Requirements engineering within a large-scale security-oriented research project : lessons learned

Requirements engineering has been recognized as a fundamental phase of the software engineering process. Nevertheless, the elicitation and analysis of requirements are often left aside in favor of architecture-driven software development. This tendency, however, can lead to issues that may affect the success of a project. This paper presents our experience gained in the elicitation and analysis of requirements in a large-scale security-oriented European research project, which was originally conceived as an architecture-driven project. In particular, we illustrate the challenges that can be faced in large-scale research projects and consider the applicability of existing best practices and off-the-shelf methodologies with respect to the needs of such projects. We then discuss how those practices and methods can be integrated into the requirements engineering process and possibly improved to address the identified challenges. Finally, we summarize the lessons learned from our experience and the benefits that a proper requirements analysis can bring to a project

Requirements engineering within a large-scale security-oriented research project : lessons learned

Requirements engineering has been recognized as a fundamental phase of the software engineering process. Nevertheless, the elicitation and analysis of requirements are often left aside in favor of architecture-driven software development. This tendency, however, can lead to issues that may affect the success of a project. This paper presents our experience gained in the elicitation and analysis of requirements in a large-scale security-oriented European research project, which was originally conceived as an architecture-driven project. In particular, we illustrate the challenges that can be faced in large-scale research projects and consider the applicability of existing best practices and off-the-shelf methodologies with respect to the needs of such projects. We then discuss how those practices and methods can be integrated into the requirements engineering process and possibly improved to address the identified challenges. Finally, we summarize the lessons learned from our experience and the benefits that a proper requirements analysis can bring to a project

Secure data sharing and processing in heterogeneous clouds

The extensive cloud adoption among the European Public Sector Players empowered them to own and operate a range of cloud infrastructures. These deployments vary both in the size and capabilities, as well as in the range of employed technologies and processes. The public sector, however, lacks the necessary technology to enable effective, interoperable and secure integration of a multitude of its computing clouds and services. In this work we focus on the federation of private clouds and the approaches that enable secure data sharing and processing among the collaborating infrastructures and services of public entities. We investigate the aspects of access control, data and security policy languages, as well as cryptographic approaches that enable fine-grained security and data processing in semi-trusted environments. We identify the main challenges and frame the future work that serve as an enabler of interoperability among heterogeneous infrastructures and services. Our goal is to enable both security and legal conformance as well as to facilitate transparency, privacy and effectivity of private cloud federations for the public sector needs. © 2015 The Authors

Optimum Support Policy Component for the Development of Agricultural Production: Potato Producer

The present study aimed to determine the optimum policy component in an example of potato cultivation development based on the principle of the efficient use of scarce resources and maximizing the benefit of the producer. Agricultural support policies are commonly implemented by adopting a top-down approach. Regarding benefit maximization at the target group level, policies for agricultural products should be determined with a bottom-up approach. In this manner, in the present study, potato producers were determined to be the target group. Therefore, this study investigated the policy component that provides the highest benefit in line with the demands, expectations, and tendencies of the target group. The micro-data obtained from the potato-growing enterprises operating in provinces where potato cultivation was intensively carried out within the scope of Turkey constituted the research data. A face-to-face survey technique was used as the method for collecting the producer data. Simple descriptive statistics and one of the multivariate analysis techniques, conjoint analysis, were applied in the analysis and evaluation of the data. The optimum policy component setup was determined to be “Price and Payment Support: Above Market Price and 2 months term, Support Area and Amount: to production, 25.47 USD/da (23.04 EUR/da), time of announcement for the supports: pre-planting, and producer’s declaration: I do (I declare)” for the potato product. Accordingly, the necessity of a bottom-up approach in the planning and implementation of an agricultural support policy in Turkey is explained based on the results obtained. Therefore, it is considered necessary and beneficial to measure the level of producer benefits on the focus of applications that encourage potato production

Security Mechanisms for Workflows in Service-Oriented Architectures

Die Arbeit untersucht, wie sich Unterstützung für Sicherheit und Identitätsmanagement in ein Workflow-Management-System integrieren lässt. Basierend auf einer Anforderungsanalyse anhand eines Beispiels aus der beruflichen Weiterbildung und einem Abgleich mit dem Stand der Technik wird eine Architektur für die sichere Ausführung von Workflows und die Integration mit Identitätsmanagement-Systemen entwickelt, die neue Anwendungen mit verbesserter Sicherheit und Privatsphäre ermöglicht

Identity in eHealth - from the reality of physical identification to digital identification.

Mestrado em Informática MédicaMaster Programme in Medical Informatic

Architectures for the Future Networks and the Next Generation Internet: A Survey

Networking research funding agencies in the USA, Europe, Japan, and other countries are encouraging research on revolutionary networking architectures that may or may not be bound by the restrictions of the current TCP/IP based Internet. We present a comprehensive survey of such research projects and activities. The topics covered include various testbeds for experimentations for new architectures, new security mechanisms, content delivery mechanisms, management and control frameworks, service architectures, and routing mechanisms. Delay/Disruption tolerant networks, which allow communications even when complete end-to-end path is not available, are also discussed

Continuous trust management frameworks : concept, design and characteristics

PhD ThesisA Trust Management Framework is a collection of technical components and governing rules and contracts to establish secure, confidential, and Trustworthy transactions among the Trust Stakeholders whether they are Users, Service Providers, or Legal Authorities. Despite the presence of many Trust Frameworks projects, they still fail at presenting a mature Framework that can be Trusted by all its Stakeholders. Particularly speaking, most of the current research focus on the Security aspects that may satisfy some Stakeholders but ignore other vital Trust Properties like Privacy, Legal Authority Enforcement, Practicality, and Customizability. This thesis is all about understanding and utilising the state of the art technologies of Trust Management to come up with a Trust Management Framework that could be Trusted by all its Stakeholders by providing a Continuous Data Control where the exchanged data would be handled in a Trustworthy manner before and after the data release from one party to another. For that we call it: Continuous Trust Management Framework. In this thesis, we present a literature survey where we illustrate the general picture of the current research main categorise as well as the main Trust Stakeholders, Trust Challenges, and Trust Requirements. We picked few samples representing each of the main categorise in the literature of Trust Management Frameworks for detailed comparison to understand the strengths and weaknesses of those categorise. Showing that the current Trust Management Frameworks are focusing on fulfilling most of the Trust Attributes needed by the Trust Stakeholders except for the Continuous Data Control Attribute, we argued for the vitality of our proposed generic design of the Continuous Trust Management Framework. To demonstrate our Design practicality, we present a prototype implementing its basic Stakeholders like the Users, Service Providers, Identity Provider, and Auditor on top of the OpenID Connect protocol. The sample use-case of our prototype is to protect the Users’ email addresses. That is, Users would ask for their emails not to be iii shared with third parties but some Providers would act maliciously and share these emails with third parties who would, in turn, send spam emails to the victim Users. While the prototype Auditor would be able to protect and track data before their release to the Service Providers, it would not be able to enforce the data access policy after release. We later generalise our sample use-case to cover various Mass Active Attacks on Users’ Credentials like, for example, using stolen credit cards or illegally impersonating third-party identity. To protect the Users’ Credentials after release, we introduce a set of theories and building blocks to aid our Continuous Trust Framework’s Auditor that would act as the Trust Enforcement point. These theories rely primarily on analysing the data logs recorded by our prototype prior to releasing the data. To test our theories, we present a Simulation Model of the Auditor to optimise its parameters. During some of our Simulation Stages, we assumed the availability of a Data Governance Unit, DGU, that would provide hardware roots of Trust. This DGU is to be installed in the Service Providers’ server-side to govern how they handle the Users’ data. The final simulation results include a set of different Defensive Strategies’ Flavours that could be utilized by the Auditor depending on the environment where it operates. This thesis concludes with the fact that utilising Hard Trust Measures such as DGU without effective Defensive Strategies may not provide the ultimate Trust solution. That is especially true at the bootstrapping phase where Service Providers would be reluctant to adopt a restrictive technology like our proposed DGU. Nevertheless, even in the absence of the DGU technology now, deploying the developed Defensive Strategies’ Flavours that do not rely on DGU would still provide significant improvements in terms of enforcing Trust even after data release compared to the currently widely deployed Strategy: doing nothing!Public Authority for Applied Education and Training in Kuwait, PAAET

Analysis of Argonaute-Small RNA-Transcription Factor Circuits Controlling Leaf Development

Experimental studies of plant development have yielded many insights into gene regulation, revealing interactions between core transcriptional and post-transcriptional regulatory pathways present in all land plants. This work describes a direct connection between the three main small RNA-transcription factor circuits controlling leaf shape dynamics in the reference plant Arabidopsis thaliana. We used a high-throughput yeast 1-hybrid platform to identify factors directly binding the promoter of the highly specialized ARGONAUTE7 silencing factor. Two groups of developmentally significant microRNA-targeted transcription factors were the clearest hits from these screens, but transgenic complementation analysis indicated that their binding sites make only a small contribution to ARGONAUTE7 function, possibly indicating a role in fine tuning. Timelapse imaging methodology developed to quantify these small differences may have broad utility for plant biologists. Our analysis also clarified requirements for polar transcription of ARGONAUTE7. This work has implications for our understanding of patterning in land plants