Certifying Services in Cloud: The Case for a Hybrid, Incremental and Multi-layer Approach

The use of clouds raises significant security concerns for the services they provide. Addressing these concerns requires novel models of cloud service certification based on multiple forms of evidence including testing and monitoring data, and trusted computing proofs. CUMULUS is a novel infrastructure for realising such certification models

A Security Pattern for Cloud service certification

Cloud computing is interesting from the economic, operational and even energy consumption perspectives but it still raises concerns regarding the security, privacy, governance and compliance of the data and software services offered through it. However, the task of verifying security properties in services running on cloud is not trivial. We notice the provision and security of a cloud service is sensitive. Because of the potential interference between the features and behavior of all the inter-dependent services in all layers of the cloud stack (as well as dynamic changes in them). Besides current cloud models do not include support for trust-focused communication between layers. We present a mechanism to implement cloud service certification process based on the usage of Trusted Computing technology, by means of its Trusted Computing Platform (TPM) implementation of its architecture. Among many security security features it is a tamper proof resistance built in device and provides a root of trust to affix our certification mechanism. We present as a security pattern the approach for service certification based on the use TPM.Universidad de Málaga. Campus de Excelencia Internacional Andalucía Tec

Applying for Entitlements: Employers and the Targeted Jobs Tax Credit

The Targeted Jobs Tax Credit is probably the most outstanding example of a generous entitlement program with very low participation rates. Only about 10 percent of eligible youth are claimed. The causes of the low participation rate were analyzed by estimating a poisson model of the number of TJTC eligibles hired and certified during 1980, 1981 and 1982. Information costs, both fixed and variable, were found to be key barriers to TJTC participation. The cost effectiveness of TJTC is low because the stigma and recruitment costs of hiring additional TJTC eligibles are very high. Employers find it relatively cheap to passively certify eligible new hires who would have been hired anyway so this mode of participating in TJTC predominates

Cyber insurance of information systems: Security and privacy cyber insurance contracts for ICT and helathcare organizations

Nowadays, more-and-more aspects of our daily activities are digitalized. Data and assets in the cyber-space, both for individuals and organizations, must be safeguarded. Thus, the insurance sector must face the challenge of digital transformation in the 5G era with the right set of tools. In this paper, we present CyberSure-an insurance framework for information systems. CyberSure investigates the interplay between certification, risk management, and insurance of cyber processes. It promotes continuous monitoring as the new building block for cyber insurance in order to overcome the current obstacles of identifying in real-time contractual violations by the insured party and receiving early warning notifications prior the violation. Lightweight monitoring modules capture the status of the operating components and send data to the CyberSure backend system which performs the core decision making. Therefore, an insured system is certified dynamically, with the risk and insurance perspectives being evaluated at runtime as the system operation evolves. As new data become available, the risk management and the insurance policies are adjusted and fine-tuned. When an incident occurs, the insurance company possesses adequate information to assess the situation fast, estimate accurately the level of a potential loss, and decrease the required period for compensating the insured customer. The framework is applied in the ICT and healthcare domains, assessing the system of medium-size organizations. GDPR implications are also considered with the overall setting being effective and scalable

Innovations in Monitoring Vital Events:Mobile Phone SMS Support to Improve Coverage of Birth and Death Registration: A Scalable Solution

Civil Registration (CR) of births and deaths is an essential component of any health information system.\ud Globally, across low income countries, CR suffers from unacceptably poor quality coverage. This Health\ud Information Systems Knowledge Hub (HIS Hub) working paper summarises and reports the results, conclusions and outlook from a small six-month project that investigated the potential of introducing a mobile phone step into the routine CR system in a rural district in Tanzania. The project developed a computer application that could receive SMS messages—from existing basic mobile phones of community-based CR officers—and feed them directly to the District Registrar’s office and computer. The message contained the details from the birth or death notification form. The system provided instant access to notifications and automatic feedback to the Village Executive Officer (VEO) if the family that experienced the birth or death event failed to register the event for certification. It also prompted the VEO to follow up with the family by conducting a questionnaire, administered by mobile phone, to determine and communicate the reasons for the non-registration. The District Civil Registrar was also able to monitor trends in these notifications via a user-friendly webbased browser and dashboard. The system was tested for six months and validated against an independent prospective household surveillance system that monitors pregnancies, births and deaths in the same period. In summary, the findings showed that the routine CR system notified only 28% of total births in the period. Adding the SMS step increased this to 51% of births. The routine CR system notified only 2.1% of deaths in the period. Adding the SMS step increased this to 14% of deaths. The SMS step therefore made significant improvements in the notification step (and modest improvements in the registration step) of routine CR. However, both notifications and registrations still fell well short of reality at community level. The most important finding of this pilot is that the current CR system in at least the study district, and likely in most of rural Tanzania, is essentially unable to provide adequate registration coverage for births and deaths, and that coverage is so low that even log order improvements are insufficient to lift it to satisfactory levels (in excess of 90%). This, as yet, says nothing regarding the quality of the data. No overwhelming reason is provided by families for the low reporting rate, suggesting that the problems are highly systemic and will need a radical redesign of CR processes to solve. To the extent that similar problems prevail in other low-income countries, it is clear that whatever these processes will be, some form of scalable real-time mobile communication such as SMS will greatly facilitate coverage levels. This pilot shows\ud that such technology is feasible. But these results also emphasise the need for an end-to-end overhaul of the\ud architecture and processes of how CR systems are built and integrated into the information fabric of a country. Small incremental technical fixes will not suffice\u

Dynamic Information Flow Analysis in Ruby

With the rapid increase in usage of the internet and online applications, there is a huge demand for applications to handle data privacy and integrity. Applications are already complex with business logic; adding the data safety logic would make them more complicated. The more complex the code becomes, the more possibilities it opens for security-critical bugs. To solve this conundrum, we can push this data safety handling feature to the language level rather than the application level. With a secure language, developers can write their application without having to worry about data security. This project introduces dynamic information flow analysis in Ruby. I extend the JRuby implementation, which is a widely used implementation of Ruby written in Java. Information flow analysis classifies variables used in the program into different security levels and monitors the data flow across levels. Ruby currently supports data integrity by a tainting mechanism. This project extends this tainting mechanism to handle implicit data flows, enabling it to protect confidentiality as well as integrity. Experimental results based on Ruby benchmarks are presented in this paper, which show that: This project protects confidentiality but at the cost of 1.2 - 10 times slowdown in execution time

Safety-Critical Systems and Agile Development: A Mapping Study

In the last decades, agile methods had a huge impact on how software is developed. In many cases, this has led to significant benefits, such as quality and speed of software deliveries to customers. However, safety-critical systems have widely been dismissed from benefiting from agile methods. Products that include safety critical aspects are therefore faced with a situation in which the development of safety-critical parts can significantly limit the potential speed-up through agile methods, for the full product, but also in the non-safety critical parts. For such products, the ability to develop safety-critical software in an agile way will generate a competitive advantage. In order to enable future research in this important area, we present in this paper a mapping of the current state of practice based on {a mixed method approach}. Starting from a workshop with experts from six large Swedish product development companies we develop a lens for our analysis. We then present a systematic mapping study on safety-critical systems and agile development through this lens in order to map potential benefits, challenges, and solution candidates for guiding future research.Comment: Accepted at Euromicro Conf. on Software Engineering and Advanced Applications 2018, Prague, Czech Republi

Large-scale Complex IT Systems

This paper explores the issues around the construction of large-scale complex systems which are built as 'systems of systems' and suggests that there are fundamental reasons, derived from the inherent complexity in these systems, why our current software engineering methods and techniques cannot be scaled up to cope with the engineering challenges of constructing such systems. It then goes on to propose a research and education agenda for software engineering that identifies the major challenges and issues in the development of large-scale complex, software-intensive systems. Central to this is the notion that we cannot separate software from the socio-technical environment in which it is used.Comment: 12 pages, 2 figure