Towards Safer Information Sharing in the Cloud

Web interactions usually require the exchange of personal and confidential information for a variety of purposes, including enabling business transactions and the provisioning of services. A key issue affecting these interactions is the lack of trust and control on how data is going to be used and processed by the entities that receive it. In the traditional world, this problem is addressed by using contractual agreements, those are signed by the involved parties, and law enforcement. This could be done electronically as well but, in ad- dition to the trust issue, there is currently a major gap between the definition of legal contracts regulat- ing the sharing of data, and the software infrastructure required to support and enforce them. How to enable organisations to provide more automation in this pro- cess? How to ensure that legal contracts can be actually enforced by the underlying IT infrastructure? How to enable end-users to express their preferences and con- straints within these contracts? This article describes our R&D work to make progress towards addressing this gap via the usage of electronic Data Sharing Agree- ments (e-DSA). The aim is to share our vision, discuss the involved challenges and stimulate further research and development in this space. We specifically focus on a cloud scenario because it provides a rich set of?use cases involving interactions and information shar- ing among multiple stakeholders, including users and service providers.?

Speculative Requirements: Design Fiction and RE

Many innovative software products are conceived, developed and deployed without any conventional attempt to elicit stakeholder requirements. Rather, they are the result of the vision and intuition of a small number of creative individuals who perceive a market opportunity that has been facilitated by the emergence of a new technology. In this paper we consider how the conditions that enable new products' emergence might be better anticipated, making innovations a little less reliant on individual vision and a little more informed by stakeholder need. We contend that this is particularly important where just-over-the-horizon technology would have the potential for social impact, good or bad. Speculative design describes a basket of techniques that seek to explore this landscape. We focus particularly on one of these, design fiction, and describe a case study where it was used to explore how plausible new technologies might impact on dementia care

An interoperability framework for security policy languages

A thesis submitted to the University of Bedfordshire in partial fulfilment of the requirements for the degree of Doctor of PhilosophySecurity policies are widely used across the IT industry in order to secure environments. Firewalls, routers, enterprise application or even operating systems like Windows and Unix are all using security policies to some extent in order to secure certain components. In order to automate enforcement of security policies, security policy languages have been introduced. Security policy languages that are classified as computer software, like many other programming languages have been revolutionised during the last decade. A number of security policy languages have been introduced in the industry in order to tackle a specific business requirements. Not to mention each of these security policy languages themselves evolved and enhanced during the last few years. Having said that, a quick research on security policy languages shows that the industry suffers from the lack of a framework for security policy languages. Such a framework would facilitate the management of security policies from an abstract point. In order to achieve that specific goal, the framework utilises an abstract security policy language that is independent of existing security policy languages yet capable of expressing policies written in those languages. Usage of interoperability framework for security policy languages as described above comes with major benefits that are categorised into two levels: short and long-term benefits. In short-term, industry and in particular multi-dimensional organisations that make use of multiple domains for different purposes would lower their security related costs by managing their security policies that are stretched across their environment and often managed locally. In the long term, usage of abstract security policy language that is independent of any existing security policy languages, gradually paves the way for standardising security policy languages. A goal that seems unreachable at this moment of time. Taking the above facts into account, the aim of this research is to introduce and develop a novel framework for security policy languages. Using such a framework would allow multi-dimensional organisations to use an abstract policy language to orchestrate all security policies from a single point, which could then be propagated across their environment. In addition, using such a framework would help security administrators to learn and use only one single, common abstract language to describe and model their environment(s)

A policy-based security framework for ad-hoc networks

Imperial Users onl

GOVERNMENT AID PORTAL

In today’s world, contacting government officials seems a big task when it comes to reporting small concerns. There are many authorities and officials which makes it very difficult for ordinary people to figure out who they should contact to resolve their daily issues. To address this problem, I have developed an application which can act as intermediary between citizens and government authorities. This portal will enable locals to submit complaints regarding personal or general issues through a complaint form, which will then be routed to the appropriate government department. Once a complaint is filed, government teams are immediately alerted and can use the program to gain more insight into the issue. Furthermore, the app will notify the complainant about the status of their request, providing updates on whether the problem has been resolved. The app also includes a feature that allows users to provide detailed information about a problem by selecting a specific problem category, location, and uploading relevant photos. This will give government officials a better understanding of the issue and allow them to take immediate action. To build this portal, I leverage Amazon web service such as Amazon Lambda, Amazon S3, Amazon DynamoDB, Elastic Beanstalk, AWS Lambda, AWS Cognito, API Gateways, and Secret Manager. Furthermore, this application will contain all the mentioned features along with user-friendly interface to provide more convenient experience. The application will be available for use as a software and hence, the delivery model will be Software as a Service (SaaS). The users will use the services directly, and they will not require access to the infrastructure components or the platform on which the application will be built

Towards Interoperable Research Infrastructures for Environmental and Earth Sciences

This open access book summarises the latest developments on data management in the EU H2020 ENVRIplus project, which brought together more than 20 environmental and Earth science research infrastructures into a single community. It provides readers with a systematic overview of the common challenges faced by research infrastructures and how a ‘reference model guided’ engineering approach can be used to achieve greater interoperability among such infrastructures in the environmental and earth sciences. The 20 contributions in this book are structured in 5 parts on the design, development, deployment, operation and use of research infrastructures. Part one provides an overview of the state of the art of research infrastructure and relevant e-Infrastructure technologies, part two discusses the reference model guided engineering approach, the third part presents the software and tools developed for common data management challenges, the fourth part demonstrates the software via several use cases, and the last part discusses the sustainability and future directions

Proceedings of the Workshop on web applications and secure hardware (WASH 2013).

Web browsers are becoming the platform of choice for applications that need to work across a wide range of different devices, including mobile phones, tablets, PCs, TVs and in-car systems. However, for web applications which require a higher level of assurance, such as online banking, mobile payment, and media distribution (DRM), there are significant security and privacy challenges. A potential solution to some of these problems can be found in the use of secure hardware – such as TPMs, ARM TrustZone, virtualisation and secure elements – but these are rarely accessible to web applications or used by web browsers. The First Workshop on Web Applications and Secure Hardware (WASH'13) focused on how secure hardware could be used to enhance web applications and web browsers to provide functionality such as credential storage, attestation and secure execution. This included challenges in compatibility (supporting the same security features despite different user hardware) as well as multi-device scenarios where a device with hardware mechanisms can help provide assurance for systems without. Also of interest were proposals to enhance existing security mechanisms and protocols, security models where the browser is not trusted by the web application, and enhancements to the browser itself