Liability-aware security management for 5G

​© 2020 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.Multi-party and multi-layer nature of 5G networks implies the inherent distribution of management and orchestration decisions across multiple entities. Therefore, responsibility for management decisions concerning end-to-end services become blurred if no efficient liability and accountability mechanism is used. In this paper, we present the design, building blocks and challenges of a Liability-Aware Security Management (LASM) system for 5G. We describe how existing security concepts such as manifests and Security-by-Contract, root cause analysis, remote attestation, proof of transit, and trust and reputation models can be composed and enhanced to take risk and responsibilities into account for security and liability management

Protocol for a Systematic Literature Review on Security-related Research in Ubiquitous Computing

Context: This protocol is as a supplementary document to our review paper that investigates security-related challenges and solutions that have occurred during the past decade (from January 2003 to December 2013). Objectives: The objective of this systematic review is to identify security-related challenges, security goals and defenses in ubiquitous computing by answering to three main research questions. First, demographic data and trends will be given by analyzing where, when and by whom the research has been carried out. Second, we will identify security goals that occur in ubiquitous computing, along with attacks, vulnerabilities and threats that have motivated the research. Finally, we will examine the differences in addressing security in ubiquitous computing with those in traditional distributed systems. Method: In order to provide an overview of security-related challenges, goals and solutions proposed in the literature, we will use a systematic literature review (SLR). This protocol describes the steps which are to be taken in order to identify papers relevant to the objective of our review. The first phase of the method includes planning, in which we define the scope of our review by identifying the main research questions, search procedure, as well as inclusion and exclusion criteria. Data extracted from the relevant papers are to be used in the second phase of the method, data synthesis, to answer our research questions. The review will end by reporting on the results. Results and conclusions: The expected results of the review should provide an overview of attacks, vulnerabilities and threats that occur in ubiquitous computing and that have motivated the research in the last decade. Moreover, the review will indicate which security goals are gaining on their significance in the era of ubiquitous computing and provide a categorization of the security-related countermeasures, mechanisms and techniques found in the literature. (authors' abstract)Series: Working Papers on Information Systems, Information Business and Operation