11 research outputs found

    Advances in Information Security and Privacy

    Get PDF
    With the recent pandemic emergency, many people are spending their days in smart working and have increased their use of digital resources for both work and entertainment. The result is that the amount of digital information handled online is dramatically increased, and we can observe a significant increase in the number of attacks, breaches, and hacks. This Special Issue aims to establish the state of the art in protecting information by mitigating information risks. This objective is reached by presenting both surveys on specific topics and original approaches and solutions to specific problems. In total, 16 papers have been published in this Special Issue

    Risk Management for the Future

    Get PDF
    A large part of academic literature, business literature as well as practices in real life are resting on the assumption that uncertainty and risk does not exist. We all know that this is not true, yet, a whole variety of methods, tools and practices are not attuned to the fact that the future is uncertain and that risks are all around us. However, despite risk management entering the agenda some decades ago, it has introduced risks on its own as illustrated by the financial crisis. Here is a book that goes beyond risk management as it is today and tries to discuss what needs to be improved further. The book also offers some cases

    Security Analysis of System Behaviour - From "Security by Design" to "Security at Runtime" -

    Get PDF
    The Internet today provides the environment for novel applications and processes which may evolve way beyond pre-planned scope and purpose. Security analysis is growing in complexity with the increase in functionality, connectivity, and dynamics of current electronic business processes. Technical processes within critical infrastructures also have to cope with these developments. To tackle the complexity of the security analysis, the application of models is becoming standard practice. However, model-based support for security analysis is not only needed in pre-operational phases but also during process execution, in order to provide situational security awareness at runtime. This cumulative thesis provides three major contributions to modelling methodology. Firstly, this thesis provides an approach for model-based analysis and verification of security and safety properties in order to support fault prevention and fault removal in system design or redesign. Furthermore, some construction principles for the design of well-behaved scalable systems are given. The second topic is the analysis of the exposition of vulnerabilities in the software components of networked systems to exploitation by internal or external threats. This kind of fault forecasting allows the security assessment of alternative system configurations and security policies. Validation and deployment of security policies that minimise the attack surface can now improve fault tolerance and mitigate the impact of successful attacks. Thirdly, the approach is extended to runtime applicability. An observing system monitors an event stream from the observed system with the aim to detect faults - deviations from the specified behaviour or security compliance violations - at runtime. Furthermore, knowledge about the expected behaviour given by an operational model is used to predict faults in the near future. Building on this, a holistic security management strategy is proposed. The architecture of the observing system is described and the applicability of model-based security analysis at runtime is demonstrated utilising processes from several industrial scenarios. The results of this cumulative thesis are provided by 19 selected peer-reviewed papers

    The Proceedings of the European Conference on Social Media ECSM 2014 University of Brighton

    Get PDF

    Trust in an Asynchronous World: Can We Build More Secure Infrastructure?

    Get PDF

    Modellierung ortsabhängiger Zugriffskontrolle für mobile Geschäftsprozesse

    Get PDF
    Der Einsatz mobiler Computer wie Smartphones für die Abarbeitung mobiler Geschäftsprozesse bringt neben großen Vorteilen auch spezifische Sicherheitsherausforderungen mit sich. Als ein Lösungsansatz hierfür wird "ortsabhängige Zugriffskontrolle" verfolgt. Die Grundidee dabei ist es, den aktuellen Aufenthaltsort des Nutzers für die Zugriffskontrollentscheidung auszuwerten. Zur Modellierung solcher Ortseinschränkungen wird eine auf UML-Aktivitätsdiagrammen aufbauende Notation eingeführt

    Privacy in location-based services

    Get PDF
    Während der letzten Jahre erfuhren mobile Geräte durch grössere Speicher, der Entwicklung schnellerer Prozessoren und höherer Übertragungsraten, um nur einige der wichtigsten Performanceparameter zu nennen, einen enormen Entwicklungsschub. Gleichzeitig sind die unterschiedlichen Positionierungssysteme mittlerweile ausgereift und klein genug, um in mobile Geräte verbaut werden zu können. Erst durch die Möglichkeit der Zusammenführung von solchen ausgereiften Positionierungs- mit existierenden Telekommunikationstechnologien kann die Basis für eine neue Generation kontextsensitiver Anwendungen und entsprechender Geschaeftsmodelle geschaffen werden. Abgesehen von den technischen Massnahmen die zum Schutz gegen Attacken, Verfaelschungen und Missbrauch sensitiver Daten eingesetzt werden, müssen diese auch allen rechtlichen Aspekten und Rahmenbedingungen von Telekommunikationssystemen entsprechen. In diesem Sinne muss das Ziel von Forschungen im Bereich neuer kontext-sensitiver Systeme und Anwendungen die mit Positionsdaten operieren der Schutz der Privatheit jedes einzelnen Nutzers sein. Diese Dissertation beginnt mit einer Diskussion über verschiedene Aspekte von Location-Based Systemen. Es werden weiters unterschiedliche Anforderungen aufgezeigt deren Erfüllung notwendig sind, um flexible Systeme anbieten zu können und die zudem den Schutz der Privatheit der Nutzer garantieren können. Der wohl wichtigste Beitrag dazu ist ein Mechanismus der auf dem Begriff des Pseudonyms basiert.Dieses Verfahren garantiert maximale Sicherheit und Schutz der Privatheit der Benutzer während der Nutzung von Diensten. Der zweite Beitrag der Dissertation ist eine Telekom Service Architektur die den erwähnten Pseudonym-basierten Mechanismus integriert. Durch Einbeziehen dedizierter Dienste von Telekommunikationsanbietern bildet diese Architektur die Basis für die Realisierung neuer Geschäftsmodelle und ermöglicht die Implementierung des pay-as-you-go Konzeptes. Dieses ermöglicht Kunden anonym mobile Dienste von Drittanbietern zu konsumieren, ähnlich dem anonymen Kauf von Gütern mit realem Geld. Schliesslich wird mit der Implementierung einer Service Platform sowohl die Funktionsweise des Pseudonym Mechanismus sowie die Interaktionen der in der System Architektur vorgesehenen Dienste und Komponenten die zur Realisierung von Location-Based Anwendungen benötigt werden demonstriert.During the last years the development of mobile devices has gained significant progress with respect to memory capabilities, advanced processing power and higher transfer rates to name only a few performance parameters. At the same time eclectic positioning and localization technologies are meanwhile mature enough to be integrated into mobile devices. Not until positioning, localization and telecommunication technologies can be combined, seamlessly the basis for the proliferation of a new generation of context-aware applications and business models can be build. In this respect, location and position information foster novel future context-awareapplications. But, if this information is in the wrong hands such applications may by the same token pose severe threat. Therefore, apart from technical means against attacks, forgery and misuse of sensitive user information the interaction of all these systems must comply with legal requirements that precisely prescribe all aspects of telecommunication systems. In this spirit, the main research ob jective addressed for the design of new context- aware and location-based systems must be the protection of the user’s privacy. This dissertation discusses first various aspects of location-based systems and out of it the various needs that have to be addressed to be able to provide flexible location-based services to mobile users by preserving privacy. The main contribution of this work is a mechanism that is based on the notion of pseudonyms. The use of this kind of pseudonyms provides maximum security and privacy for users during communication. The second contribution is a telecommunication service architecture that is tightly coupled with the pseudonym mechanism. It allows new business models to be applied by leveraging the use of some services of the telcos’ infrastructure. This service application further allows the implementation of the so called pay-as-you-go concept. This allows customers to anonymously consume mobile services that are offered by third party application providers similarly to buying physical goods with cash. Finally, we demonstrate the implementation of a service platform that allows us to illustrate the operation of the pseudonym mechanism and the interworking of the system architecture’s components that are tailored for the realization of location-based applications
    corecore