59,292 research outputs found
An Evaluated Certification Services System for the German National Root CA - Legally Binding and Trustworthy Transactions in E-Business and E-Government
National Root CAs enable legally binding E-Business and E-Government
transactions. This is a report about the development, the evaluation and the
certification of the new certification services system for the German National
Root CA. We illustrate why a new certification services system was necessary,
and which requirements to the new system existed. Then we derive the tasks to
be done from the mentioned requirements. After that we introduce the initial
situation at the beginning of the project. We report about the very process and
talk about some unfamiliar situations, special approaches and remarkable
experiences. Finally we present the ready IT system and its impact to
E-Business and E-Government.Comment: 6 pages; 1 figure; IEEE style; final versio
Recommended from our members
Evaluating the resilience and security of boundaryless, evolving socio-technical Systems of Systems
5GNOW: Challenging the LTE Design Paradigms of Orthogonality and Synchronicity
LTE and LTE-Advanced have been optimized to deliver high bandwidth pipes to
wireless users. The transport mechanisms have been tailored to maximize single
cell performance by enforcing strict synchronism and orthogonality within a
single cell and within a single contiguous frequency band. Various emerging
trends reveal major shortcomings of those design criteria: 1) The fraction of
machine-type-communications (MTC) is growing fast. Transmissions of this kind
are suffering from the bulky procedures necessary to ensure strict synchronism.
2) Collaborative schemes have been introduced to boost capacity and coverage
(CoMP), and wireless networks are becoming more and more heterogeneous
following the non-uniform distribution of users. Tremendous efforts must be
spent to collect the gains and to manage such systems under the premise of
strict synchronism and orthogonality. 3) The advent of the Digital Agenda and
the introduction of carrier aggregation are forcing the transmission systems to
deal with fragmented spectrum. 5GNOW is an European research project supported
by the European Commission within FP7 ICT Call 8. It will question the design
targets of LTE and LTE-Advanced having these shortcomings in mind and the
obedience to strict synchronism and orthogonality will be challenged. It will
develop new PHY and MAC layer concepts being better suited to meet the upcoming
needs with respect to service variety and heterogeneous transmission setups.
Wireless transmission networks following the outcomes of 5GNOW will be better
suited to meet the manifoldness of services, device classes and transmission
setups present in envisioned future scenarios like smart cities. The
integration of systems relying heavily on MTC into the communication network
will be eased. The per-user experience will be more uniform and satisfying. To
ensure this 5GNOW will contribute to upcoming 5G standardization.Comment: Submitted to Workshop on Mobile and Wireless Communication Systems
for 2020 and beyond (at IEEE VTC 2013, Spring
Coping with Extreme Events: Institutional Flocking
Recent measurements in the North Atlantic confirm that the thermohaline circulation driving the Gulf Stream has come to a stand. Oceanographic monitoring over the last 50 years already showed that the circulation was weakening. Under the influence of the large inflow of melting water in Northern Atlantic waters during last summer, it has now virtually stopped. Consequently, the KNMI and the RIVM estimate the average . In this essay we will explore how such a new risk profile affects the distribution of risks among societal groups, and the way in which governing institutions need to adapt in order to be prepared for situations of rapid but unknown change. The next section will first introduce an analytical perspective, building upon the Risk Society thesis and a proposed model of âinstitutional flockingâ.temperature to decrease by 3°C in the next 15 years
Energy management in communication networks: a journey through modelling and optimization glasses
The widespread proliferation of Internet and wireless applications has
produced a significant increase of ICT energy footprint. As a response, in the
last five years, significant efforts have been undertaken to include
energy-awareness into network management. Several green networking frameworks
have been proposed by carefully managing the network routing and the power
state of network devices.
Even though approaches proposed differ based on network technologies and
sleep modes of nodes and interfaces, they all aim at tailoring the active
network resources to the varying traffic needs in order to minimize energy
consumption. From a modeling point of view, this has several commonalities with
classical network design and routing problems, even if with different
objectives and in a dynamic context.
With most researchers focused on addressing the complex and crucial
technological aspects of green networking schemes, there has been so far little
attention on understanding the modeling similarities and differences of
proposed solutions. This paper fills the gap surveying the literature with
optimization modeling glasses, following a tutorial approach that guides
through the different components of the models with a unified symbolism. A
detailed classification of the previous work based on the modeling issues
included is also proposed
A method for tailoring the information content of a software process model
The framework is defined for a general method for selecting a necessary and sufficient subset of a general software life cycle's information products, to support new software development process. Procedures for characterizing problem domains in general and mapping to a tailored set of life cycle processes and products is presented. An overview of the method is shown using the following steps: (1) During the problem concept definition phase, perform standardized interviews and dialogs between developer and user, and between user and customer; (2) Generate a quality needs profile of the software to be developed, based on information gathered in step 1; (3) Translate the quality needs profile into a profile of quality criteria that must be met by the software to satisfy the quality needs; (4) Map the quality criteria to set of accepted processes and products for achieving each criterion; (5) Select the information products which match or support the accepted processes and product of step 4; and (6) Select the design methodology which produces the information products selected in step 5
Model-Based Security Testing
Security testing aims at validating software system requirements related to
security properties like confidentiality, integrity, authentication,
authorization, availability, and non-repudiation. Although security testing
techniques are available for many years, there has been little approaches that
allow for specification of test cases at a higher level of abstraction, for
enabling guidance on test identification and specification as well as for
automated test generation.
Model-based security testing (MBST) is a relatively new field and especially
dedicated to the systematic and efficient specification and documentation of
security test objectives, security test cases and test suites, as well as to
their automated or semi-automated generation. In particular, the combination of
security modelling and test generation approaches is still a challenge in
research and of high interest for industrial applications. MBST includes e.g.
security functional testing, model-based fuzzing, risk- and threat-oriented
testing, and the usage of security test patterns. This paper provides a survey
on MBST techniques and the related models as well as samples of new methods and
tools that are under development in the European ITEA2-project DIAMONDS.Comment: In Proceedings MBT 2012, arXiv:1202.582
Proposals from the ERNCIP Thematic Group, âCase Studies for the Cyber-security of Industrial Automation and Control Systemsâ, for a European IACS Components Cyber-security Compliance and Certification Scheme. Thematic Area Industrial Control Systems and Smart Grids
All studies recently published agree. Industrial Automation and Control Systems (IACS) increasingly constitutes a target for cyber-attacks aiming at disturbing Member Statesâ economies, at disabling our critical infrastructures or at taking advantage from our people. Such hostile acts take place in a context of geostrategic tensions, for the satisfaction of organised crimeâs purposes, or else in support of possible activist causes. In this context, the ERNCIP Thematic Group (TG) âCase studies for the cybersecurity of Industrial Automation & Control Systemsâ was started in January 2014 to answer the question: âDo European critical infrastructure operators need to get IACSâ components or subsystems tested and âcertifiedâ (T&C) with regards to their cybersecurity?â And should the answer have been yes, it had to answer a corollary question: âWhat are (roughly) the conditions of feasibility for implementing successfully a European IACS components cybersecurity Compliance & Certification Scheme?â This TGâs undertaking was a research project, not a task force seeking to deliver an immediately applicable standard. It mobilised representatives of IACS vendors, industrial operators, European Istitutions and national cybersecurity authorities.JRC.G.5-Security technology assessmen
- âŠ