How to Generate Security Cameras: Towards Defence Generation for Socio-Technical Systems

Recently security researchers have started to look into automated generation of attack trees from socio-technical system models. The obvious next step in this trend of automated risk analysis is automating the selection of security controls to treat the detected threats. However, the existing socio-technical models are too abstract to represent all security controls recommended by practitioners and standards. In this paper we propose an attack-defence model, consisting of a set of attack-defence bundles, to be generated and maintained with the socio-technical model. The attack-defence bundles can be used to synthesise attack-defence trees directly from the model to offer basic attack-defence analysis, but also they can be used to select and maintain the security controls that cannot be handled by the model itself.Comment: GraMSec 2015, 16 page

Towards business integration as a service 2.0 (BIaaS 2.0)

Cloud Computing Business Framework (CCBF) is a framework for designing and implementation of Could Computing solutions. This proposal focuses on how CCBF can help to address linkage in Cloud Computing implementations. This leads to the development of Business Integration as a Service 1.0 (BIaaS 1.0) allowing different services, roles and functionalities to work together in a linkage-oriented framework where the outcome of one service can be input to another, without the need to translate between domains or languages. BIaaS 2.0 aims to allow automation, enhanced security, advanced risk modelling and improved collaboration between processes in BIaaS 1.0. The benefits from adopting BIaaS 1.0 and developing BIaaS 2.0 are illustrated using a case study from the University of Southampton and several collaborators including IBM US. BIaaS 2.0 can work with mainstream technologies such as scientific workflows, and the proposal and demonstration of BIaaS 2.0 will be aimed to certainly benefit industry and academia. © 2011 IEEE

Towards Business Integration as a Service 2.0

Cloud Computing Business Framework (CCBF) is a framework for designing and implementation of Could Computing solutions. This proposal focuses on how CCBF can help to address linkage in Cloud Computing implementations. This leads to the development of Business Integration as a Service 1.0 (BIaS 1.0) allowing different services, roles and functionalities to work together in a linkage-oriented framework where the outcome of one service can be input to another, without the need to translate between domains or languages. BIaS 2.0 aims to allow full automation, enhanced security, advanced risk modelling and improved collaboration between processes in BIaaS 1.0. The benefits from adopting BIaS 1.0 and developing BIaS 2.0 are illustrated using a case study from the University of Southampton and several collaborators including IBM US. BIaS 2.0 can work with mainstream technologies such as scientific workflows, and the proposal and demonstration of BIaaS 2.0 will certainly benefit industry and academia

Towards Enhanced Usability of IT Security Mechanisms - How to Design Usable IT Security Mechanisms Using the Example of Email Encryption

Nowadays, advanced security mechanisms exist to protect data, systems, and networks. Most of these mechanisms are effective, and security experts can handle them to achieve a sufficient level of security for any given system. However, most of these systems have not been designed with focus on good usability for the average end user. Today, the average end user often struggles with understanding and using security mecha-nisms. Other security mechanisms are simply annoying for end users. As the overall security of any system is only as strong as the weakest link in this system, bad usability of IT security mechanisms may result in operating errors, resulting in inse-cure systems. Buying decisions of end users may be affected by the usability of security mechanisms. Hence, software provid-ers may decide to better have no security mechanism then one with a bad usability. Usability of IT security mechanisms is one of the most underestimated properties of applications and sys-tems. Even IT security itself is often only an afterthought. Hence, usability of security mechanisms is often the after-thought of an afterthought. This paper presents some guide-lines that should help software developers to improve end user usability of security-related mechanisms, and analyzes com-mon applications based on these guidelines. Based on these guidelines, the usability of email encryption is analyzed and an email encryption solution with increased usability is presented. The approach is based on an automated key and trust man-agement. The compliance of the proposed email encryption solution with the presented guidelines for usable security mechanisms is evaluated

Urban Air Mobility Market Study

The Booz Allen Team explored market size and potential barriers to Urban Air Mobility (UAM) by focusing on three potential markets – Airport Shuttle, Air Taxi, and Air Ambulance. We found that the Airport Shuttle and Air Taxi markets are viable, with a significant total available market value in the U.S. of $500 billion, for a fully unconstrained scenario. In this unconstrained best-case scenario, passengers would have the ability to access and fly a UAM at any time, from any location to any destination, without being hindered by constraints such as weather, infrastructure, or traffic volume. Significant legal and regulatory, weather, certification, public perception, and infrastructure constraints exist, which reduce the market potential for these applications to only about 0.5$2.5 billion, in the near term. However, we determined that these constraints can be addressed through ongoing intra-governmental partnerships, government and industry collaboration, strong industry commitment, and existing legal and regulatory enablers. We found that the Air Ambulance market is not a viable market if served by electric vertical takeoff and landing (eVTOL) vehicles due to technology constraints but may potentially be viable if a hybrid VTOL aircraft are utilized

Ethical and Social Aspects of Self-Driving Cars

As an envisaged future of transportation, self-driving cars are being discussed from various perspectives, including social, economical, engineering, computer science, design, and ethics. On the one hand, self-driving cars present new engineering problems that are being gradually successfully solved. On the other hand, social and ethical problems are typically being presented in the form of an idealized unsolvable decision-making problem, the so-called trolley problem, which is grossly misleading. We argue that an applied engineering ethical approach for the development of new technology is what is needed; the approach should be applied, meaning that it should focus on the analysis of complex real-world engineering problems. Software plays a crucial role for the control of self-driving cars; therefore, software engineering solutions should seriously handle ethical and social considerations. In this paper we take a closer look at the regulative instruments, standards, design, and implementations of components, systems, and services and we present practical social and ethical challenges that have to be met, as well as novel expectations for software engineering.Comment: 11 pages, 3 figures, 2 table