Trust Management For A Decentralized Service Exposure Marketplace: A Service Exposure Perspective

Enabling trust between entities to collaborate, without the necessity of a third-party mediator is a challenging problem. This problem is highlighted when the collaboration involves a complicated process, spans multiple systems, and encompasses a large number of entities. This is the case in a decentralized service exposure marketplace. In this work, we design and implement a \ac{PoC} suite of services to enable a blockchain to become the anchor of trust for a decentralized service exposure marketplace. We first formalize the necessary requirements to enable trust between a consortium of entities hosting the marketplace. We then follow with a threat model against the identified requirement, highlighting misbehaviour from the different entities. Finally, we propose a model, Trust Engine, which facilitates the trust management process and mitigates the identified threats. We showcase a proof-of-concept of our model, utilizing a combination of smart contracts (hyperledger fabric), blockchain, and service mesh technology (Istio). The Trust Engine successfully identifies the misbehaviour, documents it in the blockchain, and enforces polices to remediate the misbehaviour. Furthermore, we examined each component in our suggested system to identify the performance bottleneck. Lastly, we discuss the limitations of our suggested model with regards to other service mesh deployment models as well as potential future work and improvements

ANCHOR: logically-centralized security for Software-Defined Networks

While the centralization of SDN brought advantages such as a faster pace of innovation, it also disrupted some of the natural defenses of traditional architectures against different threats. The literature on SDN has mostly been concerned with the functional side, despite some specific works concerning non-functional properties like 'security' or 'dependability'. Though addressing the latter in an ad-hoc, piecemeal way, may work, it will most likely lead to efficiency and effectiveness problems. We claim that the enforcement of non-functional properties as a pillar of SDN robustness calls for a systemic approach. As a general concept, we propose ANCHOR, a subsystem architecture that promotes the logical centralization of non-functional properties. To show the effectiveness of the concept, we focus on 'security' in this paper: we identify the current security gaps in SDNs and we populate the architecture middleware with the appropriate security mechanisms, in a global and consistent manner. Essential security mechanisms provided by anchor include reliable entropy and resilient pseudo-random generators, and protocols for secure registration and association of SDN devices. We claim and justify in the paper that centralizing such mechanisms is key for their effectiveness, by allowing us to: define and enforce global policies for those properties; reduce the complexity of controllers and forwarding devices; ensure higher levels of robustness for critical services; foster interoperability of the non-functional property enforcement mechanisms; and promote the security and resilience of the architecture itself. We discuss design and implementation aspects, and we prove and evaluate our algorithms and mechanisms, including the formalisation of the main protocols and the verification of their core security properties using the Tamarin prover.Comment: 42 pages, 4 figures, 3 tables, 5 algorithms, 139 reference

Securing The Root: A Proposal For Distributing Signing Authority

Management of the Domain Name System (DNS) root zone file is a uniquely global policy problem. For the Internet to connect everyone, the root must be coordinated and compatible. While authority over the legacy root zone file has been contentious and divisive at times, everyone agrees that the Internet should be made more secure. A newly standardized protocol, DNS Security Extensions (DNSSEC), would make the Internet's infrastructure more secure. In order to fully implement DNSSEC, the procedures for managing the DNS root must be revised. Therein lies an opportunity. In revising the root zone management procedures, we can develop a new solution that diminishes the impact of the legacy monopoly held by the U.S. government and avoids another contentious debate over unilateral U.S. control. In this paper we describe the outlines of a new system for the management of a DNSSEC-enabled root. Our proposal distributes authority over securing the root, unlike another recently suggested method, while avoiding the risks and pitfalls of an intergovernmental power sharing scheme

JXTA security in basic peer operations

Open Access Documen

Does it work? evaluating a new pay system

This report focuses on the evaluation of the impact of new pay systems in large, unionised multi-site organisations by the organisations themselves. Evaluation of the effectiveness of a pay system, however, does not take place in a vacuum and relates to the aims and objectives of the pay system concerned. Moreover, evaluation is not an end in itself. It is, therefore, relevant to consider if any further steps were taken as a result of evaluation. Accordingly our research questions were: • What were the aims and objectives of organisations when introducing new pay arrangements? • What data did organisations collect and review to inform their evaluation? • What steps have organisations taken as a result of their evaluation? We re-appraised our data from 10 NHS trusts in England which had introduced some innovations in pay and grading in the 1990s. Additionally, we looked at seven multi-site unionised organisations outside the NHS in both the public and private sectors, which had recently made changes to their reward systems, carrying out interviews and inspecting documents. The main output is a template for the evaluation of Agenda for Change by NHS organisations

Expanding Economic Opportunity: Lessons From the East Baltimore Revitalization Initiative

This report reviews the economic inclusion efforts, achievements and challenges from the East Baltimore Revitalization Initiative. It examines the placement of local residents in construction jobs and the workforce pipeline that has trained and placed East Baltimore residents in jobs generated by the new development or elsewhere in the city, while also noting the complexity of creating project-related employment. It also reviews how East Baltimore Development, Inc. (EBDI) and its partners connected minority-owned businesses to the project and supported their growth. For context and comparison, this report cites examples of similar initiatives around the country. Finally, it offers various lessons learned over the course of the project to date. This report serves to inform and assist a range of people and institutions, including government leaders, businesses and nonprofits interested in economic inclusion