An Evaluated Certification Services System for the German National Root CA - Legally Binding and Trustworthy Transactions in E-Business and E-Government

National Root CAs enable legally binding E-Business and E-Government transactions. This is a report about the development, the evaluation and the certification of the new certification services system for the German National Root CA. We illustrate why a new certification services system was necessary, and which requirements to the new system existed. Then we derive the tasks to be done from the mentioned requirements. After that we introduce the initial situation at the beginning of the project. We report about the very process and talk about some unfamiliar situations, special approaches and remarkable experiences. Finally we present the ready IT system and its impact to E-Business and E-Government.Comment: 6 pages; 1 figure; IEEE style; final versio

5GNOW: Challenging the LTE Design Paradigms of Orthogonality and Synchronicity

LTE and LTE-Advanced have been optimized to deliver high bandwidth pipes to wireless users. The transport mechanisms have been tailored to maximize single cell performance by enforcing strict synchronism and orthogonality within a single cell and within a single contiguous frequency band. Various emerging trends reveal major shortcomings of those design criteria: 1) The fraction of machine-type-communications (MTC) is growing fast. Transmissions of this kind are suffering from the bulky procedures necessary to ensure strict synchronism. 2) Collaborative schemes have been introduced to boost capacity and coverage (CoMP), and wireless networks are becoming more and more heterogeneous following the non-uniform distribution of users. Tremendous efforts must be spent to collect the gains and to manage such systems under the premise of strict synchronism and orthogonality. 3) The advent of the Digital Agenda and the introduction of carrier aggregation are forcing the transmission systems to deal with fragmented spectrum. 5GNOW is an European research project supported by the European Commission within FP7 ICT Call 8. It will question the design targets of LTE and LTE-Advanced having these shortcomings in mind and the obedience to strict synchronism and orthogonality will be challenged. It will develop new PHY and MAC layer concepts being better suited to meet the upcoming needs with respect to service variety and heterogeneous transmission setups. Wireless transmission networks following the outcomes of 5GNOW will be better suited to meet the manifoldness of services, device classes and transmission setups present in envisioned future scenarios like smart cities. The integration of systems relying heavily on MTC into the communication network will be eased. The per-user experience will be more uniform and satisfying. To ensure this 5GNOW will contribute to upcoming 5G standardization.Comment: Submitted to Workshop on Mobile and Wireless Communication Systems for 2020 and beyond (at IEEE VTC 2013, Spring

Coping with Extreme Events: Institutional Flocking

Recent measurements in the North Atlantic confirm that the thermohaline circulation driving the Gulf Stream has come to a stand. Oceanographic monitoring over the last 50 years already showed that the circulation was weakening. Under the influence of the large inflow of melting water in Northern Atlantic waters during last summer, it has now virtually stopped. Consequently, the KNMI and the RIVM estimate the average . In this essay we will explore how such a new risk profile affects the distribution of risks among societal groups, and the way in which governing institutions need to adapt in order to be prepared for situations of rapid but unknown change. The next section will first introduce an analytical perspective, building upon the Risk Society thesis and a proposed model of ‘institutional flocking’.temperature to decrease by 3°C in the next 15 years

Energy management in communication networks: a journey through modelling and optimization glasses

The widespread proliferation of Internet and wireless applications has produced a significant increase of ICT energy footprint. As a response, in the last five years, significant efforts have been undertaken to include energy-awareness into network management. Several green networking frameworks have been proposed by carefully managing the network routing and the power state of network devices. Even though approaches proposed differ based on network technologies and sleep modes of nodes and interfaces, they all aim at tailoring the active network resources to the varying traffic needs in order to minimize energy consumption. From a modeling point of view, this has several commonalities with classical network design and routing problems, even if with different objectives and in a dynamic context. With most researchers focused on addressing the complex and crucial technological aspects of green networking schemes, there has been so far little attention on understanding the modeling similarities and differences of proposed solutions. This paper fills the gap surveying the literature with optimization modeling glasses, following a tutorial approach that guides through the different components of the models with a unified symbolism. A detailed classification of the previous work based on the modeling issues included is also proposed

A method for tailoring the information content of a software process model

The framework is defined for a general method for selecting a necessary and sufficient subset of a general software life cycle's information products, to support new software development process. Procedures for characterizing problem domains in general and mapping to a tailored set of life cycle processes and products is presented. An overview of the method is shown using the following steps: (1) During the problem concept definition phase, perform standardized interviews and dialogs between developer and user, and between user and customer; (2) Generate a quality needs profile of the software to be developed, based on information gathered in step 1; (3) Translate the quality needs profile into a profile of quality criteria that must be met by the software to satisfy the quality needs; (4) Map the quality criteria to set of accepted processes and products for achieving each criterion; (5) Select the information products which match or support the accepted processes and product of step 4; and (6) Select the design methodology which produces the information products selected in step 5

Model-Based Security Testing

Security testing aims at validating software system requirements related to security properties like confidentiality, integrity, authentication, authorization, availability, and non-repudiation. Although security testing techniques are available for many years, there has been little approaches that allow for specification of test cases at a higher level of abstraction, for enabling guidance on test identification and specification as well as for automated test generation. Model-based security testing (MBST) is a relatively new field and especially dedicated to the systematic and efficient specification and documentation of security test objectives, security test cases and test suites, as well as to their automated or semi-automated generation. In particular, the combination of security modelling and test generation approaches is still a challenge in research and of high interest for industrial applications. MBST includes e.g. security functional testing, model-based fuzzing, risk- and threat-oriented testing, and the usage of security test patterns. This paper provides a survey on MBST techniques and the related models as well as samples of new methods and tools that are under development in the European ITEA2-project DIAMONDS.Comment: In Proceedings MBT 2012, arXiv:1202.582

Proposals from the ERNCIP Thematic Group, “Case Studies for the Cyber-security of Industrial Automation and Control Systems”, for a European IACS Components Cyber-security Compliance and Certification Scheme. Thematic Area Industrial Control Systems and Smart Grids

All studies recently published agree. Industrial Automation and Control Systems (IACS) increasingly constitutes a target for cyber-attacks aiming at disturbing Member States’ economies, at disabling our critical infrastructures or at taking advantage from our people. Such hostile acts take place in a context of geostrategic tensions, for the satisfaction of organised crime’s purposes, or else in support of possible activist causes. In this context, the ERNCIP Thematic Group (TG) “Case studies for the cybersecurity of Industrial Automation & Control Systems” was started in January 2014 to answer the question: “Do European critical infrastructure operators need to get IACS’ components or subsystems tested and “certified” (T&C) with regards to their cybersecurity?” And should the answer have been yes, it had to answer a corollary question: “What are (roughly) the conditions of feasibility for implementing successfully a European IACS components cybersecurity Compliance & Certification Scheme?” This TG’s undertaking was a research project, not a task force seeking to deliver an immediately applicable standard. It mobilised representatives of IACS vendors, industrial operators, European Istitutions and national cybersecurity authorities.JRC.G.5-Security technology assessmen