Towards a Semantic-Aware Collaborative Working Environment

Collaborative Working Environments (CWEs) enable an efficient collaboration between professionals, specially those settled in different locations of a company or stakeholders from different companies. This can be of great help for small and medium enterprises (SMEs), as an effective way to share information. However, it can be difficult for SMEs to have access to a fully integrated CWE providing different tools (e.g., videoconferencing, instant messaging, etc.). Currently, they may define a CWE as a combination of heterogeneous and non-integrated tools which are not able to share information between them. An integrated CWE would provide SMEs with the necessary means to collaborate, making information exchange easier.&nbsp

SocIoTal - The development and architecture of a social IoT framework

In this paper the development and architecture of the SocIoTal platform is presented. SocIoTal is a European FP7 project which aims to create a socially-aware citizen-centric Internet of Things infrastructure. The aim of the project is to put trust, user-control and transparency at the heart of the system in order to gain the confidence of everyday users and developers. By providing adequate tools and mechanisms that simplify complexity and lower the barriers of entry, it will encourage citizen participation in the Internet of Things. This adds a novel and rich dimension to the emerging IoT ecosystem, providing a wealth of opportunities for the creation of new services and applications. These services and applications will be able to address the needs of society therefore improving the quality of life in cities and communities. In addition to technological innovation, the SocIoTal project sought to innovate the way in which users and developers interact and shape the direction of the project. The project worked on new formats in obtaining data, information and knowledge. The first step consisted of gaining input, feedback and information on IoT as a reality in business. This led to a validated iterative methodology which formed part of the SocIoTal toolkit.This work was supported by the SocIoTal project under grant agreement No 609112

Effectiveness of an intervention for improving drug prescription in primary care patients with multimorbidity and polypharmacy:Study protocol of a cluster randomized clinical trial (Multi-PAP project)

This study was funded by the Fondo de Investigaciones Sanitarias ISCIII (Grant Numbers PI15/00276, PI15/00572, PI15/00996), REDISSEC (Project Numbers RD12/0001/0012, RD16/0001/0005), and the European Regional Development Fund ("A way to build Europe").Background: Multimorbidity is associated with negative effects both on people's health and on healthcare systems. A key problem linked to multimorbidity is polypharmacy, which in turn is associated with increased risk of partly preventable adverse effects, including mortality. The Ariadne principles describe a model of care based on a thorough assessment of diseases, treatments (and potential interactions), clinical status, context and preferences of patients with multimorbidity, with the aim of prioritizing and sharing realistic treatment goals that guide an individualized management. The aim of this study is to evaluate the effectiveness of a complex intervention that implements the Ariadne principles in a population of young-old patients with multimorbidity and polypharmacy. The intervention seeks to improve the appropriateness of prescribing in primary care (PC), as measured by the medication appropriateness index (MAI) score at 6 and 12months, as compared with usual care. Methods/Design: Design:pragmatic cluster randomized clinical trial. Unit of randomization: family physician (FP). Unit of analysis: patient. Scope: PC health centres in three autonomous communities: Aragon, Madrid, and Andalusia (Spain). Population: patients aged 65-74years with multimorbidity (≥3 chronic diseases) and polypharmacy (≥5 drugs prescribed in ≥3months). Sample size: n=400 (200 per study arm). Intervention: complex intervention based on the implementation of the Ariadne principles with two components: (1) FP training and (2) FP-patient interview. Outcomes: MAI score, health services use, quality of life (Euroqol 5D-5L), pharmacotherapy and adherence to treatment (Morisky-Green, Haynes-Sackett), and clinical and socio-demographic variables. Statistical analysis: primary outcome is the difference in MAI score between T0 and T1 and corresponding 95% confidence interval. Adjustment for confounding factors will be performed by multilevel analysis. All analyses will be carried out in accordance with the intention-to-treat principle. Discussion: It is essential to provide evidence concerning interventions on PC patients with polypharmacy and multimorbidity, conducted in the context of routine clinical practice, and involving young-old patients with significant potential for preventing negative health outcomes. Trial registration: Clinicaltrials.gov, NCT02866799Publisher PDFPeer reviewe

Authorization and trust management in distributed systems based on the semantic web = Gestión de la autorización y la confianza en sistemas distribuidos aplicando la web semántica

Motivación y Objetivos Cualquier sistema distribuido como Cloud Computing se enfrenta a diferentes retos de seguridad, como son la autenticación, autorización, privacidad o la gestión de la confianza. Sin embargo, se precisan sistemas de autorización y confianza avanzados y con altos niveles de expresividad que hayan sido diseñados expresamente para Cloud Computing. La gestión de la seguridad en sistemas distribuidos como Cloud Computing puede llevarse a cabo, mediante el uso de políticas y reglas de seguridad aplicadas sobre modelos de sistema y seguridad enriquecidos semánticamente. El enfoque de la Web Semántica permite realizar razonamiento deductivo y procesos de inferencia sobre los modelos, permitiendo deducir conclusiones de seguridad que a su vez pueden ser usadas para tomar decisiones de autorización y confianza. Además de la gestión de la autorización de los recursos de forma independiente por cada tenant, los clientes en el mismo cloud pueden necesitar colaborar entre ellos para satisfacer necesidades avanzadas de sus servicios, lo que requiere de modelos de autorización y confianza intra-cloud para gestionar tales colaboraciones. Los usuarios demandan interacciones entre diferentes clouds para realizar operaciones tales como migraciones de datos y servicios. Se necesitan nuevas soluciones para permitir a los proveedores de servicios de cloud (CSPs) que puedan interactuar de forma segura estableciendo federaciones de clouds, paradigma conocido como Intercloud. En este sentido, el análisis de la seguridad y la confianza que puede llegar a ofrecer un proveedor de servicios de cloud es un campo de investigación que despierta un elevado interés. Los clientes y CSPs podrían beneficiarse de un sistema de ayuda a la decisión relativo a seguridad y confianza en entornos Intercloud. Este sistema podría deducir información y tomar decisiones en consecuencia, tales como rechazar o evitar determinadas interacciones entre CSPs o servicios. El paradigma del Internet de las Cosas requiere de modelos adaptados para la gestión y cuantificación de la confianza con el fin de que dispositivos desconocidos a priori puedan interactuar entre ellos de forma segura y confiable. Los modelos de control de acceso en IoT deben ser más livianos para poder tratar las comunicaciones directas entre dispositivos (a veces con características hardware reducidas), y tener en cuenta los valores de confianza de los dispositivos antes de realizar las transacciones. Dados los retos de investigación relativos a gestión de la confianza y la autorización en sistemas distribuidos destacados anteriormente, los principales propósitos de la presente tesis doctoral pueden ser son los siguientes: • Analizar y diseñar un modelo de autorización, altamente expresivo, diseñado especialmente para Cloud Computing que se apoye en técnicas de la Web Semántica. • Analizar y diseñar las diferentes relaciones de confianza que puedan establecerse en Cloud Computing entre los diferentes tenants, incrementando de esta forma la seguridad del cloud. • Analizar el estado del arte relativo a seguridad y confianza en sistemas distribuidos, Cloud Computing y especialmente en Intercloud. • Analizar los requerimientos de seguridad en Cloud Computing definiendo en consecuencia una taxonomía y ontología completas para el Intercloud. • Diseñar, implementar y validar un sistema de ayuda a la decisión relativo a seguridad y confianza que se apoye en técnicas de la Web Semántica con el fin de mejorar la toma de decisiones, cuantificando expectativas de seguridad e índices de confianza sobre CSPs. • Diseñar, implementar y validar un modelo de confianza para el Internet de las Cosas (IoT), que pueda ser aplicado junto a un sistema de autorización que tenga en cuenta los índices de confianza calculados por el modelo. Metodología La presente tesis doctoral vio sus comienzos con un estudio del estado del arte que nos llevó a empezar a definir modelos semánticos de sistemas de información y de seguridad con el fin de realizar razonamiento sobre dichos modelos usando políticas enriquecidas semánticamente. Concretamente, descubrimos que había una carencia de modelos de autorización altamente expresivos haciendo uso de la Web Semántica que pudieran gestionar de forma adecuada la complejidad de sistemas distribuidos como Cloud Computing. Los modelos de autorización actuales para Cloud Computing, aunque eficientes, están condicionados debido a sus posibilidades de expresividad semántica y, como consecuencia, limitados en cuanto a capacidades de autorización. Después del estudio de aplicabilidad de las técnicas de la Web Semántica para autorización en Cloud Computing, propusimos un modelo de autorización (Capítulo 1), basado en la Web Semántica, por lo que permite realizar razonamiento e inferencia, otorgando un mecanismo muy potente para tomar decisiones de control de acceso. Los tenants deberían poder establecer alianzas y coaliciones federadas para sacar máximo partido de sus servicios. Este escenario ocasiona diferentes problemas y retos de seguridad como la gestión del control de acceso intra-cloud, ya que deberían disponer de medios para restringir y definir qué información estará disponible para con otros tenants que compartan la misma infraestructura cloud subyacente. Para llenar este vacío, realizamos un análisis y estudio de los tipos de colaboraciones, que consideramos más importantes, y que podrían llegar a ocurrir entre los tenants de un mismo cloud, que dio como resultado una taxonomía que define los diferentes tipos de relaciones de confianza entre tenants (Capítulo 2). Asimismo, además de las relaciones intra-cloud entre tenants, los clientes y proveedores de cloud están empezando a requerir escenarios incipientes de Intercloud, donde diferentes clouds interaccionan más allá de un único proveedor. Aunque existen algunos resultados de investigación para gestión de Intercloud, hay muy pocas propuestas relacionadas con la seguridad y los aspectos de confidencialidad en el Intercloud. Con el fin de llenar este vacío, realizamos un estudio riguroso del estado del arte en el Intercloud, analizando los aspectos de seguridad y confianza en este entorno distribuido y nos centramos en una ontología destinada a definir formalmente los aspectos de seguridad modelados en una evaluación de seguridad Intercloud (Capítulo 3). Por último, hemos querido abordar el control de acceso y gestión de la confianza no sólo en los sistemas distribuidos más centrados en plataforma como Cloud Computing, sino también en otros escenarios más descentralizados M2M. Hemos diseñado un mecanismo de seguridad, aprovechando un sistema de autorización IoT ya existente llamado DCapBAC, que mejora dicho sistema de autorización para que tenga en cuenta valores de confianza calculados por el modelo de confianza (Capítulo 4). Resultados Los primeros resultados derivados del análisis y diseño de un sistema de control de acceso para Cloud Computing se presentaron en ``International Conference on Security and Cryptography'' (SECRYPT), en el artículo ``Towards an Authorization System for Cloud Infrastructure Providers''. La propuesta se basa en la Web Semántica, que permite inferir nuevos conocimientos que permiten soportar diferentes características avanzadas de autorización, superando ciertas carencias de expresividad de modelos de autorización predecesores, como el RBAC, hRBAC, cRBAC y HO. Seguidamente realizamos una investigación minuciosa de los diferentes tipos de relaciones de confianza que pueden establecerse entre tenants en el cloud. El resultado quedó reflejado en el artículo ``Taxonomy of trust relationships in authorization domains for Cloud Computing'', que fue publicado en la revista The Journal of Supercomputing. El análisis realizado concluyó con la descripción formal de las diferentes relaciones de confianza en Cloud Computing, permitiendo la definición de diferentes acuerdos de colaboración en diferentes escenarios cloud. Los resultados de investigación sobre Intercloud se muestra en el artículo ``Intercloud Trust and Security Decision Support System: an Ontology-based approach'', publicado en la revista Journal of Grid Computing. En este trabajo analiza las diferentes áreas de seguridad, propiedades y métricas que pueden ser necesarias en la evaluación de la seguridad de un CSP. Estos conceptos se han modelado en la ontología SOFIC ofreciendo un alto grado de interoperabilidad en escenarios Intercloud, y que se puede tomar como punto de partida para cuantificar expectativas de seguridad y valores de confianza de servicios y CSPs. Por último, en relación con la gestión de la confianza en IoT, nuestros resultados de investigación han sido publicados en la revista Soft Computing, en un artículo con el título ``TACIoT: multidimensional trust-aware access control system for the Internet of Things''. El artículo proporciona un modelo de confianza para IoT y mejora el sistema de control de acceso DCapBAC para que pueda tener en cuenta los valores de confianza calculados por el modelo tomar decisiones de autorización en consecuencia. Motivation and Goals Cloud Computing, like any other kind of distributed system, has to face different challenges regarding security, such as authorization and trust management. However, there is a lack of advanced and high expressive authorization and trust models specially meant for this emerging parading. .Security management in distributed systems like Cloud Computing, can be carried out by means of applying security policies and rules over system and security models enriched semantically. The Semantic Web approach allows performing deductive reasoning and inference processes to come up with meaningful security conclusions. In addition to the management of access control for each tenant, cloud tenants within the same cloud may need to collaborate to meet client demands, which requires new authorization and trust relationships models to manage such intra-cloud collaborations. Customers’ demands to interactions across clouds to be able to migrate data and applications across different clouds in a reliable and secure way. This situation creates a need for new solutions that allow different Cloud Service Provider (CSP) to be interoperable with each other in a secure manner, coming up with federations of clouds, also known in the literature as Intercloud. In this sense, the analysis of the security and trust of a given CSP in order to establish reliable collaborations is an open research field that sparks a lot of interest. Additionally, in this regard, clients and CSPs could also take advantage of a trust and security decision support system for the Intercloud in order to make security decisions accordingly, based on the ontology, such as dismiss or avoid interactions with certain CSPs or services based on these deductions. The Internet of Things paradigm requires adapted trust quantification models in order to provide a reliable environment, thereby enabling unknown smart objects to interact each other in a trusted way. Access control models in IoT should be more lightweight to address the direct communication requirements of constrained devices, taking into account target devices' trust values prior any transaction. Due to the challenges of trust management and authorization in distributed environments highlighted above, the general objectives of this PhD Thesis, the concrete goals pursued within this thesis, are the following: • Analyse and design a novel and high expressive authorization model specially meant for Cloud Computing relying on Semantic Web technologies. • Analyse and design the trust relationships in Cloud Computing between cloud tenants in order to establish a reliable environment. • Analyse the state of the art of security and trust in distributed systems, Cloud Computing and the Intercloud. • Analyse the security requirements in Cloud Computing and define accordingly a full Intercloud security taxonomy and ontology. • Design, implement and validate a trust and security decision support system, relying on Semantic Web techniques, in order to assist in the Intercloud security decision making process, quantify security expectations and trustworthiness about CSPs. • Devise and implement an advanced trust model for Internet of Things to allow making authorization decisions based on this quantified trust values. Methodology This PhD Thesis started by performing a survey that allowed us to start defining system and security models and performing reasoning over them using semantic policy rules, coming up with a powerful mechanism to manage the security of distributed systems. Concretely, we discovered that there was a lack of a high expressive authorization model based on the Semantic Web, that would be able to handle the complexity of distribute systems like Cloud Computing. Current authorization models for distributed systems are efficient, but at the same limited by their poor semantics, and therefore, by their limited authorization features. After studying the applicability of Semantic Web techniques for authorization in Cloud Computing, we proposed an authorization model (Chapter 1) that is based on the Semantic Web, so that it enables performing inference reasoning to come up with meaningful security conclusions that can be used to make authorization decisions. Cloud tenants within the same cloud can collaborate each other to establish alliances and set up coalition agreements. Nonetheless, these agreements raise new security challenges, such as intra-cloud access control management. To bridge this gap, we performed an analysis and study of the different kind of collaborations that may occur among cloud tenants, coming up with a taxonomy defining different levels of trust relationships among customers of the cloud (Chapter 2). Furthermore, in addition to intra-cloud relationships among tenants, customers and CSPs are starting to require Intercloud scenarios where different clouds have to interact each other beyond one single cloud domain. Although there are some proposals to manage the Intercloud, there are still few approaches dealing with the associated new security and trust challenges in such a federated environment. In order to address this problem, we made a deep analysis of the state of the art in the Intercloud, analyzing the security and trust in this distributed environment. As a result we came up with an ontology aimed to formally describe the security aspects that are subject to be modelled in an Intercloud security assessment (Chapter 3). The ontology is based on security standards and it has been tailored extensible to cope with the security requirements of different Intercloud scenarios. Finally, we wanted to address the access control and trust management challenge not only in enterprise-centric distributed systems like Cloud Computing, but also in more decentralized ones. In this sense we designed a security mechanism to leverage an already existing IoT authorization system called DCapBAC, with our novel trust model that takes into account not only reputation, as it is commonly employed in traditional peer to peer (P2P) scenarios, but also some other advanced aspects to quantify trust (Chapter 4). Results The first results derived from the analysis and design of a semantic-aware access control system for Cloud Computing was presented in the International Conference on Security and Cryptography (SECRYPT), in a paper entitled ``Towards an Authorization System for Cloud Infrastructure Providers''. The proposal is based on Semantic Web technologies and allows inferring new knowledge and supporting different authorization features such as role based access control (RBAC), hierarchical RBAC (hRBAC), conditional RBAC (cRBAC) and hierarchical objects (HO). Next, we investigated further into the different kinds of trust relationships that can occur in Cloud Computing, and the outcome was reflected in the article entitled ``Taxonomy of trust relationships in authorization domains for Cloud Computing'', which was published in The Journal of Supercomputing. The accomplished analysis ended up with a formal description of the different trust relationships in Cloud Computing, enabling the definition of different collaboration agreements in different scenarios. The research carried out regarding trust and security in the Intercloud is shown in the paper ``Intercloud Trust and Security Decision Support System: an Ontology-based approach'', which published in the Journal of Grid Computing. In this work we have analyzed and identified the security areas, properties and metrics required when assessing the security of a CSP. These concepts have been modeled in the SOFIC ontology to support a high degree of interoperability in the Intercloud. Besides, the ontology can be taken as a starting point to quantify expectations and trust values of cloud services as well as supporting CSPs and tenants in the Intercloud security decision making process. Finally, regarding the trust model for the Internet of Things, our research results were published in the Soft Computing journal, in a paper entitled ``TACIoT: multidimensional trust-aware access control system for the Internet of Things''. The paper provides a trust model leveraging the DCapBAC access control system to take into account devices' trust values to make authorization decisions accordingly

A Trusted Approach for Decentralised and Privacy-Preserving Identity Management

©. This manuscript version is made available under the CC-BY 4.0 license http://creativecommons.org/licenses/by /4.0/ This document is the Published Manuscript version of a Published Work that appeared in final form in [IEEE Access]. To access the final edited and published work see[10.1109/ACCESS.2021.3099837]Identity Management (IdM) systems have traditionally relied on a centralized model prone to privacy, trust, and security problems, like potential massive data breaches or identity spoofing. Identity providers accumulate excessive power that might allow them to become a big brother, analyzing and storing as much data as possible. Users should be able to trust identity providers and manage their personal information straightforwardly without compromising their privacy. The European OLYMPUS project introduces a distributed approach for IdM based on enhanced Attribute-Based Credentials (ABC) that splits the role of Identity Provider to limit their influence and chances to become a unique point of failure. However, the trust relationship between service providers, users, and identity providers is still a gap in those kinds of privacy-preserving ABC systems. Decentralized technologies are an opportunity to break away from the centralized model and propose systems that respect privacy while increasing users’ trust. This paper presents an evolution of the OLYMPUS architecture, maintaining all the privacy features and incorporating distributed ledger technologies to enhance trust and security in online transactions and IdM systems. The proposed system has been implemented, tested, and validated, showing its performance and feasibility to manage user’s identity in a fully privacy-preserving, distributed and reliable way

Enforcing Behavioral Profiles through Software-Defined Networks in the Industrial Internet of Things

The fourth industrial revolution is being mainly driven by the integration of Internet of Things (IoT) technologies to support the development lifecycle of systems and products. Despite the well-known advantages for the industry, an increasingly pervasive industrial ecosystem could make such devices an attractive target for potential attackers. Recently, the Manufacturer Usage Description (MUD) standard enables manufacturers to specify the intended use of their devices, thereby restricting the attack surface of a certain system. In this direction, we propose a mechanism to manage securely the obtaining and enforcement of MUD policies through the use of a Software-Defined Network (SDN) architecture. We analyze the applicability and advantages of the use of MUD in industrial environments based on our proposed solution, and provide an exhaustive performance evaluation of the required processes