Trust and Reputation for Critical Infrastructure Protection

Today’s critical infrastructures (CIs) depend on information and communication technologies (ICTs) to deliver their services with the required level of quality and availability. ICT security plays a major role in CI protection and risk prevention for single and also for interconnected CIs were cascading effects might occur because of the interdependencies that exist among different CIs. Among the problems inherent to the operation of Critical Infrastructures, it is possible to emphasise the existence of dependencies and interdependencies among infrastructures. For example, a telecommunications service is inherently dependent on the electricity supply or, for instance, banking services are dependent on both telecommunications and energy supply services. Many of the existing approaches to security in Critical Infrastructures are focused on obtaining risk levels through the use of models based on the infrastructure. Although these models allow a solid foundation for risk monitoring, they do not have mechanisms for exchange, management and assessment of its quality. This presentation addresses the problems related to trust, reputation and risk alerts management within Critical Infrastructures. Accordingly, it is described how to introduce mechanisms to manage and measure at each instant, the degree of confidence assigned to each of the alerts received or computed internally. Allowing improvement of their accuracy and consequently improving the resilience of Critical Infrastructures when faced with inaccurate or inconsistent risk alerts. The lecture’s main goals are to address the problems related to interdependent Critical Infrastructure security and to identify the main problems related to risk information sharing. In particular, how to allow information sharing in a secure manner, the management of that sharing and how to assess the reliability of such information. The European Project MICIE is presented in order to contextualise the presented work. The application of Policy Based Management mechanisms for the management of the risk alert information shared among Critical Infrastructures is described. In order to improve the information sharing management and the further interpretation of the risk alerts, it is described how to evaluate Trust and Reputation in order to assess the shared information and also to consider the behaviour of the entities involved. Selected application scenarios for the presented approaches will be discussed. In particular the integration of those approaches within the MICIE Project and also the integration of the trust and reputation indicators within the CI security Model

The impact of the general data protection regulation on the financial services’ industry of small European states

This paper is based on the unpublished Thesis by Magri, A. (2018). An Evaluation of the Impact of GDPR on the Local Financial Services Industry. Banking and Finance, Department of Banking and Finance, Faculty of Economics, Management and Accountancy, University of Malta, supervised by Dr. Simon GrimaPurpose: With this paper we evaluate the impact and implications of the European Union (EU) General Data Protection Regulation (GDPR) on the Financial Services Industry in small European States; specifically Malta, Slovenia, Luxembourg, Lithuania, Latvia, Estonia and Cyprus. That is, countries within the EU having less than 3 million population. Design/methodology/approach: We collected our primary data by carrying out scheduled semi-structured interviews (using WhatsApp®, Messenger® and Skype®) with 63 participants who are working directly or indirectly with GDPR in financial services between November 2018 and April 2019. The interview was structured using two impact themes, ‘Trust, Standardisation and Reputation’ and ‘Training and ‘Resources’, with 18 statements under each theme to which participants were required to answer using a 5-point Likert-scale ranging from “Strongly Disagree” to “Strongly Agree”. To answer the research questions, the empirical data collected was subjected to statistical analysis using SPSS (Version 21) namely descriptive statistics and box plots and later MANOVA, while the qualitative data was analysed using the thematic approach. Findings: We found that overall, participants feel that although GDPR has increased the work load and costs, it has helped to improve the trust, standardisation and reputation of the institutions they represent. However, this comes with some repercussions from the data subjects who are not conversant with the regulation and are apprehensive by the consents required. Originality/value: Although, all States might be represented in the decision process, the larger States usually take over and sometimes dictate the final decision. The concept of proportionality in regulations is not clean and is not effectively managed, at the disadvantage of the smaller States. Therefore, this paper is important since it voices the cries of smaller States and allows for an understanding of the impact and implications of new regulations to smaller jurisdictions, in this case within the EU.peer-reviewe

An authorization policy management framework for dynamic medical data sharing

In this paper, we propose a novel feature reduction approach to group words hierarchically into clusters which can then be used as new features for document classification. Initially, each word constitutes a cluster. We calculate the mutual confidence between any two different words. The pair of clusters containing the two words with the highest mutual confidence are combined into a new cluster. This process of merging is iterated until all the mutual confidences between the un-processed pair of words are smaller than a predefined threshold or only one cluster exists. In this way, a hierarchy of word clusters is obtained. The user can decide the clusters, from a certain level, to be used as new features for document classification. Experimental results have shown that our method can perform better than other methods.<br /

Generating citizen trust in e-government using a trust verification agent: A research note

Generating Citizen Trust in e-Government using a Trust Verification AgentThis is an eGISE network paper. It is motivated by a concern about the extent to which trust issues inhibit a citizen’s take-up of online public sector services or engagement with public decision and policy making. A citizen’s decision to use online systems is influenced by their willingness to trust the environment and agency involved. This project addresses one aspect of individual “trust” decisions by providing support for citizens trying to evaluate the implications of the security infrastructure provided by the agency. Based on studies of the way both groups (citizens and agencies) express their concerns and concepts in the security area, the project will develop a software tool – a trust verification agent (TVA) - that can take an agency’s security statements (or security audit) and infer how effectively this meets the security concerns of a particular citizen. This will enable citizens to state their concerns and obtain an evaluation of the agency’s provision in appropriate “citizen friendly” language. Further, by employing rule-based expert systems techniques the TVA will also be able to explain its evaluation.Engineering and Physical Sciences Research Council, UK (grant GR/T27020/01

Systematizing Decentralization and Privacy: Lessons from 15 Years of Research and Deployments

Decentralized systems are a subset of distributed systems where multiple authorities control different components and no authority is fully trusted by all. This implies that any component in a decentralized system is potentially adversarial. We revise fifteen years of research on decentralization and privacy, and provide an overview of key systems, as well as key insights for designers of future systems. We show that decentralized designs can enhance privacy, integrity, and availability but also require careful trade-offs in terms of system complexity, properties provided, and degree of decentralization. These trade-offs need to be understood and navigated by designers. We argue that a combination of insights from cryptography, distributed systems, and mechanism design, aligned with the development of adequate incentives, are necessary to build scalable and successful privacy-preserving decentralized systems

Generating citizen trust in e-government using a trust verification agent: A research note

Generating Citizen Trust in e-Government using a Trust Verification AgentThis is an eGISE network paper. It is motivated by a concern about the extent to which trust issues inhibit a citizen’s take-up of online public sector services or engagement with public decision and policy making. A citizen’s decision to use online systems is influenced by their willingness to trust the environment and agency involved. This project addresses one aspect of individual “trust” decisions by providing support for citizens trying to evaluate the implications of the security infrastructure provided by the agency. Based on studies of the way both groups (citizens and agencies) express their concerns and concepts in the security area, the project will develop a software tool – a trust verification agent (TVA) - that can take an agency’s security statements (or security audit) and infer how effectively this meets the security concerns of a particular citizen. This will enable citizens to state their concerns and obtain an evaluation of the agency’s provision in appropriate “citizen friendly” language. Further, by employing rule-based expert systems techniques the TVA will also be able to explain its evaluation.Engineering and Physical Sciences Research Council-UK (grant GR/T27020/01

Authentication and authorisation in entrusted unions

This paper reports on the status of a project whose aim is to implement and demonstrate in a real-life environment an integrated eAuthentication and eAuthorisation framework to enable trusted collaborations and delivery of services across different organisational/governmental jurisdictions. This aim will be achieved by designing a framework with assurance of claims, trust indicators, policy enforcement mechanisms and processing under encryption to address the security and confidentiality requirements of large distributed infrastructures. The framework supports collaborative secure distributed storage, secure data processing and management in both the cloud and offline scenarios and is intended to be deployed and tested in two pilot studies in two different domains, viz, Bio-security incident management and Ambient Assisted Living (eHealth). Interim results in terms of security requirements, privacy preserving authentication, and authorisation are reported

Ensuring Cyber-Security in Smart Railway Surveillance with SHIELD

Modern railways feature increasingly complex embedded computing systems for surveillance, that are moving towards fully wireless smart-sensors. Those systems are aimed at monitoring system status from a physical-security viewpoint, in order to detect intrusions and other environmental anomalies. However, the same systems used for physical-security surveillance are vulnerable to cyber-security threats, since they feature distributed hardware and software architectures often interconnected by ‘open networks’, like wireless channels and the Internet. In this paper, we show how the integrated approach to Security, Privacy and Dependability (SPD) in embedded systems provided by the SHIELD framework (developed within the EU funded pSHIELD and nSHIELD research projects) can be applied to railway surveillance systems in order to measure and improve their SPD level. SHIELD implements a layered architecture (node, network, middleware and overlay) and orchestrates SPD mechanisms based on ontology models, appropriate metrics and composability. The results of prototypical application to a real-world demonstrator show the effectiveness of SHIELD and justify its practical applicability in industrial settings