7 research outputs found
Medical Cyber-Physical Systems Development: A Forensics-Driven Approach
The synthesis of technology and the medical industry has partly contributed
to the increasing interest in Medical Cyber-Physical Systems (MCPS). While
these systems provide benefits to patients and professionals, they also
introduce new attack vectors for malicious actors (e.g. financially-and/or
criminally-motivated actors). A successful breach involving a MCPS can impact
patient data and system availability. The complexity and operating requirements
of a MCPS complicates digital investigations. Coupling this information with
the potentially vast amounts of information that a MCPS produces and/or has
access to is generating discussions on, not only, how to compromise these
systems but, more importantly, how to investigate these systems. The paper
proposes the integration of forensics principles and concepts into the design
and development of a MCPS to strengthen an organization's investigative
posture. The framework sets the foundation for future research in the
refinement of specific solutions for MCPS investigations.Comment: This is the pre-print version of a paper presented at the 2nd
International Workshop on Security, Privacy, and Trustworthiness in Medical
Cyber-Physical Systems (MedSPT 2017
Modelling and Analysing Highly-Configurable Services
Since the emergence of XaaS and Cloud Computing paradigms, the
number and complexity of available services have been increasing
enormously. These services usually o er a plethora of con guration
options, which can even include additional services provided as
a bundled o er. In this scenario, usual tasks, such as description,
discovery and selection, become increasingly complex due to the
variability of the decision space. The notion of Highly-Con gurable
Service (HCS) has been coined to identify such group of services
that can be con gured and bundled together to perform demanding
computing tasks. In this paper we characterize HCSs by means of an
abstract model and a text-based, human-readable notation named
SYNOPSIS that facilitates the execution of various service tasks. In
particular, we validate the usefulness of our model when checking
the validity of HCSs descriptions in SYNOPSIS, as well as selecting
the optimal con guration with regards to user requirements and
preferences by providing a prototype implementation.Junta de AndalucĂa P12-TIC-1867Ministerio de EconomĂa y Competitividad TIN2015-70560-RScience Foundation Ireland Research. Centre grant 13/RC/2094ERC Advanced Grant no. 29165
Decision Making for Self-adaptation based on Partially Observable Satisfaction of Non-Functional Requirements
Approaches that support the decision-making of self-adaptive and autonomous systems (SAS) often consider an idealized situation where (i) the systemâs state is treated as fully observable by the monitoring infrastructure, and (ii) adaptation actions are assumed to have known, deterministic effects over the system. However, in practice, the systemâs state may not be fully observable, and the adaptation actions may produce unexpected effects due to uncertain factors. This article presents a novel probabilistic approach to quantify the uncertainty associated with the effects of adaptation actions on the state of a SAS. Supported by Bayesian inference and POMDPs (Partially-Observable Markov Decision Processes), these effects are translated into the satisfaction levels of the non-functional requirements (NFRs) to, therefore, drive the decision-making. The approach has been applied to two substantial case studies from the networking and Internet of Things (IoT) domains, using two different POMDP solvers. The results show that the approach delivers statistically significant improvements in supporting decision-making for SAS
A Meta-Model Driven Method for Establishing Business Process Compliance to GDPR
2016. aasta aprillis kiitis Euroopa Parlament ja NĂ”ukogu heaks ning vĂ”ttis vastu uue isikuandmete kaitse mÀÀruse - GDPRi (Isikuandmete kaitse ĂŒldmÀÀrus), mis jĂ”ustub 2018. aasta mai lĂ”pus Euroopa Liidus (EL). GDPRi eesmĂ€rgiks on lahendada ELi kodanike isikuandmete kaitse ja kasutamisega seotud pĂ€evakohaseid probleeme. Uue mÀÀruse kohaselt kĂ”ik organisatsioonid, mis kasutavad ELi kodanike isikuandmeid oma igapĂ€evases tegevuses, peavad oma infosĂŒsteeme ja Ă€riprotsesse ĂŒmber hindama, et need vastaksid uutele eeskirjadele ja piirangutele. Isikuandmete vÀÀrkasutus vĂ”ib ettevĂ”ttele olla vĂ€ga kulukas - kuni 20 miljonit eurot vĂ”i 4% aastasest kĂ€ibest trahvidena. Sellele vaatamata puudub tehniline juhis vĂ”i selge lĂ€henemisviis, mis aitaks hinnata infosĂŒsteemide Ă€riprotsesside vastavust GDPRi nĂ”uetele. KĂ€esolev töö kĂ€sitleb mainitud probleemi, uurides ĂŒldmÀÀruse Ă”igusakti teksti ja pakkudes vĂ€lja infosĂŒsteemide Ă€riprotsesside analĂŒĂŒsimise metoodikat, mis aitaks viia Ă€riprotsesse vastavusse GDPRi nĂ”uetele. Pakutud metoodika aitab kaardistada isikuandmete liikumist erinevate osapoolte vahel ja tuua vĂ€lja Ă€riprotsessi probleemsed kohad, mis aitab vĂ€hendada isikuandmete kuritarvitamist. Pakutud metoodikat saab kasutada ka automatiseeritud tööriista vĂ€ljatöötamiseks.In the April 2016, the European Parliament and Council approved the new personal data protection regulation - GDPR (General Data Protection Regulation), which will take effect at the end of the May 2018 in all Member States of European Union (EU). The GDPR is addressing common problems of the protection and the usage of the personal data of EU citizens. According to the new regulation, all organizations that use personal data of EU citizens in their day-to-day activities - have to re-evaluate their business processes and information systems to comply with the new rules and constraints. The punishment for misuse of personal data can be very costly to the company - up to 20 million euros or 4% of the annual global turnover in fines. Nevertheless, there is no technical guidance or clear approach that would help to evaluate business processes of an information system to comply with GDPR. This thesis will address mentioned issue by researching the GDPR legislation text and proposing an actual methodology for analysing business processes of information systems and aligning them with the GDPR. The proposed methodology will also help to map the flow of the personal data between different parties and highlight the problematic places in the business processes suggesting measures to reduce the misuse of personal data. This approach could be used as a reference point for developing the automated tool for analysing the processes of an information system to comply with GDPR
Accounting for crisis: the power of ambiguity in the management of humanitarian emergencies
A defining feature of humanitarian crises is their unpredictable nature,
making them interesting sites to analyse how accounting systems can facilitate
engagement with the unexpected. This thesis explores the question of how
evaluation systems can be designed and practiced to engage with the
complexities of humanitarian crisis settings, in which the potential for
disastrous errors is overwhelming. Informed by empirical research on the
management practices in a large-scale refugee camp, the study investigates
principles and tactics that allow humanitarian evaluation systems to make a
resource of the inevitable ambiguity and incompleteness that define their
contexts. In doing so, the thesis draws from and further develops the concept
of heterarchy, defined as âgovernance through differenceâ, and shows how it
provides promising insights for accounting research. To explain how
evaluation systems can become performable in the dynamic humanitarian
environments, the study theorizes four interlinked principles that emerge
from the empirical findings. These principles are: (1) in-built tensions between
evaluation dimensions; (2) open and participatory design; (3) relational value
and incompleteness; and (4) enacting minimalist control through a community
of practitioners. In doing so, the study makes three contributions. Firstly, the
study contributes to the accounting literature on the enabling role of
ambiguity by theorizing how evaluation systems can foster approaches and
techniques that embrace ambiguity as a resource to engage with complex
settings. Secondly, it further develops the notion of heterarchy by explicating
how heterarchical tensions can become productive without leading to chaos
and by theorizing additional principles that are necessary to sustain
heterarchies in an organized fashion. Thirdly, departing from the emerging
literature on humanitarian crises that primarily focuses on how accounting
systems can be used to normalize and control disaster settings, the thesis
advances understanding of how accounting technologies can serve as
anomalizing devices for the adaptive management of crises
Towards adaptive compliance
Mission critical software is often required to comply with
multiple regulations, standards or policies. Recent paradigms,
such as cloud computing, also require software to operate
in heterogeneous, highly distributed, and changing environments.
In these environments, compliance requirements can
vary at runtime and traditional compliance management
techniques, which are normally applied at design time, may
no longer be su cient. In this paper, we motivate the need
for adaptive compliance by illustrating possible compliance
concerns determined by runtime variability. We further motivate
our work by means of a cloud computing scenario,
and present two main contributions. First, we propose and
justify a process to support adaptive compliance that extends
the traditional compliance management lifecycle with
the activities of the Monitor-Analyse-Plan-Execute (MAPE)
loop, and enacts adaptation through re-con guration. Second,
we explore the literature on software compliance and
classify existing work in terms of the activities and concerns
of adaptive compliance. In this way, we determine how the
literature can support our proposal and what are the open
research challenges that need to be addressed in order to
fully support adaptive compliance