Secure data sharing and processing in heterogeneous clouds

The extensive cloud adoption among the European Public Sector Players empowered them to own and operate a range of cloud infrastructures. These deployments vary both in the size and capabilities, as well as in the range of employed technologies and processes. The public sector, however, lacks the necessary technology to enable effective, interoperable and secure integration of a multitude of its computing clouds and services. In this work we focus on the federation of private clouds and the approaches that enable secure data sharing and processing among the collaborating infrastructures and services of public entities. We investigate the aspects of access control, data and security policy languages, as well as cryptographic approaches that enable fine-grained security and data processing in semi-trusted environments. We identify the main challenges and frame the future work that serve as an enabler of interoperability among heterogeneous infrastructures and services. Our goal is to enable both security and legal conformance as well as to facilitate transparency, privacy and effectivity of private cloud federations for the public sector needs. © 2015 The Authors

An Energy Aware and Secure MAC Protocol for Tackling Denial of Sleep Attacks in Wireless Sensor Networks

Wireless sensor networks which form part of the core for the Internet of Things consist of resource constrained sensors that are usually powered by batteries. Therefore, careful energy awareness is essential when working with these devices. Indeed,the introduction of security techniques such as authentication and encryption, to ensure confidentiality and integrity of data, can place higher energy load on the sensors. However, the absence of security protection c ould give room for energy drain attacks such as denial of sleep attacks which have a higher negative impact on the life span ( of the sensors than the presence of security features. This thesis, therefore, focuses on tackling denial of sleep attacks from two perspectives A security perspective and an energy efficiency perspective. The security perspective involves evaluating and ranking a number of security based techniques to curbing denial of sleep attacks. The energy efficiency perspective, on the other hand, involves exploring duty cycling and simulating three Media Access Control ( protocols Sensor MAC, Timeout MAC andTunableMAC under different network sizes and measuring different parameters such as the Received Signal Strength RSSI) and Link Quality Indicator ( Transmit power, throughput and energy efficiency Duty cycling happens to be one of the major techniques for conserving energy in wireless sensor networks and this research aims to answer questions with regards to the effect of duty cycles on the energy efficiency as well as the throughput of three duty cycle protocols Sensor MAC ( Timeout MAC ( and TunableMAC in addition to creating a novel MAC protocol that is also more resilient to denial of sleep a ttacks than existing protocols. The main contributions to knowledge from this thesis are the developed framework used for evaluation of existing denial of sleep attack solutions and the algorithms which fuel the other contribution to knowledge a newly developed protocol tested on the Castalia Simulator on the OMNET++ platform. The new protocol has been compared with existing protocols and has been found to have significant improvement in energy efficiency and also better resilience to denial of sleep at tacks Part of this research has been published Two conference publications in IEEE Explore and one workshop paper

BOF4WSS : a business-oriented framework for enhancing web services security for e-business

When considering Web services' (WS) use for online business-to-business (B2B) collaboration between companies, security is a complicated and very topical issue. This is especially true with regard to reaching a level of security beyond the technological layer, that is supported and trusted by all businesses involved. With appreciation of this fact, our research draws from established development methodologies to develop a new, business-oriented framework (BOF4WSS) to guide e-businesses in defining, and achieving agreed security levels across these collaborating enterprises. The approach envisioned is such that it can be used by businesses-in a joint manner-to manage the comprehensive concern that security in the WS environment has become

On Properties of Policy-Based Specifications

The advent of large-scale, complex computing systems has dramatically increased the difficulties of securing accesses to systems' resources. To ensure confidentiality and integrity, the exploitation of access control mechanisms has thus become a crucial issue in the design of modern computing systems. Among the different access control approaches proposed in the last decades, the policy-based one permits to capture, by resorting to the concept of attribute, all systems' security-relevant information and to be, at the same time, sufficiently flexible and expressive to represent the other approaches. In this paper, we move a step further to understand the effectiveness of policy-based specifications by studying how they permit to enforce traditional security properties. To support system designers in developing and maintaining policy-based specifications, we formalise also some relevant properties regarding the structure of policies. By means of a case study from the banking domain, we present real instances of such properties and outline an approach towards their automatised verification.Comment: In Proceedings WWV 2015, arXiv:1508.0338

Generating citizen trust in e-government using a trust verification agent: A research note

Generating Citizen Trust in e-Government using a Trust Verification AgentThis is an eGISE network paper. It is motivated by a concern about the extent to which trust issues inhibit a citizen’s take-up of online public sector services or engagement with public decision and policy making. A citizen’s decision to use online systems is influenced by their willingness to trust the environment and agency involved. This project addresses one aspect of individual “trust” decisions by providing support for citizens trying to evaluate the implications of the security infrastructure provided by the agency. Based on studies of the way both groups (citizens and agencies) express their concerns and concepts in the security area, the project will develop a software tool – a trust verification agent (TVA) - that can take an agency’s security statements (or security audit) and infer how effectively this meets the security concerns of a particular citizen. This will enable citizens to state their concerns and obtain an evaluation of the agency’s provision in appropriate “citizen friendly” language. Further, by employing rule-based expert systems techniques the TVA will also be able to explain its evaluation.Engineering and Physical Sciences Research Council, UK (grant GR/T27020/01

Generating citizen trust in e-government using a trust verification agent: A research note

Generating Citizen Trust in e-Government using a Trust Verification AgentThis is an eGISE network paper. It is motivated by a concern about the extent to which trust issues inhibit a citizen’s take-up of online public sector services or engagement with public decision and policy making. A citizen’s decision to use online systems is influenced by their willingness to trust the environment and agency involved. This project addresses one aspect of individual “trust” decisions by providing support for citizens trying to evaluate the implications of the security infrastructure provided by the agency. Based on studies of the way both groups (citizens and agencies) express their concerns and concepts in the security area, the project will develop a software tool – a trust verification agent (TVA) - that can take an agency’s security statements (or security audit) and infer how effectively this meets the security concerns of a particular citizen. This will enable citizens to state their concerns and obtain an evaluation of the agency’s provision in appropriate “citizen friendly” language. Further, by employing rule-based expert systems techniques the TVA will also be able to explain its evaluation.Engineering and Physical Sciences Research Council-UK (grant GR/T27020/01

Markov modeling of moving target defense games

We introduce a Markov-model-based framework for Moving Target Defense (MTD) analysis. The framework allows modeling of broad range of MTD strategies, provides general theorems about how the probability of a successful adversary defeating an MTD strategy is related to the amount of time/cost spent by the adversary, and shows how a multi-level composition of MTD strategies can be analyzed by a straightforward combination of the analysis for each one of these strategies. Within the proposed framework we define the concept of security capacity which measures the strength or effectiveness of an MTD strategy: the security capacity depends on MTD specific parameters and more general system parameters. We apply our framework to two concrete MTD strategies