A New Fuzzy MCDM Framework to Evaluate E-Government Security Strategy

Ensuring security of e-government applications and infrastructures is crucial to maintain trust among stakeholders to store, process and exchange information over the e-government systems. Due to dynamic and continuous threats on e-government information security, policy makers need to perform evaluation on existing information security strategy as to deliver trusted e-government services. This paper presents an information security evaluation framework based on new fuzzy multi criteria decision making (MCDM) to help policy makers conduct comprehensive assessment of e-government security strategy.Comment: IEEE 4th International Conference on Application of Information and Communication Technologies AICT201

Assigning Creative Commons Licenses to Research Metadata: Issues and Cases

This paper discusses the problem of lack of clear licensing and transparency of usage terms and conditions for research metadata. Making research data connected, discoverable and reusable are the key enablers of the new data revolution in research. We discuss how the lack of transparency hinders discovery of research data and make it disconnected from the publication and other trusted research outcomes. In addition, we discuss the application of Creative Commons licenses for research metadata, and provide some examples of the applicability of this approach to internationally known data infrastructures.Comment: 9 pages. Submitted to the 29th International Conference on Legal Knowledge and Information Systems (JURIX 2016), Nice (France) 14-16 December 201

From Space and Time to a Deeper Reality as a Possible Way to Solve Global Problems

To deal with global problems we suggest to consider complex systems not in space and time, but in a possible deeper reality, i.e., the hierarchical network of prime integer relations. Encoded by arithmetic through the self-organization processes the hierarchical network appears as the mathematical structure of one harmonious and interconnected whole. Remarkably, the holistic nature of the hierarchical network allows to formulate a single universal objective of a complex system defined in terms of the integration principle. We propose that by the realization of the integration principle the Earth system could be transformed to become an integrated part of a larger system with more capacity and energy to sustain life. Significantly, based on integers and controlled by arithmetic only the hierarchical network has a unique potential to provide an irreducible common ground fully trusted by different parties and helping to reveal a higher collective purpose.Comment: 5 pages, to be presented at the Eighth International Conference on Complex Systems, Boston, June 26 - July 1, 201

Information Security and Digital Forensics in the world of Cyber Physical Systems

Andrew Jones, Stilianos Vidalis, Nasser Abouzakhar, ‘Information Security and Digital Forensics in the world of Cyber Physical Systems’, paper presented at the 11th International Conference on Digital Information Management, Porto, Portugal, 19-21 September, 2016.The security of Cyber Physical Systems and any digital forensic investigations into them will be highly dependent on data that is stored and processed in the Cloud. This paper looks at a number of the issues that will need to be addressed if this environment is to be trusted to securely hold both system critical and personal information and to enable investigations into incidents to be undertaken

Introduction to the Minitrack on Advances in Trust, Identity, and Trusted Systems in Technology-Mediated Environments

Within the 52nd Hawaiian International Conference on System Sciences (HICSS), we organize for the third time a minitrack on Trust, Identity, and Trusted Systems in Technology-mediated Environments. Trust is a pervasive concern not just with new technologies but also with established technologies as they become more complex and interdependent. Through five papers and an open discussion, the minitrack will discuss and debate when and to what degree trust matters, in what form(s), and with which consequences in the context of existing and emerging hardware and software technologies, e.g., biometric technologies, cryptocurrencies, artificial intelligence, peer-to-peer networked platforms, and autonomous vehicles

EmLog:Tamper-Resistant System Logging for Constrained Devices with TEEs

Remote mobile and embedded devices are used to deliver increasingly impactful services, such as medical rehabilitation and assistive technologies. Secure system logging is beneficial in these scenarios to aid audit and forensic investigations particularly if devices bring harm to end-users. Logs should be tamper-resistant in storage, during execution, and when retrieved by a trusted remote verifier. In recent years, Trusted Execution Environments (TEEs) have emerged as the go-to root of trust on constrained devices for isolated execution of sensitive applications. Existing TEE-based logging systems, however, focus largely on protecting server-side logs and offer little protection to constrained source devices. In this paper, we introduce EmLog -- a tamper-resistant logging system for constrained devices using the GlobalPlatform TEE. EmLog provides protection against complex software adversaries and offers several additional security properties over past schemes. The system is evaluated across three log datasets using an off-the-shelf ARM development board running an open-source, GlobalPlatform-compliant TEE. On average, EmLog runs with low run-time memory overhead (1MB heap and stack), 430--625 logs/second throughput, and five-times persistent storage overhead versus unprotected logs.Comment: Accepted at the 11th IFIP International Conference on Information Security Theory and Practice (WISTP '17

Blockchain-backed analytics. Adding blockchain-based quality gates to data science projects

[EN] A typical analytical lifecycle in data science projects starts with the process of data generation and collection, continues with data preparation and preprocessing and heads towards project specific analytics, visualizations and presentations. In order to ensure high quality trusted analytics, every relevant step of the data-model-result linkage needs to meet certain quality standards that furthermore should be certified by trusted quality gate mechanisms.We propose “blockchain-backed analytics”, a scalable and easy-to-use generic approach to introduce quality gates to data science projects, backed by the immutable records of a blockchain. For that reason, data, models and results are stored as cryptographically hashed fingerprints with mutually linked transactions in a public blockchain database.This approach enables stakeholders of data science projects to track and trace the linkage of data, applied models and modeling results without the need of trust validation of escrow systems or any other third party.Herrmann, M.; Petzold, J.; Bombatkar, V. (2018). Blockchain-backed analytics. Adding blockchain-based quality gates to data science projects. En 2nd International Conference on Advanced Reserach Methods and Analytics (CARMA 2018). Editorial Universitat Politècnica de València. 1-9. https://doi.org/10.4995/CARMA2018.2018.8292OCS1

A task-driven design model for collaborative AmI systems

Proceedings of the CAISE*06 Workshop on Ubiquitous Mobile Information and Collaboration Systems UMICS '06. Luxemburg, June 5-9, 2006.The proceedings of this workshop also appeared in printed version In T. Latour and M. Petit (eds), Proceedings of Workshops and Doctoral Consortium, The 18th International Conference on Advanced Information Systems Engineering - Trusted Information Systems (CAiSE'06), June 5-9, 2006, Presses Universitaires de Namur, 2006, ISBN 2-87037-525.Also published online by CEUR Workshop Proceedings (CEUR-WS.org, ISSN 1613-0073)Ambient intelligence (AmI) is a promising paradigm for humancentred interaction based on mobile and context-aware computing, natural interfaces and collaborative work. AMENITIES (a conceptual and methodological framework based on task-based models) has been specially devised for collaborative systems and is the starting point for a new design proposal for application to AmI systems. This paper proposes a task-based model for designing collaborative AmI systems, which attempts to gather the computational representation of the concepts involved (tasks, laws, etc.) and the relationships between them in order to develop a complete functional environment in relation with the features of AmI systems (collaborative, context-aware, dynamic, proactive, etc.). The research has been applied to an e-learning environment and is implemented using a blackboard model.This research is partially supported by a Spanish R&D Project TIN2004-03140, Ubiquitous Collaborative Adaptive Training (U-CAT)

Health Access Broker: Secure, Patient-Controlled Management of Personal Health Records in the Cloud

Secure and privacy-preserving management of Personal Health Records (PHRs) has proved to be a major challenge in modern healthcare. Current solutions generally do not offer patients a choice in where the data is actually stored and also rely on at least one fully trusted element that patients must also trust with their data. In this work, we present the Health Access Broker (HAB), a patient-controlled service for secure PHR sharing that (a) does not impose a specific storage location (uniquely for a PHR system), and (b) does not assume any of its components to be fully secure against adversarial threats. Instead, HAB introduces a novel auditing and intrusion-detection mechanism where its workflow is securely logged and continuously inspected to provide auditability of data access and quickly detect any intrusions.Comment: Copy of the paper accepted at 13th International Conference on Computational Intelligence in Security for Information Systems (CISIS