25,299 research outputs found

    Attack-Surface Metrics, OSSTMM and Common Criteria Based Approach to “Composable Security” in Complex Systems

    Get PDF
    In recent studies on Complex Systems and Systems-of-Systems theory, a huge effort has been put to cope with behavioral problems, i.e. the possibility of controlling a desired overall or end-to-end behavior by acting on the individual elements that constitute the system itself. This problem is particularly important in the “SMART” environments, where the huge number of devices, their significant computational capabilities as well as their tight interconnection produce a complex architecture for which it is difficult to predict (and control) a desired behavior; furthermore, if the scenario is allowed to dynamically evolve through the modification of both topology and subsystems composition, then the control problem becomes a real challenge. In this perspective, the purpose of this paper is to cope with a specific class of control problems in complex systems, the “composability of security functionalities”, recently introduced by the European Funded research through the pSHIELD and nSHIELD projects (ARTEMIS-JU programme). In a nutshell, the objective of this research is to define a control framework that, given a target security level for a specific application scenario, is able to i) discover the system elements, ii) quantify the security level of each element as well as its contribution to the security of the overall system, and iii) compute the control action to be applied on such elements to reach the security target. The main innovations proposed by the authors are: i) the definition of a comprehensive methodology to quantify the security of a generic system independently from the technology and the environment and ii) the integration of the derived metrics into a closed-loop scheme that allows real-time control of the system. The solution described in this work moves from the proof-of-concepts performed in the early phase of the pSHIELD research and enrich es it through an innovative metric with a sound foundation, able to potentially cope with any kind of pplication scenarios (railways, automotive, manufacturing, ...)

    Software Reliability in Semantic Web Service Composition Applications

    Get PDF
    Web Service Composition allows the development of easily reconfigurable applications that can be quickly adapted to business changes. Due to the shift in paradigm from traditional systems, new approaches are needed in order to evaluate the reliability of web service composition applications. In this paper we present an approach based on intelligent agents for semiautomatic composition as well as methods for assessing reliability. Abstract web services, corresponding to a group of services that accomplishes a specific functionality are used as a mean of assuring better system reliability. The model can be extended with other Quality of Services – QoS attributes.Software Reliability, Web Service Composition, Intelligent Agents

    Power Systems Monitoring and Control using Telecom Network Management Standards

    Get PDF
    Historically, different solutions have been developed for power systems control and telecommunications network management environments. The former was characterized by proprietary solutions, while the latter has been involved for years in a strong standardization process guided by criteria of openness. Today, power systems control standardization is in progress, but it is at an early stage compared to the telecommunications management area, especially in terms of information modeling. Today, control equipment tends to exhibit more computational power, and communication lines have increased their performance. These trends hint at some conceptual convergence between power systems and telecommunications networks from a management perspective. This convergence leads us to suggest the application of well-established telecommunications management standards for power systems control. This paper shows that this is a real medium-to-long term possibility

    Ensuring Cyber-Security in Smart Railway Surveillance with SHIELD

    Get PDF
    Modern railways feature increasingly complex embedded computing systems for surveillance, that are moving towards fully wireless smart-sensors. Those systems are aimed at monitoring system status from a physical-security viewpoint, in order to detect intrusions and other environmental anomalies. However, the same systems used for physical-security surveillance are vulnerable to cyber-security threats, since they feature distributed hardware and software architectures often interconnected by ‘open networks’, like wireless channels and the Internet. In this paper, we show how the integrated approach to Security, Privacy and Dependability (SPD) in embedded systems provided by the SHIELD framework (developed within the EU funded pSHIELD and nSHIELD research projects) can be applied to railway surveillance systems in order to measure and improve their SPD level. SHIELD implements a layered architecture (node, network, middleware and overlay) and orchestrates SPD mechanisms based on ontology models, appropriate metrics and composability. The results of prototypical application to a real-world demonstrator show the effectiveness of SHIELD and justify its practical applicability in industrial settings

    Towards collaborative learning via shared artefacts over the Grid

    Get PDF
    The Web is the most pervasive collaborative technology in widespread use today; and its use to support eLearning has been highly successful. There are many web-based Virtual Learning Environments such as WebCT, FirstClass, and BlackBoard as well as associated web-based Managed Learning Environments. In the future, the Grid promises to provide an extremely powerful infrastructure allowing both learners and teachers to collaborate in various learning contexts and to share learning materials, learning processes, learning systems, and experiences. This position paper addresses the role of support for sharing artefacts in distributed systems such as the Grid. An analogy is made between collaborative software development and collaborative learning with the goal of gaining insights into the requisite support for artefact sharing within the eLearning community

    The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption

    Get PDF
    A variety of "key recovery," "key escrow," and "trusted third-party" encryption requirements have been suggested in recent years by government agencies seeking to conduct covert surveillance within the changing environments brought about by new technologies. This report examines the fundamental properties of these requirements and attempts to outline the technical risks, costs, and implications of deploying systems that provide government access to encryption keys

    Careering through the Web: the potential of Web 2.0 and 3.0 technologies for career development and career support services

    Get PDF
    This paper examines the environment that the web provides for career exploration. Career practitioners have long seen value in engaging in technology and the opportunities offered by the internet, and this interest continues. However, this paper suggests that the online environment for career exploration is far broader than that provided by public-sector careers services. In addition to these services, there is a wide range of other players including private-sector career consultants, employers, recruitment companies and learning providers who are all contributing to a potentially rich career exploration environment.UKCE
    • 

    corecore