Responsibility and non-repudiation in resource-constrained Internet of Things scenarios

The proliferation and popularity of smart autonomous systems necessitates the development of methods and models for ensuring the effective identification of their owners and controllers. The aim of this paper is to critically discuss the responsibility of Things and their impact on human affairs. This starts with an in-depth analysis of IoT Characteristics such as Autonomy, Ubiquity and Pervasiveness. We argue that Things governed by a controller should have an identifiable relationship between the two parties and that authentication and non-repudiation are essential characteristics in all IoT scenarios which require trustworthy communications. However, resources can be a problem, for instance, many Things are designed to perform in low-powered hardware. Hence, we also propose a protocol to demonstrate how we can achieve the authenticity of participating Things in a connectionless and resource-constrained environment

Secure data sharing and processing in heterogeneous clouds

The extensive cloud adoption among the European Public Sector Players empowered them to own and operate a range of cloud infrastructures. These deployments vary both in the size and capabilities, as well as in the range of employed technologies and processes. The public sector, however, lacks the necessary technology to enable effective, interoperable and secure integration of a multitude of its computing clouds and services. In this work we focus on the federation of private clouds and the approaches that enable secure data sharing and processing among the collaborating infrastructures and services of public entities. We investigate the aspects of access control, data and security policy languages, as well as cryptographic approaches that enable fine-grained security and data processing in semi-trusted environments. We identify the main challenges and frame the future work that serve as an enabler of interoperability among heterogeneous infrastructures and services. Our goal is to enable both security and legal conformance as well as to facilitate transparency, privacy and effectivity of private cloud federations for the public sector needs. © 2015 The Authors

The social web and archaeology's restructuring: impact, exploitation, disciplinary change

From blogs to crowdfunding, YouTube to LinkedIn, online photo-sharing sites to open-source community-based software projects, the social web has been a meaningful player in the development of archaeological practice for two decades now. Yet despite its myriad applications, it is still often appreciated as little more than a tool for communication, rather than a paradigm-shifting system that also shapes the questions we ask in our research, the nature and spread of our data, and the state of skill and expertise in the profession. We see this failure to critically engage with its dimensions as one of the most profound challenges confronting archaeology today. The social web is bound up in relations of power, control, freedom, labour and exploitation, with consequences that portend real instability for the cultural sector and for social welfare overall. Only a handful of archaeologists, however, are seriously debating these matters, which suggests the discipline is setting itself up to be swept away by our unreflective investment in the cognitive capitalist enterprise that marks much current web-based work. Here we review the state of play of the archaeological social web, and reflect on various conscientious activities aimed both at challenging practitioners’ current online interactions, and at otherwise situating the discipline as a more informed innovator with the social web’s possibilities

Design Challenges for GDPR RegTech

The Accountability Principle of the GDPR requires that an organisation can demonstrate compliance with the regulations. A survey of GDPR compliance software solutions shows significant gaps in their ability to demonstrate compliance. In contrast, RegTech has recently brought great success to financial compliance, resulting in reduced risk, cost saving and enhanced financial regulatory compliance. It is shown that many GDPR solutions lack interoperability features such as standard APIs, meta-data or reports and they are not supported by published methodologies or evidence to support their validity or even utility. A proof of concept prototype was explored using a regulator based self-assessment checklist to establish if RegTech best practice could improve the demonstration of GDPR compliance. The application of a RegTech approach provides opportunities for demonstrable and validated GDPR compliance, notwithstanding the risk reductions and cost savings that RegTech can deliver. This paper demonstrates a RegTech approach to GDPR compliance can facilitate an organisation meeting its accountability obligations

Definition and Validation of a Business IT Alignment Method for Enterprise Governance Improvement in the Context of Processes Based Organizations

These days, it is remarkable to note the growing of interest in professional responsibility. Specifically, the responsibility a person commits to when he or she performs a task. Based on a review of research currently performed in the field of policy (from corporate to technical ones), we observe that the perception of responsibility has often been limited to a combination of rights and obligations. In addition, we are seeing a re-emergence in business (for example, in the financial sector) of a belief that business ethics foundation can be improved and that a renewed focus in this area would help to prevent future breakdowns in the system. With regard to improving business/IT alignment and corporate ICT governance, it becomes increasingly important to define a commonly accepted personal responsibility model that embodies important and well-known concepts like accountability, capability and commitment. Moreover, because responsibility constitutes a fundamental notion of management theory, it is likewise identified as a meaningful bridge toward organizational artifacts. Exploiting process-based approach to define policy seems to offer new research opportunities since process-based organization becomes a continuous widely spread structure.ICT Governance, Responsibility model, Capability, Accountability, Commitment.

The nature of international law cyber norms

The special expanded issue of the NATO Cooperative Cyber Defence Centre of Excellence's Tallinn Papers examines the nature, formation and evolution of international legal norms governing cyber activities. The inquiry’s foundational premise is that the rules of international law governing cyber activities are identical to those applicable to other types of conduct. Any differences in their explication and application are the product of the unique nature of cyber activities, not a variation in the legal strictures that shape their content and usage. It conducts the examination by genre of legal norm: treaty, customary law and general principles

European union leadership in biofuels regulation: Europe as a normative power?

The rapid emergence of the European Union (EU) as a leader in global environmental politics has led many scholars to argue in favour of the EU being a ‘normative power’ in international relations. This paper critically examines the EU's biofuels policy and evaluates whether its attempts to lead by example and shape international practice in this field could support such arguments. Europe's biofuel policies are evaluated through a sustainable development lens, so as to determine the extent to which it has embraced a holistic approach to sustainability. While not dismissing that the identity of the EU is indeed an explanatory factor and that normative intentions may well be regarded as a motivating force, this study argues that an interest-based perspective on international environmental regulation offers a supplementary view of how an actor's preferences for an international regime are shaped. By erecting barriers aimed at shielding its own inefficient domestic biofuels production the EU is in essence placing trade competitiveness and economic growth above environmental protection, thus permitting sustainability concerns to be addressed only in part