An Evaluated Certification Services System for the German National Root CA - Legally Binding and Trustworthy Transactions in E-Business and E-Government

National Root CAs enable legally binding E-Business and E-Government transactions. This is a report about the development, the evaluation and the certification of the new certification services system for the German National Root CA. We illustrate why a new certification services system was necessary, and which requirements to the new system existed. Then we derive the tasks to be done from the mentioned requirements. After that we introduce the initial situation at the beginning of the project. We report about the very process and talk about some unfamiliar situations, special approaches and remarkable experiences. Finally we present the ready IT system and its impact to E-Business and E-Government.Comment: 6 pages; 1 figure; IEEE style; final versio

Early evaluation of security functionality in software projects - some experience on using the common criteria in a quality management process

This paper documents the experiences of assurance evaluation during the early stage of a large software development project. This project researches, contracts and integrates privacy-respecting software to business environments. While assurance evaluation with ISO 15408 Common Criteria (CC) within the certification schemes is done after a system has been completed, our approach executes evaluation during the early phases of the software life cycle. The promise is to increase quality and to reduce testing and fault removal costs for later phases of the development process. First results from the still-ongoing project suggests that the Common Criteria can define a framework for assurance evaluation in ongoing development projects.Dieses Papier dokumentiert den Versuch, mittels der Common Criteria nach ISO 15408 bereits während der Erstellung eines Softwaresystems dessen Sicherheitseigenschaften zu überprüfen. Dies geschieht im Gegensatz zur üblichen Post-Entwicklungs-Evaluation

XML Security in Certificate Management - XML Certificator

The trend of rapid growing use of XML format in data/document management system reveals that security measures should be urgently considered into next generation's data/document systems. This paper presents a new certificate management system developed on the basis of XML security mechanisms. The system is supported by the theories of XML security as well as Object oriented technology and database. Finally it has been successfully implemented in using C&#, SQL, XML signature and XML encryption. An implementation metrics is evidently presented

APFIC/FAO Regional Consultative Workshop: Securing sustainable small-scale fisheries: Bringing together responsible fisheries and social development, Windsor Suites Hotel, Bangkok, Thailand 68 October 2010

In the Global Overview, we attempt to view reefs in terms of the poor who are dependent on reefs for their livelihoods, how the reefs benefit the poor, how changes in the reef have impacted the lives of the poor and how the poor have responded and coped with these changes. It also considers wider responses to reef issues and how these interventions have impacted on the lives of the poor

A method for tailoring the information content of a software process model

The framework is defined for a general method for selecting a necessary and sufficient subset of a general software life cycle's information products, to support new software development process. Procedures for characterizing problem domains in general and mapping to a tailored set of life cycle processes and products is presented. An overview of the method is shown using the following steps: (1) During the problem concept definition phase, perform standardized interviews and dialogs between developer and user, and between user and customer; (2) Generate a quality needs profile of the software to be developed, based on information gathered in step 1; (3) Translate the quality needs profile into a profile of quality criteria that must be met by the software to satisfy the quality needs; (4) Map the quality criteria to set of accepted processes and products for achieving each criterion; (5) Select the information products which match or support the accepted processes and product of step 4; and (6) Select the design methodology which produces the information products selected in step 5

Validation of the Parlay API through prototyping

The desire within the telecommunications world for new and faster business growth has been a major drive towards the development of open network API. Over the past 7 years several (semi) standardization groups have announced work on network API, including TINA-C, JAIN, IEEE P1520, INforum, 3GPP, JAIN, Parlay. The Parlay group seems most successful in attracting industry awareness with their API, called the Parlay API. The rational behind the Parlay API is that it attracts innovation from third parties that are outside the network operator's domain to build and deploy new network-hosted applications. This also means that the public telecommunication network is opened for niche and short-lived applications as well as for applications that possibly integrate telephones with other terminals such as PC. The Parlay group has successfully passed the first two phases of success, namely publishing their API on the right moment in time and attracting a critical mass within the telecommunication industry with their results. Prototyping the API on a real network execution platform is the only way to show its technical feasibility. Such an exercise was executed internally within Lucent Technologies and raised a number of questions as well as recommendations on both the technical and the semantical behavior for systems that will be interconnected via the Parlay API. We share these results, showing the drawbacks and advantages as well as challenges for this AP

A solution for secure use of Kibana and Elasticsearch in multi-user environment

Monitoring is indispensable to check status, activities, or resource usage of IT services. A combination of Kibana and Elasticsearch is used for monitoring in many places such as KEK, CC-IN2P3, CERN, and also non-HEP communities. Kibana provides a web interface for rich visualization, and Elasticsearch is a scalable distributed search engine. However, these tools do not support authentication and authorization features by default. In the case of single Kibana and Elasticsearch services shared among many users, any user who can access Kibana can retrieve other's information from Elasticsearch. In multi-user environment, in order to protect own data from others or share part of data among a group, fine-grained access control is necessary. The CERN cloud service group had provided cloud utilization dashboard to each user by Elasticsearch and Kibana. They had deployed a homemade Elasticsearch plugin to restrict data access based on a user authenticated by the CERN Single Sign On system. It enabled each user to have a separated Kibana dashboard for cloud usage, and the user could not access to other's one. Based on the solution, we propose an alternative one which enables user/group based Elasticsearch access control and Kibana objects separation. It is more flexible and can be applied to not only the cloud service but also the other various situations. We confirmed our solution works fine in CC-IN2P3. Moreover, a pre-production platform for CC-IN2P3 has been under construction. We will describe our solution for the secure use of Kibana and Elasticsearch including integration of Kerberos authentication, development of a Kibana plugin which allows Kibana objects to be separated based on user/group, and contribution to Search Guard which is an Elasticsearch plugin enabling user/group based access control. We will also describe the effect on performance from using Search Guard.Comment: International Symposium on Grids and Clouds 2017 (ISGC 2017