Of Unit F5, Jesus Villasante closing speech ………………… … … … … … … …19
FIA Related Activities: trust and security ………………… … … … … … … … … … …20
Effectsplus future Events ………………… … … … … … … … … … … … … … … … .21
Appendix A , Agenda………………… … … … … … … … … … … … … … … … … 22
Appendix B , registered Attendees………………… … … … … … … … … … … … … 23
Appendix C, cluster participants ………………… … … … … … … … … … … … … 24
Appendix D, cluster communication ………………… … … … … … … … … … … … 25
Appendix E, cloud & services workshop, Project abstracts ………………… … … … 26
Appendix F, systems & Networks workshop, Project abstracts ………………… … … 29
3
Clustering
Objectives of 2nd Cluster Meeting
Frances Cleary , the Effectsplus coordinator, opened the 2nd Effectsplus Cluster event, at
Vrijie university in Amsterdam on the 4th and 5th July 2011. The event co-located with
the SysSec workshop on the 6th July and the DIMVA 2011 conference.
For this trust and security collaboration meeting , 22 research projects , attended and par-
ticipated to this event . (Programme and Attendees can be viewed in Appendix A,B.C)
Mr Michele Bezzi, the Effectsplus cluster lead commented on the main objectives of the
event . Two parallel workshops were planned
• Systems and Networks Cluster : Workshop on Models
Addressing issues such as
* Security Incident Models providing Qualitative and Quantitative
* Models of Security and Privacy Requirements and Policies for FI
* Enterprise Architecture Models for Security Analysis
* Society Models for Social Impact Analysis
* Models of Security and Privacy issues in Cyber-Physical Systems, Smart Grids and
other Critical Infrastructures
* Security by Design - Models on Resilience and Trust (e.g. use of trust anchors to pro-
vide a trusted backbone infrastructure)
• Models on Security and Privacy issues in Cloud Computing
• Services and Could Cluster : Workshop on Trust and Assurance
Addressing questions such as How to….
* establish and maintain trust in dynamic composite services
* define security validation technologies
* provide flexible security certification schemes
* perform security testing in heterogeneous service environments
* automate security model checking
* managing risk, security and trust metrics in secure service engineering
* model-based security design & architecture
* audit and monitor of distributed software systems.
Frances Clea ry
E f fec tsp l us Coord ina to r
Wate r fo rd Ins t i tu te O f
Techno logy - TSSG
M iche le Bezz i (SAP)
E f fec tsp l us Clus te r lead
4
Clustering
Objectives of 2nd Cluster Meeting
Mr Bezzi commented that the main expected outputs coming from these workshops were
as follows
1. Identify possible areas of collaboration among projects.
2. Identify which concrete examples are publicly available and re-usable in related pro-
jects
3. Identify gaps between existing approaches and promising areas for future research
Detailed call text for each of the workshops can be found at the following links
Systems & Networks cluster Models workshop:
http://www.effectsplus.eu/files/2011/06/Effectsplus-Systems-and-Networks-Models-
Workshop-Agenda-Draft-v4.pdf
Services and Cloud cluster trust and assurance workshop:
http://www.effectsplus.eu/files/2011/06/Serv_Cloud_workshopx.pdf
5
Clustering
Networking & Coordination Session
Jim Clarke networking and coordination cluster presentation session:
This session was opened by the cluster lead Mr Jim Clarke ( WIT-TSSG). Mr Clarke commented
that the aim of this session was for CSA’s and NoEs in Unit F5 to avail of an opportunity to pro-
vide information on the activities they have underway in their individual projects and to provide
details on upcoming events and research roadmap agendas they have in progress, in order to make
the wider research community aware of their endeavours. This session involved speakers from the
following projects BIC, TDL/Actor, NESSOS, SYSSEC.
BIC: Building international cooperation for trustworthy ICT. Speaker : Jim Clarke
Mr. Clarke presented the Coordination Action BiC project - Building International Cooperation
for Trustworthy ICT: Security, Privacy and Trust in Global Networks & Services, which started
on 1st January 2011. BIC will expand the co-operation models of EU researchers and programme
management with their peers in new ICT high-growth countries, specifically Brazil, India and
South Africa, who represent emergent world-impacting information economies through the scale
and sophistication of their growing ICT sectors. In addition, the project will provide continuity
and bring together a truly global collaboration with the participation of the already established
connections from the INCO-TRUST project between the EU and the United States, Japan, Austra-
lia, South Korea and Canada.
Mr. Clarke presented the four core objectives of BIC:
• Charting the landscape of Brazil, India and South Africa and their initial potential match to EU Trust, Security and Privacy themes; • Prioritisation of the EU influenced vision and research directions including alignment of work programmes; • Global alignment, consensus and outreach of the European visions and challenges across all targeted countries; • Definition of Tangible International Activities including transnational partnerships with EU
partners.
Mr. Clarke presented the accomplishments of the project to date:
EU – Brazil Cooperation workshop (along with IWT 2011),Held 3rd May 2011; Rio De Janeiro
(>60 attendees) Full report available at http://www.inatel.br/iwt/slide-show/bic-workshop
In the process of putting together an International Advisory Group (IAG) from all involved coun-
tries
• Organising EU – South Africa workshop 16th August 2011 (along with ISSA 2011 - http://
www.infosecsa.co.za/)
• Organising EU – India workshop 28th November 2011 (along with eINDIA 2011 - http://
www.eindia.net.in/2011/)
• Strong collaboration with the EU – India Spirit Coordination Action project – see http://
www.euroindia-ict.org/.
J im C la rke
Ne twork i ng & coo rd ina t ion
c l us te r lead
Wate r fo rd Ins t i tu te O f
Techno logy - TSSG
6
Clustering
Networking & Coordination Session
Preparing for Annual Forum/IAG meeting in Q4 2011
• building topics of interest with countries
• planning session being held 6th July 2011 within SysSec workshop.
• See http://www.syssec-project.eu/events/1st-syssec-workshop-program/
Other programme related activities
• involvement in the Networking and coordinator cluster of the Effectplus project.
• Involvement in Working groups of SysSec
• Involvement in Advisory Group of NESSOS
• Involvement in Trust and the Digital Life
• Involvement in Future Internet Assembly
In order to receive more information, Mr. Clarke gave the pointers of all the Work package lead-
ers of BIC.
WP1: James Clarke [email protected]
WP2: Neeraj Suri [email protected]
WP3: Michel Riguidel [email protected]
WP4: Aljosa Pasic [email protected] or [email protected]
WP1: Project Management
WP2: Platform for International Collaboration and consensus building
WP3: Input to the design of future research programmes
WP4: Building the International Co-operation community.
To view this presentation please see the following link http://www.slideshare.net/fcleary/bic-effectplus-ws .
SysSec: A European Network of Excellence in Managing Threats and Vulnerabili-ties in the Future Internet
Speaker: Evangelos Marketos Mr Evangelos opened his session with “ what is the security challenges we face?” to mention
some
• Hackers disabling cars
• Hackers get into power grids
• Hackers get into fighter planes
What are we doing about this? SysSec: 4-year NoE to consolidate Research in managing
threats for the Future Internet. SysSec proposes a game-changing approach to cybersecurity:
Currently Researchers are mostly reactive: they usually track cyberattackers after an attack has been launched thus, researchers are always one step behind attackers. SysSec aims to break this
vicious cycle. Researchers should become more proactive: and Anticipate attacks and vulner-
abilities and Predict and prepare for future threats , working on defenses before attacks material-
ize.
Mr Marketos full presentation can be viewed http://www.slideshare.net/fcleary/syssec .
7
Clustering
Networking & Coordination Session Contd..
NESSOS: Network of Excellence on Engineering Secure Future Internet
Software Services and Systems Speaker: Fabio Martinelli
NESSoS aims at constituting a long lasting Virtual research centre
on engineering secure software-based service and systems. Aiming at reducing the vulner-
abilities in Future Internet Software-based Services (FISS) and Improving the design and
overall assurance level of FISS. NESSoS will Provide means for a risk/cost based SDLC
for FISS and will contribute to create an active research community by reducing the exist-
ing fragmentation, and by re-addressing , integrating, harmonizing research agendas of
NESSoS partners as well as spanning out of the organizations involved towards wider
scientific and technological communities.
NESSoS is committed to achieve very significant advances in knowledge and spread the
research excellence achieved as well as roadmapping activities NESSoS will contribute to
the growth of a generation of researchers and practitioners in the area by creating a com-
mon body of knowledge (CBK) directly exploitable for training and education purposes.
Mr Martinelli presentation included the following main agenda items
1. Motivation and main goals
2. Consortium expertise
3. Integration strategy
4. Structure of the NoE
5. Integration Activities
6. Research Activities
7. Spread of Excellence Activities
8. Management Activities
9. Highlights
10. Relationships with other communities
Mr Martinelli’s full presentation can be viewed http://www.slideshare.net/fcleary/nessos
TDL– Actor: Trust in digital Life
Speaker : Arthur Leijtens
Mr Leijtens started his presentation with an overview of the TDL ambitions and expecta-
tions.
• Self sustainable inspiring TRUST community providing directions and development
of knowledge and collaborative projects & frameworks for trustworthy ICT solutions.
• Innovative but realistic research agenda recognized by industry, knowledge institutes,
the European commission, local governments and other independent authorities .
• Create possibilities for public funding for collaborative R&D
and deployment projects .
• Create industrial, political and legal awareness for removing barriers
through an extensive demonstrations and pilots program.
8
Networking & Coordination session Contd..
Clustering
Mr Leijtens then continued to detail the working of Trust in digital Life , with emphasis on Trust-
worthy ICT solutions, highlighting their currently active working groups and activities, comment-
ing on the 4 main working groups they have in existence.
1. Use cases
2. Technology and requirements
3. Law and technology
4. Business cases
Further information on these individual working groups can be viewed in the supporting TDL
presentation. Mr Leijtens concluded with details of the TDL community, TDL consortium and
details on TDL membership.
Mr Leijtens full presentation can be viewed http://www.slideshare.net/fcleary/tdl
9
Report on the Effectsplus Cloud & Services ,Workshop on SOFTWARE ASSURANCE & TRUST.
Motivation and goals The vision of the Future Internet heralds a new environment where multiple services are transpar-
ently and seamlessly mixed and exchange information, giving rise to new capabilities.
This paradigm largely enriches our ability to create new applications and businesses.
However, it raises formidable security challenges, which have to be solved to make this vision
real. In particular, these systems need new forms of software assurance that goes beyond the cur-
rent view, based on static and isolated systems, and fundamentally challenge us to rethink how to
address questions such as, how to:
• establish and maintain trust in dynamic composite services.
• define security validation technologies
• provide flexible security certification schemes
• perform security testing in heterogeneous service environments
• automate security model checking
• audit and monitor distributed software systems.
Various projects in the ICT Framework Programme are currently addressing some of these ques-
tions.
The Effectsplus FP7 funded Coordination & Support Action, within the activity of Services and
cloud cluster, organizes a workshop, which aims to provide a forum for discussing the different
approached of projects in this area. At the end of the workshop, we expect to have a better under-
standing of
• possible areas of collaboration among projects
• gaps between existing approaches
• promising areas for future research
The agenda of the workshop was structured in two half days. In the first one on July 4th, the pro-
jects in the cluster presented several research approaches for assurance and trust (See project ab-
stracts in Appendix E ); while the second half day on July 5th was devoted to discussion and syn-
chronization with the other Effectsplus workshops that run in parallel.
The annotated agenda of the presentation is the following:
Aniketos: Supporting trustworthy and secure composition in service and cloud environments
(Per Håkon Meland, David Llewellyn-Jones, Erkuden Rios Velasco), Security SLA, Ser-
vice discovery using security properties, Trust Monitoring
Assert4SOA: Advanced Security Service Certificate for SOA (Ernesto Damiani): Security
Certificate, Assurance for service compositions, Security testing, Service discovery using
security properties
Posecco: Leveraging Security Models to Automate Audits and Improve their Level of Assur-
ance (Serena Ponta), Support mechanisms for auditing, Compliance with security reqs through auditing
MASSIF: Management of Security information and events in Service Infrastructures (Pedro
Soria-Rodriguez), SIEM, Trusted collection and monitoring of security-related data
NESSos: A General framework for security-aware analysis of services (Fabio Martinelli):
Trust Metrics, Process Composition, Optimization
UTrust-IT: Usable Trust in the Internet of Things, (Peter Wolkerstorfer), Trust & HCI, Per-
sonas methodology, user-centricity
Services and Clouds Cluster Report
Clustering
Serv i ces and C louds
c l us te r Lead
Fab io Mar t i ne l l i (CNR)
Miche le Bezz i (SAP)
10
Services and Clouds Cluster Report
Clustering
Conclusion
Eventually, after the discussion phase the workshop participants were able to recap the different
approaches for trust and assurance that could be further investigated together as audit, certifica-
tion, SLA for security, user-centered security, trust monitoring techniques and usage policies, etc.
There was an agreement to try to write a joint paper (e.g. for the FIA book) in those aspects
Among the participants some follow-up with inter project meetings where identified as:
• Security SLA: Nessos, Aniketos, Assert4SOA, Contrail (Here there is also the proposal for a
specific W3C subcommittee on Security aspects for SLAs);
• Auditing: Assert4SOA, PoSecco
• User-studies: U-Trust-IT, Posecco, Aniketos
Among the topics selected for further scrutiny, there was a suggestion to investigate for the next
Effectsplus meeting (Bristol, 2012) the following aspects:
• Secure Service Compositions during service lifetime
Presentations from this cluster group and workshop can be viewed
http://www.effectsplus.eu/2nd-cluster-meeting-reports-and-presentations/
11
Sys tems and Ne tworks
c l us te r Lead
Ro land Rieke - F raun -
hofe r S IT
Systems and Networks Cluster Report
Clustering
The vision of the Future Internet heralds a new environment where multiple services are
transparently and seamlessly mixed and exchange information, giving rise to new capabilities. This
paradigm largely enriches our ability to create new applications and businesses but also enables new
possibilities for threats and scales up the risks of financial and also physical impact.
Various projects in the ICT Framework Programme are currently using Models of different kinds in
order to assess upcoming security and privacy challenges and mitigation strategies w.r.t. their possi-
ble impact.
The Effectsplus FP7 funded Coordination & Support Action, within the activity of Systems and Net-
works cluster, organized a workshop, with the aim to provide a forum for discussing the di_erent
approaches of projects in this area.
The workshop was hold during the second Effectsplus clustering event in Amsterdam(Netherlands),
at July 4th-5th 2011. The title of the workshop was Models (including meta-models, ontologies,..)".
Workshop On Models
Roland Rieke (member of the MASSIF project) was responsible for the collection of the
contributions and the agenda of the workshop.
Those projects, which had indicated their interest in this collaboration area at the first Systems and
Networks cluster workshop, have been invited to contribute their activities w.r.t. the following sub-
jects:
• Security Incident Models providing Qualitative and Quantitative Security
Measurements (base measures and derived measures to audit and monitor
complex distributed systems in FI).
• Models of Security and Privacy Requirements and Policies for FI.
• Enterprise Architecture Models for Security Analysis.
• Society Models for Social Impact Analysis.
• Models of Security and Privacy issues in Cyber-Physical Systems, Smart.
Grids and other Critical Infrastructures
• Security by Design - Models on Resilience and Trust (e.g. use of trust
anchors to provide a trusted backbone infrastructure)
• Models on Security and Privacy issues in Cloud Computing
The aim of the workshop was to identify possible areas of collaboration among projects w.r.t. con-
crete models which are publicly available and re-usable in related projects as well as to identify gaps
between existing approaches and promising areas for future research.
12
Sys tems and Ne tworks
c l us te r Lead
Systems and Networks: Workshop on Models
Clustering
In order to provide the content for the following discussions, each participant of
the workshop presented a topic w.r.t. the modelling work done in the respective
project. Unfortunately, the given time slots of 10-15 minutes per project did
not allow for a complete presentation of a projects results, so only some selected
interesting aspects could be shown. The following list gives an overview of the
presentations at the workshop (supporting abstracts can be viewed in Appendix F):
It was decided to contribute to the following Effectsplus supported Systems and Networks cluster
activities:
• Classification (overview) of areas covered by the presented models (inter- actively edit a table on Effectsplus web-site)
• Joint paper (e.g. FIA book), or workshop: European perspective (survey) of models on security, privacy, trust
• Followup Systems and Networks cluster meeting on specific aspects of multilateral project cooperation's (Feb. 2012, HP-labs, Bristol)
• Participation in Cyber-Security and Privacy EU Forum CSPEF 2012 (Berlin 24.-25.4.) with Demonstrations and Tutorials
The main result of this workshop however was the elicitation of common
interests between the projects and the initiation of concrete plans for multilateral
collaborations as shown in Table 1.
• Roland Rieke (MASSIF): Objectives of the Effectsplus Systems and Networks Cluster
Workshop on Models
• Igor Kotenko (MASSIF): Analytical attack modelling and security evaluation in MASSIF
• Teodor Sommestad (VIKING): Enterprise Architecture Models for Security Analysis
• Mats B-O Larsson (VIKING): Virtual City Simulator (ViCiSi)
• Domenico Presenza (ASSERT4SOA): Ontology's in ASSERT4SOA
• Federica Paci (NESSoS, SecureChange): Managing Security and Changes throughout the whole System Engineering Process
• Antonio Lioy (PoSecCo): PoSecCo models
• Steffen Peter (WSAN4CIP, TAMPRES): Assessment models to Improve the Usability of Security in Wireless Sensor Networks
• James Davey (VIS-SENSE): Multi-Dimensional Clustering for the Purposes of Root-Cause
Analysis
• Mark McLaughlin (ENDORSE): Introducing the ENDORSE Privacy Rules Definition Language
• Roberto Baldoni (CoMiFin): Collaborative Security for Protection of Financial Critical
Infrastructures: The Semantic Room abstraction model
13
Sys tems and Ne tworks
c l us te r Lead
Systems and networks: Workshop on Models
Clustering
Table 1: Multilateral collaborations within Effectsplus “Systems and Networks cluster”
Jesus Villasante the head of the Trust and Security Unit in the EU Directorate General Information
Society and Media (DG Infso) participated in the meeting. He confirmed that his unit will fully
support these clustering activities.
Presentations from this cluster group and workshop can be viewed
http://www.effectsplus.eu/2nd-cluster-meeting-reports-and-presentations/
14
Spec ia l I n te res t G roups
N i ck Papan iko laou (HP)
Rober to Ba ldon i
Special Interest Groups : Policy and Monitoring
Clustering
During the effectsplus clustering event , two special interest groups were proposed to be formed,
based on topics and level of interest shown , by project participants. The aim of these special inter-
est groups is to continue collaboration and work on identified topics coming from the cluster
groups with a view to successfully participating and proposing collaborations, joint papers and
events. The following details the initial focus of the two special interest groups and the main
contacts for each.
Effectsplus Special Interest Group on Policies - led by Nick Papanikolaou
Projects in this group so far: ANIKETOS, ENDORSE, POSECCO, MASSIF,
COMIFIN,TAS3,SecureChains
Topics on which projects can collaborate:
• Theoretical topics
• Languages, formalisms
• Validation, verification
• Interoperability
• Frameworks
• Policy refinement
• Conflict resolution
• Applications/Practical aspects
• Decision support
• Automatic Run-time Configuration of Policies for mitigation of attacks
• Privacy Policies
Effectsplus Special Interest Group on Monitoring - led By Roberto Baldoni
Projects in this group so far: VIS-SENSE, MASSIF, COMIFIN, SYSSEC, WSAN4CIP,
ANIKETOS,DEMONS,TWISNET
Topics on which projects can collaborate:
• Event-based architecture
• Pattern detection
• Performance
• Privacy-preserving computation
• Applications - event-based platforms, intrusion detection
For more information on these Special interest groups, please contact the group leaders above.
15
A follow up roadmapping session took place on the 5th July . Here Mr Papanikolaou presented the
key themes identified in the first draft of the Trust and Security Research Roadmap, namely, the
report titled "Trust and Security in the Future Internet: Setting the Context", which was created
after the 1st Technical Cluster Meeting (29-30 March 2011).
The report identified challenges and potential solutions, societal shifts and changes of relevance,
and a vision for the future of the field. The content of the report was produced after processing
discussion points and project contributions made at EFFECTSPLUS meetings.
Some key discussion points included the following:
• Changes for end-users: users' attitudes are changing constantly; users' physical and digital
lives are connecting seamlessly; users are controlling and regularly using more devices; users
are demanding the ability to personalise products and services.
• Vision for end-users: users will have more privacy online; users will have a better understand-
ing of security and privacy risks.
• Challenges for end-users: enabling users to better understand and control security; handling
digital identities; dealing with privacy issues.
• Some solutions for end-users: development of universally acceptable digital identifiers; educa-
tion of citizens.
We are planning to circulate improved versions of the report "Trust and Security in the Future
Internet: Setting the Context" and use it as the basis for the Trust and Security Research Roadmap.
A summary of the report will be produced in time for the forthcoming Future Internet Assembly
in Poznan. At FIA Poznan there will be a session dedicated to the FIA Research Roadmap and we
will draw attention to the trust and security aspects, soliciting additional comments and input to be
provided in electronic form by participants after the conference.
Presentation slides from this session can be viewed
http://www.effectsplus.eu/2nd-cluster-meeting-reports-and-presentations/ .
Trust and Security Research Roadmap Session.
Clustering
Nick Wa inwr i gh t (HP)
Hewle t t Packa rd L td
16
Clustering
Trust and Security Roadmapping Session
(Effectsplus Clustering Meetings, Brussels, 4-5 July 2011)
Summary of Remarks Made by Jesús Villasante (EC)
Jesus V i l lasan te
European Commiss i on
Head o f T rus t & secu r i ty
Un i t F5
Jesús Villasante actively participated in the roadmapping presentation session and commented
on the overall importance of the roadmapping activity. The roadmap should contain content that
is compelling and novel, in particular, going further than most existing prior roadmaps. Al-
though we will necessarily include some technical content and commentary, there is a need to
balance technical material with a discussion of higher level issues and how research in the trust
and security space can be aligned with the Commission’s strategic objectives.
Other remarks made by Mr Villasante which are relevant to the roadmapping activity include
the following.
There are numerous forward-looking policy documents already in circulation, including cyber-
security strategy papers from many geographical areas, which address the same areas we are
currently addressing in the Trust and Security Research Roadmap; by comparison, our roadmap
needs to cover these areas in more technical detail.
For instance, while ‘privacy by design’ is a notion frequently mentioned in other roadmaps, we
should explain it carefully and give an indication of how it can be implemented in practical
terms. Jesús Villasante stressed it is explanations that are useful to policymakers, who need to
understand not only the ‘what’, but the ‘why’ and ‘how’ of key technologies. We should not
underestimate the level of understanding of the policy makers in the more technological topics.
In September 2011, roadmaps will be delivered from various projects (including Effectsplus,
NESSOS, TDL, and others). The September 2011 deadline is crucial, as it ensures that the docu-
ments will be available in time for debates around future funding programmes, and, in particu-
lar, in time to shape Framework Programme 8.
In closing, Mr Villasante reiterated that this roadmap should go further and deeper than similar
efforts so far, he suggested that future roadmapping discussions should attempt to produce a
coherent vision of the future, especially for the next 10-20 years.
17
Speaker : Bruno Crispo ( University Trento)
Mr Crispo commenced his presentation with an overview of the target of the Analysis. Here the
focus was mainly on Call 1 research projects that have been completed and finalised to analyse
and identify actual outcomes and impacts from the research activities that can possibly link to the
digital agenda or have potential for follow up activities in the next call or within the market place.
Mr Crispo described the methodology used to complete such an analysis this involved, examina-
tion of publishable summaries, interviews with project coordinators, analysis of deliverables iden-
tified by project/technical coordinators and a top down analysis of the digital agenda.
The presentation then continued with an overview of the preliminary findings coming from the
analysis to date covering Direct V’s indirect target Industries, Direct Industries, Indirect target
Industry ,Innovation Issues, potential contribution to digital agenda, Gaps bridging measures. For
more details on these topics, please refer to the accompanying slideset.
Mr Crispo closed his presentation session with a summary of the analysis work in progress
• Research Results potential for EU-wide policy area
Extracted 2-3 results from each project still need systematization
• Bottom-up analysis of Digital Agenda by project coordinators
Partial feedback to be systematized
• Review by interested parties
If you would like to contribute
Mail to [email protected]
Supporting slideset for this presentation can be viewed
http://www.effectsplus.eu/files/2011/08/Innovation-Potentials_Gaps_FP7.pdf
Innovation Potentials and gaps for FP7 Trust and
Security Projects
Clustering
Bruno Cr ispo (UNITN)
18
Effectsplus on behalf of Unit F5 Trust and Security , is organising a wider collaboration/trust and
Security Forum event in 2012. (cyber-Security and Privacy EU Forum—CSPEF 2012) . This is
planned to take place in Berlin on 24th and 25th April 2012. the target audience of this event will
be industry/ academia/agencies/ external trust and security initiatives.
This event will have two main objectives
Objective 1 : Impact and alignment
Objective 2 : Efficiency and Effectiveness (working well as a community)
Day 1 will focus on – objective 1 : The impact of trust and security technology in the real world –
the links between R&D results and policy, societal challenges… It is planned to incorporate the
following aspects during day 1 of the event programme.
• Selected keynote speakers
• Panel discussions ( mix of industry/academic experts)
• Tutorial workshops
• Security research demonstrators (showcase concrete results of as many successful pro-
jects )
Day 2 will focus on - Clustering, structuring of research efforts for better results and for facilitat-
ing innovation. Focusing on
• Cross –topical workshops
• Research project specific workshops
Planning is underway with a dedicated organising committee, in the coming months a call for
contributions will be available and will be widely disseminated to all the main key players in the
security space. More information will be disseminated to the Effectsplus email lists and also to the
uploaded to the Effectsplus website, once available, stating upcoming Calls and submission dead-
lines.
Supporting slideset can be viewed
http://www.effectsplus.eu/files/2011/08/CSPEF-2012_planning.pdf
Effectsplus 2012 Wider Collaboration event
Cyber-Security and Privacy EU Forum—CSPEF 2012
Clustering
19
During the Effectsplus wrap up session on July 5th 2011, Mr Jesús Villasante, closed the Effects-
plus cluster event with the following main comments.
Mr Villasante was impressed by the practical approach that Effectsplus has taken with its cluster-
ing activities. He commented that there is a very friendly atmosphere amongst the attendees and
fruitful participation during the event cluster working group sessions.
Mr Villasante had the following four main points to address in his closing comments.
Collaboration: He stated that currently collaboration is progressing very well, with clear identifi-
cation of common topics and interests amongst the participating research projects and attendees,
and he would encourage such positive interactions to continue and expand as necessary in the fu-
ture.
Impact – Mr Villasante commented that we need to identify the outcomes of the call 1 projects
following their completion and have to work to show how their valuable research and outcomes
van be made more visible . It is not always easy to show clear outcomes following the finalisation
of a project. Sometimes they are instruments to enable further follow on research avenues. But we
need to continue to work to improve the outcome and impact from our research activities, this is an
important aspect that we need to focus on in the future .
Visibility - Effectsplus planned “Cyber-Security and Privacy EU Forum CSPEF 2012” confer-
ence in April 2012 is an excellent opportunity. Mr Villasante commented that everyone's needs to
actively think about how it can be a success for your project and your customers, ensuring that the
right people from the right areas will be in attendance. This conference will be a milestone for all
security research projects, and something that we can build upon in future years to come. The EC
will fully support Effectsplus for this event. The CSPEF 2012 event will be timely as discussions
on FP8 will be coming to an end at that time for H2020 and it will be an occasion around this date
in 2012 to contact the national delegates to reinforce the message that trust and security is a key
issue and we need to put more emphasis on it.
For the future – Regarding the future, Mr Villasante remarked on Call 8 . In Call 8 – 80M euros
will be invested from the European Commission. It is a key opportunity to redirect what we are
going to do in the next 5 years. It is important to structure proposals to highlight main areas to
explore. If potential proposes can have discussions prior to the call that would reduce the frag-
mentation of the proposals, and that would be deemed to be very useful. Activities Effectsplus are
doing here is instrumental here in doing this. We should have a structure around this activity.
Mr Villasante concluded, with his continued support towards the Effectsplus collaboration activi-
ties, encouraging projects to continue and increase their level of activity here. To wrap up the ses-
sion Mr Villasante openly asked participants What other support they require from EC Unit F5?
Can we (EC) do more? He welcomed suggestions and feedback .
Head Of Unit F5 Jesus Villasante: Closing Speech
Clustering
Jesus V i l lasan te
European Commiss i on
Head o f T rus t & secu r i ty
Un i t F5
20
FIA Book : Planning for the next FIA Book has commenced with the organising committee. You
can expect call for contributions in the coming months.
FIA newsletter
If any trust and security research projects have
1. News items
2. Dissemination of upcoming events
3. Reports for Dissemination
Please consider writing a short paragraph and submitting to the FIA newsletter.
Next FIA newsletter is planned for September 2011, calls for submission end of August.
Cluster event wrap up slide set can be viewed
http://www.effectsplus.eu/files/2011/08/next-meeting-_wrap-up.pdf
Contact : [email protected] and we will include such items for dissemination.
FIA related activities : Trust and security
Clustering
21
• Effectsplus Next clustering Event will take place at HP, premises in Bristol, UK in
February 2012. Further details will be available on the Effectsplus website in the
coming months.
• Cyber-Security and Privacy EU Forum—CSPEF 2012 , will take place in Berlin, 24th & 25th
April 2012, more details will be available in the coming month on the Effectsplus website
www.effectsplus.eu
Effectsplus Future Events
For more i n fo rma t ion
Please see Effectsplus Website http://www.effectsplus.eu/
For further details please
contact Effectsplus coordinator
Frances Cleary
Waterford institute Of technology—TSSG
Clustering
22
APPENDIX A Agenda
Clustering
Monday , July 4th , 2011
Tuesday, July 5th , 2011
23
Clustering
Appendix B: Registered Attendees
Attendee
Name Project/ Other
Cleary, Frances effectsplus coordinator
Jefferies, Nigel Effects+
Damiani, Ernesto UNIMI
McLaughlin, Mark ENDORSE
Kotenko, Igor Massif
Vinagre, Isabel Effectsplus
Howker, Keith Effectsplus
Rieke, Roland MASSIF
Soria-Rodriguez, Pedro MASSIF
Larsson, Mats B-O VIKING
Papanikolaou, Nick Effectsplus
Presenza, Domenico ASSERT4SOA
Peter, Steffen WSAN4CIP,Tampres
Surridge, Mike SERSCIS
Leijtens, Arthur Actor ~ TDL
Sommestad, Teodor VIKING - EA models and analysis
Plate, Henrik Posecco
Casalino, Matteo PoSecCo
Lioy, Antonio POSECCO / TCLOUDS / WEBINOS
Olivier, BETTAN PoSecCo
baldoni, roberto comifin
Olkkonen, Kaisa Nokia
Davey, James Fraunhofer
Villasante, Jesus European Commission
Markatos, Evangelos SysSec
Howker, Keith effectsplus
Alan Yeung -
Llewellyn-Jones, David Aniketos
Dlamini, Bheki internet networking
Ludwig, Mike TwisNet
Ponta, Serena PoSecCo
Paci, Federica Secure Change
Wolkerstorfer, Peter uTRUSTit
Gran, Glenn GINI-SA
Meland, Per Håkon Aniketos
Wainwright, Nick Effectsplus
Bezzi, Michele Effects+
Levitt, Karl -
Mallery, John -
Badii, Atta MOSIPS
Martinelli, Fabio NeSSos
Shiu, Simon HP
Tiemann, Marco HYDRA Middleware
24
Clustering
Appendix C: Cluster Participants
Name Organisation
Isabel Vinagre ATOS Peter Wolkerstorfer CURE
Nick Papanikolaou HP
Michele Bezzi SAP
Serema Ponta SAP
Henrik plate SAP
Masco Tiemann Uk Reading
Kaisa Olkkonen NOKIA Crispo Bruno UNITN
Fabio Martinelli CNR
Per Hakon Meland SINTEF Pedro soria Rodriguez ATOS
Glenn Gran IKED
Ernesto Damiani UNIMI
Frances cleary WIT-TSSG
Name Organisation
Keith howker WIT-TSSG
Roberto baldoni UniRomai
Olivier bettan Thales
Mike Surridge IT Innovation
Domenico Presenza Engineering IT
James Davey Fraunhofer IGD
Matteo Casalino SAP
Federica Paci UNITN
Antonio Lioy Polito Teodor sommestad KTH
Mats B-O larsson MML AB
Evangelos marketos Forth
David Lewellyn-Jones LJmn
Steffen Peter IHP
Mark Mc loughlin WIT-TSSG
Nigel Jefferies Huawei
Roland Reike Fraunhofer SIT
Services & Cloud Cluster Participants
Systems and Networks Cluster Participants
25
APPENDIX D Cluster Communication
Clustering
Dedicated email lists and LinkedIn Groups have been setup to support the activities of the defined clusters.
Services and clouds cluster
Subscription to this cluster email list via the following link
http://listserv.tssg.org/mailman/listinfo/ts-services_cloud
Cluster LinkedIn Group: http://www.linkedin.com/e/rdhgt3-gk6q5r9l-3e/vgh/3788378/
Systems and networks cluster
Subscription to this cluster email list via the following link :
http://listserv.tssg.org/mailman/listinfo/ts-systems_networks
Cluster LinkedIn Group: http://www.linkedin.com/e/rdhgt3-gk6qqejg-16/vgh/3788408/
Networking and coordination cluster
Subscription to this cluster email list via the following link :
http://listserv.tssg.org/mailman/listinfo/ts-networking_coordination
Cluster LinkedIn Group: http://www.linkedin.com/e/rdhgt3-gk6qxudg-3h/vgh/3788418/
26
APPENDIX E : Cloud & Services Workshop on
Software Assurance & Trust
Clustering
Aniketos: Supporting trustworthy and secure composition in service and cloud environ-
ments Per Håkon Meland, David Llewellyn-Jones, Erkuden Rios Velasco
For some time the trend in provision of functionality in networked environments has been towards
the use of services that offer self-contained capabilities, but which can be composed in various
ways in order to provide richer services to end users. Moving from today’s static compositions,
we will in the Future Internet see a more dynamic mix and match of cloud and non-cloud services
depending on service availability, quality, price, trustworthiness and security features. Neelie
Kroes, Vice-President of the European Commission and responsible for the Digital Agenda, re-
cently stated that2“We want to extend our research support and focus on critical issues such as
security and availability of cloud services.” The main objective of Aniketos is to help establish
and maintain trustworthiness and secure behaviour in a dynamically changing environment of composite services. In order to achieve this objective, a multi-disciplinary effort involving
research and industrial partners is currently tackling the following challenges.
Trust in the Internet of services: There must be some acceptable trust relationship between the
different actors in a composite service. Aniketos will offer a way of expressing different aspects
of trustworthiness and provide design-time and runtime modules for evaluating and moni-toring the trust level between service stakeholders. Secure service composition at design-time and runtime: Trust alone does not guarantee a se-
cure service, service components are bound to change and absolute security is an impossible goal.
To achieve an open and secure service ecosystem in the Future Internet, we need to assure all par-
ties about expected behavior and usage terms. A Service Level Agreement (SLA) is a common
way to specify the conditions under which a service is to be delivered, but unfortunately, security
is not provided or used as a contract term in existing SLAs. Aniketos is developing security
SLAs that make it possible to create and monitor composite services where strong trust rela-
tionships do not exist beforehand. Threat detection and response: According to the FORWARD3initiative by the European Com-
mission: “identifying the adversarial model and anticipating emerging threats is the first step that
is necessary to build a secure, future Internet”. Service providers will have to deal with a fluctuat-
ing threat picture; the users will be in changing operating conditions, new attack methods will
emerge, and the services themselves may contain vulnerabilities that result in information leakage
or open back-doors. To be prepared for the future, Aniketos is investigating threats to com-
posite services in order to understand their nature and how to deal with them.
Societal acceptance and effective security: Trust and security are not only technical matters, but
depend heavily on the human factors in order to be effective in everyday use. Though a composite
service might be complex, the service end user should have an easy and understandable way of
relying on its trustworthiness. Aniketos will contribute to a user-centred view on service trust
and security by investigating user acceptance and their practical usability through case
studies for future European services.
27
uTrust-It: Usable Trust in the Internet of Things Peter Wolkerstorfer, [email protected], CURE
We present uTRUSTit, a 3-year project funded by the EC. Built around 3 main scenarios
(smart home, smart office, e-voting) the aim of uTRUSTit is to close the loop of trust
between the technological and psychological layers in the IoT. To achieve this objective
uTRUSTit will provide a “trust feedback toolkit”. The toolkit aims at enhancing user
trust perception. Usable trust – as defined in the project – is the basis for users to decide
if they want to use a certain IoT technology or not, hence it is about technology accep-
tance (If users don’t trust a certain technology they will reject to use it). In uTRUSTit we
use a user-centric procedural approach based on the user-centric design process defined
in ISO/TR 16982:2002: Usability methods supporting human-centred design to create
human-centric trustworthy solutions for the internet of things (IoT).
The presentation focuses on human-computer interaction (HCI) work in the project and
presents two results: on the one hand we show which Personas we created for the project
to support user-centric development. Personas are a nearly none-intrusive method to raise
empathy for the users of technological artefacts during the development to ensure usable
outcome. On the other hand we explain how we extended the requirements engineering
process with focus groups to include the „usable trust“ elements on a methodological
basis.
We conclude with an outlook to the challenges we expect. The three main HCI chal-
lenges we see are: reduction of complexity in interaction mechanisms and processes, re-
search in trust, and research in the underlying cognitive-psychological mechanisms – the
research on mental models.
Posecco: “Leveraging Security Models to Automate Audits and Improve
their Level of Assurance” (Serena Ponta)
Audits allow gaining assurance about the existence and effectiveness of controls to meet certain
objectives, e.g., security objectives motivated by an organization’s business risks or legal environ-
ment. Though auditing standards and frameworks such as SAS70 and COBIT provide guidelines
for performing auditing activities in a standard and repeatable way, the process of collecting and
evaluating information about the auditee’s business, systems, and risks is still a mostly manual
activity, thus subject to individual discretion. Complementary to these high-level, risk-driven au-
dit standards, the Security Content Automation Protocol (SCAP) is a suite of specifications to
cope with the need for security automation on the lower, technical level. Besides well-known
standards for vulnerability enumeration and measurement (CVE, CVSS), SCAP also includes
specifications which allow to (i) automate checks for known vulnerabilities, (ii) automate the veri-
fication of security configuration settings, and (iii) generate reports that link low-level settings to
high-level requirements.
The PoSecCo project aims at establishing and maintaining a traceable link between high-level,
business-driven security and compliance requirements and low-level technical configuration set-
tings of individual services through landscape-aware security models. A natural question is how
the SCAP emerging standards together with the knowledge about the landscape and its security
requirements can be used to improve the effectiveness and efficiency of the current auditing prac-
tices. In this talk we illustrate how SCAP standards together with comprehensive security models
can support different phases of an audit process by (i) facilitating the information retrieval by
auditees and auditors to build an audit program and (ii) increasing efficiency and/or assurance of
activities performed during the execution of that audit program.
Clustering
28
Clustering
Assert4SOA: Advanced Security Service Certificate for SOA
(Ernesto Damiani) You live in a certified house,
you drive a certified car,
why would you use an uncertified service?
The term "certification" has several different meanings in ICT. Software practitioners can earn a
certificate for expertise in a certain hardware or software technology. The maturity of crucial IT
processes, such as software development, can be and is often certified. Even individual software
systems can be certified as having particular non-functional properties, including safety, security
or privacy. However, the latter type of certification (e.g. Common Criteria) has had only a limited
use to this day. Current trends in the IT industry suggest that software systems in the future will be
very different from their counterparts today, due to greater adoption of Service-Oriented Architec-
tures (SOAs) and the wider spread of the deployment of Software-as-a-Service (SaaS).
These trends point to large-scale, heterogeneous ICT infrastructures hosting applications that are
dynamically built from loosely-coupled, well-separated services, where key non-functional prop-
erties like security, privacy, and reliability will be of increased and critical importance. In such
scenarios, certifying software properties will be crucial. Current certification schemes, however,
are either insufficient in addressing the needs of such scenarios or not applicable at all and thus,
they cannot be used to support and automate run-time security assessment.
As a result, today’s certification schemes simply do not provide, from an end-user perspective, a
reliable way to assess the trustworthiness of a composite applications in the context where (and at
the time when) it will be actually executed.
ASSERT4SOA will fill this gap by producing novel techniques and tools – fully integrated within
the SOA lifecycle – for expressing, assessing and certifying security properties for complex ser-
vice-oriented applications, composed of distributed software services that may dynamically be
selected, assembled and replaced, and running within complex and continuously evolving soft-
ware ecosystems
NESSoS : “A General Method for Assessment of Security in Complex Ser-
vices” (Fabio Martinelli)
Abstract:
NESSoS is a project devoted to perform research activities on engineering secure and trustworthy
Future Internet Services. The ares of interest is very broad. In the workshop, we present a paper
with focus on the assessment of the security of business processes. We assume that a business
process is composed from abstract services, each has several concrete instantiations. Essential
peculiarity of our method is that we express security metrics used for the evaluation of security
properties as semirings. First, we consider primitive decomposition of the business process into a
weighted graph which describes possible implementations of the business process. Second, we
evaluate the security using semiring-based methods for graph analysis.
Finally, we exploit semirings to describe mapping between security metrics which is useful when
different metrics are used for the evaluation of security properties of services.
29
APPENDIX F : Systems and Networks
Workshop on models
Clustering
Objectives of the Systems & Networks Cluster
Workshop on Models
Presentation: Roland Rieke, pro ject EFFECTS+/MASSIF
The vision of the Future Internet, where multiple services are transpar- ently and
seamlessly mixed, already created a paradigm which promises to largely enrich our abil-
ity to create new applications and businesses within this new environment. But this
paradigm also enables new possibilities for threats and scales up the risks of financial and
also physical impact. In many cases, the information itself will be the essential product
which deserves to be protected, in the Internet of Things however, real and virtual cyber-
physical resources deserve our attention.
Various projects in the ICT Framework Programme are currently using “Models” of
different kinds in order to assess upcoming security and privacy challenges as well as miti-
gation strategies w.r.t. their possible impact.
The Effectsplus FP7 funded Coordination & Support Action, within the activity of
Systems and Networks cluster, organises this workshop, which aims to provide a forum
for discussing the different approaches of projects in this area.
At the end of the workshop, we expect to have a better understanding of possible ar-
eas of collaboration among projects. Specifically, we are interested to find out, which con-
crete models are publicly available and re-usable in related projects, the gaps between
existing approaches and promising areas for future research.
30
Clustering
Analytical attack modeling and security eval-
uation in MASSIF
Presentation: Igor Kotenko, pro ject MASSIF
The talk suggests the common approach, architecture and main models for analytical
attack modeling and security evaluation investigated in the EU FP7 MASSIF Project. The
approach is based on processing current alerts, modeling of malefactor’s behavior, gener-
ating possible attack subgraphs, cal- culating different security metrics and providing com-
prehensive risk analysis procedures.
Key elements of suggested architectural solutions for attack modeling and security
evaluation are using security repository (including system con- figuration, malefactor
models, vulnerabilities, attacks, scores, countermea- sures, etc.), effective attack tree gen-
eration techniques, taking into account as known as well as new attacks based on zero-day
vulnerabilities, stochastic analytical modeling, combined use of attack graphs and service
dependency graphs, calculation metrics of attack and security countermeasures (including
attack impact, response efficiency, response collateral damages, attack po- tentiality, at-
tacker skill level, etc.), interactive decision support to select the solutions on security
measures/tools by defining their preferences regarding different types of requirements
(risks, costs, benefits) and setting trade-offs between several high-level security objectives.
This talk considers shortly the analysis of state-of-the-art in attack mod- eling, main
functional requirements and essence of the approach to analytical attack modeling, main
models as well as generalized architecture of Attack Modeling and Security Evaluation
Component (AMSEC) suggested to be developed and implemented in MASSIF project.
31
Clustering
Enterprise Architecture Models for Secu-
rity Analysis
Presentation: Teodor Sommestad, pro ject VIKING
Enterprise architecture is an approach to management of information systems, in-
cluding control systems, that relies on models of the systems and their environment.
This section briefly outlines the structure of the work carried out by the VIKING project
on the topic of cyber security analysis and modeling. It combines attack- and defense
graphs with Bayesian statistics and enterprise architecture modeling.
Attack graphs are a notation used to depict ways that a system can be attacked. It
shows the attack steps involved in attacks (nodes) and the dependencies that exists
between them (arcs). Defense graphs extend this notation by including security measures
in the graph to represent the attack steps they influence. Both of these notations can be
used to create mod- els over systems and to assess the system’s security, e.g. by assess-
ing if a particular attack is possible, given that the graph is parameterized.
The VIKING project has produced a tool where defense graphs are pro- duced pro-
grammatically from a model of an information system or control system and its environ-
ment. A user of this tool produces architectural draw- ings of their enterprise (e.g. in-
cluding network zones, machines, services, security processes executed) and the based on
this the tool generates a de- fense graph that represent this specific enterprise’s situation.
Based on logical relationships and quantitative data collected from literature and domain
ex- perts the user can also calculate approximate values for the probability that an at-
tempted attacks would succeed against the system.
The workshop in Amsterdam will present the work done in VIKING on Enterprise
Architecture Modeling and how we believe the research work can extended to practical
tools to evaluate existing and new control system for security and to do ”what-if” stud-
ies on different control system configura- tions.
32
Clustering
Virtual City Simulator (ViCiSi)
Presentation: Mats B-O Larsson, pro ject VIKING
One of the main objectives of the Viking project is to assess the cost to the society
coming from power outages. In order to do this a virtual society simulator has been de-
veloped. The virtual society is created by the Viking City Simulator, ViCiSi. In short
ViCiSi is creating a virtual society, with all necessary functions, and it is based on pa-
rameters from the EU database Eurostat. ViCiSi can be parameterized to any country in
EU country plus Switzerland and Norway.
In summary ViCiSi is:
• A virtual society with all necessary infra-structure built on blocks, apartments,
streets, etc.
• With companies, public and private service operations producing wel- fare
• With people living in the city consuming welfare.
• Includes a distribution electrical grid with all common voltage levels to give realistic
load curves
• Calculates the activity in the society at all moments, in terms of Busi- ness Activity
• Calculates cost for power outages as lost GDP
• Can scale to all EU countries
In the workshop in Amsterdam we will present the ViCiSi. We will show how it is
designed, how it can used to calculate societal costs at power out- ages, how we present
the results and how ViCiSi will be integrated into the VIKING Test bed.
33
Clustering
BlockMon: a framework for Distrib-
uted Network Monitoring and Real-Time
Data Intensive Analysis
Presentation: S. Rao, pro ject DEMONS
DEMONS project will address the ‘decentralised, cooperative and privacy preserving
monitoring for trustworthiness’. The monitoring scenario of the system architecture tar-
gets both intra-domain and inter-domain aspects.
Intra-domain monitoring, primary requirements here being scalability, resilience and
innetwork distribution of monitoring tasks; performance effec- tiveness in terms of detec-
tion and mitigation reaction time; and authorized and controlled access to monitoring
data in accordance to domain-specific operational workflow processes and policies;
Inter-domain monitoring, core requirement here being the tight con- trol of inter-
domain cooperation in terms of which monitoring data is ex- changed and under which
conditions, which protocols should be used for guaranteeing inter-domain inter-
operability, and how to exploit and support advanced cryptographic data protection tech-
nologies for improving inter- domain cooperation ability and permitting secure joint
analysis and com- putation over monitoring information provided by the multiple in-
volved do- mains.
The presentation will address the BlockMon Monitoring Overlay (BMO) monitoring
infrastructure chosen as the basis of the DEMONS’ Measurement Layer and Coordination
Layer for what concerns the intra-domain monitoring scenario. The internet Exchange
Point (IXP) will coordinate across inter- domains.
34
Clustering
Ontologies in ASSERT4SOA
Presentation: Domenico Presenza, pro ject ASSERT4SOA
The presentation intend to deal with the use of ontologies in the context of the AS-
SERT4SOA Project.
ASSERT4SOA Project aims to produce novel techniques and tools for expressing,
assessing and certifying security properties for service-oriented applications, composed of
distributed software services that may dynami- cally be selected, assembled and re-
placed, and running within complex and continuously evolving software ecosystems.
ASSERT4SOA Advanced Security Certificates (a.k.a. ASSERTs) are ma- chine read-
able documents stating that a given Web Service has a given Se- curity Property.
An ASSERT also contains a model of the service and a ”proof” that can be used
by the requesters of that Web Service to re-check the asserted Security Property. Based
on the type of provided proof, three different types of ASSERT will be considered: evi-
dence-based ASSERT (a.k.a. ASSERT- E), ontology-based ASSERT (a.k.a. ASSERT-O)
and model-based ASSERT (a.k.a. ASSERT-M)
The use of OWL-DL Ontologies within ASSERT4SOA is twofold: (1) to investigate
the use of an ontology-based approach to describe security properties of services (2) to
enable the interoperability and comparison of the other kinds of ASSERTs.
The envisaged ASSERT4SOA Ontology will contain the description of both general
concepts and ASSERT specific ones. The instances of all types of ASSERTs will refer the
terms defined in the ASSERT4SOA Ontology.
Within the ASSERT4SOA Ontology concepts are represented as OWL- DL classes
thus allowing to express decision problems about ASSERTS (e.g. mapping between differ-
ent kind of ASSERTs) as Description Logic inference problems (e.g. Class Expression
Subsumption).
35
Clustering
Managing Security and Changes at Model
Level throughout the whole System Engi-
neering Process
Presentation: Federica Paci, pro ject NESSoS/SecureChange
Security engineering is not a goal per see. Security applies to a system or software,
whether large IT or embedded system, which must itself be engineered. Security engi-
neering must therefore comply with the constraints and pace of the mainstream system /
software engineering processes, methods and tools. Assuming a model driven approach to
the mainstream system / software engineering, we explain how to support evolution while
maintaining security at all levels of the system / software development process, from
requirements engineering down to deployment and configuration.
A system / software lifecycle typically has seven phases: (i) specification, (ii) design,
(iii) realisation or acquisition, (iv) integration and verification, (v) validation and de-
ployment, (vi) operation and maintenance, and (vii) disposal. In some cases, a sys-
tem / software may occupy several of these phases at the same time. Security engineer-
ing can be conducted regardless of the system / software lifecycle phase; however the
pursued goals may significantly differ (see Figure 1).
During the specification phase, the main goal of security engineering is to influence
the definition of the system / software requirements, and thus gain early assurance that
the proposed architectural solution is sound with respect to security concerns. This step
encompasses customer security need elicitation and early risk assessment. This early ap-
proach contrasts sharply with current-day practices in which risks are only analysed
when require- ments have been elicited, and sometimes even later, when the main system
design is frozen or developed. With standard approaches: (i) safeguards may be
very expensive to implement; (ii) some elicited requirements may reveal themselves as
too risky to be fulfilled; (iii) some requirements may be error-prone; (iv) locally designed
safeguards to cope after hand with risky requirements may obstruct the fulfilment of
other requirements.
36
Clustering
PoSecCo Models
Presentation: Antonio Lioy, pro ject PoSecCo
PoSecCo aims at addressing some of the main service provider challenges for the vi-
ability of Future Internet (FI) applications, that will see dynamic compositions of ser-
vices providing a broad diversity of functions, starting with business functionality down
to infrastructure services. In fact, in a FI scenario, service providers will need to achieve,
maintain and prove compli- ance with security requirements stemming from internal
needs, third-party demands and international regulations, and to cost-efficiently manage
poli- cies and security configuration in operating conditions.
PoSecCo overcomes this by establishing a traceable and sustainable link between
high-level requirements and low-level configuration settings through decision support sys-
tems. To achieve this goal a consistent effort is being put into system and network model-
ling, whose main purpose is to create a set of meta-models and a security ontology that
will be presented at the Network and System Workshop.
First of all, reaching the PoSecCo objectives requires the modelling of FI services, a
challenge that PoSecCo is addressing through a refinement loop between the Service Pro-
vider partners, providing the requirements ensuring the practical usage, and academia
ensuring the self- coherence, extensibility and the possibility to be formally used.
The result is the functional system meta-model, including a business and an IT layer.
Moreover, since services will be actually implemented on existing (physical or virtual) net-
worked systems, the functional system meta-model includes an infrastructural layer that
refers to a landscape meta-model.
Also the policy is represented at three different layers of abstraction, the business, the
IT and the landscape configuration layers, therefore the design of three policy meta-
models is in progress.
The PoSecCo security ontology is being developed to vertically connect all the ab-
straction layers and horizontally connecting each abstraction layer with the corresponding
policy-meta model, and to enrich the knowledge of the systems using the expressive
power that ontologies can guarantee.
37
Clustering
Assessment models to Improve the Usabil-
ity of Security in Wireless Sensor Networks
Presentation: Peter Steffen, pro ject WSAN4CIP/TAMPRES
Wireless Sensor Networks play a major role in the Future Internet. They deliver data
that may influence important decisions in further process steps. To improve the security
and reliability as they are required for such networks, many protocols, algorithms, and ser-
vices have been proposed in recent years. The complexity of the approaches is often sig-
nificantly and the trade-offs are hardly understood by even by experts. This is a
particular issue in projects such as WSAN4CIP (wireless sensor networks for critical infra-
struc- ture protection) where eventually domain experts apply networks in critical envi-
ronments.
As solution we propose a model-based approach that maps requirements and system
properties on exchangeable security models, expressed in a flexi- ble meta-model-language.
The initial requirements are understood by users, and the system properties are assessed
based on properties of the individ- ual components, which can be stored in pre-
configured repositories.
The exchangeable security models allow to focus on specific security aspects such as
vulnerabilities, attacks, or resistances.
As example the models shall evaluate the effects of tamper resistant sensor nodes, as
they are investigated in the TAMPRES project. Naturally, the existence or non-
existence of such tamper resistance in the network alters the security properties of the
entire network and its application significantly. This has to be respected by the models.
The model approach as well as the implications for the projects WSAN4CIP
and TAMPRES are addressed in the presentation.
38
Clustering
Multi-Dimensional Clustering for the Pur-
poses of Root-Cause Analysis
Presentation: James Davey, pro ject VIS-SENSE
One of the goals of the VIS-SENSE project is to generate an overview of the mal-
ware and spam landscapes in the Internet. A major part of this process is root-cause
analysis, which is the search for and identification of coordinated criminal campaigns.
Through a better understanding of how these campaigns evolve over time, security ex-
perts should be able to improve the protection of their networks.
When analysing the behaviour of spam or malware, a very large number of alerts are
collected every day. What constitutes an alert is defined by the data collection infrastruc-
ture used to collect information for the purposes of analyses. The alerts are the starting
point for our root-cause analysis.
The next phase in the analysis process involves the generation of events, based on the
alerts. These events are essentially groups of alerts, together with some additional anno-
tations. The groups and annotations are derived with the help of rule-based or experi-
ence-based models.
Events are the first level of aggregation in the root-cause analysis. While this aggrega-
tion does increase understanding of the threat landscape, it is not condensed enough to
provide an overview. To attain an overview, a further aggregation step is undertaken. In
this step, each feature of the events is first considered individually. Based on the data
type of the feature, similarity measures are chosen and, if necessary, parameterised.
The feature-based similarities can be used to cluster events on a feature-by-
feature basis. These clusters provide clues for the specification of a multi-dimensional
similarity measure. With the help of
this measure, multi-dimensional clustering is possible. Visualizing the re-
sults of multi-dimensional clustering reveals a much more insightful overview of the origi-
nal malware and spam alerts.
Many models exist for the feature-by-feature as well as for the multi- dimensional
similarity measures. The choice of models and their param- eteriza-
tion has direct implications for the results of the multi-dimensional clustering step. An
overview of these models will be presented, as well as a description of techniques for the
support of iterative visualisation and ad- justment of parameters. Through the targeted
use of visualization in the analysis process VIS-SENSE will assist the analyst in the gen-
eration of use- ful overviews of the threat landscape.
39
Clustering
Introducing the ENDORSE Privacy Rules
Definition Language
Presentation: Mark McLaughlin, pro ject ENDORSE
One of the core outputs of the ENDORSE project will be a Privacy Rules Definition
Language (PRDL). This language will allow organisations to cod- ify their data protection
and privacy operating policies regarding sensitive user data. PRDL will be used for
internal compliance and transparency with regard to external parties. The ENDORSE
system will use PRDL rules to ensure that personal data are processed legally and appro-
priately within the organisation in terms of access control and meeting obligations for
data handling over the lifetime of the data. ENDORSE is taking a model driven architec-
ture (MDA) approach to building the ENDORSE platform. As such, the definition of
PRDL is also crucial for generating many of the platform software components. An early
draft of the PRDL metamodel will be pre- sented.
Collaborative Security for Protection of
Financial Critical Infrastructures: The Se-
mantic Room abstraction model
Presentation: Roberto Baldoni, pro ject CoMiFin
The growing adoption of Internet in the financial ecosystem has exposed financial
institutions to a variety of security related risks, such as increas- ingly sophisticated cy-
ber attacks aiming at capturing high value and sensitive information, or disrupting service
operation for various purposes. To date, single financial institutions have faced individu-
ally these attacks using tools that re-enforce their defence perimeter (e.g. intrusion
detection systems, firewalls). However, today’s attacks are more sophisticated making this
kind of defences inadequate. Attacks are typically distributed in space and time meaning
that they can be coordinated on a large scale basis and often con- sist of a preparation
phase spanning over days or weeks, involving multiple preparatory steps aiming at identi-
fying vulnerabilities (e.g., open ports). In order to detect these attacks a larger view of what
is happening in the Internet is required, which could be obtained by sharing and combining
the informa- tion available at several financial sites. This information must be processed
and correlated ”on-the-fly” in order to anticipate threats and frauds, and mitigate their
possible damages. Even though this sharing can result in a great advantage for financial
institutions, it should be carried out only on a clear contractual base and in a trusted
and secure environment capable of meeting privacy and confidentiality requirements of
financial institutions. In this context, the CoMiFin project, ended last April 2011, devel-
oped an open source middleware system for monitoring the Financial Critical In- fra-
structure domain. The system is currently a research prototype and has been demon-
strated in several occasions even to financial stakeholders such as SWIFT board members
and a number of Italian banks. It facilitates the shar- ing and processing of critical opera-
tional data among interested parties (e.g., financial institutions, telco providers, power
grid operators), and is utilized for timely activating local protection mechanisms. In doing
so, the CoMiFin project introduced a novel abstraction model named Semantic Room
(SR).