Current trends and advances in IT service infrastructures security assurance evaluation

The term security assurance has been used in the computer science literature to express the confidence that one has in the strength of the security measures. The need for a methodology to measure current security assurance levels of a system has been reported in the literature as vital in order to maintain and improve the overall security. However, a scrutiny of the literature reveals that in the area of IT security assurance, a large number of research questions still remain without an answer. Although a number of works have been presented in recent years, especially with respect to assurance metrics development, little effort has been made in developing a robust operational methodology for the evaluation of IT service infrastructures security assurance. This paper captures the current status of research efforts made in the field of security assurance evaluation. It collects previous and current academic, normalization and commercial work on security assurance, and establishes a comprehensive state of the art in the domain. In addition, the paper outlines the general features of an ongoing work aiming at the development of a security assurance evaluation framework that takes into account the evolving and ubiquitous IT infrastructures. The novelty of this ongoing work lies not only on the adaptability of the security assurance evaluation system to the evolving infrastructure model but also on the use of a “bottomup” approach in evaluating the security assurance level of a service using aggregation techniques. The methodology is intended to assist network managers in addressing more promptly security failures within the infrastructure as well as to increase the trust of end users in using IT systems

Public Good Theory and the 'Added Value' of the EU's Counterterrorism Policy

This paper develops a deductive theoretical framework for assessing the EU's added value in the fight against terrorism. The first part argues that public good theory helps to conceptualize objectives of international counterterrorism cooperation and the respective role of international organizations. It critically evaluates existing discussions of security cooperation from this theoretical perspective and sets out a typology of policies according to three aggregation technologies (weaker links, summation, better shot), each of which is linked to a specific set of governance challenges. The second part surveys the EU's counterterrorism efforts on this basis. Weaker link issues - such as the protection of the movement of people, goods and capital - and the related problem of mutual assurance have been quite successfully addressed, even if there is increasing uncertainty over the boundaries of cooperation. In contrast, the EU fell short with regard to joint efforts in the fight against terrorism due to the non-excludable nature of benefits, as in the case of foreign policy, or (partial) rivalry of consumption, as in the case of intelligence sharing or disaster response capacities. Finally, the EU increasingly supports better shot initiatives to develop new instruments and technologies to combat terrorism, but is often overtaken by mini-lateral forms of cooperation.counterterrorism, public good theory, international organisations, European Union

From Sensor to Observation Web with Environmental Enablers in the Future Internet

This paper outlines the grand challenges in global sustainability research and the objectives of the FP7 Future Internet PPP program within the Digital Agenda for Europe. Large user communities are generating significant amounts of valuable environmental observations at local and regional scales using the devices and services of the Future Internet. These communities’ environmental observations represent a wealth of information which is currently hardly used or used only in isolation and therefore in need of integration with other information sources. Indeed, this very integration will lead to a paradigm shift from a mere Sensor Web to an Observation Web with semantically enriched content emanating from sensors, environmental simulations and citizens. The paper also describes the research challenges to realize the Observation Web and the associated environmental enablers for the Future Internet. Such an environmental enabler could for instance be an electronic sensing device, a web-service application, or even a social networking group affording or facilitating the capability of the Future Internet applications to consume, produce, and use environmental observations in cross-domain applications. The term ?envirofied? Future Internet is coined to describe this overall target that forms a cornerstone of work in the Environmental Usage Area within the Future Internet PPP program. Relevant trends described in the paper are the usage of ubiquitous sensors (anywhere), the provision and generation of information by citizens, and the convergence of real and virtual realities to convey understanding of environmental observations. The paper addresses the technical challenges in the Environmental Usage Area and the need for designing multi-style service oriented architecture. Key topics are the mapping of requirements to capabilities, providing scalability and robustness with implementing context aware information retrieval. Another essential research topic is handling data fusion and model based computation, and the related propagation of information uncertainty. Approaches to security, standardization and harmonization, all essential for sustainable solutions, are summarized from the perspective of the Environmental Usage Area. The paper concludes with an overview of emerging, high impact applications in the environmental areas concerning land ecosystems (biodiversity), air quality (atmospheric conditions) and water ecosystems (marine asset management)

Sharing the Burden of Collective Security in the European Union. Research Note

This article compares European Union (EU) burden-sharing in security governance distinguishing between assurance, prevention, protection, and compellence policies. We employ joint-product models and examine the variation in the level of publicness, the asymmetry of the distribution of costs and benefits, and aggregation technologies in each policy domain. Joint-product models predict equal burden sharing for protection and assurance because of their respective weakest-link and summation aggregation technologies with symmetric costs. Prevention is also characterized by the technology of summation, but asymmetry of costs implies uneven burden-sharing. Uneven burden-sharing is predicted for compellence because it has the largest asymmetry of costs and a best-shot aggregation technology. Evaluating burden-sharing relative to a country?s ability to contribute, Kendall tau-tests examine the rank-correlation between security burden and the capacity of EU member states. These tests show that the smaller EU members disproportionately shoulder the costs of assurance and protection; wealthier EU members carry a somewhat disproportionate burden in the provision of prevention, and larger EU members in the provision of compellence. When analyzing contributions relative to expected benefits, asymmetric marginal costs can largely explain uneven burden-sharing. The main conclusion is that the aggregated burden of collective security governance in the EU is shared quite evenly

Safety arguments for next generation location aware computing

Concerns over the accuracy, availability, integrity and continuity of Global Navigation Satellite Systems (GNSS) have limited the integration of GPS and GLONASS for safety-critical applications. More recent augmentation systems, such as the European Geostationary Navigation Overlay Service (EGNOS) and the North American Wide Area Augmentation System (WAAS) have begun to address these concerns. Augmentation architectures build on the existing GPS/GLONASS infrastructures to support locationbased services in Safety of Life (SoL) applications. Much of the technical development has been directed by air traffic management requirements, in anticipation of the more extensive support to be offered by GPS III and Galileo. WAAS has already been approved to provide vertical guidance against ICAO safety performance criteria for aviation applications. During the next twelve months, we will see the full certification of EGNOS for SoL applications. This paper identifies strong similarities between the safety assessment techniques used in Europe and North America. Both have relied on hazard analysis techniques to derive estimates of the Probability of Hazardously Misleading Information (PHMI). Later sections identify significant differences between the approaches adopted in application development. Integrated fault trees have been developed by regulatory and commercial organisations to consider both infrastructure hazards and their impact on non-precision RNAV/VNAV approaches using WAAS. In contrast, EUROCONTROL and the European Space Agency have developed a more modular approach to safety-case development for EGNOS. It remains to be seen whether the European or North American strategy offers the greatest support as satellite based augmentation systems are used within a growing range of SoL applications from railway signalling through to Unmanned Airborne Systems. The key contribution of this paper is to focus attention on the safety arguments that might support this wider class of location based services

A Multi-Layer and Multi-Tenant Cloud Assurance Evaluation Methodology

Data with high security requirements is being processed and stored with increasing frequency in the Cloud. To guarantee that the data is being dealt in a secure manner we investigate the applicability of Assurance methodologies. In a typical Cloud environment the setup of multiple layers and different stakeholders determines security properties of individual components that are used to compose Cloud applications. We present a methodology adapted from Common Criteria for aggregating information reflecting the security properties of individual constituent components of Cloud applications. This aggregated information is used to categorise overall application security in terms of Assurance Levels and to provide a continuous assurance level evaluation. It gives the service owner an overview of the security of his service, without requiring detailed manual analyses of log files