Safety and Security By Design

Multiple levels of safety protect those who protect us at Kansas State University’s Biosecurity Research Institute

Providing the cloud security by design patterns

The problem of providing the security of cloud services is becoming more popular as the use and availability of cloud services increases. Besides small and medium-sized businesses, and  governments use cloud technology to reduce information costs and increase the availability and scope of offering services. Cloud technologies are expected to meet the increased security requirements. Enhanced requirements makes difficult development of cloud computing sevices and infrastructure. One way to overcome these difficulties is to use design patterns that aid applying of useful security practices. For their application is necessary a research of the variety of design patterns offered by different organizations and scientists. That's why the research object in the paper is design patterns that support improving cloud security. Some security issues and design patterns that aid to solve them are addressed

Privacy and security by design

Trabajo de Fin de Grado en Ingeniería del Software (Universidad Complutense, Facultad de Informática, curso 2016/2017)Este proyecto aborda el diseño de una metodología para la realización de la evaluación de impacto a la protección de datos, que partiendo de la guía elaborada por la Agencia Española de Protección de datos a tal efecto, incorpora como requisitos de seguridad de los datos, aquellos obtenidos a partir de un análisis de riesgos realizado en base a las normas ISO 27001 (1) e ISO 27002 (2). El proyecto implementa una solución para la parte de seguridad que ya contempla el enfoque a riesgos que propone el nuevo Reglamento Europeo de Protección de datos (R 679/2016) cuya entrada en vigor será en mayo de 2018 (3). El proyecto presenta un modelo conceptual que recoge los requisitos funcionales de la solución, estructurada en fases y que cuenta con roles relacionados entre sí en un diagrama de flujo. Además, como ejemplo de implementación de la solución propuesta, se ha desarrollado una herramienta web para ayudar, tanto a empresas como a administraciones, a completar el informe de evaluación de impacto a la protección de datos, que contiene las fases de la metodología junto con la identificación de riesgos y el tratamiento de los mismos.This project is about the design of a methodology for the accomplishment of the Privacy Impact Assessment (PIA) (4), which, based on the guide developed by the Spanish Agency for Data Protection, incorporates as data security requirements those obtained from a risk analysis carried out on the basis of ISO 27001 (1) and ISO 27002 (2) standards. This project implements a solution for the security part that already contemplates the risk approach proposed by the new European Data Protection Regulation (R 679 2016) which will come into force in May 2018 (3). The project presents a conceptual model that includes the functional requirements of the solution, structured in phases and with roles related in a flow diagram. In addition, as an example of the proposed solution implementation, a web tool has been developed to help, companies and public administrations, to complete the Privacy Impact Assessment report, which contains the phases of the methodology as well as the risks identification and treatment.Depto. de Arquitectura de Computadores y AutomáticaFac. de InformáticaTRUEunpu

Digital Energy Platforms Considering Digital Privacy and Security by Design Principles

The power system and markets have become increasingly complex, along with efforts to digitalize the energy sector. Accessing flexibility services, in particular, through digital energy platforms, has enabled communication between multiple entities within the energy system and streamlined flexibility market operations. However, digitalizing these vast and complex systems introduces new cybersecurity and privacy concerns, which must be properly addressed during the design of the digital energy platform ecosystems. More specifically, both privacy and cybersecurity measures should be embedded into all phases of the platform design and operation, based on the privacy and security by design principles. In this study, these principles are used to propose a holistic but generic architecture for digital energy platforms that are able to facilitate multiple use cases for flexibility services in the energy sector. A hybrid framework using both DLT and non-DLT solutions ensures trust throughout the layers of the platform architecture. Furthermore, an evaluation of numerous energy flexibility service use cases operating at various stages of the energy value chain is shown and graded in terms of digital energy platform technical maturity, privacy, and cybersecurity issues

PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud Services

Enterprises increasingly recognize the compelling economic and operational benefits from virtualizing and pooling IT resources in the cloud. Nevertheless, the significant and valuable transformation of organizations that adopt cloud computing is accompanied by a number of security threats that should be considered. In this position paper, we outline significant security challenges presented when migrating to a cloud environment and propose PaaSword - a novel holistic framework that aspires to alleviate these challenges. Specifically, this proposed framework involves a context-aware security model, the necessary policies enforcement mechanism along with a physical distribution, encryption and query middleware

Security by design for IoT devices

Unprotected IoT devices are an easy target for cyber-attacks. This white paper shows the application of a systematic development process to identify threats, derive security requirements and implement effective protection measures. The example of a simple WiFi-based sensor illustrates the design process and adequate protection measures. The latest generation of Secure Microcontrollers featuring Trusted Execution Environments (TEE) as well as Secure Elements both provide options to store key material securely and perform cryptographic operations in an energy-efficient way. The interaction of these hardware components together with dedicated firmware and a Public Key Infrastructure (PKI) enables a low-power sensor to connect securely to the cloud