Issuu on Google+

Information Technology Solutions

EFFECTSPLUS CONSORTIUM

Waterford institute Of Technology

ATOS

Hewlett-Packard Limited (HPLB)

Effectsplus 2nd Cluster Event SAP (AG)

Universita Degli Studi Di Trento

July 4th & 5th 2011 R E P O R T A U TH O R Frances Cleary , Waterford Institute Of technology (fcleary@tssg.org)

REPORT CONTRIBUTORS

VU University, Amsterdam

Nick Wainwright (HP) , Jim Clarke (WIT) , Keith Howker (WIT) , Michele Bezzi ( SAP) , Volkamr Lotz (SAP), Isabe)l Vinagre Torres ( ATOS) , Pedro Soria Rodriguez( ATOS), Nick Papanikolaou ( HP), Roland Reike , Fabio Martinelli, workshop atten-

Clustering

dees.

1


Information Technology

EFFECTSPLUS CONSORTIUM

Waterford institute Of Technology

ATOS

Hewlett-Packard Limited (HPLB)

Table Of Contents

Objectives of 2nd Cluster Meeting ………………… … … … … … … … … … … …

3.

Networking & coordination Session ………………… … … … … … … … … … … …

5.

Services and Clouds Cluster Report ………………… … … … … … … … … … … …

9.

Systems and Networks Cluster Report ………………… … … … … … … … … … … … 11 . Special Interest Groups: policy and Monitoring ………………… … … … … … … … 14. Trust and security Research Roadmap session ………………… … … … … … … … … 15. Innovation Potentials & gaps for FP7 Trust and security projects ………………… … 17. Effectsplus 2012 Wider collaboration event (CSPEF2012) ………………… … … … ..18.

SAP (AG)

Head Of Unit F5, Jesus Villasante closing speech ………………… … … … … … … …19 FIA Related Activities: trust and security ………………… … … … … … … … … … …20 Effectsplus future Events ………………… … … … … … … … … … … … … … … … .21 Universita Degli Studi Di Trento

Appendix A , Agenda………………… … … … … … … … … … … … … … … … …

22

Appendix B , registered Attendees………………… … … … … … … … … … … … … 23 Appendix C, cluster participants ………………… … … … … … … … … … … … … 24 Appendix D, cluster communication ………………… … … … … … … … … … … … 25 Appendix E, cloud & services workshop, Project abstracts ………………… … … … 26 Appendix F, systems & Networks workshop, Project abstracts ………………… … … 29

Clustering 2


Objectives of 2nd Cluster Meeting F r a n c e s C l e a ry Effectsplus Coordinator Waterford Institute Of

Frances Cleary , the Effectsplus coordinator, opened the 2nd Effectsplus Cluster event, at Vrijie university in Amsterdam on the 4th and 5th July 2011. The event co-located with the SysSec workshop on the 6th July and the DIMVA 2011 conference. For this trust and security collaboration meeting , 22 research projects , attended and participated to this event . (Programme and Attendees can be viewed in Appendix A,B.C)

Technology - TSSG

Michele Bezzi (SAP) Effectsplus Cluster lead

Mr Michele Bezzi, the Effectsplus cluster lead commented on the main objectives of the event . Two parallel workshops were planned •

Systems and Networks Cluster : Workshop on Models

Addressing issues such as * Security Incident Models providing Qualitative and Quantitative * Models of Security and Privacy Requirements and Policies for FI * Enterprise Architecture Models for Security Analysis * Society Models for Social Impact Analysis * Models of Security and Privacy issues in Cyber-Physical Systems, Smart Grids and other Critical Infrastructures * Security by Design - Models on Resilience and Trust (e.g. use of trust anchors to provide a trusted backbone infrastructure) • Models on Security and Privacy issues in Cloud Computing •

Services and Could Cluster : Workshop on Trust and Assurance

Addressing questions such as How to…. * establish and maintain trust in dynamic composite services * define security validation technologies * provide flexible security certification schemes * perform security testing in heterogeneous service environments * automate security model checking * managing risk, security and trust metrics in secure service engineering * model-based security design & architecture * audit and monitor of distributed software systems.

Clustering 3


Objectives of 2nd Cluster Meeting Mr Bezzi commented that the main expected outputs coming from these workshops were as follows 1. 2. 3.

Identify possible areas of collaboration among projects. Identify which concrete examples are publicly available and re-usable in related projects Identify gaps between existing approaches and promising areas for future research

Detailed call text for each of the workshops can be found at the following links Systems & Networks cluster Models workshop: http://www.effectsplus.eu/files/2011/06/Effectsplus-Systems-and-Networks-ModelsWorkshop-Agenda-Draft-v4.pdf Services and Cloud cluster trust and assurance workshop: http://www.effectsplus.eu/files/2011/06/Serv_Cloud_workshopx.pdf

Clustering 4


Networking & Coordination Session Jim Clarke networking and coordination cluster presentation session:

Jim Clarke N e t w o rk i n g & c o o r d i n a t i o n cluster lead

This session was opened by the cluster lead Mr Jim Clarke ( WIT-TSSG). Mr Clarke commented that the aim of this session was for CSA’s and NoEs in Unit F5 to avail of an opportunity to provide information on the activities they have underway in their individual projects and to provide details on upcoming events and research roadmap agendas they have in progress, in order to make the wider research community aware of their endeavours. This session involved speakers from the following projects BIC, TDL/Actor, NESSOS, SYSSEC.

Waterford Institute Of Technology - TSSG

BIC: Building international cooperation for trustworthy ICT. Speaker : Jim Clarke Mr. Clarke presented the Coordination Action BiC project - Building International Cooperation for Trustworthy ICT: Security, Privacy and Trust in Global Networks & Services, which started on 1st January 2011. BIC will expand the co-operation models of EU researchers and programme management with their peers in new ICT high-growth countries, specifically Brazil, India and South Africa, who represent emergent world-impacting information economies through the scale and sophistication of their growing ICT sectors. In addition, the project will provide continuity and bring together a truly global collaboration with the participation of the already established connections from the INCO-TRUST project between the EU and the United States, Japan, Australia, South Korea and Canada. Mr. Clarke presented the four core objectives of BIC: • Charting the landscape of Brazil, India and South Africa and their initial potential match to EU Trust, Security and Privacy themes; • Prioritisation of the EU influenced vision and research directions including alignment of work programmes; • Global alignment, consensus and outreach of the European visions and challenges across all targeted countries; • Definition of Tangible International Activities including transnational partnerships with EU partners. Mr. Clarke presented the accomplishments of the project to date: EU – Brazil Cooperation workshop (along with IWT 2011),Held 3rd May 2011; Rio De Janeiro (>60 attendees) Full report available at http://www.inatel.br/iwt/slide-show/bic-workshop In the process of putting together an International Advisory Group (IAG) from all involved countries •

Organising EU – South Africa workshop 16th August 2011 (along with ISSA 2011 - http:// www.infosecsa.co.za/)

Organising EU – India workshop 28th November 2011 (along with eINDIA 2011 - http:// www.eindia.net.in/2011/)

Strong collaboration with the EU – India Spirit Coordination Action project – see http:// www.euroindia-ict.org/.

Clustering 5


Networking & Coordination Session Preparing for Annual Forum/IAG meeting in Q4 2011 • building topics of interest with countries • planning session being held 6th July 2011 within SysSec workshop. • See http://www.syssec-project.eu/events/1st-syssec-workshop-program/ Other programme related activities • involvement in the Networking and coordinator cluster of the Effectplus project. • Involvement in Working groups of SysSec • Involvement in Advisory Group of NESSOS • Involvement in Trust and the Digital Life • Involvement in Future Internet Assembly In order to receive more information, Mr. Clarke gave the pointers of all the Work package leaders of BIC. WP1: James Clarke Jclarke@tssg.org WP2: Neeraj Suri suri@cs.tu-darmstadt.de WP3: Michel Riguidel michel.riguidel@telecom-paristech.fr WP4: Aljosa Pasic aljosa.pasic@atosresearch.eu or aljosa.pasic@atos.net WP1: Project Management WP2: Platform for International Collaboration and consensus building WP3: Input to the design of future research programmes WP4: Building the International Co-operation community. To view this presentation please see the following link http://www.slideshare.net/fcleary/bic-effectplus-ws .

SysSec: A European Network of Excellence in Managing Threats and Vulnerabilities in the Future Internet Speaker: Evangelos Marketos Mr Evangelos opened his session with “ what is the security challenges we face?” to mention some • Hackers disabling cars • Hackers get into power grids • Hackers get into fighter planes What are we doing about this? SysSec: 4-year NoE to consolidate Research in managing threats for the Future Internet. SysSec proposes a game-changing approach to cybersecurity: Currently Researchers are mostly reactive: they usually track cyberattackers after an attack has been launched thus, researchers are always one step behind attackers. SysSec aims to break this vicious cycle. Researchers should become more proactive: and Anticipate attacks and vulnerabilities and Predict and prepare for future threats , working on defenses before attacks materialClustering ize. Mr Marketos full presentation can be viewed http://www.slideshare.net/fcleary/syssec . 6


Networking & Coordination Session Contd.. NESSOS: Network of Excellence on Engineering Secure Future Internet Software Services and Systems Speaker: Fabio Martinelli NESSoS aims at constituting a long lasting Virtual research centre on engineering secure software-based service and systems. Aiming at reducing the vulnerabilities in Future Internet Software-based Services (FISS) and Improving the design and overall assurance level of FISS. NESSoS will Provide means for a risk/cost based SDLC for FISS and will contribute to create an active research community by reducing the existing fragmentation, and by re-addressing , integrating, harmonizing research agendas of NESSoS partners as well as spanning out of the organizations involved towards wider scientific and technological communities. NESSoS is committed to achieve very significant advances in knowledge and spread the research excellence achieved as well as roadmapping activities NESSoS will contribute to the growth of a generation of researchers and practitioners in the area by creating a common body of knowledge (CBK) directly exploitable for training and education purposes. Mr Martinelli presentation included the following main agenda items 1. 2. 3. 4. 5. 6. 7. 8. 9. 10.

Motivation and main goals Consortium expertise Integration strategy Structure of the NoE Integration Activities Research Activities Spread of Excellence Activities Management Activities Highlights Relationships with other communities

Mr Martinelli’s full presentation can be viewed http://www.slideshare.net/fcleary/nessos

TDL– Actor: Trust in digital Life Speaker : Arthur Leijtens Mr Leijtens started his presentation with an overview of the TDL ambitions and expectations. • Self sustainable inspiring TRUST community providing directions and development of knowledge and collaborative projects & frameworks for trustworthy ICT solutions. • Innovative but realistic research agenda recognized by industry, knowledge institutes, the European commission, local governments and other independent authorities . • Create possibilities for public funding for collaborative R&D and deployment projects . Clustering • Create industrial, political and legal awareness for removing barriers through an extensive demonstrations and pilots program. 7


Networking & Coordination session Contd.. Mr Leijtens then continued to detail the working of Trust in digital Life , with emphasis on Trustworthy ICT solutions, highlighting their currently active working groups and activities, commenting on the 4 main working groups they have in existence. 1. 2. 3. 4.

Use cases Technology and requirements Law and technology Business cases

Further information on these individual working groups can be viewed in the supporting TDL presentation. Mr Leijtens concluded with details of the TDL community, TDL consortium and details on TDL membership. Mr Leijtens full presentation can be viewed http://www.slideshare.net/fcleary/tdl

Clustering 8


Services and Clouds Cluster Report Services and Clouds cluster Lead

Report on the Effectsplus Cloud & Services ,Workshop on SOFTWARE ASSURANCE & TRUST.

Fabio Martinelli (CNR)

Motivation and goals The vision of the Future Internet heralds a new environment where multiple services are transparently and seamlessly mixed and exchange information, giving rise to new capabilities. This paradigm largely enriches our ability to create new applications and businesses.

Michele Bezzi (SAP)

However, it raises formidable security challenges, which have to be solved to make this vision real. In particular, these systems need new forms of software assurance that goes beyond the current view, based on static and isolated systems, and fundamentally challenge us to rethink how to address questions such as, how to: • establish and maintain trust in dynamic composite services. • define security validation technologies • provide flexible security certification schemes • perform security testing in heterogeneous service environments • automate security model checking • audit and monitor distributed software systems. Various projects in the ICT Framework Programme are currently addressing some of these questions. The Effectsplus FP7 funded Coordination & Support Action, within the activity of Services and cloud cluster, organizes a workshop, which aims to provide a forum for discussing the different approached of projects in this area. At the end of the workshop, we expect to have a better understanding of • possible areas of collaboration among projects • gaps between existing approaches • promising areas for future research The agenda of the workshop was structured in two half days. In the first one on July 4th, the projects in the cluster presented several research approaches for assurance and trust (See project abstracts in Appendix E ); while the second half day on July 5th was devoted to discussion and synchronization with the other Effectsplus workshops that run in parallel. The annotated agenda of the presentation is the following: Aniketos: Supporting trustworthy and secure composition in service and cloud environments (Per Håkon Meland, David Llewellyn-Jones, Erkuden Rios Velasco), Security SLA, Service discovery using security properties, Trust Monitoring Assert4SOA: Advanced Security Service Certificate for SOA (Ernesto Damiani): Security Certificate, Assurance for service compositions, Security testing, Service discovery using security properties Posecco: Leveraging Security Models to Automate Audits and Improve their Level of Assurance (Serena Ponta), Support mechanisms for auditing, Compliance with security reqs through auditing MASSIF: Management of Security information and events in Service Infrastructures (Pedro Soria-Rodriguez), SIEM, Trusted collection and monitoring of security-related data NESSos: A General framework for security-aware analysis of services (Fabio Martinelli): Trust Metrics, Process Composition, Optimization UTrust-IT: Usable Trust in the Internet of Things, (Peter Wolkerstorfer), Trust & HCI, Personas methodology, user-centricity

Clustering

9


Services and Clouds Cluster Report Conclusion Eventually, after the discussion phase the workshop participants were able to recap the different approaches for trust and assurance that could be further investigated together as audit, certification, SLA for security, user-centered security, trust monitoring techniques and usage policies, etc. There was an agreement to try to write a joint paper (e.g. for the FIA book) in those aspects Among the participants some follow-up with inter project meetings where identified as: • Security SLA: Nessos, Aniketos, Assert4SOA, Contrail (Here there is also the proposal for a specific W3C subcommittee on Security aspects for SLAs); • Auditing: Assert4SOA, PoSecco • User-studies: U-Trust-IT, Posecco, Aniketos Among the topics selected for further scrutiny, there was a suggestion to investigate for the next Effectsplus meeting (Bristol, 2012) the following aspects: • Secure Service Compositions during service lifetime Presentations from this cluster group and workshop can be viewed http://www.effectsplus.eu/2nd-cluster-meeting-reports-and-presentations/

Clustering 10


Systems and Networks Cluster Report S y s t e m s a n d N e t w o rk s cluster Lead

Roland Rieke - Fraunhofer SIT

The vision of the Future Internet heralds a new environment where multiple services are transparently and seamlessly mixed and exchange information, giving rise to new capabilities. This paradigm largely enriches our ability to create new applications and businesses but also enables new possibilities for threats and scales up the risks of financial and also physical impact. Various projects in the ICT Framework Programme are currently using Models of different kinds in order to assess upcoming security and privacy challenges and mitigation strategies w.r.t. their possible impact. The Effectsplus FP7 funded Coordination & Support Action, within the activity of Systems and Networks cluster, organized a workshop, with the aim to provide a forum for discussing the di_erent approaches of projects in this area. The workshop was hold during the second Effectsplus clustering event in Amsterdam(Netherlands), at July 4th-5th 2011. The title of the workshop was Models (including meta-models, ontologies,..)". Workshop On Models Roland Rieke (member of the MASSIF project) was responsible for the collection of the contributions and the agenda of the workshop. Those projects, which had indicated their interest in this collaboration area at the first Systems and Networks cluster workshop, have been invited to contribute their activities w.r.t. the following subjects: Security Incident Models providing Qualitative and Quantitative Security Measurements (base measures and derived measures to audit and monitor complex distributed systems in FI). • Models of Security and Privacy Requirements and Policies for FI. • Enterprise Architecture Models for Security Analysis. • Society Models for Social Impact Analysis. • Models of Security and Privacy issues in Cyber-Physical Systems, Smart. Grids and other Critical Infrastructures • Security by Design - Models on Resilience and Trust (e.g. use of trust anchors to provide a trusted backbone infrastructure) • Models on Security and Privacy issues in Cloud Computing •

The aim of the workshop was to identify possible areas of collaboration among projects w.r.t. concrete models which are publicly available and re-usable in related projects as well as to identify gaps between existing approaches and promising areas for future research.

Clustering 11


Systems and Networks: Workshop on Models S y s t e m s a n d N e t w o rk s cluster Lead

In order to provide the content for the following discussions, each participant of the workshop presented a topic w.r.t. the modelling work done in the respective project. Unfortunately, the given time slots of 10-15 minutes per project did not allow for a complete presentation of a projects results, so only some selected interesting aspects could be shown. The following list gives an overview of the presentations at the workshop (supporting abstracts can be viewed in Appendix F):

Roland Rieke (MASSIF): Objectives of the Effectsplus Systems and Networks Cluster Workshop on Models Igor Kotenko (MASSIF): Analytical attack modelling and security evaluation in MASSIF

Teodor Sommestad (VIKING): Enterprise Architecture Models for Security Analysis

Mats B-O Larsson (VIKING): Virtual City Simulator (ViCiSi)

Domenico Presenza (ASSERT4SOA): Ontology's in ASSERT4SOA

• Federica Paci (NESSoS, SecureChange): Managing Security and Changes throughout the whole System Engineering Process • Antonio Lioy (PoSecCo): PoSecCo models • Steffen Peter (WSAN4CIP, TAMPRES): Assessment models to Improve the Usability of Security in Wireless Sensor Networks • James Davey (VIS-SENSE): Multi-Dimensional Clustering for the Purposes of Root-Cause Analysis • Mark McLaughlin (ENDORSE): Introducing the ENDORSE Privacy Rules Definition Language • Roberto Baldoni (CoMiFin): Collaborative Security for Protection of Financial Critical Infrastructures: The Semantic Room abstraction model It was decided to contribute to the following Effectsplus supported Systems and Networks cluster activities: • Classification (overview) of areas covered by the presented models (interactively edit a table on Effectsplus web-site) • Joint paper (e.g. FIA book), or workshop: European perspective (survey) of models on security, privacy, trust • Followup Systems and Networks cluster meeting on specific aspects of multilateral project cooperation's (Feb. 2012, HP-labs, Bristol) • Participation in Cyber-Security and Privacy EU Forum CSPEF 2012 (Berlin 24.-25.4.) with Demonstrations and Tutorials The main result of this workshop however was the elicitation of common interests between the projects and the initiation of concrete plans for multilateral collaborations as shown in Table 1.

Clustering 12


Systems and networks: Workshop on Models S y s t e m s a n d N e t w o rk s cluster Lead

Table 1: Multilateral collaborations within Effectsplus “Systems and Networks cluster� Jesus Villasante the head of the Trust and Security Unit in the EU Directorate General Information Society and Media (DG Infso) participated in the meeting. He confirmed that his unit will fully support these clustering activities. Presentations from this cluster group and workshop can be viewed http://www.effectsplus.eu/2nd-cluster-meeting-reports-and-presentations/

Clustering 13


Special Interest Groups : Policy and Monitoring Special Interest Groups

Nick Papanikolaou (HP)

During the effectsplus clustering event , two special interest groups were proposed to be formed, based on topics and level of interest shown , by project participants. The aim of these special interest groups is to continue collaboration and work on identified topics coming from the cluster groups with a view to successfully participating and proposing collaborations, joint papers and events. The following details the initial focus of the two special interest groups and the main contacts for each. Effectsplus Special Interest Group on Policies - led by Nick Papanikolaou (nick.papanikolaou@hp.com ) Projects in this group so far: ANIKETOS, ENDORSE, POSECCO, MASSIF, COMIFIN,TAS3,SecureChains Topics on which projects can collaborate: • • • • • • • • • • •

Roberto Baldoni

Theoretical topics Languages, formalisms Validation, verification Interoperability Frameworks Policy refinement Conflict resolution Applications/Practical aspects Decision support Automatic Run-time Configuration of Policies for mitigation of attacks Privacy Policies

Effectsplus Special Interest Group on Monitoring - led By Roberto Baldoni (baldoni@dis.uniroma1.it) Projects in this group so far: VIS-SENSE, MASSIF, COMIFIN, SYSSEC, WSAN4CIP, ANIKETOS,DEMONS,TWISNET Topics on which projects can collaborate: • • • • •

Event-based architecture Pattern detection Performance Privacy-preserving computation Applications - event-based platforms, intrusion detection

For more information on these Special interest groups, please contact the group leaders above.

Clustering 14


Trust and Security Research Roadmap Session.

Nick Wainwright (HP) Hewlett Packard Ltd

A follow up roadmapping session took place on the 5th July . Here Mr Papanikolaou presented the key themes identified in the first draft of the Trust and Security Research Roadmap, namely, the report titled "Trust and Security in the Future Internet: Setting the Context", which was created after the 1st Technical Cluster Meeting (29-30 March 2011). The report identified challenges and potential solutions, societal shifts and changes of relevance, and a vision for the future of the field. The content of the report was produced after processing discussion points and project contributions made at EFFECTSPLUS meetings. Some key discussion points included the following: •

• • •

Changes for end-users: users' attitudes are changing constantly; users' physical and digital lives are connecting seamlessly; users are controlling and regularly using more devices; users are demanding the ability to personalise products and services. Vision for end-users: users will have more privacy online; users will have a better understanding of security and privacy risks. Challenges for end-users: enabling users to better understand and control security; handling digital identities; dealing with privacy issues. Some solutions for end-users: development of universally acceptable digital identifiers; education of citizens.

We are planning to circulate improved versions of the report "Trust and Security in the Future Internet: Setting the Context" and use it as the basis for the Trust and Security Research Roadmap. A summary of the report will be produced in time for the forthcoming Future Internet Assembly in Poznan. At FIA Poznan there will be a session dedicated to the FIA Research Roadmap and we will draw attention to the trust and security aspects, soliciting additional comments and input to be provided in electronic form by participants after the conference. Presentation slides from this session can be viewed http://www.effectsplus.eu/2nd-cluster-meeting-reports-and-presentations/ .

Clustering 15


Trust and Security Roadmapping Session (Effectsplus Clustering Meetings, Brussels, 4-5 July 2011) Summary of Remarks Made by Jesús Villasante (EC) Jesus Villasante European Commission Head of Trust & security Unit F5

Jesús Villasante actively participated in the roadmapping presentation session and commented on the overall importance of the roadmapping activity. The roadmap should contain content that is compelling and novel, in particular, going further than most existing prior roadmaps. Although we will necessarily include some technical content and commentary, there is a need to balance technical material with a discussion of higher level issues and how research in the trust and security space can be aligned with the Commission’s strategic objectives. Other remarks made by Mr Villasante which are relevant to the roadmapping activity include the following. There are numerous forward-looking policy documents already in circulation, including cybersecurity strategy papers from many geographical areas, which address the same areas we are currently addressing in the Trust and Security Research Roadmap; by comparison, our roadmap needs to cover these areas in more technical detail. For instance, while ‘privacy by design’ is a notion frequently mentioned in other roadmaps, we should explain it carefully and give an indication of how it can be implemented in practical terms. Jesús Villasante stressed it is explanations that are useful to policymakers, who need to understand not only the ‘what’, but the ‘why’ and ‘how’ of key technologies. We should not underestimate the level of understanding of the policy makers in the more technological topics. In September 2011, roadmaps will be delivered from various projects (including Effectsplus, NESSOS, TDL, and others). The September 2011 deadline is crucial, as it ensures that the documents will be available in time for debates around future funding programmes, and, in particular, in time to shape Framework Programme 8. In closing, Mr Villasante reiterated that this roadmap should go further and deeper than similar efforts so far, he suggested that future roadmapping discussions should attempt to produce a coherent vision of the future, especially for the next 10-20 years.

Clustering 16


Innovation Potentials and gaps for FP7 Trust and Security Projects Speaker : Bruno Crispo ( University Trento) Bruno Crispo (UNITN)

Mr Crispo commenced his presentation with an overview of the target of the Analysis. Here the focus was mainly on Call 1 research projects that have been completed and finalised to analyse and identify actual outcomes and impacts from the research activities that can possibly link to the digital agenda or have potential for follow up activities in the next call or within the market place. Mr Crispo described the methodology used to complete such an analysis this involved, examination of publishable summaries, interviews with project coordinators, analysis of deliverables identified by project/technical coordinators and a top down analysis of the digital agenda. The presentation then continued with an overview of the preliminary findings coming from the analysis to date covering Direct V’s indirect target Industries, Direct Industries, Indirect target Industry ,Innovation Issues, potential contribution to digital agenda, Gaps bridging measures. For more details on these topics, please refer to the accompanying slideset. Mr Crispo closed his presentation session with a summary of the analysis work in progress • • •

Research Results potential for EU-wide policy area Extracted 2-3 results from each project still need systematization Bottom-up analysis of Digital Agenda by project coordinators Partial feedback to be systematized Review by interested parties If you would like to contribute Mail to comper@disi.unitn.it

Supporting slideset for this presentation can be viewed http://www.effectsplus.eu/files/2011/08/Innovation-Potentials_Gaps_FP7.pdf

Clustering 17


Effectsplus 2012 Wider Collaboration event Cyber-Security and Privacy EU Forum—CSPEF 2012 Effectsplus on behalf of Unit F5 Trust and Security , is organising a wider collaboration/trust and Security Forum event in 2012. (cyber-Security and Privacy EU Forum—CSPEF 2012) . This is planned to take place in Berlin on 24th and 25th April 2012. the target audience of this event will be industry/ academia/agencies/ external trust and security initiatives. This event will have two main objectives Objective 1 : Impact and alignment Objective 2 : Efficiency and Effectiveness (working well as a community) Day 1 will focus on – objective 1 : The impact of trust and security technology in the real world – the links between R&D results and policy, societal challenges… It is planned to incorporate the following aspects during day 1 of the event programme. •

Selected keynote speakers

Panel discussions ( mix of industry/academic experts)

Tutorial workshops

Security research demonstrators (showcase concrete results of as many successful projects )

Day 2 will focus on - Clustering, structuring of research efforts for better results and for facilitating innovation. Focusing on •

Cross –topical workshops

Research project specific workshops

Planning is underway with a dedicated organising committee, in the coming months a call for contributions will be available and will be widely disseminated to all the main key players in the security space. More information will be disseminated to the Effectsplus email lists and also to the uploaded to the Effectsplus website, once available, stating upcoming Calls and submission deadlines. Supporting slideset can be viewed http://www.effectsplus.eu/files/2011/08/CSPEF-2012_planning.pdf

Clustering 18


Head Of Unit F5 Jesus Villasante: Closing Speech Jesus Villasante

During the Effectsplus wrap up session on July 5th 2011, Mr Jesús Villasante, closed the Effectsplus cluster event with the following main comments.

European Commission Head of Trust & security Unit F5

Mr Villasante was impressed by the practical approach that Effectsplus has taken with its clustering activities. He commented that there is a very friendly atmosphere amongst the attendees and fruitful participation during the event cluster working group sessions. Mr Villasante had the following four main points to address in his closing comments. Collaboration: He stated that currently collaboration is progressing very well, with clear identification of common topics and interests amongst the participating research projects and attendees, and he would encourage such positive interactions to continue and expand as necessary in the future. Impact – Mr Villasante commented that we need to identify the outcomes of the call 1 projects following their completion and have to work to show how their valuable research and outcomes van be made more visible . It is not always easy to show clear outcomes following the finalisation of a project. Sometimes they are instruments to enable further follow on research avenues. But we need to continue to work to improve the outcome and impact from our research activities, this is an important aspect that we need to focus on in the future .

Visibility - Effectsplus planned “Cyber-Security and Privacy EU Forum CSPEF 2012” conference in April 2012 is an excellent opportunity. Mr Villasante commented that everyone's needs to actively think about how it can be a success for your project and your customers, ensuring that the right people from the right areas will be in attendance. This conference will be a milestone for all security research projects, and something that we can build upon in future years to come. The EC will fully support Effectsplus for this event. The CSPEF 2012 event will be timely as discussions on FP8 will be coming to an end at that time for H2020 and it will be an occasion around this date in 2012 to contact the national delegates to reinforce the message that trust and security is a key issue and we need to put more emphasis on it. For the future – Regarding the future, Mr Villasante remarked on Call 8 . In Call 8 – 80M euros will be invested from the European Commission. It is a key opportunity to redirect what we are going to do in the next 5 years. It is important to structure proposals to highlight main areas to explore. If potential proposes can have discussions prior to the call that would reduce the fragmentation of the proposals, and that would be deemed to be very useful. Activities Effectsplus are doing here is instrumental here in doing this. We should have a structure around this activity. Mr Villasante concluded, with his continued support towards the Effectsplus collaboration activities, encouraging projects to continue and increase their level of activity here. To wrap up the session Mr Villasante openly asked participants What other support they require from EC Unit F5? Can we (EC) do more? He welcomed suggestions and feedback .

Clustering 19


FIA related activities : Trust and security

FIA Book : Planning for the next FIA Book has commenced with the organising committee. You can expect call for contributions in the coming months.

FIA newsletter If any trust and security research projects have 1.

News items

2.

Dissemination of upcoming events

3.

Reports for Dissemination

Please consider writing a short paragraph and submitting to the FIA newsletter. Next FIA newsletter is planned for September 2011, calls for submission end of August. Cluster event wrap up slide set can be viewed http://www.effectsplus.eu/files/2011/08/next-meeting-_wrap-up.pdf

Contact : fcleary@tssg.org and we will include such items for dissemination.

Clustering 20


Effectsplus Future Events

Effectsplus Next clustering Event will take place at HP, premises in Bristol, UK in February 2012. Further details will be available on the Effectsplus website in the coming months.

Cyber-Security and Privacy EU Forum—CSPEF 2012 , will take place in Berlin, 24th & 25th April 2012, more details will be available in the coming month on the Effectsplus website www.effectsplus.eu

F o r m o r e i n f o rm a t i o n Please see Effectsplus Website http://www.effectsplus.eu/

For further details please contact Effectsplus coordinator Frances Cleary Waterford institute Of technology—TSSG (fcleary@tssg.org)

Clustering 21


APPENDIX A Agenda Monday , July 4th , 2011

Tuesday, July 5th , 2011

Clustering 22


Appendix B: Registered Attendees Attendee Name Cleary, Frances

effectsplus coordinator

Jefferies, Nigel

Effects+

Project/ Other

Damiani, Ernesto

UNIMI

McLaughlin, Mark

ENDORSE

Kotenko, Igor

Massif

Vinagre, Isabel

Effectsplus

Howker, Keith

Effectsplus

Rieke, Roland

MASSIF

Soria-Rodriguez, Pedro

MASSIF

Larsson, Mats B-O

VIKING

Papanikolaou, Nick

Effectsplus

Presenza, Domenico

ASSERT4SOA

Peter, Steffen

WSAN4CIP,Tampres

Surridge, Mike

SERSCIS

Leijtens, Arthur

Actor ~ TDL

Sommestad, Teodor

VIKING - EA models and analysis

Plate, Henrik

Posecco

Casalino, Matteo

PoSecCo

Lioy, Antonio

POSECCO / TCLOUDS / WEBINOS

Olivier, BETTAN

PoSecCo

baldoni, roberto

comifin

Olkkonen, Kaisa

Nokia

Davey, James

Fraunhofer

Villasante, Jesus

European Commission

Markatos, Evangelos

SysSec

Howker, Keith

effectsplus

Alan Yeung Llewellyn-Jones, David

Aniketos

Dlamini, Bheki

internet networking

Ludwig, Mike

TwisNet

Ponta, Serena

PoSecCo

Paci, Federica

Secure Change

Wolkerstorfer, Peter

uTRUSTit

Gran, Glenn

GINI-SA

Meland, Per H책kon

Aniketos

Wainwright, Nick

Effectsplus

Bezzi, Michele

Effects+

Levitt, Karl

-

Mallery, John

-

Badii, Atta

MOSIPS

Martinelli, Fabio

NeSSos

Shiu, Simon

HP

Tiemann, Marco

HYDRA Middleware

Clustering 23


Appendix C: Cluster Participants Services & Cloud Cluster Participants Name

Organisation

Isabel Vinagre Peter Wolkerstorfer

ATOS CURE

Nick Papanikolaou

HP

Michele Bezzi

SAP

Serema Ponta

SAP

Henrik plate

SAP

Masco Tiemann

Uk Reading

Kaisa Olkkonen Crispo Bruno

NOKIA UNITN

Fabio Martinelli

CNR

Per Hakon Meland Pedro soria Rodriguez

SINTEF ATOS

Glenn Gran

IKED

Ernesto Damiani

UNIMI

Frances cleary

WIT-TSSG

Systems and Networks Cluster Participants Name

Organisation

Keith howker

WIT-TSSG

Roberto baldoni

UniRomai

Olivier bettan

Thales

Mike Surridge

IT Innovation

Domenico Presenza

Engineering IT

James Davey

Fraunhofer IGD

Matteo Casalino

SAP

Federica Paci

UNITN

Antonio Lioy Teodor sommestad

Polito KTH

Mats B-O larsson

MML AB

Evangelos marketos

Forth

David Lewellyn-Jones

LJmn

Steffen Peter

IHP

Mark Mc loughlin

WIT-TSSG

Nigel Jefferies

Huawei

Roland Reike

Fraunhofer SIT

Clustering 24


APPENDIX D Cluster Communication

Dedicated email lists and LinkedIn Groups have been setup to support the activities of the defined clusters. Services and clouds cluster Subscription to this cluster email list via the following link http://listserv.tssg.org/mailman/listinfo/ts-services_cloud Cluster LinkedIn Group: http://www.linkedin.com/e/rdhgt3-gk6q5r9l-3e/vgh/3788378/ Systems and networks cluster Subscription to this cluster email list via the following link : http://listserv.tssg.org/mailman/listinfo/ts-systems_networks Cluster LinkedIn Group: http://www.linkedin.com/e/rdhgt3-gk6qqejg-16/vgh/3788408/ Networking and coordination cluster Subscription to this cluster email list via the following link : http://listserv.tssg.org/mailman/listinfo/ts-networking_coordination Cluster LinkedIn Group: http://www.linkedin.com/e/rdhgt3-gk6qxudg-3h/vgh/3788418/

Clustering 25


APPENDIX E : Cloud & Services Workshop on Software Assurance & Trust Aniketos: Supporting trustworthy and secure composition in service and cloud environments Per Håkon Meland, David Llewellyn-Jones, Erkuden Rios Velasco

For some time the trend in provision of functionality in networked environments has been towards the use of services that offer self-contained capabilities, but which can be composed in various ways in order to provide richer services to end users. Moving from today’s static compositions, we will in the Future Internet see a more dynamic mix and match of cloud and non-cloud services depending on service availability, quality, price, trustworthiness and security features. Neelie Kroes, Vice-President of the European Commission and responsible for the Digital Agenda, recently stated that2“We want to extend our research support and focus on critical issues such as security and availability of cloud services.” The main objective of Aniketos is to help establish and maintain trustworthiness and secure behaviour in a dynamically changing environment of composite services. In order to achieve this objective, a multi-disciplinary effort involving research and industrial partners is currently tackling the following challenges. Trust in the Internet of services: There must be some acceptable trust relationship between the different actors in a composite service. Aniketos will offer a way of expressing different aspects of trustworthiness and provide design-time and runtime modules for evaluating and monitoring the trust level between service stakeholders. Secure service composition at design-time and runtime: Trust alone does not guarantee a secure service, service components are bound to change and absolute security is an impossible goal. To achieve an open and secure service ecosystem in the Future Internet, we need to assure all parties about expected behavior and usage terms. A Service Level Agreement (SLA) is a common way to specify the conditions under which a service is to be delivered, but unfortunately, security is not provided or used as a contract term in existing SLAs. Aniketos is developing security SLAs that make it possible to create and monitor composite services where strong trust relationships do not exist beforehand. Threat detection and response: According to the FORWARD3initiative by the European Commission: “identifying the adversarial model and anticipating emerging threats is the first step that is necessary to build a secure, future Internet”. Service providers will have to deal with a fluctuating threat picture; the users will be in changing operating conditions, new attack methods will emerge, and the services themselves may contain vulnerabilities that result in information leakage or open back-doors. To be prepared for the future, Aniketos is investigating threats to composite services in order to understand their nature and how to deal with them. Societal acceptance and effective security: Trust and security are not only technical matters, but depend heavily on the human factors in order to be effective in everyday use. Though a composite service might be complex, the service end user should have an easy and understandable way of relying on its trustworthiness. Aniketos will contribute to a user-centred view on service trust and security by investigating user acceptance and their practical usability through case studies for future European services.

Clustering 26


uTrust-It: Usable Trust in the Internet of Things Peter Wolkerstorfer, wolkerstorfer@cure.at, CURE We present uTRUSTit, a 3-year project funded by the EC. Built around 3 main scenarios (smart home, smart office, e-voting) the aim of uTRUSTit is to close the loop of trust between the technological and psychological layers in the IoT. To achieve this objective uTRUSTit will provide a “trust feedback toolkit”. The toolkit aims at enhancing user trust perception. Usable trust – as defined in the project – is the basis for users to decide if they want to use a certain IoT technology or not, hence it is about technology acceptance (If users don’t trust a certain technology they will reject to use it). In uTRUSTit we use a user-centric procedural approach based on the user-centric design process defined in ISO/TR 16982:2002: Usability methods supporting human-centred design to create human-centric trustworthy solutions for the internet of things (IoT). The presentation focuses on human-computer interaction (HCI) work in the project and presents two results: on the one hand we show which Personas we created for the project to support user-centric development. Personas are a nearly none-intrusive method to raise empathy for the users of technological artefacts during the development to ensure usable outcome. On the other hand we explain how we extended the requirements engineering process with focus groups to include the „usable trust“ elements on a methodological basis. We conclude with an outlook to the challenges we expect. The three main HCI challenges we see are: reduction of complexity in interaction mechanisms and processes, research in trust, and research in the underlying cognitive-psychological mechanisms – the research on mental models.

Posecco: “Leveraging Security Models to Automate Audits and Improve their Level of Assurance” (Serena Ponta) Audits allow gaining assurance about the existence and effectiveness of controls to meet certain objectives, e.g., security objectives motivated by an organization’s business risks or legal environment. Though auditing standards and frameworks such as SAS70 and COBIT provide guidelines for performing auditing activities in a standard and repeatable way, the process of collecting and evaluating information about the auditee’s business, systems, and risks is still a mostly manual activity, thus subject to individual discretion. Complementary to these high-level, risk-driven audit standards, the Security Content Automation Protocol (SCAP) is a suite of specifications to cope with the need for security automation on the lower, technical level. Besides well-known standards for vulnerability enumeration and measurement (CVE, CVSS), SCAP also includes specifications which allow to (i) automate checks for known vulnerabilities, (ii) automate the verification of security configuration settings, and (iii) generate reports that link low-level settings to high-level requirements. The PoSecCo project aims at establishing and maintaining a traceable link between high-level, business-driven security and compliance requirements and low-level technical configuration settings of individual services through landscape-aware security models. A natural question is how the SCAP emerging standards together with the knowledge about the landscape and its security requirements can be used to improve the effectiveness and efficiency of the current auditing practices. In this talk we illustrate how SCAP standards together with comprehensive security models can support different phases of an audit process by (i) facilitating the information retrieval by auditees and auditors to build an audit program and (ii) increasing efficiency and/or assurance of activities performed during the execution of that audit program. Clustering

27


Assert4SOA: Advanced Security Service Certificate for SOA (Ernesto Damiani) You live in a certified house, you drive a certified car, why would you use an uncertified service? The term "certification" has several different meanings in ICT. Software practitioners can earn a certificate for expertise in a certain hardware or software technology. The maturity of crucial IT processes, such as software development, can be and is often certified. Even individual software systems can be certified as having particular non-functional properties, including safety, security or privacy. However, the latter type of certification (e.g. Common Criteria) has had only a limited use to this day. Current trends in the IT industry suggest that software systems in the future will be very different from their counterparts today, due to greater adoption of Service-Oriented Architectures (SOAs) and the wider spread of the deployment of Software-as-a-Service (SaaS). These trends point to large-scale, heterogeneous ICT infrastructures hosting applications that are dynamically built from loosely-coupled, well-separated services, where key non-functional properties like security, privacy, and reliability will be of increased and critical importance. In such scenarios, certifying software properties will be crucial. Current certification schemes, however, are either insufficient in addressing the needs of such scenarios or not applicable at all and thus, they cannot be used to support and automate run-time security assessment. As a result, today’s certification schemes simply do not provide, from an end-user perspective, a reliable way to assess the trustworthiness of a composite applications in the context where (and at the time when) it will be actually executed. ASSERT4SOA will fill this gap by producing novel techniques and tools – fully integrated within the SOA lifecycle – for expressing, assessing and certifying security properties for complex service-oriented applications, composed of distributed software services that may dynamically be selected, assembled and replaced, and running within complex and continuously evolving software ecosystems

NESSoS : “A General Method for Assessment of Security in Complex Services” (Fabio Martinelli) Abstract: NESSoS is a project devoted to perform research activities on engineering secure and trustworthy Future Internet Services. The ares of interest is very broad. In the workshop, we present a paper with focus on the assessment of the security of business processes. We assume that a business process is composed from abstract services, each has several concrete instantiations. Essential peculiarity of our method is that we express security metrics used for the evaluation of security properties as semirings. First, we consider primitive decomposition of the business process into a weighted graph which describes possible implementations of the business process. Second, we evaluate the security using semiring-based methods for graph analysis. Finally, we exploit semirings to describe mapping between security metrics which is useful when different metrics are used for the evaluation of security properties of services.

Clustering 28


APPENDIX F : Systems and Networks Workshop on models Objectives of the Systems & Networks Cluster Workshop on Models Presentation: Roland Rieke, pro ject EFFECTS+/MASSIF The vision of the Future Internet, where multiple services are transpar- ently and seamlessly mixed, already created a paradigm which promises to largely enrich our ability to create new applications and businesses within this new environment. But this paradigm also enables new possibilities for threats and scales up the risks of financial and also physical impact. In many cases, the information itself will be the essential product which deserves to be protected, in the Internet of Things however, real and virtual cyberphysical resources deserve our attention. Various projects in the ICT Framework Programme are currently using “Models� of different kinds in order to assess upcoming security and privacy challenges as well as mitigation strategies w.r.t. their possible impact. The Effectsplus FP7 funded Coordination & Support Action, within the activity of Systems and Networks cluster, organises this workshop, which aims to provide a forum for discussing the different approaches of projects in this area. At the end of the workshop, we expect to have a better understanding of possible areas of collaboration among projects. Specifically, we are interested to find out, which concrete models are publicly available and re-usable in related projects, the gaps between existing approaches and promising areas for future research.

Clustering 29


Analytical attack modeling and security evaluation in MASSIF Presentation: Igor Kotenko, pro ject MASSIF The talk suggests the common approach, architecture and main models for analytical attack modeling and security evaluation investigated in the EU FP7 MASSIF Project. The approach is based on processing current alerts, modeling of malefactor’s behavior, generating possible attack subgraphs, cal- culating different security metrics and providing comprehensive risk analysis procedures. Key elements of suggested architectural solutions for attack modeling and security evaluation are using security repository (including system con- figuration, malefactor models, vulnerabilities, attacks, scores, countermea- sures, etc.), effective attack tree generation techniques, taking into account as known as well as new attacks based on zero-day vulnerabilities, stochastic analytical modeling, combined use of attack graphs and service dependency graphs, calculation metrics of attack and security countermeasures (including attack impact, response efficiency, response collateral damages, attack po- tentiality, attacker skill level, etc.), interactive decision support to select the solutions on security measures/tools by defining their preferences regarding different types of requirements (risks, costs, benefits) and setting trade-offs between several high-level security objectives. This talk considers shortly the analysis of state-of-the-art in attack mod- eling, main functional requirements and essence of the approach to analytical attack modeling, main models as well as generalized architecture of Attack Modeling and Security Evaluation Component (AMSEC) suggested to be developed and implemented in MASSIF project.

Clustering 30


Enterprise Architecture Models for Security Analysis Presentation: Teodor Sommestad, pro ject VIKING Enterprise architecture is an approach to management of information systems, including control systems, that relies on models of the systems and their environment. This section briefly outlines the structure of the work carried out by the VIKING project on the topic of cyber security analysis and modeling. It combines attack- and defense graphs with Bayesian statistics and enterprise architecture modeling. Attack graphs are a notation used to depict ways that a system can be attacked. It shows the attack steps involved in attacks (nodes) and the dependencies that exists between them (arcs). Defense graphs extend this notation by including security measures in the graph to represent the attack steps they influence. Both of these notations can be used to create mod- els over systems and to assess the system’s security, e.g. by assessing if a particular attack is possible, given that the graph is parameterized. The VIKING project has produced a tool where defense graphs are pro- duced programmatically from a model of an information system or control system and its environment. A user of this tool produces architectural draw- ings of their enterprise (e.g. including network zones, machines, services, security processes executed) and the based on this the tool generates a de- fense graph that represent this specific enterprise’s situation. Based on logical relationships and quantitative data collected from literature and domain ex- perts the user can also calculate approximate values for the probability that an attempted attacks would succeed against the system. The workshop in Amsterdam will present the work done in VIKING on Enterprise Architecture Modeling and how we believe the research work can extended to practical tools to evaluate existing and new control system for security and to do ”what-if” studies on different control system configura- tions.

Clustering 31


Virtual City Simulator (ViCiSi) Presentation: Mats B-O Larsson, pro ject VIKING One of the main objectives of the Viking project is to assess the cost to the society coming from power outages. In order to do this a virtual society simulator has been developed. The virtual society is created by the Viking City Simulator, ViCiSi. In short ViCiSi is creating a virtual society, with all necessary functions, and it is based on parameters from the EU database Eurostat. ViCiSi can be parameterized to any country in EU country plus Switzerland and Norway. In summary ViCiSi is: • A virtual society with all necessary infra-structure built on blocks, apartments, streets, etc. • With companies, public and private service operations producing wel- fare • With people living in the city consuming welfare. • Includes a distribution electrical grid with all common voltage levels to give realistic load curves • Calculates the activity in the society at all moments, in terms of Busi- ness Activity • Calculates cost for power outages as lost GDP • Can scale to all EU countries In the workshop in Amsterdam we will present the ViCiSi. We will show how it is designed, how it can used to calculate societal costs at power out- ages, how we present the results and how ViCiSi will be integrated into the VIKING Test bed.

Clustering 32


BlockMon: a framework for Distributed Network Monitoring and Real-Time Data Intensive Analysis Presentation: S. Rao, pro ject DEMONS DEMONS project will address the ‘decentralised, cooperative and privacy preserving monitoring for trustworthiness’. The monitoring scenario of the system architecture targets both intra-domain and inter-domain aspects. Intra-domain monitoring, primary requirements here being scalability, resilience and innetwork distribution of monitoring tasks; performance effec- tiveness in terms of detection and mitigation reaction time; and authorized and controlled access to monitoring data in accordance to domain-specific operational workflow processes and policies; Inter-domain monitoring, core requirement here being the tight con- trol of interdomain cooperation in terms of which monitoring data is ex- changed and under which conditions, which protocols should be used for guaranteeing inter-domain interoperability, and how to exploit and support advanced cryptographic data protection technologies for improving inter- domain cooperation ability and permitting secure joint analysis and com- putation over monitoring information provided by the multiple involved do- mains. The presentation will address the BlockMon Monitoring Overlay (BMO) monitoring infrastructure chosen as the basis of the DEMONS’ Measurement Layer and Coordination Layer for what concerns the intra-domain monitoring scenario. The internet Exchange Point (IXP) will coordinate across inter- domains.

Clustering 33


Ontologies in ASSERT4SOA Presentation: Domenico Presenza, pro ject ASSERT4SOA The presentation intend to deal with the use of ontologies in the context of the ASSERT4SOA Project. ASSERT4SOA Project aims to produce novel techniques and tools for expressing, assessing and certifying security properties for service-oriented applications, composed of distributed software services that may dynami- cally be selected, assembled and replaced, and running within complex and continuously evolving software ecosystems. ASSERT4SOA Advanced Security Certificates (a.k.a. ASSERTs) are ma- chine readable documents stating that a given Web Service has a given Se- curity Property. An ASSERT also contains a model of the service and a �proof� that can be used by the requesters of that Web Service to re-check the asserted Security Property. Based on the type of provided proof, three different types of ASSERT will be considered: evidence-based ASSERT (a.k.a. ASSERT- E), ontology-based ASSERT (a.k.a. ASSERT-O) and model-based ASSERT (a.k.a. ASSERT-M) The use of OWL-DL Ontologies within ASSERT4SOA is twofold: (1) to investigate the use of an ontology-based approach to describe security properties of services (2) to enable the interoperability and comparison of the other kinds of ASSERTs. The envisaged ASSERT4SOA Ontology will contain the description of both general concepts and ASSERT specific ones. The instances of all types of ASSERTs will refer the terms defined in the ASSERT4SOA Ontology. Within the ASSERT4SOA Ontology concepts are represented as OWL- DL classes thus allowing to express decision problems about ASSERTS (e.g. mapping between different kind of ASSERTs) as Description Logic inference problems (e.g. Class Expression Subsumption).

Clustering 34


Managing Security and Changes at Model Level throughout the whole System Engineering Process Presentation: Federica Paci, pro ject NESSoS/SecureChange Security engineering is not a goal per see. Security applies to a system or software, whether large IT or embedded system, which must itself be engineered. Security engineering must therefore comply with the constraints and pace of the mainstream system / software engineering processes, methods and tools. Assuming a model driven approach to the mainstream system / software engineering, we explain how to support evolution while maintaining security at all levels of the system / software development process, from requirements engineering down to deployment and configuration. A system / software lifecycle typically has seven phases: (i) specification, (ii) design, (iii) realisation or acquisition, (iv) integration and verification, (v) validation and deployment, (vi) operation and maintenance, and (vii) disposal. In some cases, a system / software may occupy several of these phases at the same time. Security engineering can be conducted regardless of the system / software lifecycle phase; however the pursued goals may significantly differ (see Figure 1). During the specification phase, the main goal of security engineering is to influence the definition of the system / software requirements, and thus gain early assurance that the proposed architectural solution is sound with respect to security concerns. This step encompasses customer security need elicitation and early risk assessment. This early approach contrasts sharply with current-day practices in which risks are only analysed when require- ments have been elicited, and sometimes even later, when the main system design is frozen or developed. With standard approaches: (i) safeguards may be very expensive to implement; (ii) some elicited requirements may reveal themselves as too risky to be fulfilled; (iii) some requirements may be error-prone; (iv) locally designed safeguards to cope after hand with risky requirements may obstruct the fulfilment of other requirements.

Clustering 35


PoSecCo Models Presentation: Antonio Lioy, pro ject PoSecCo PoSecCo aims at addressing some of the main service provider challenges for the viability of Future Internet (FI) applications, that will see dynamic compositions of services providing a broad diversity of functions, starting with business functionality down to infrastructure services. In fact, in a FI scenario, service providers will need to achieve, maintain and prove compli- ance with security requirements stemming from internal needs, third-party demands and international regulations, and to cost-efficiently manage poli- cies and security configuration in operating conditions. PoSecCo overcomes this by establishing a traceable and sustainable link between high-level requirements and low-level configuration settings through decision support systems. To achieve this goal a consistent effort is being put into system and network modelling, whose main purpose is to create a set of meta-models and a security ontology that will be presented at the Network and System Workshop. First of all, reaching the PoSecCo objectives requires the modelling of FI services, a challenge that PoSecCo is addressing through a refinement loop between the Service Provider partners, providing the requirements ensuring the practical usage, and academia ensuring the self- coherence, extensibility and the possibility to be formally used. The result is the functional system meta-model, including a business and an IT layer. Moreover, since services will be actually implemented on existing (physical or virtual) networked systems, the functional system meta-model includes an infrastructural layer that refers to a landscape meta-model. Also the policy is represented at three different layers of abstraction, the business, the IT and the landscape configuration layers, therefore the design of three policy metamodels is in progress. The PoSecCo security ontology is being developed to vertically connect all the abstraction layers and horizontally connecting each abstraction layer with the corresponding policy-meta model, and to enrich the knowledge of the systems using the expressive power that ontologies can guarantee.

Clustering 36


Assessment models to Improve the Usability of Security in Wireless Sensor Networks Presentation: Peter Steffen, pro ject WSAN4CIP/TAMPRES Wireless Sensor Networks play a major role in the Future Internet. They deliver data that may influence important decisions in further process steps. To improve the security and reliability as they are required for such networks, many protocols, algorithms, and services have been proposed in recent years. The complexity of the approaches is often significantly and the trade-offs are hardly understood by even by experts. This is a particular issue in projects such as WSAN4CIP (wireless sensor networks for critical infrastruc- ture protection) where eventually domain experts apply networks in critical environments. As solution we propose a model-based approach that maps requirements and system properties on exchangeable security models, expressed in a flexi- ble meta-model-language. The initial requirements are understood by users, and the system properties are assessed based on properties of the individ- ual components, which can be stored in preconfigured repositories. The exchangeable security models allow to focus on specific security aspects such as vulnerabilities, attacks, or resistances. As example the models shall evaluate the effects of tamper resistant sensor nodes, as they are investigated in the TAMPRES project. Naturally, the existence or nonexistence of such tamper resistance in the network alters the security properties of the entire network and its application significantly. This has to be respected by the models. The model approach as well as the implications for the projects WSAN4CIP and TAMPRES are addressed in the presentation.

Clustering 37


Multi-Dimensional Clustering for the Purposes of Root-Cause Analysis Presentation: James Davey, pro ject VIS-SENSE One of the goals of the VIS-SENSE project is to generate an overview of the malware and spam landscapes in the Internet. A major part of this process is root-cause analysis, which is the search for and identification of coordinated criminal campaigns. Through a better understanding of how these campaigns evolve over time, security experts should be able to improve the protection of their networks. When analysing the behaviour of spam or malware, a very large number of alerts are collected every day. What constitutes an alert is defined by the data collection infrastructure used to collect information for the purposes of analyses. The alerts are the starting point for our root-cause analysis. The next phase in the analysis process involves the generation of events, based on the alerts. These events are essentially groups of alerts, together with some additional annotations. The groups and annotations are derived with the help of rule-based or experience-based models. Events are the first level of aggregation in the root-cause analysis. While this aggregation does increase understanding of the threat landscape, it is not condensed enough to provide an overview. To attain an overview, a further aggregation step is undertaken. In this step, each feature of the events is first considered individually. Based on the data type of the feature, similarity measures are chosen and, if necessary, parameterised. The feature-based similarities can be used to cluster events on a feature-byfeature basis. These clusters provide clues for the specification of a multi-dimensional similarity measure. With the help of this measure, multi-dimensional clustering is possible. Visualizing the results of multi-dimensional clustering reveals a much more insightful overview of the original malware and spam alerts. Many models exist for the feature-by-feature as well as for the multi- dimensional similarity measures. The choice of models and their param- eterization has direct implications for the results of the multi-dimensional clustering step. An overview of these models will be presented, as well as a description of techniques for the support of iterative visualisation and ad- justment of parameters. Through the targeted use of visualization in the analysis process VIS-SENSE will assist the analyst in the generation of use- ful overviews of the threat landscape.

Clustering 38


Introducing the ENDORSE Privacy Rules Definition Language Presentation: Mark McLaughlin, pro ject ENDORSE One of the core outputs of the ENDORSE project will be a Privacy Rules Definition Language (PRDL). This language will allow organisations to cod- ify their data protection and privacy operating policies regarding sensitive user data. PRDL will be used for internal compliance and transparency with regard to external parties. The ENDORSE system will use PRDL rules to ensure that personal data are processed legally and appropriately within the organisation in terms of access control and meeting obligations for data handling over the lifetime of the data. ENDORSE is taking a model driven architecture (MDA) approach to building the ENDORSE platform. As such, the definition of PRDL is also crucial for generating many of the platform software components. An early draft of the PRDL metamodel will be pre- sented.

Collaborative Security for Protection of Financial Critical Infrastructures: The Semantic Room abstraction model Presentation: Roberto Baldoni, pro ject CoMiFin The growing adoption of Internet in the financial ecosystem has exposed financial institutions to a variety of security related risks, such as increas- ingly sophisticated cyber attacks aiming at capturing high value and sensitive information, or disrupting service operation for various purposes. To date, single financial institutions have faced individually these attacks using tools that re-enforce their defence perimeter (e.g. intrusion detection systems, firewalls). However, today’s attacks are more sophisticated making this kind of defences inadequate. Attacks are typically distributed in space and time meaning that they can be coordinated on a large scale basis and often con- sist of a preparation phase spanning over days or weeks, involving multiple preparatory steps aiming at identifying vulnerabilities (e.g., open ports). In order to detect these attacks a larger view of what is happening in the Internet is required, which could be obtained by sharing and combining the informa- tion available at several financial sites. This information must be processed and correlated �on-the-fly� in order to anticipate threats and frauds, and mitigate their possible damages. Even though this sharing can result in a great advantage for financial institutions, it should be carried out only on a clear contractual base and in a trusted and secure environment capable of meeting privacy and confidentiality requirements of financial institutions. In this context, the CoMiFin project, ended last April 2011, developed an open source middleware system for monitoring the Financial Critical In- frastructure domain. The system is currently a research prototype and has been demonstrated in several occasions even to financial stakeholders such as SWIFT board members and a number of Italian banks. It facilitates the shar- ing and processing of critical operational data among interested parties (e.g., financial institutions, telco providers, power grid operators), and is utilized for timely activating local protection mechanisms. In doing so, the CoMiFin project introduced a novel abstraction model named Semantic Room (SR).

Clustering 39


effectsplus 2nd Cluster meeting Report