Security Management Framework for the Internet of Things

The increase in the design and development of wireless communication technologies offers multiple opportunities for the management and control of cyber-physical systems with connections between smart and autonomous devices, which provide the delivery of simplified data through the use of cloud computing. Given this relationship with the Internet of Things (IoT), it established the concept of pervasive computing that allows any object to communicate with services, sensors, people, and objects without human intervention. However, the rapid growth of connectivity with smart applications through autonomous systems connected to the internet has allowed the exposure of numerous vulnerabilities in IoT systems by malicious users. This dissertation developed a novel ontology-based cybersecurity framework to improve security in IoT systems using an ontological analysis to adapt appropriate security services addressed to threats. The composition of this proposal explores two approaches: (1) design time, which offers a dynamic method to build security services through the application of a methodology directed to models considering existing business processes; and (2) execution time, which involves monitoring the IoT environment, classifying vulnerabilities and threats, and acting in the environment, ensuring the correct adaptation of existing services. The validation approach was used to demonstrate the feasibility of implementing the proposed cybersecurity framework. It implies the evaluation of the ontology to offer a qualitative evaluation based on the analysis of several criteria and also a proof of concept implemented and tested using specific industrial scenarios. This dissertation has been verified by adopting a methodology that follows the acceptance in the research community through technical validation in the application of the concept in an industrial setting.O aumento no projeto e desenvolvimento de tecnologias de comunicação sem fio oferece múltiplas oportunidades para a gestão e controle de sistemas ciber-físicos com conexões entre dispositivos inteligentes e autônomos, os quais proporcionam a entrega de dados simplificados através do uso da computação em nuvem. Diante dessa relação com a Internet das Coisas (IoT) estabeleceu-se o conceito de computação pervasiva que permite que qualquer objeto possa comunicar com os serviços, sensores, pessoas e objetos sem intervenção humana. Entretanto, o rápido crescimento da conectividade com as aplicações inteligentes através de sistemas autônomos conectados com a internet permitiu a exposição de inúmeras vulnerabilidades dos sistemas IoT para usuários maliciosos. Esta dissertação desenvolveu um novo framework de cibersegurança baseada em ontologia para melhorar a segurança em sistemas IoT usando uma análise ontológica para a adaptação de serviços de segurança apropriados endereçados para as ameaças. A composição dessa proposta explora duas abordagens: (1) tempo de projeto, o qual oferece um método dinâmico para construir serviços de segurança através da aplicação de uma metodologia dirigida a modelos, considerando processos empresariais existentes; e (2) tempo de execução, o qual envolve o monitoramento do ambiente IoT, a classificação de vulnerabilidades e ameaças, e a atuação no ambiente garantindo a correta adaptação dos serviços existentes. Duas abordagens de validação foram utilizadas para demonstrar a viabilidade da implementação do framework de cibersegurança proposto. Isto implica na avaliação da ontologia para oferecer uma avaliação qualitativa baseada na análise de diversos critérios e também uma prova de conceito implementada e testada usando cenários específicos. Esta dissertação foi validada adotando uma metodologia que segue a validação na comunidade científica através da validação técnica na aplicação do nosso conceito em um cenário industrial

Legal crowdsourcing and relational law : what the semantic web can do for legal education

Crowdsourcing and Relational Law are interrelated concepts that can be successfully applied to the legal domain and, more specifically, to the field of legal education. 'Crowdsourcing' means 'participation of people (crowds)' and refers theoretically to the aggregated production of a common knowledge in a global data space. 'Relational law' refers to the regulatory link between Web 2.0 and 3.0, based on trust and dialogue, which emerges from the intertwining of top-down existing legal systems and bottom-up participation (the Web of People). Legal education today has a major role to play in the broad space opened up in terms of future potential of the Semantic Web. The following paper places a lens on the educational value of crowdsourcing and the relational approach to governance and law

prototypical implementations

In this technical report, we present prototypical implementations of innovative tools and methods developed according to the working plan outlined in Technical Report TR-B-09-05 [23]. We present an ontology modularization and integration framework and the SVoNt server, the server-side end of an SVN- based versioning system for ontologies in the Corporate Ontology Engineering pillar. For the Corporate Semantic Collaboration pillar, we present the prototypical implementation of a light-weight ontology editor for non-experts and an ontology based expert finder system. For the Corporate Semantic Search pillar, we present a prototype for algorithmic extraction of relations in folksonomies, a tool for trend detection using a semantic analyzer, a tool for automatic classification of web documents using Hidden Markov models, a personalized semantic recommender for multimedia content, and a semantic search assistant developed in co-operation with the Museumsportal Berlin. The prototypes complete the next milestone on the path to an integral Cor- porate Semantic Web architecture based on the three pillars Corporate Ontol- ogy Engineering, Corporate Semantic Collaboration, and Corporate Semantic Search, as envisioned in [23]

Legal compliance by design (LCbD) and through design (LCtD) : preliminary survey

1st Workshop on Technologies for Regulatory Compliance co-located with the 30th International Conference on Legal Knowledge and Information Systems (JURIX 2017). The purpose of this paper is twofold: (i) carrying out a preliminary survey of the literature and research projects on Compliance by Design (CbD); and (ii) clarifying the double process of (a) extending business managing techniques to other regulatory fields, and (b) converging trends in legal theory, legal technology and Artificial Intelligence. The paper highlights the connections and differences we found across different domains and proposals. We distinguish three different policydriven types of CbD: (i) business, (ii) regulatory, (iii) and legal. The recent deployment of ethical views, and the implementation of general principles of privacy and data protection lead to the conclusion that, in order to appropriately define legal compliance, Compliance through Design (CtD) should be differentiated from CbD

The future of social is personal: the potential of the personal data store

This chapter argues that technical architectures that facilitate the longitudinal, decentralised and individual-centric personal collection and curation of data will be an important, but partial, response to the pressing problem of the autonomy of the data subject, and the asymmetry of power between the subject and large scale service providers/data consumers. Towards framing the scope and role of such Personal Data Stores (PDSes), the legalistic notion of personal data is examined, and it is argued that a more inclusive, intuitive notion expresses more accurately what individuals require in order to preserve their autonomy in a data-driven world of large aggregators. Six challenges towards realising the PDS vision are set out: the requirement to store data for long periods; the difficulties of managing data for individuals; the need to reconsider the regulatory basis for third-party access to data; the need to comply with international data handling standards; the need to integrate privacy-enhancing technologies; and the need to future-proof data gathering against the evolution of social norms. The open experimental PDS platform INDX is introduced and described, as a means of beginning to address at least some of these six challenges

Systems Interoperability Types: A Tertiary Study

Interoperability has been a focus of attention over at least four decades, with the emergence of several interoperability types (or levels), diverse models, frameworks, and solutions, also as a result of a continuous effort from different domains. The current heterogeneity in technologies such as blockchain, IoT and new application domains such as Industry 4.0 brings not only new interaction possibilities but also challenges for interoperability. Moreover, confusion and ambiguity in the current understanding of interoperability types exist, hampering stakeholders' communication and decision making. This work presents an updated panorama of software-intensive systems interoperability with particular attention to its types. For this, we conducted a tertiary study that scrutinized 37 secondary studies published from 2012 to 2023, from which we found 36 interoperability types associated with 117 different definitions, besides 13 interoperability models and six frameworks in various domains. This panorama reveals that the concern with interoperability has migrated from technical to social-technical issues going beyond the software systems' boundary and still requiring solving many open issues. We also address the urgent actions and also potential research opportunities to leverage interoperability as a multidisciplinary research field to achieve low-coupled, cost-effective, and interoperable systems.Comment: 33 page

MulseOnto: a Reference Ontology to Support the Design of Mulsemedia Systems

Designing a mulsemedia|multiple sensorial media|system entails first and foremost comprehending what it is beyond the ordinary understanding that it engages users in digital multisensory experiences that stimulate other senses in addition to sight and hearing, such as smell, touch, and taste. A myriad of programs that comprise a software system, several output devices to deliver sensory effects, computer media, among others, dwell deep in the realm of mulsemedia systems, making it a complex task for newcomers to get acquainted with their concepts and terms. Although there have been many technological advances in this field, especially for multisensory devices, there is a shortage of work that tries to establish common ground in terms of formal and explicit representation of what mulsemedia systems encompass. This might be useful to avoid the design of feeble mulsemedia systems that can be barely reused owing to misconception. In this paper, we extend our previous work by proposing to establish a common conceptualization about mulsemedia systems through a domain reference ontology named MulseOnto to aid the design of them. We applied ontology verification and validation techniques to evaluate it, including assessment by humans and a data-driven approach whereby the outcome is three successful instantiations of MulseOnto for distinct cases, making evident its ability to accommodate heterogeneous mulsemedia scenarios

An architecture for the autonomic curation of crowdsourced knowledge

Human knowledge curators are intrinsically better than their digital counterparts at providing relevant answers to queries. That is mainly due to the fact that an experienced biological brain will account for relevant community expertise as well as exploit the underlying connections between knowledge pieces when offering suggestions pertinent to a specific question, whereas most automated database managers will not. We address this problem by proposing an architecture for the autonomic curation of crowdsourced knowledge, that is underpinned by semantic technologies. The architecture is instantiated in the career data domain, thus yielding Aviator, a collaborative platform capable of producing complete, intuitive and relevant answers to career related queries, in a time effective manner. In addition to providing numeric and use case based evidence to support these research claims, this extended work also contains a detailed architectural analysis of Aviator to outline its suitability for automatically curating knowledge to a high standard of quality