Secure data sharing and processing in heterogeneous clouds

The extensive cloud adoption among the European Public Sector Players empowered them to own and operate a range of cloud infrastructures. These deployments vary both in the size and capabilities, as well as in the range of employed technologies and processes. The public sector, however, lacks the necessary technology to enable effective, interoperable and secure integration of a multitude of its computing clouds and services. In this work we focus on the federation of private clouds and the approaches that enable secure data sharing and processing among the collaborating infrastructures and services of public entities. We investigate the aspects of access control, data and security policy languages, as well as cryptographic approaches that enable fine-grained security and data processing in semi-trusted environments. We identify the main challenges and frame the future work that serve as an enabler of interoperability among heterogeneous infrastructures and services. Our goal is to enable both security and legal conformance as well as to facilitate transparency, privacy and effectivity of private cloud federations for the public sector needs. © 2015 The Authors

Multidimensional Knowledge Flow Dynamics in Context

Knowledge is a sustainable advantage and knowledge assets can increase value with use. A snowball effect of knowledge advantage advocates effective knowledge management and fosters its continual growth as it flows. Knowledge, however, flows unevenly throughout an organization and the problem is that the fundamental dynamics of these flows are still not well characterized in theoretical and computational models. This study built on existing work—knowledge-flow theory, need knowledge generation, and the critical success factors for enterprise resource planning implementation—to examine the multidimensional knowledge-flow phenomenon in context, and used the case study methodology for knowledge-flow theory building. The research question was two-pronged: how can need knowledge and its flow across stakeholders within an organization be explained using a multidimensional knowledge-flow model and how can Nissen’s five-dimensional knowledge-flow model be validated using a real-life immersion case? The researcher relied on three sources of evidence for this case study: project-related documentation, archival records, and interviews. Data triangulation yielded three results components: (a) a chronology of key events that obstructed knowledge flow, (b) a logic model depicting themes that contributed to knowledge-flow obstruction, and (c) explanations of the knowledge-flow patterns. This case study suggested enabling need knowledge determinants and obstructing conditions are in play that determine the path of need knowledge flow. These two research artifacts should be considered together to provide a fresh research avenue towards better understanding of knowledge flow dynamics

Deteção de propagação de ameaças e exfiltração de dados em redes empresariais

Modern corporations face nowadays multiple threats within their networks. In an era where companies are tightly dependent on information, these threats can seriously compromise the safety and integrity of sensitive data. Unauthorized access and illicit programs comprise a way of penetrating the corporate networks, able to traversing and propagating to other terminals across the private network, in search of confidential data and business secrets. The efficiency of traditional security defenses are being questioned with the number of data breaches occurred nowadays, being essential the development of new active monitoring systems with artificial intelligence capable to achieve almost perfect detection in very short time frames. However, network monitoring and storage of network activity records are restricted and limited by legal laws and privacy strategies, like encryption, aiming to protect the confidentiality of private parties. This dissertation proposes methodologies to infer behavior patterns and disclose anomalies from network traffic analysis, detecting slight variations compared with the normal profile. Bounded by network OSI layers 1 to 4, raw data are modeled in features, representing network observations, and posteriorly, processed by machine learning algorithms to classify network activity. Assuming the inevitability of a network terminal to be compromised, this work comprises two scenarios: a self-spreading force that propagates over internal network and a data exfiltration charge which dispatch confidential info to the public network. Although features and modeling processes have been tested for these two cases, it is a generic operation that can be used in more complex scenarios as well as in different domains. The last chapter describes the proof of concept scenario and how data was generated, along with some evaluation metrics to perceive the model’s performance. The tests manifested promising results, ranging from 96% to 99% for the propagation case and 86% to 97% regarding data exfiltration.Nos dias de hoje, várias organizações enfrentam múltiplas ameaças no interior da sua rede. Numa época onde as empresas dependem cada vez mais da informação, estas ameaças podem compremeter seriamente a segurança e a integridade de dados confidenciais. O acesso não autorizado e o uso de programas ilícitos constituem uma forma de penetrar e ultrapassar as barreiras organizacionais, sendo capazes de propagarem-se para outros terminais presentes no interior da rede privada com o intuito de atingir dados confidenciais e segredos comerciais. A eficiência da segurança oferecida pelos sistemas de defesa tradicionais está a ser posta em causa devido ao elevado número de ataques de divulgação de dados sofridos pelas empresas. Desta forma, o desenvolvimento de novos sistemas de monitorização ativos usando inteligência artificial é crucial na medida de atingir uma deteção mais precisa em curtos períodos de tempo. No entanto, a monitorização e o armazenamento dos registos da atividade da rede são restritos e limitados por questões legais e estratégias de privacidade, como a cifra dos dados, visando proteger a confidencialidade das entidades. Esta dissertação propõe metodologias para inferir padrões de comportamento e revelar anomalias através da análise de tráfego que passa na rede, detetando pequenas variações em comparação com o perfil normal de atividade. Delimitado pelas camadas de rede OSI 1 a 4, os dados em bruto são modelados em features, representando observações de rede e, posteriormente, processados por algoritmos de machine learning para classificar a atividade de rede. Assumindo a inevitabilidade de um terminal ser comprometido, este trabalho compreende dois cenários: um ataque que se auto-propaga sobre a rede interna e uma tentativa de exfiltração de dados que envia informações para a rede pública. Embora os processos de criação de features e de modelação tenham sido testados para estes dois casos, é uma operação genérica que pode ser utilizada em cenários mais complexos, bem como em domínios diferentes. O último capítulo inclui uma prova de conceito e descreve o método de criação dos dados, com a utilização de algumas métricas de avaliação de forma a espelhar a performance do modelo. Os testes mostraram resultados promissores, variando entre 96% e 99% para o caso da propagação e entre 86% e 97% relativamente ao roubo de dados.Mestrado em Engenharia de Computadores e Telemátic

An information privacy taxonomy for collaborative environments

Purpose: Information Privacy is becoming an increasingly important field of research with many new definitions and terminologies. Along similar rates of increase are the use, uptake and expansion of Collaborative Environments. There is a need for a better understanding and classification of information privacy concepts and terms. The pur-pose of this paper is to provide a taxonomy of Information Privacy in Collaborative Environments. The knowledge provided from an information privacy taxonomy can be used to formulate better information privacy policies, practices, and privacy enhancing technologies (PET?s).Approach: Through the hierarchical classification and categorization of information privacy concepts and principles an organized representation of these components has been produced. Each area was well surveyed and researched and then classified into a number of sub-categories according to their nature and relevance.Findings: A taxonomy was successfully developed with the identification of three high level dimensions of information privacy. Within each dimensional view a further three sub-classifications were proposed each with their own unique nature.Originality: This paper provides an Information Privacy taxonomy for Collaborative Environments, the first of its kind to be proposed. A number of new Information Pri-vacy terms are defined that make up the categorization and classification of Informa-tion Privacy concepts and components

Peer-to-Peer Networks and Computation: Current Trends and Future Perspectives

This research papers examines the state-of-the-art in the area of P2P networks/computation. It attempts to identify the challenges that confront the community of P2P researchers and developers, which need to be addressed before the potential of P2P-based systems, can be effectively realized beyond content distribution and file-sharing applications to build real-world, intelligent and commercial software systems. Future perspectives and some thoughts on the evolution of P2P-based systems are also provided