Anonymizing cybersecurity data in critical infrastructures: the CIPSEC approach

Cybersecurity logs are permanently generated by network devices to describe security incidents. With modern computing technology, such logs can be exploited to counter threats in real time or before they gain a foothold. To improve these capabilities, logs are usually shared with external entities. However, since cybersecurity logs might contain sensitive data, serious privacy concerns arise, even more when critical infrastructures (CI), handling strategic data, are involved. We propose a tool to protect privacy by anonymizing sensitive data included in cybersecurity logs. We implement anonymization mechanisms grouped through the definition of a privacy policy. We adapt said approach to the context of the EU project CIPSEC that builds a unified security framework to orchestrate security products, thus offering better protection to a group of CIs. Since this framework collects and processes security-related data from multiple devices of CIs, our work is devoted to protecting privacy by integrating our anonymization approach.Peer ReviewedPostprint (published version

A user-centric approach to service creation and delivery over next generation networks

Next Generation Networks (NGN) provide Telecommunications operators with the possibility to share their resources and infrastructure, facilitate the interoperability with other networks, and simplify and unify the management, operation and maintenance of service offerings, thus enabling the fast and cost-effective creation of new personal, broadband ubiquitous services. Unfortunately, service creation over NGN is far from the success of service creation in the Web, especially when it comes to Web 2.0. This paper presents a novel approach to service creation and delivery, with a platform that opens to non-technically skilled users the possibility to create, manage and share their own convergent (NGN-based and Web-based) services. To this end, the business approach to user-generated services is analyzed and the technological bases supporting the proposal are explained

Quantitative assessment and comparison of cloud service providers' privacy practices

The economic and technical advantages of cloud computing are widely recognized by the industry. However, the lack of knowledge on the privacy features offered by cloud service providers remains as one of the barriers for the adoption of cloud services. In this paper we describe a mechanism for the quantitative assessment of the privacy practices of different cloud service providers, so that cloud service clients can compare among them and choose the one that better fits their needs. Our contributions have been validated in three different scenarios

Análisis del Perfíl de los Tutores de Proyectos Fin de Carrera en Telecomunicaciones

El Proyecto Fin de Carrera es un trabajo que deben realizar los alumnos de todas las ingenierías previamente a la obtención del título de Ingeniero. Este trabajo prepara a los alumnos para afrontar la transición entre los conocimientos adquiridos durante los estudios de ingeniería y el ejercicio de la profesión. En este proceso de transición, desde la elección del tema de proyecto hasta su elaboración, el tutor juega un papel fundamental. El objetivo de este artículo es analizar las capacidades y carencias de los tutores de Proyecto Fin de Carrera en Ingeniería de Telecomunicación, desde el punto de vista de los alumnos. Para ello, se elaboró un cuestionario en línea que se puso a disposición de los alumnos de Proyecto Fin de Carrera de la Escuela Técnica Superior de Ingeniería de Telecomunicación de la Universidad Politécnica de Madrid. Los resultados muestran que, independientemente del Departamento o área de conocimiento en el que se desarrolle el Proyecto Fin de Carrera, los problemas más destacados por los alumnos están siempre relacionados con la planificación llevada a cabo por los tutores. Algunos de los resultados permiten proponer una serie de recomendaciones de cara a mejorar aspectos relacionados con las funciones del tutor de Proyectos Fin de Carrer

Next Generation Mashups: Cómo Crear mis Propios Servicios en un Mundo Convergente.

Mashups have become a mainstream of the Web. Recently, several mashup platforms have introduced the usercentric paradigm, thus allowing end-users to create, share and enjoy their own services. However, these platforms still lack the advanced features that the mobile Web is able to support, other than just browsing on the mobile telephone. Advanced location features and the possibility of communicating from anywhere at anytime will leverage new business models thus providing end-users with amazing new services. This paper introduces a platform that merges user-centricity and mobile Web services with a mashup environment, and describes its main features

Anonymizing cybersecurity data in critical infrastructures: the CIPSEC approach

Cybersecurity logs are permanently generated by network devices to describe security incidents. With modern computing technology, such logs can be exploited to counter threats in real time or before they gain a foothold. To improve these capabilities, logs are usually shared with external entities. However, since cybersecurity logs might contain sensitive data, serious privacy concerns arise, even more when critical infrastructures (CI), handling strategic data, are involved. We propose a tool to protect privacy by anonymizing sensitive data included in cybersecurity logs. We implement anonymization mechanisms grouped through the definition of a privacy policy. We adapt said approach to the context of the EU project CIPSEC that builds a unified security framework to orchestrate security products, thus offering better protection to a group of CIs. Since this framework collects and processes security-related data from multiple devices of CIs, our work is devoted to protecting privacy by integrating our anonymization approach.Peer Reviewe

Anonymizing cybersecurity data in critical infrastructures: the CIPSEC approach

Cybersecurity logs are permanently generated by network devices to describe security incidents. With modern computing technology, such logs can be exploited to counter threats in real time or before they gain a foothold. To improve these capabilities, logs are usually shared with external entities. However, since cybersecurity logs might contain sensitive data, serious privacy concerns arise, even more when critical infrastructures (CI), handling strategic data, are involved. We propose a tool to protect privacy by anonymizing sensitive data included in cybersecurity logs. We implement anonymization mechanisms grouped through the definition of a privacy policy. We adapt said approach to the context of the EU project CIPSEC that builds a unified security framework to orchestrate security products, thus offering better protection to a group of CIs. Since this framework collects and processes security-related data from multiple devices of CIs, our work is devoted to protecting privacy by integrating our anonymization approach.Peer Reviewe

Diderot: écrire la peinture. Poétique de la Lettre sur les sourds et les muets.

User privacy has become a hot topic within the identity management arena. However, the field still lacks comprehensive frameworks even though most identity management solutions include built-in privacy features. This study explores how best to set up a single control point for users to manage privacy policies for their personal information, which may be distributed (scattered) across a set of network-centric identity management systems. Our goal is a user-centric approach to privacy management. As the number of schemas and frameworks is very high, we chose to validate our findings with a prototype based on the Liberty Alliance architecture and protocols

Aula abierta

Resumen tomado de la publicaciónEl Proyecto Fin de Carrera es un trabajo que deben realizar los alumnos de todas las ingenierías previamente a la obtención del título de Ingeniero. Este trabajo prepara a los alumnos para afrontar la transición entre los conocimientos adquiridos durante los estudios de ingeniería y el ejercicio de la profesión. En este proceso de transición, desde la elección del tema de proyecto hasta su elaboración, el tutor juega un papel fundamental. El objetivo de este artículo es analizar las capacidades y carencias de los tutores de Proyecto Fin de Carrera en Ingeniería de Telecomunicación, desde el punto de vista de los alumnos. Para ello, se elaboró un cuestionario en línea que se puso a disposición de los alumnos de Proyecto Fin de Carrera de la Escuela Técnica Superior de Ingeniería de Telecomunicación de la Universidad Politécnica de Madrid. Los resultados muestran que, independientemente del Departamento o área de conocimiento en el que se desarrolle el Proyecto Fin de Carrera, los problemas más destacados por los alumnos están siempre relacionados con la planificación llevada a cabo por los tutores. Algunos de los resultados permiten proponer una serie de recomendaciones de cara a mejorar aspectos relacionados con las funciones del tutor de Proyectos Fin de Carrera.AsturiasUniversidad de Oviedo. Facultad de Formación del Profesorado y Educación; Calle Aniceto Sela, s. n.; 33005 Oviedo; Tel. +34985103215; Fax +34985103214; [email protected]