Creative Places for Collaborative Cities: Proposal for the ‘Progetto Habitat e Cultura’ in Milan

This paper presents a proposal for a pilot project in an old milk factory in Milan, which is part of an ongoing PhD research that aims to develop a solution to enhance the growth and development of creative places for a new urban everyday life. Places where groups of people collaboratively promote and manage a mix of creative initiatives in the fields of art and culture, economy and production, social services and urban regeneration. This places help to shape a different city. A Collaborative City, that is, a city with kernels of creativity, where people interact and enact creating a symbiosis of activities that promote sustainable lifestyles, an active citizenship, social inclusion, cultural diversity and new economic models. It is a city where hierarchies are transversal instead of vertical, i.e, where local authorities (urban leaders) create opportunities for mass participation, bottom-up creativity and collaborative services.FC

Defense against Insider Threat: a Framework for Gathering Goal-based Requirements

Insider threat is becoming comparable to outsider threat in frequency of security events. This is a worrying situation, since insider attacks have a high probability of success because insiders have authorized access and legitimate privileges. Despite their importance, insider threats are still not properly addressed by organizations. We contribute to reverse this situation by introducing a framework composed of a method for identification and assessment of insider threat risks and of two supporting deliverables for awareness of insider threat. The deliverables are: (i) attack strategies structured in four decomposition trees, and (ii) a matrix which correlates defense strategies, attack strategies and control principles. The method output consists of goal-based requirements for the defense against insiders

Analysis of the NIST database towards the composition of vulnerabilities in attack scenarios

The composition of vulnerabilities in attack scenarios has been traditionally performed based on detailed pre- and post-conditions. Although very precise, this approach is dependent on human analysis, is time consuming, and not at all scalable. We investigate the NIST National Vulnerability Database (NVD) with three goals: (i) understand the associations among vulnerability attributes related to impact, exploitability, privilege, type of vulnerability and clues derived from plaintext descriptions, (ii) validate our initial composition model which is based on required access and resulting effect, and (iii) investigate the maturity of XML database technology for performing statistical analyses like this directly on the XML data. In this report, we analyse 27,273 vulnerability entries (CVE 1) from the NVD. Using only nominal information, we are able to e.g. identify clusters in the class of vulnerabilities with no privilege which represent 52% of the entries

Value-driven Security Agreements in Extended Enterprises

Today organizations are highly interconnected in business networks called extended enterprises. This is mostly facilitated by outsourcing and by new economic models based on pay-as-you-go billing; all supported by IT-as-a-service. Although outsourcing has been around for some time, what is now new is the fact that organizations are increasingly outsourcing critical business processes, engaging on complex service bundles, and moving infrastructure and their management to the custody of third parties. Although this gives competitive advantage by reducing cost and increasing flexibility, it increases security risks by eroding security perimeters that used to separate insiders with security privileges from outsiders without security privileges. The classical security distinction between insiders and outsiders is supplemented with a third category of threat agents, namely external insiders, who are not subject to the internal control of an organization but yet have some access privileges to its resources that normal outsiders do not have. Protection against external insiders requires security agreements between organizations in an extended enterprise. Currently, there is no practical method that allows security officers to specify such requirements. In this paper we provide a method for modeling an extended enterprise architecture, identifying external insider roles, and for specifying security requirements that mitigate security threats posed by these roles. We illustrate our method with a realistic example

Towards alignment of architectural domains in security policy specifications

Large organizations need to align the security architecture across three different domains: access control, network layout and physical infrastructure. Security policy specification formalisms are usually dedicated to only one or two of these domains. Consequently, more than one policy has to be maintained, leading to alignment problems. Approaches from the area of model-driven security enable creating graphical models that span all three domains, but these models do not scale well in real-world scenarios with hundreds of applications and thousands of user roles. In this paper, we demonstrate the feasibility of aligning all three domains in a single enforceable security policy expressed in a Prolog-based formalism by using the Law Governed Interaction (LGI) framework. Our approach alleviates the limitations of policy formalisms that are domain-specific while helping to reach scalability by automatic enforcement provided by LGI

Estimating ToE Risk Level using CVSS

Security management is about calculated risk and requires continuous evaluation to ensure cost, time and resource effectiveness. Parts of which is to make future-oriented, cost-benefit investments in security. Security investments must adhere to healthy business principles where both security and financial aspects play an important role. Information on the current and potential risk level is essential to successfully trade-off security and financial aspects. Risk level is the combination of the frequency and impact of a potential unwanted event, often referred to as a security threat or misuse. The paper presents a risk level estimation model that derives risk level as a conditional probability over frequency and impact estimates. The frequency and impact estimates are derived from a set of attributes specified in the Common Vulnerability Scoring System (CVSS). The model works on the level of vulnerabilities (just as the CVSS) and is able to compose vulnerabilities into service levels. The service levels define the potential risk levels and are modelled as a Markov process, which are then used to predict the risk level at a particular time

Reshaping urban lives: design as social intervention towards community networks

This paper aims to show some cases of creative communities based on collaborative services as a way to promote sustainable development. This scenario (creative communities and their services) offers design a different approach and a new opportunity to develop and enhance a sustainable future. The transition from the industrial age to the age of knowledge brings about diverse changes in the way we live. The collapse of the Welfare state and the globalisation have created new problems and, thus, new needs (Beck, 1999; Giddens, 1999; McLaughlin and Davidson, 1990). The urgency in finding new solutions to the problems arisen by this new world is bolstering a phenomenon of rebirth of the idea of alternative or intentional communities (McLaughlin & Davidson, 1985), that can be defined as “user-driven communities of innovation” or “creative communities”. These communities have at their core the participation and the democratisation of innovation, meaning that innovation in products or services is no longer the remit of established organizations (Leadbeater , 2006). These changes give us an opportunity to reinforce these type of behaviours through the design discipline. The role of design and designers is changing. As users get involved with designers in the creation of products and services (Leadbeater , 2006), new territories for the discipline are opened. It is possible that from now on design will be a co-participatory activity in which users become part of the entire project, not only as references or recipients but as real resources that shape the all project. Throughout this paper we will envisage to highlight the potential of collaboration between design and creative communities as a way to create social cohesion, environmental sustainable development and reinforcement of local economies. In order to do so, a number of cases that are being developed in some European cities will be presented. The structural differences between them will be demonstrated. These differences arising mainly from the fact that some of them are top-down initiatives with the direct participation of design; and others are bottom-up, more spontaneous, un-designed ones. In this framework design should act as an interface between these two levels, for top-down initiatives are strategic whilst bottom-up ones are more tactical or operative. If Design has the capacity of being both strategic and tactical, this means that it can potentiate people’s and government’s visions, creating scenarios according to those same visions. Design is about culture and creativity, is about problem solving, and these projects are solving problems arisen from everyday activities that people have to carry out in this complex society. Ultimately we aim to show that design as a strategic and tactical element is, alongside other disciplines, a critical element in the promotion, implementation and dissemination of these cases and its best-practices. The contents of this paper are part of an on-going research at the Research Unit DIS – Design and Innovation for Sustainability - of the Politecnico di Milano.FC

Creative Places for Collaborative Cities

This paper will focus in the urban territory and its social, cultural and economic dynamics, and in particular in the different manifestations of creativity that can be found here, namely in spaces in which spontaneous and diffuse forms of social innovation and creativity are emerging: Creative Places. It is in this urban context that Creative Places thrive, working as incubators of change, sustainable behaviours, bottom-up creativity and a subculture of collaboration. In this framework, Creative Places shape a Collaborative City, which in turn fosters the appearance of Creative Places. The assumption of design as a strategic instrument to operate in complex systems involving complex networks of actors and able to decode, combine and make sense of multidisciplinar knowledge; and in so doing, able to decline it into a coherent projectual, flexible and open-ended language in order to promote the diffusion of sustainable social innovations and widen their reach and impact through designing for sustainability and for radical systemic innovation

A Mobile Ambients-based Approach for Network Attack Modelling and Simulation

Attack Graphs are an important support for assessment and subsequent improvement of network security. They reveal possible paths an attacker can take to break through security perimeters and traverse a network to reach valuable assets deep inside the network. Although scalability is no longer the main issue, Attack Graphs still have some problems that make them less useful in practice. First, Attack Graphs remain difficult to relate to the network topology. Second, Attack Graphs traditionally only consider the exploitation of vulnerable hosts. Third, Attack Graphs do not rely on automatic identification of potential attack targets. We address these gaps in our MsAMS (Multi-step Attack Modelling and Simulation) tool, based on Mobile Ambients. The tool not only allows the modelling of more static aspects of the network, such as the network topology, but also the dynamics of network attacks. In addition to Mobile Ambients, we use the PageRank algorithm to determine targets and hub scores produced by the HITS (Hypertext Induced Topic Search) algorithm to guide the simulation of an attacker searching for targets