Contributions to the study and modeling of knowledge development systems

Not availabl

Semantic discovery and reuse of business process patterns

Patterns currently play an important role in modern information systems (IS) development and their use has mainly been restricted to the design and implementation phases of the development lifecycle. Given the increasing significance of business modelling in IS development, patterns have the potential of providing a viable solution for promoting reusability of recurrent generalized models in the very early stages of development. As a statement of research-in-progress this paper focuses on business process patterns and proposes an initial methodological framework for the discovery and reuse of business process patterns within the IS development lifecycle. The framework borrows ideas from the domain engineering literature and proposes the use of semantics to drive both the discovery of patterns as well as their reuse

Security Policy Management for a Cooperative Firewall

Increasing popularity of the Internet service and increased number of connected devices along with the introduction of IoT are making the society ever more dependent on the Internet services availability. Therefore, we need to ensure the minimum level of security and reliability of services. Ultra-Reliable Communication (URC) refers to the availability of life and business critical services nearly 100 percent of the time. These requirements are an integral part of upcoming 5th generation (5G) mobile networks. 5G is the future mobile network, which at the same time is part of the future Internet. As an extension to the conventional communication architecture, 5G needs to provide ultra-high reliability of services where; it needs to perform better than the currently available solutions in terms of security, confidentiality, integrity and reliability and it should mitigate the risks of Internet attack and malicious activities. To achieve such requirements, Customer Edge Switching (CES) architecture is presented. It proposes that the Internet user’s agent in the network provider needs to have prior information about the expected traffic of users to mitigate maximum attacks and only allow expected communication between hosts. CES executes communication security policies of each user or device acting as the user’s agent. The policy describes with fine granularity what traffic is expected by the device. The policies are sourced as automatically as possible but can also be modified by the user. Stored policies will follow the mobile user and will be executed at the network edge node executing Customer Edge Switch functions to stop all unexpected traffic from entering the mobile network. State-of-the-art in mobile network architectures utilizes the Quality of Service (QoS) policies of users. This thesis motivates the extension of current architecture to accommodate security and communication policy of end-users. The thesis presents an experimental implementation of a policy management system which is termed as Security Policy Management (SPM) to handle above-mentioned policies of users. We describe the architecture, implementation and integration of SPM with the Customer Edge Switching. Additionally, SPM has been evaluated in terms of performance, scalability, reliability and security offered via 5G customer edge nodes. Finally, the system has been analyzed for feasibility in the 5G architecture

D8.6 OPTIMAI commercialization and exploitation strategy

Deliverable D8.6 OPTIMAI commercialization and exploitation strategy 1 st version is the first version of the OPTIMAI Exploitation Plan. Exploitation aims at ensuring that OPTIMAI becomes sustainable well after the conclusion of the research project period so as to create impact. OPTIMAI intends to develop an industry environment that will optimize production, reducing production line scrap and production time, as well as improving the quality of the products through the use of a variety of technological solutions, such as Smart Instrumentation of sensors network at the shop floor, Metrology, Artificial Intelligence (AI), Digital Twins, Blockchain, and Decision Support via Augmented Reality (AR) interfaces. The innovative aspects: Decision Support Framework for Timely Notifications, Secure and adaptive multi-sensorial network and fog computing framework, Blockchain-enabled ecosystem for securing data exchange, Intelligent Marketplace for AI sharing and scrap re-use, Digital Twin for Simulation and Forecasting, Embedded Cybersecurity for IoT services, On-the-fly reconfiguration of production equipment allows businesses to reconsider quality management to eliminate faults, increase productivity, and reduce scrap. The OPTIMAI exploitation strategy has been drafted and it consists of three phases: Initial Phase, Mid Phase and Final Phase where different activities are carried out. The aim of the Initial phase (M1 to M12), reported in this deliverable, is to have an initial results' definition for OPTIMAI and the setup of the structures to be used during the project lifecycle. In this phase, also each partner's Individual Exploitation commitments and intentions are drafted, and a first analysis of the joint exploitation strategies is being presented. The next steps, leveraging on the outcomes of the preliminary market analysis, will be to update the Key Exploitable Results with a focus on their market value and business potential and to consolidate the IPR Assessment and set up a concrete Exploitation Plan. The result of the next period of activities will be reported in D8.7 OPTIMAI commercialization and exploitation strategy - 2nd version due at month 18 (June 2022

Confidentiality, integrity and non-repudiation in smartgrids

Tese de mestrado em Segurança Informática, apresentada à Universidade de Lisboa, através da Faculdade de Ciências, 2011No actual contexto macroeconómico mundial é essencial a adopção de novas formas de geração de energia, alternativas à utilização de recursos fósseis, combinada com os objectivos de fiabilidade e qualidade dos fornecimentos e de indução de competitividade nos mercados. Torna-se necessário produzir, transportar e distribuir energia de forma sustentável sem prejudicar o ecossistema. A visão de uma infraestrutura com maior controlo, onde redes, produtores e consumidores têm papeis significativamente mais activos, está a provocar uma mudança de paradigma nas redes eléctricas e na sua gestão que se materializa no conceito das Smart Grids. Para obter um elevado nível de controlo de operação da rede, necessário para a concretização das funcionalidades prometidas pelas Smart Grids, a arquitectura terá que evoluir de modo a comportar um maior número de unidades remotas inteligentes, o desenvolvimento de novos sistemas técnicos e comerciais, o aumento de trocas de mensagens entre aplicações e a interligações entre diversas redes. Esta complexidade é bastante maior daquela que poderemos encontrar nas actuais infra-estruturas de sistemas de informação para a transmissão e distribuição de energia eléctrica e apresenta novos desafios no que diz respeito à disponibilidade da rede e, em particular, à sua segurança. Os novos equipamentos, aplicações, hardware, protocolos de comunicação, operação e administração da rede vão introduzir novas potenciais vulnerabilidades que podem ser exploradas por indivíduos mal intencionados ou simplesmente por erros de operação. Esta preocupação acerca da disponibilidade e segurança da rede de energia eléctrica do futuro evidenciam a importância que assumem a segurança e disponibilidade da infra-estrutura dos sistemas de informação e comunicações que a suportam. Este trabalho propõem-se analisar a confiabilidade das Smart Grids no que diz respeito aos seus aspectos de segurança de tecnologias de informação, incidindo em particular no projecto Português de Smart Grid denominado InovGrid. Este projecto de investigação irá descrever as funcionalidades da arquitectura InovGrid fazendo uma análise detalhada dos vectores de ataque e os riscos eminentes associados à sua implementação. Este estudo irá avaliar e propor soluções no domínio da autenticidade, confidencialidade e não-repudiação de informação numa arquitectura peculiar e heterogenia com a das Smart Grids.In the current global macroeconomic context is essential to adopt new ways of generating energy alternatives to fossil fuels, combined with the objectives of reliability and quality of delivery and induction of competitiveness in markets. It is necessary to produce, transport and distribute energy in a sustainable way without harming the ecosystem. The vision of an infrastructure with more control, where networks, producers and consumers have significantly more active roles, is causing a paradigm shift in electricity networks and their operations that is embodied in the concept of Smart Grids. To obtain a high level of control required to achieve the new features promised by Smart Grids, the architecture will need to comprise more intelligent remote terminal units, the development of new technical and commercial systems, the increase of the number of messages exchange between applications and also interconnections between enterprise networks. This complexity, far higher than found in present transmission and distribution infrastructures, will bring several challenges considering network reliability and security in particular. All the new devices, applications, hardware, communication protocols, network operations and administration will introduce potential vulnerabilities that might be explored by malicious users or simple by erroneous actions from a variety of external and internal sources. This concern about security and reliability of the future power grids increase the importance of the information technology and communications infrastructures and their security. This work proposes to analyze Smart Grid’s reliability regarding its information technology security but focusing the study in the Portuguese Smart Grid project implementation, named as InovGrid. It will describe the functionalities of the InovGrid architecture providing a detailed analysis of its attack vectors and the eminent risks associated with the implementation. It will propose and analysis solutions for confidentiality, authenticity and non-repudiation aspects in such peculiar and heterogeneous networks

Novel architectures and strategies for security offloading

Internet has become an indispensable and powerful tool in our modern society. Its ubiquitousness, pervasiveness and applicability have fostered paradigm changes around many aspects of our lives. This phenomena has positioned the network and its services as fundamental assets over which we rely and trust. However, Internet is far from being perfect. It has considerable security issues and vulnerabilities that jeopardize its main core functionalities with negative impact over its players. Furthermore, these vulnerabilities¿ complexities have been amplified along with the evolution of Internet user mobility. In general, Internet security includes both security for the correct network operation and security for the network users and endpoint devices. The former involves the challenges around the Internet core control and management vulnerabilities, while the latter encompasses security vulnerabilities over end users and endpoint devices. Similarly, Internet mobility poses major security challenges ranging from routing complications, connectivity disruptions and lack of global authentication and authorization. The purpose of this thesis is to present the design of novel architectures and strategies for improving Internet security in a non-disruptive manner. Our novel security proposals follow a protection offloading approach. The motives behind this paradigm target the further enhancement of the security protection while minimizing the intrusiveness and disturbance over the Internet routing protocols, its players and users. To accomplish such level of transparency, the envisioned solutions leverage on well-known technologies, namely, Software Defined Networks, Network Function Virtualization and Fog Computing. From the Internet core building blocks, we focus on the vulnerabilities of two key routing protocols that play a fundamental role in the present and the future of the Internet, i.e., the Border Gateway Protocol (BGP) and the Locator-Identifier Split Protocol (LISP). To this purpose, we first investigate current BGP vulnerabilities and countermeasures with emphasis in an unresolved security issue defined as Route Leaks. Therein, we discuss the reasons why different BGP security proposals have failed to be adopted, and the necessity to propose innovative solutions that minimize the impact over the already deployed routing solution. To this end, we propose pragmatic security methodologies to offload the protection with the following advantages: no changes to the BGP protocol, neither dependency on third party information nor on third party security infrastructure, and self-beneficial. Similarly, we research the current LISP vulnerabilities with emphasis on its control plane and mobility support. We leverage its by-design separation of control and data planes to propose an enhanced location-identifier registration process of end point identifiers. This proposal improves the mobility of end users with regards on securing a dynamic traffic steering over the Internet. On the other hand, from the end user and devices perspective we research new paradigms and architectures with the aim of enhancing their protection in a more controllable and consolidated manner. To this end, we propose a new paradigm which shifts the device-centric protection paradigm toward a user-centric protection. Our proposal focus on the decoupling or extending of the security protection from the end devices toward the network edge. It seeks the homogenization of the enforced protection per user independently of the device utilized. We further investigate this paradigm in a mobility user scenario. Similarly, we extend this proposed paradigm to the IoT realm and its intrinsic security challenges. Therein, we propose an alternative to protect both the things, and the services that leverage from them by consolidating the security at the network edge. We validate our proposal by providing experimental results from prof-of-concepts implementations.Internet se ha convertido en una poderosa e indispensable herramienta para nuestra sociedad moderna. Su omnipresencia y aplicabilidad han promovido grandes cambios en diferentes aspectos de nuestras vidas. Este fenómeno ha posicionado a la red y sus servicios como activos fundamentales sobre los que contamos y confiamos. Sin embargo, Internet está lejos de ser perfecto. Tiene considerables problemas de seguridad y vulnerabilidades que ponen en peligro sus principales funcionalidades. Además, las complejidades de estas vulnerabilidades se han ampliado junto con la evolución de la movilidad de usuarios de Internet y su limitado soporte. La seguridad de Internet incluye tanto la seguridad para el correcto funcionamiento de la red como la seguridad para los usuarios y sus dispositivos. El primero implica los desafíos relacionados con las vulnerabilidades de control y gestión de la infraestructura central de Internet, mientras que el segundo abarca las vulnerabilidades de seguridad sobre los usuarios finales y sus dispositivos. Del mismo modo, la movilidad en Internet plantea importantes desafíos de seguridad que van desde las complicaciones de enrutamiento, interrupciones de la conectividad y falta de autenticación y autorización globales. El propósito de esta tesis es presentar el diseño de nuevas arquitecturas y estrategias para mejorar la seguridad de Internet de una manera no perturbadora. Nuestras propuestas de seguridad siguen un enfoque de desacople de la protección. Los motivos detrás de este paradigma apuntan a la mejora adicional de la seguridad mientras que minimizan la intrusividad y la perturbación sobre los protocolos de enrutamiento de Internet, sus actores y usuarios. Para lograr este nivel de transparencia, las soluciones previstas aprovechan nuevas tecnologías, como redes definidas por software (SDN), virtualización de funciones de red (VNF) y computación en niebla. Desde la perspectiva central de Internet, nos centramos en las vulnerabilidades de dos protocolos de enrutamiento clave que desempeñan un papel fundamental en el presente y el futuro de Internet, el Protocolo de Puerta de Enlace Fronterizo (BGP) y el Protocolo de Separación Identificador/Localizador (LISP ). Para ello, primero investigamos las vulnerabilidades y medidas para contrarrestar un problema no resuelto en BGP definido como Route Leaks. Proponemos metodologías pragmáticas de seguridad para desacoplar la protección con las siguientes ventajas: no cambios en el protocolo BGP, cero dependencia en la información de terceros, ni de infraestructura de seguridad de terceros, y de beneficio propio. Del mismo modo, investigamos las vulnerabilidades actuales sobre LISP con énfasis en su plano de control y soporte de movilidad. Aprovechamos la separacçón de sus planos de control y de datos para proponer un proceso mejorado de registro de identificadores de ubicación y punto final, validando de forma segura sus respectivas autorizaciones. Esta propuesta mejora la movilidad de los usuarios finales con respecto a segurar un enrutamiento dinámico del tráfico a través de Internet. En paralelo, desde el punto de vista de usuarios finales y dispositivos investigamos nuevos paradigmas y arquitecturas con el objetivo de mejorar su protección de forma controlable y consolidada. Con este fin, proponemos un nuevo paradigma hacia una protección centrada en el usuario. Nuestra propuesta se centra en el desacoplamiento o ampliación de la protección de seguridad de los dispositivos finales hacia el borde de la red. La misma busca la homogeneización de la protección del usuario independientemente del dispositivo utilizado. Además, investigamos este paradigma en un escenario con movilidad. Validamos nuestra propuesta proporcionando resultados experimentales obtenidos de diferentes experimentos y pruebas de concepto implementados

Novel architectures and strategies for security offloading

Internet has become an indispensable and powerful tool in our modern society. Its ubiquitousness, pervasiveness and applicability have fostered paradigm changes around many aspects of our lives. This phenomena has positioned the network and its services as fundamental assets over which we rely and trust. However, Internet is far from being perfect. It has considerable security issues and vulnerabilities that jeopardize its main core functionalities with negative impact over its players. Furthermore, these vulnerabilities¿ complexities have been amplified along with the evolution of Internet user mobility. In general, Internet security includes both security for the correct network operation and security for the network users and endpoint devices. The former involves the challenges around the Internet core control and management vulnerabilities, while the latter encompasses security vulnerabilities over end users and endpoint devices. Similarly, Internet mobility poses major security challenges ranging from routing complications, connectivity disruptions and lack of global authentication and authorization. The purpose of this thesis is to present the design of novel architectures and strategies for improving Internet security in a non-disruptive manner. Our novel security proposals follow a protection offloading approach. The motives behind this paradigm target the further enhancement of the security protection while minimizing the intrusiveness and disturbance over the Internet routing protocols, its players and users. To accomplish such level of transparency, the envisioned solutions leverage on well-known technologies, namely, Software Defined Networks, Network Function Virtualization and Fog Computing. From the Internet core building blocks, we focus on the vulnerabilities of two key routing protocols that play a fundamental role in the present and the future of the Internet, i.e., the Border Gateway Protocol (BGP) and the Locator-Identifier Split Protocol (LISP). To this purpose, we first investigate current BGP vulnerabilities and countermeasures with emphasis in an unresolved security issue defined as Route Leaks. Therein, we discuss the reasons why different BGP security proposals have failed to be adopted, and the necessity to propose innovative solutions that minimize the impact over the already deployed routing solution. To this end, we propose pragmatic security methodologies to offload the protection with the following advantages: no changes to the BGP protocol, neither dependency on third party information nor on third party security infrastructure, and self-beneficial. Similarly, we research the current LISP vulnerabilities with emphasis on its control plane and mobility support. We leverage its by-design separation of control and data planes to propose an enhanced location-identifier registration process of end point identifiers. This proposal improves the mobility of end users with regards on securing a dynamic traffic steering over the Internet. On the other hand, from the end user and devices perspective we research new paradigms and architectures with the aim of enhancing their protection in a more controllable and consolidated manner. To this end, we propose a new paradigm which shifts the device-centric protection paradigm toward a user-centric protection. Our proposal focus on the decoupling or extending of the security protection from the end devices toward the network edge. It seeks the homogenization of the enforced protection per user independently of the device utilized. We further investigate this paradigm in a mobility user scenario. Similarly, we extend this proposed paradigm to the IoT realm and its intrinsic security challenges. Therein, we propose an alternative to protect both the things, and the services that leverage from them by consolidating the security at the network edge. We validate our proposal by providing experimental results from prof-of-concepts implementations.Internet se ha convertido en una poderosa e indispensable herramienta para nuestra sociedad moderna. Su omnipresencia y aplicabilidad han promovido grandes cambios en diferentes aspectos de nuestras vidas. Este fenómeno ha posicionado a la red y sus servicios como activos fundamentales sobre los que contamos y confiamos. Sin embargo, Internet está lejos de ser perfecto. Tiene considerables problemas de seguridad y vulnerabilidades que ponen en peligro sus principales funcionalidades. Además, las complejidades de estas vulnerabilidades se han ampliado junto con la evolución de la movilidad de usuarios de Internet y su limitado soporte. La seguridad de Internet incluye tanto la seguridad para el correcto funcionamiento de la red como la seguridad para los usuarios y sus dispositivos. El primero implica los desafíos relacionados con las vulnerabilidades de control y gestión de la infraestructura central de Internet, mientras que el segundo abarca las vulnerabilidades de seguridad sobre los usuarios finales y sus dispositivos. Del mismo modo, la movilidad en Internet plantea importantes desafíos de seguridad que van desde las complicaciones de enrutamiento, interrupciones de la conectividad y falta de autenticación y autorización globales. El propósito de esta tesis es presentar el diseño de nuevas arquitecturas y estrategias para mejorar la seguridad de Internet de una manera no perturbadora. Nuestras propuestas de seguridad siguen un enfoque de desacople de la protección. Los motivos detrás de este paradigma apuntan a la mejora adicional de la seguridad mientras que minimizan la intrusividad y la perturbación sobre los protocolos de enrutamiento de Internet, sus actores y usuarios. Para lograr este nivel de transparencia, las soluciones previstas aprovechan nuevas tecnologías, como redes definidas por software (SDN), virtualización de funciones de red (VNF) y computación en niebla. Desde la perspectiva central de Internet, nos centramos en las vulnerabilidades de dos protocolos de enrutamiento clave que desempeñan un papel fundamental en el presente y el futuro de Internet, el Protocolo de Puerta de Enlace Fronterizo (BGP) y el Protocolo de Separación Identificador/Localizador (LISP ). Para ello, primero investigamos las vulnerabilidades y medidas para contrarrestar un problema no resuelto en BGP definido como Route Leaks. Proponemos metodologías pragmáticas de seguridad para desacoplar la protección con las siguientes ventajas: no cambios en el protocolo BGP, cero dependencia en la información de terceros, ni de infraestructura de seguridad de terceros, y de beneficio propio. Del mismo modo, investigamos las vulnerabilidades actuales sobre LISP con énfasis en su plano de control y soporte de movilidad. Aprovechamos la separacçón de sus planos de control y de datos para proponer un proceso mejorado de registro de identificadores de ubicación y punto final, validando de forma segura sus respectivas autorizaciones. Esta propuesta mejora la movilidad de los usuarios finales con respecto a segurar un enrutamiento dinámico del tráfico a través de Internet. En paralelo, desde el punto de vista de usuarios finales y dispositivos investigamos nuevos paradigmas y arquitecturas con el objetivo de mejorar su protección de forma controlable y consolidada. Con este fin, proponemos un nuevo paradigma hacia una protección centrada en el usuario. Nuestra propuesta se centra en el desacoplamiento o ampliación de la protección de seguridad de los dispositivos finales hacia el borde de la red. La misma busca la homogeneización de la protección del usuario independientemente del dispositivo utilizado. Además, investigamos este paradigma en un escenario con movilidad. Validamos nuestra propuesta proporcionando resultados experimentales obtenidos de diferentes experimentos y pruebas de concepto implementados.Postprint (published version

Review of Respondents for Integrated Software Systems for Community Foundations

This is a full due diligence analysis of a number of integrated software and IT systems for community foundations. It was presented at the Council on Foundations 2005 Fall Conference for community foundations. The main finding was that there are no clear answers, and all of the platforms considered had strengths and all of them had weaknesses. However, the market has a lot of moving pieces and will continue to change over the next few years. A follow up study with an expanded list of participants is anticipated. The following systems were reviewed: BlackBaud, Kintera, MicroEdge FIMS, MicroEdge FoundationPower, and Stellar (NorthStar500 platform). The report was prepared by Barrington Partners, a premier venture capital and management consulting firm. It was commissioned by the Technology Steering Committee and co-sponsored by Community Foundations of America and the Council on Foundations

Management in engineering consultancies: with special reference to the Carl Bro Group and Peter Deer and Associates: executive summary

In my portfolio I have attempted, through projects and post module work in both a large and a small start up company, to examine consulting engineering firms as businesses. Firstly identifying the key issues then developing a framework of ideas that could be used by others. Because of the lack of literature directly related to the practice of consultipg engineering in construction I have looked outside that industry for references to guide me. In this summary I have attempted to consolidate the information gained. This would be useful as a starting point when assessing an existing businesses or as guidance for start-up firms