exploitation & impact workshop

Outline – technical challenges To demonstrate the usefulness and usability of those assured properties, supporting the selection of components to meet specific security requirements, and integrating them using a service-development environment: an ecosystem/ framework; a service development tool-kit, and a prototype marketplace AppStore to go shopping in. The ASSERT language has to express both aspects of security properties (claims) • functionality – what security properties are provided? • details of the assurance of the claimed functionality – precisely how are the security properties achieved? The processing of the CC certificate leads to a processable certificate – an ASSERT containing three components: • an Assert Core containing details of the (human) agents involved; the service_ binding; security property (what?); the target of evaluation (about what?) • the evidence = assurance (how?) • possibility for specific user-defined extensions Example modus operandi for Cloud The figure below shows the flow of envisaged operations and elements between the actors, together with resulting benefits and enhancements over the current position.