294,318 research outputs found
End User Computing and Information Security: a Retrospective Look at the De-centralisation of Data Processing and Emerging Organisational Information Risk
Information security assured on centralised systems through application of principles previously established for paper-based systems. The advent of personal computing and distributed computing potentially turned that model upside down. It seems that the eagerness of organisations for encouraging technology (Availability part of the CIA acronym) seemed to take precedence over the finer meaning of Confidentiality and Integrity, in spite of (in the UK, at least) changes to legislation.
The huge increase in portable data storage capacities ensured that what may have been perceived as a minor irritant in the 1980s became a potential nightmare scenario by 2007, which caused two government reports to report “systemic failure”. This paper looks at the development of end-user computing, and suggests that the problem occurred because of a lack of information risk assessment over many year
A Reliable Data Provenance and Privacy Preservation Architecture for Business-Driven Cyber-Physical Systems Using Blockchain
Cyber-physical systems (CPS) including power systems, transportation, industrial control systems, etc. support both advanced control and communications among system components. Frequent data operations could introduce random failures and malicious attacks or even bring down the whole system. The dependency on a central authority increases the risk of single point of failure. To establish an immutable data provenance scheme for CPS, the authors adopt blockchain and propose a decentralized architecture to assure data integrity. In business-driven CPS, end users are required to share their personal information with multiple third parties. To prevent data leakage and preserve user privacy, the authors isolate and feed different information retrieval requests using tokens specifically generated for each type of request. Providing both traceability of data operations, and unlinkability of end user activities, a robust blockchain-based CPS is prototyped. Evaluation indicates the architecture is capable of assured data provenance validation and user privacy preservation at a low overhead
End User Computing and Information Security: a retrospective look at the de-centralisation of data processing and emerging organisational information risk
Information security assured on centralised systems through application of principles previously established for paper-based systems. The advent of personal computing and distributed computing potentially turned that model upside down. It seems that the eagerness of organisations for encouraging technology (Availability part of the CIA acronym) seemed to take precedence over the finer meaning of Confidentiality and Integrity, in spite of (in the UK, at least) changes to legislation. The huge increase in portable data storage capacities ensured that what may have been perceived as a minor irritant in the 1980s became a potential nightmare scenario by 2007, which caused two government reports to report “systemic failure”. This paper looks at the development of end-user computing, and suggests that the problem occurred because of a lack of information risk assessment over many year
Safe and Optimal Techniques Enabling Recovery, Integrity, and Assurance
There is a trend in the aviation industry to go from federated to integrated computing systems. Combining a number of traditional stand-alone federated systems into an integrated common platform (called Integrated Modular Avionics, IMA) has the benefit of increased power efficiency, reduced support hardware, and reduced cabling. However, changing from federated to integrated has a significant impact on the system architecture and hence the process of how avionic systems are to be analyzed. Traditional approaches to safety analysis become inefficient when functional boundaries can no longer be assumed for failure independence and fault isolation. In this report, we describe a tool that we developed to accelerate the safety engineer's ability to perform safety analysis of IMA systems through modeling, as well as optimize the system engineer's ability to develop a system through architecture synthesis. This work was the result of a three-year research effort called SOTERIA (Safe and Optimal Techniques Enabling Recovery, Integrity, and Assurance). We developed a compositional modeling language that supports rapid development, modification, and evaluation of architectures. The modeling language is structured such that the end-user defines a library of components with information on component reliability, connectivity, and fault propagation logic. The system model is built by instantiating the components from the library, connecting the components, and identifying the top-level faults of interest. Our tool is compositional in that the end-user only needs to define safety aspects at the component level. The tool takes the model and automatically synthesizes both the qualitative and quantitative safety analyses. We go further by allowing users to describe system information such as components to use in an architecture and their connection compatibility and automatically synthesize an architecture that meets the top-level probability target adhering to end-user specified constraints. This capability allows users to rapidly explore a design space.
A Trusted and Privacy-preserving Internet of Mobile Energy
The rapid growth in distributed energy sources on power grids leads to
increasingly decentralised energy management systems for the prediction of
power supply and demand and the dynamic setting of an energy price signal.
Within this emerging smart grid paradigm, electric vehicles can serve as
consumers, transporters, and providers of energy through two-way charging
stations, which highlights a critical feedback loop between the movement
patterns of these vehicles and the state of the energy grid. This paper
proposes a vision for an Internet of Mobile Energy (IoME), where energy and
information flow seamlessly across the power and transport sectors to enhance
the grid stability and end user welfare. We identify the key challenges of
trust, scalability, and privacy, particularly location and energy linking
privacy for EV owners, for realising the IoME vision. We propose an information
architecture for IoME that uses scalable blockchain to provide energy data
integrity and authenticity, and introduces one-time keys for public EV
transactions and a verifiable anonymous trip extraction method for EV users to
share their trip data while protecting their location privacy. We present an
example scenario that details the seamless and closed loop information flow
across the energy and transport sectors, along with a blockchain design and
transaction vocabulary for trusted decentralised transactions. We finally
discuss the open challenges presented by IoME that can unlock significant
benefits to grid stability, innovation, and end user welfare.Comment: 7 pages, 5 figure
ARIES WP3 – Needs and Requirements Analyses
Information and communication technologies have increasingly
influenced and changed our daily life. They allow global
connectivity and easy access to distributed applications and
digital services over the Internet. This report analysis security requirements on trust establishment and trust evaluation based on two different use case scenarios: "Trusted Communication using COTS" and "Trust Establishment for Cross-organizational Crises Management". A systematic needs analysis is performed on both scenarios which haver resulted in a large and well documented set of requirements. This is the first step in a large effort to define a security architecture for the two use case scenarios.
CamFlow: Managed Data-sharing for Cloud Services
A model of cloud services is emerging whereby a few trusted providers manage
the underlying hardware and communications whereas many companies build on this
infrastructure to offer higher level, cloud-hosted PaaS services and/or SaaS
applications. From the start, strong isolation between cloud tenants was seen
to be of paramount importance, provided first by virtual machines (VM) and
later by containers, which share the operating system (OS) kernel. Increasingly
it is the case that applications also require facilities to effect isolation
and protection of data managed by those applications. They also require
flexible data sharing with other applications, often across the traditional
cloud-isolation boundaries; for example, when government provides many related
services for its citizens on a common platform. Similar considerations apply to
the end-users of applications. But in particular, the incorporation of cloud
services within `Internet of Things' architectures is driving the requirements
for both protection and cross-application data sharing.
These concerns relate to the management of data. Traditional access control
is application and principal/role specific, applied at policy enforcement
points, after which there is no subsequent control over where data flows; a
crucial issue once data has left its owner's control by cloud-hosted
applications and within cloud-services. Information Flow Control (IFC), in
addition, offers system-wide, end-to-end, flow control based on the properties
of the data. We discuss the potential of cloud-deployed IFC for enforcing
owners' dataflow policy with regard to protection and sharing, as well as
safeguarding against malicious or buggy software. In addition, the audit log
associated with IFC provides transparency, giving configurable system-wide
visibility over data flows. [...]Comment: 14 pages, 8 figure
- …