Effectsplus july event report

Information Technology SolutionsEFFECTSPLUS CONSORTIUMWaterford institute Of TechnologyATOSHewlett-Packard Limited (HPLB) Effectsplus 2nd Cluster EventSAP (AG)Universita Degli Studi Di Trento July 4th & 5th 2011R E P O R T A U TH O RFrances Cleary , Waterford InstituteOf technology (fcleary@tssg.org) VU University,REPORT CONTRIBUTORS AmsterdamNick Wainwright (HP) , Jim Clarke(WIT) , Keith Howker (WIT) , MicheleBezzi ( SAP) , Volkamr Lotz (SAP),Isabe)l Vinagre Torres ( ATOS) ,Pedro Soria Rodriguez( ATOS), NickPapanikolaou ( HP), Roland Reike ,Fabio Martinelli, workshop atten- Clusteringdees. 1

Information TechnologyEFFECTSPLUS CONSORTIUMWaterford institute Of Technology Table Of ContentsATOS Objectives of 2nd Cluster Meeting ………………… … … … … … … … … … … … 3. Networking & coordination Session ………………… … … … … … … … … … … … 5. Services and Clouds Cluster Report ………………… … … … … … … … … … … … 9. Systems and Networks Cluster Report ………………… … … … … … … … … … … … 11Hewlett-Packard Limited (HPLB) . Special Interest Groups: policy and Monitoring ………………… … … … … … … … 14. Trust and security Research Roadmap session ………………… … … … … … … … … 15. Innovation Potentials & gaps for FP7 Trust and security projects ………………… … 17. Effectsplus 2012 Wider collaboration event (CSPEF2012) ………………… … … … ..18.SAP (AG) Head Of Unit F5, Jesus Villasante closing speech ………………… … … … … … … …19 FIA Related Activities: trust and security ………………… … … … … … … … … … …20 Effectsplus future Events ………………… … … … … … … … … … … … … … … … .21Universita Degli Studi Di Trento Appendix A , Agenda………………… … … … … … … … … … … … … … … … … 22 Appendix B , registered Attendees………………… … … … … … … … … … … … … 23 Appendix C, cluster participants ………………… … … … … … … … … … … … … 24 Appendix D, cluster communication ………………… … … … … … … … … … … … 25 Appendix E, cloud & services workshop, Project abstracts ………………… … … … 26 Appendix F, systems & Networks workshop, Project abstracts ………………… … … 29 Clustering 2

Objectives of 2nd Cluster Meeting Frances Cleary , the Effectsplus coordinator, opened the 2nd Effectsplus Cluster event, at Vrijie university in Amsterdam on the 4th and 5th July 2011. The event co-located withF r a n c e s C l e a ry the SysSec workshop on the 6th July and the DIMVA 2011 conference.Effectsplus Coordinator For this trust and security collaboration meeting , 22 research projects , attended and par-Waterford Institute Of ticipated to this event . (Programme and Attendees can be viewed in Appendix A,B.C)Technology - TSSGMichele Bezzi (SAP) Mr Michele Bezzi, the Effectsplus cluster lead commented on the main objectives of the event . Two parallel workshops were plannedEffectsplus Cluster lead • Systems and Networks Cluster : Workshop on Models Addressing issues such as * Security Incident Models providing Qualitative and Quantitative * Models of Security and Privacy Requirements and Policies for FI * Enterprise Architecture Models for Security Analysis * Society Models for Social Impact Analysis * Models of Security and Privacy issues in Cyber-Physical Systems, Smart Grids and other Critical Infrastructures * Security by Design - Models on Resilience and Trust (e.g. use of trust anchors to provide a trusted backbone infrastructure) • Models on Security and Privacy issues in Cloud Computing • Services and Could Cluster : Workshop on Trust and Assurance Addressing questions such as How to…. * establish and maintain trust in dynamic composite services * define security validation technologies * provide flexible security certification schemes * perform security testing in heterogeneous service environments * automate security model checking * managing risk, security and trust metrics in secure service engineering * model-based security design & architecture Clustering * audit and monitor of distributed software systems. 3

Objectives of 2nd Cluster MeetingMr Bezzi commented that the main expected outputs coming from these workshops wereas follows1. Identify possible areas of collaboration among projects.2. Identify which concrete examples are publicly available and re-usable in related pro- jects3. Identify gaps between existing approaches and promising areas for future researchDetailed call text for each of the workshops can be found at the following linksSystems & Networks cluster Models workshop:http://www.effectsplus.eu/files/2011/06/Effectsplus-Systems-and-Networks-Models-Workshop-Agenda-Draft-v4.pdfServices and Cloud cluster trust and assurance workshop:http://www.effectsplus.eu/files/2011/06/Serv_Cloud_workshopx.pdf Clustering 4

Networking & Coordination Session Jim Clarke networking and coordination cluster presentation session: This session was opened by the cluster lead Mr Jim Clarke ( WIT-TSSG). Mr Clarke commented that the aim of this session was for CSA’s and NoEs in Unit F5 to avail of an opportunity to pro-Jim Clarke vide information on the activities they have underway in their individual projects and to provideN e t w o rk i n g & c o o r d i n a t i o n details on upcoming events and research roadmap agendas they have in progress, in order to make the wider research community aware of their endeavours. This session involved speakers from thecluster lead following projects BIC, TDL/Actor, NESSOS, SYSSEC.Waterford Institute OfTechnology - TSSG BIC: Building international cooperation for trustworthy ICT. Speaker : Jim Clarke Mr. Clarke presented the Coordination Action BiC project - Building International Cooperation for Trustworthy ICT: Security, Privacy and Trust in Global Networks & Services, which started on 1st January 2011. BIC will expand the co-operation models of EU researchers and programme management with their peers in new ICT high-growth countries, specifically Brazil, India and South Africa, who represent emergent world-impacting information economies through the scale and sophistication of their growing ICT sectors. In addition, the project will provide continuity and bring together a truly global collaboration with the participation of the already established connections from the INCO-TRUST project between the EU and the United States, Japan, Austra- lia, South Korea and Canada. Mr. Clarke presented the four core objectives of BIC: • Charting the landscape of Brazil, India and South Africa and their initial potential match to EU Trust, Security and Privacy themes; • Prioritisation of the EU influenced vision and research directions including alignment of work programmes; • Global alignment, consensus and outreach of the European visions and challenges across all targeted countries; • Definition of Tangible International Activities including transnational partnerships with EU partners. Mr. Clarke presented the accomplishments of the project to date: EU – Brazil Cooperation workshop (along with IWT 2011),Held 3rd May 2011; Rio De Janeiro (>60 attendees) Full report available at http://www.inatel.br/iwt/slide-show/bic-workshop In the process of putting together an International Advisory Group (IAG) from all involved countries • Organising EU – South Africa workshop 16th August 2011 (along with ISSA 2011 - http:// www.infosecsa.co.za/) • Organising EU – India workshop 28th November 2011 (along with eINDIA 2011 - http:// www.eindia.net.in/2011/) • Strong collaboration with the EU – India Spirit Coordination Action project – see http:// www.euroindia-ict.org/. Clustering 5

Networking & Coordination SessionPreparing for Annual Forum/IAG meeting in Q4 2011 • building topics of interest with countries • planning session being held 6th July 2011 within SysSec workshop. • See http://www.syssec-project.eu/events/1st-syssec-workshop-program/Other programme related activities • involvement in the Networking and coordinator cluster of the Effectplus project. • Involvement in Working groups of SysSec • Involvement in Advisory Group of NESSOS • Involvement in Trust and the Digital Life • Involvement in Future Internet AssemblyIn order to receive more information, Mr. Clarke gave the pointers of all the Work package lead-ers of BIC.WP1: James Clarke Jclarke@tssg.orgWP2: Neeraj Suri suri@cs.tu-darmstadt.deWP3: Michel Riguidel michel.riguidel@telecom-paristech.frWP4: Aljosa Pasic aljosa.pasic@atosresearch.eu or aljosa.pasic@atos.netWP1: Project ManagementWP2: Platform for International Collaboration and consensus buildingWP3: Input to the design of future research programmesWP4: Building the International Co-operation community.To view this presentation please see the following linkhttp://www.slideshare.net/fcleary/bic-effectplus-ws .SysSec: A European Network of Excellence in Managing Threats and Vulnerabili-ties in the Future InternetSpeaker: Evangelos MarketosMr Evangelos opened his session with “ what is the security challenges we face?” to mentionsome• Hackers disabling cars• Hackers get into power grids• Hackers get into fighter planesWhat are we doing about this? SysSec: 4-year NoE to consolidate Research in managingthreats for the Future Internet.SysSec proposes a game-changing approach to cybersecurity:Currently Researchers are mostly reactive: they usually track cyberattackers after an attack hasbeen launched thus, researchers are always one step behind attackers. SysSec aims to break thisvicious cycle. Researchers should become more proactive: and Anticipate attacks and vulner-abilities and Predict and prepare for future threats , working on defenses before attacks material-ize. ClusteringMr Marketos full presentation can be viewed http://www.slideshare.net/fcleary/syssec . 6

Networking & Coordination Session Contd..NESSOS: Network of Excellence on Engineering Secure Future InternetSoftware Services and SystemsSpeaker: Fabio MartinelliNESSoS aims at constituting a long lasting Virtual research centreon engineering secure software-based service and systems. Aiming at reducing the vulner-abilities in Future Internet Software-based Services (FISS) and Improving the design andoverall assurance level of FISS. NESSoS will Provide means for a risk/cost based SDLCfor FISS and will contribute to create an active research community by reducing the exist-ing fragmentation, and by re-addressing , integrating, harmonizing research agendas ofNESSoS partners as well as spanning out of the organizations involved towards widerscientific and technological communities.NESSoS is committed to achieve very significant advances in knowledge and spread theresearch excellence achieved as well as roadmapping activities NESSoS will contribute tothe growth of a generation of researchers and practitioners in the area by creating a com-mon body of knowledge (CBK) directly exploitable for training and education purposes.Mr Martinelli presentation included the following main agenda items1. Motivation and main goals2. Consortium expertise3. Integration strategy4. Structure of the NoE5. Integration Activities6. Research Activities7. Spread of Excellence Activities8. Management Activities9. Highlights10. Relationships with other communitiesMr Martinelli’s full presentation can be viewed http://www.slideshare.net/fcleary/nessosTDL– Actor: Trust in digital LifeSpeaker : Arthur LeijtensMr Leijtens started his presentation with an overview of the TDL ambitions and expecta-tions.• Self sustainable inspiring TRUST community providing directions and development of knowledge and collaborative projects & frameworks for trustworthy ICT solutions.• Innovative but realistic research agenda recognized by industry, knowledge institutes, the European commission, local governments and other independent authorities .• Create possibilities for public funding for collaborative R&D and deployment projects . Clustering• Create industrial, political and legal awareness for removing barriers through an extensive demonstrations and pilots program. 7

Networking & Coordination session Contd..Mr Leijtens then continued to detail the working of Trust in digital Life , with emphasis on Trust-worthy ICT solutions, highlighting their currently active working groups and activities, comment-ing on the 4 main working groups they have in existence.1. Use cases2. Technology and requirements3. Law and technology4. Business casesFurther information on these individual working groups can be viewed in the supporting TDLpresentation. Mr Leijtens concluded with details of the TDL community, TDL consortium anddetails on TDL membership.Mr Leijtens full presentation can be viewed http://www.slideshare.net/fcleary/tdl Clustering 8

Services and Clouds Cluster ReportServices and Cloudscluster Lead Report on the Effectsplus Cloud & Services ,Workshop on SOFTWARE ASSURANCE & TRUST.Fabio Martinelli (CNR) Motivation and goals The vision of the Future Internet heralds a new environment where multiple services are transparently and seamlessly mixed and exchange information, giving rise to new capabilities. This paradigm largely enriches our ability to create new applications and businesses. However, it raises formidable security challenges, which have to be solved to make this vision real. In particular, these systems need new forms of software assurance that goes beyond the current view, based on static and isolated systems, and fundamentally challenge us to rethink how to address questions such as, how to: • establish and maintain trust in dynamic composite services. • define security validation technologiesMichele Bezzi (SAP) • provide flexible security certification schemes • perform security testing in heterogeneous service environments • automate security model checking • audit and monitor distributed software systems. Various projects in the ICT Framework Programme are currently addressing some of these questions. The Effectsplus FP7 funded Coordination & Support Action, within the activity of Services and cloud cluster, organizes a workshop, which aims to provide a forum for discussing the different approached of projects in this area. At the end of the workshop, we expect to have a better understanding of • possible areas of collaboration among projects • gaps between existing approaches • promising areas for future research The agenda of the workshop was structured in two half days. In the first one on July 4th, the projects in the cluster presented several research approaches for assurance and trust (See project abstracts in Appendix E ); while the second half day on July 5th was devoted to discussion and syn- chronization with the other Effectsplus workshops that run in parallel. The annotated agenda of the presentation is the following: Aniketos: Supporting trustworthy and secure composition in service and cloud environments (Per Håkon Meland, David Llewellyn-Jones, Erkuden Rios Velasco), Security SLA, Ser- vice discovery using security properties, Trust Monitoring Assert4SOA: Advanced Security Service Certificate for SOA (Ernesto Damiani): Security Certificate, Assurance for service compositions, Security testing, Service discovery using security properties Posecco: Leveraging Security Models to Automate Audits and Improve their Level of Assur- ance (Serena Ponta), Support mechanisms for auditing, Compliance with security reqs through auditing MASSIF: Management of Security information and events in Service Infrastructures (Pedro Soria-Rodriguez), SIEM, Trusted collection and monitoring of security-related data NESSos: A General framework for security-aware analysis of services (Fabio Martinelli): Trust Metrics, Process Composition, Optimization UTrust-IT: Usable Trust in the Internet of Things, (Peter Wolkerstorfer), Trust & HCI, Per- sonas methodology, user-centricity Clustering 9

Services and Clouds Cluster ReportConclusionEventually, after the discussion phase the workshop participants were able to recap the differentapproaches for trust and assurance that could be further investigated together as audit, certifica-tion, SLA for security, user-centered security, trust monitoring techniques and usage policies, etc.There was an agreement to try to write a joint paper (e.g. for the FIA book) in those aspectsAmong the participants some follow-up with inter project meetings where identified as:• Security SLA: Nessos, Aniketos, Assert4SOA, Contrail (Here there is also the proposal for a specific W3C subcommittee on Security aspects for SLAs);• Auditing: Assert4SOA, PoSecco• User-studies: U-Trust-IT, Posecco, AniketosAmong the topics selected for further scrutiny, there was a suggestion to investigate for the nextEffectsplus meeting (Bristol, 2012) the following aspects:• Secure Service Compositions during service lifetimePresentations from this cluster group and workshop can be viewedhttp://www.effectsplus.eu/2nd-cluster-meeting-reports-and-presentations/ Clustering 10

Systems and Networks Cluster ReportS y s t e m s a n d N e t w o rk scluster Lead The vision of the Future Internet heralds a new environment where multiple services are transparently and seamlessly mixed and exchange information, giving rise to new capabilities. This paradigm largely enriches our ability to create new applications and businesses but also enables newRoland Rieke - Fraun- possibilities for threats and scales up the risks of financial and also physical impact.hofer SIT Various projects in the ICT Framework Programme are currently using Models of different kinds in order to assess upcoming security and privacy challenges and mitigation strategies w.r.t. their possible impact. The Effectsplus FP7 funded Coordination & Support Action, within the activity of Systems and Net- works cluster, organized a workshop, with the aim to provide a forum for discussing the di_erent approaches of projects in this area. The workshop was hold during the second Effectsplus clustering event in Amsterdam(Netherlands), at July 4th-5th 2011. The title of the workshop was Models (including meta-models, ontologies,..)". Workshop On Models Roland Rieke (member of the MASSIF project) was responsible for the collection of the contributions and the agenda of the workshop. Those projects, which had indicated their interest in this collaboration area at the first Systems and Networks cluster workshop, have been invited to contribute their activities w.r.t. the following sub- jects: • Security Incident Models providing Qualitative and Quantitative Security Measurements (base measures and derived measures to audit and monitor complex distributed systems in FI). • Models of Security and Privacy Requirements and Policies for FI. • Enterprise Architecture Models for Security Analysis. • Society Models for Social Impact Analysis. • Models of Security and Privacy issues in Cyber-Physical Systems, Smart. Grids and other Critical Infrastructures • Security by Design - Models on Resilience and Trust (e.g. use of trust anchors to provide a trusted backbone infrastructure) • Models on Security and Privacy issues in Cloud Computing The aim of the workshop was to identify possible areas of collaboration among projects w.r.t. concrete models which are publicly available and re-usable in related projects as well as to identify gaps between existing approaches and promising areas for future research. Clustering 11

Systems and Networks: Workshop on ModelsS y s t e m s a n d N e t w o rk s In order to provide the content for the following discussions, each participant ofcluster Lead the workshop presented a topic w.r.t. the modelling work done in the respective project. Unfortunately, the given time slots of 10-15 minutes per project did not allow for a complete presentation of a projects results, so only some selected interesting aspects could be shown. The following list gives an overview of the presentations at the workshop (supporting abstracts can be viewed in Appendix F): • Roland Rieke (MASSIF): Objectives of the Effectsplus Systems and Networks Cluster Workshop on Models • Igor Kotenko (MASSIF): Analytical attack modelling and security evaluation in MASSIF • Teodor Sommestad (VIKING): Enterprise Architecture Models for Security Analysis • Mats B-O Larsson (VIKING): Virtual City Simulator (ViCiSi) • Domenico Presenza (ASSERT4SOA): Ontologys in ASSERT4SOA • Federica Paci (NESSoS, SecureChange): Managing Security and Changes throughout the whole System Engineering Process • Antonio Lioy (PoSecCo): PoSecCo models • Steffen Peter (WSAN4CIP, TAMPRES): Assessment models to Improve the Usability of Security in Wireless Sensor Networks • James Davey (VIS-SENSE): Multi-Dimensional Clustering for the Purposes of Root-Cause Analysis • Mark McLaughlin (ENDORSE): Introducing the ENDORSE Privacy Rules Definition Language • Roberto Baldoni (CoMiFin): Collaborative Security for Protection of Financial Critical Infrastructures: The Semantic Room abstraction model It was decided to contribute to the following Effectsplus supported Systems and Networks cluster activities: • Classification (overview) of areas covered by the presented models (inter- actively edit a table on Effectsplus web-site) • Joint paper (e.g. FIA book), or workshop: European perspective (survey) of models on security, privacy, trust • Followup Systems and Networks cluster meeting on specific aspects of multilateral project cooperations (Feb. 2012, HP-labs, Bristol) • Participation in Cyber-Security and Privacy EU Forum CSPEF 2012 (Berlin 24.-25.4.) with Demonstrations and Tutorials The main result of this workshop however was the elicitation of common interests between the projects and the initiation of concrete plans for multilateral collaborations as shown in Table 1. Clustering 12

Systems and networks: Workshop on ModelsS y s t e m s a n d N e t w o rk scluster Lead Table 1: Multilateral collaborations within Effectsplus “Systems and Networks cluster” Jesus Villasante the head of the Trust and Security Unit in the EU Directorate General Information Society and Media (DG Infso) participated in the meeting. He confirmed that his unit will fully support these clustering activities. Presentations from this cluster group and workshop can be viewed http://www.effectsplus.eu/2nd-cluster-meeting-reports-and-presentations/ Clustering 13

Special Interest Groups : Policy and MonitoringSpecial Interest Groups During the effectsplus clustering event , two special interest groups were proposed to be formed,Nick Papanikolaou (HP) based on topics and level of interest shown , by project participants. The aim of these special interest groups is to continue collaboration and work on identified topics coming from the cluster groups with a view to successfully participating and proposing collaborations, joint papers and events. The following details the initial focus of the two special interest groups and the main contacts for each. Effectsplus Special Interest Group on Policies - led by Nick Papanikolaou (nick.papanikolaou@hp.com ) Projects in this group so far: ANIKETOS, ENDORSE, POSECCO, MASSIF, COMIFIN,TAS3,SecureChains Topics on which projects can collaborate: • Theoretical topics • Languages, formalisms • Validation, verification • Interoperability • Frameworks • Policy refinement • Conflict resolution • Applications/Practical aspects • Decision support • Automatic Run-time Configuration of Policies for mitigation of attacks • Privacy Policies Effectsplus Special Interest Group on Monitoring - led By Roberto BaldoniRoberto Baldoni (baldoni@dis.uniroma1.it) Projects in this group so far: VIS-SENSE, MASSIF, COMIFIN, SYSSEC, WSAN4CIP, ANIKETOS,DEMONS,TWISNET Topics on which projects can collaborate: • Event-based architecture • Pattern detection • Performance • Privacy-preserving computation • Applications - event-based platforms, intrusion detection For more information on these Special interest groups, please contact the group leaders above. Clustering 14

Trust and Security Research Roadmap Session. A follow up roadmapping session took place on the 5th July . Here Mr Papanikolaou presented the key themes identified in the first draft of the Trust and Security Research Roadmap, namely, theNick Wainwright (HP) report titled "Trust and Security in the Future Internet: Setting the Context", which was createdHewlett Packard Ltd after the 1st Technical Cluster Meeting (29-30 March 2011). The report identified challenges and potential solutions, societal shifts and changes of relevance, and a vision for the future of the field. The content of the report was produced after processing discussion points and project contributions made at EFFECTSPLUS meetings. Some key discussion points included the following: • Changes for end-users: users attitudes are changing constantly; users physical and digital lives are connecting seamlessly; users are controlling and regularly using more devices; users are demanding the ability to personalise products and services. • Vision for end-users: users will have more privacy online; users will have a better understanding of security and privacy risks. • Challenges for end-users: enabling users to better understand and control security; handling digital identities; dealing with privacy issues. • Some solutions for end-users: development of universally acceptable digital identifiers; education of citizens. We are planning to circulate improved versions of the report "Trust and Security in the Future Internet: Setting the Context" and use it as the basis for the Trust and Security Research Roadmap. A summary of the report will be produced in time for the forthcoming Future Internet Assembly in Poznan. At FIA Poznan there will be a session dedicated to the FIA Research Roadmap and we will draw attention to the trust and security aspects, soliciting additional comments and input to be provided in electronic form by participants after the conference. Presentation slides from this session can be viewed http://www.effectsplus.eu/2nd-cluster-meeting-reports-and-presentations/ . Clustering 15

Trust and Security Roadmapping Session (Effectsplus Clustering Meetings, Brussels, 4-5 July 2011) Summary of Remarks Made by Jesús Villasante (EC)Jesus VillasanteEuropean CommissionHead of Trust & securityUnit F5 Jesús Villasante actively participated in the roadmapping presentation session and commented on the overall importance of the roadmapping activity. The roadmap should contain content that is compelling and novel, in particular, going further than most existing prior roadmaps. Al- though we will necessarily include some technical content and commentary, there is a need to balance technical material with a discussion of higher level issues and how research in the trust and security space can be aligned with the Commission’s strategic objectives. Other remarks made by Mr Villasante which are relevant to the roadmapping activity include the following. There are numerous forward-looking policy documents already in circulation, including cybersecurity strategy papers from many geographical areas, which address the same areas we are currently addressing in the Trust and Security Research Roadmap; by comparison, our roadmap needs to cover these areas in more technical detail. For instance, while ‘privacy by design’ is a notion frequently mentioned in other roadmaps, we should explain it carefully and give an indication of how it can be implemented in practical terms. Jesús Villasante stressed it is explanations that are useful to policymakers, who need to understand not only the ‘what’, but the ‘why’ and ‘how’ of key technologies. We should not underestimate the level of understanding of the policy makers in the more technological topics. In September 2011, roadmaps will be delivered from various projects (including Effectsplus, NESSOS, TDL, and others). The September 2011 deadline is crucial, as it ensures that the documents will be available in time for debates around future funding programmes, and, in particular, in time to shape Framework Programme 8. In closing, Mr Villasante reiterated that this roadmap should go further and deeper than similar efforts so far, he suggested that future roadmapping discussions should attempt to produce a coherent vision of the future, especially for the next 10-20 years. Clustering 16

Innovation Potentials and gaps for FP7 Trust and Security Projects Speaker : Bruno Crispo ( University Trento)Bruno Crispo (UNITN) Mr Crispo commenced his presentation with an overview of the target of the Analysis. Here the focus was mainly on Call 1 research projects that have been completed and finalised to analyse and identify actual outcomes and impacts from the research activities that can possibly link to the digital agenda or have potential for follow up activities in the next call or within the market place. Mr Crispo described the methodology used to complete such an analysis this involved, examina- tion of publishable summaries, interviews with project coordinators, analysis of deliverables identified by project/technical coordinators and a top down analysis of the digital agenda. The presentation then continued with an overview of the preliminary findings coming from the analysis to date covering Direct V’s indirect target Industries, Direct Industries, Indirect target Industry ,Innovation Issues, potential contribution to digital agenda, Gaps bridging measures. For more details on these topics, please refer to the accompanying slideset. Mr Crispo closed his presentation session with a summary of the analysis work in progress • Research Results potential for EU-wide policy area Extracted 2-3 results from each project still need systematization • Bottom-up analysis of Digital Agenda by project coordinators Partial feedback to be systematized • Review by interested parties If you would like to contribute Mail to comper@disi.unitn.it Supporting slideset for this presentation can be viewed http://www.effectsplus.eu/files/2011/08/Innovation-Potentials_Gaps_FP7.pdf Clustering 17

Effectsplus 2012 Wider Collaboration event Cyber-Security and Privacy EU Forum—CSPEF 2012Effectsplus on behalf of Unit F5 Trust and Security , is organising a wider collaboration/trust andSecurity Forum event in 2012. (cyber-Security and Privacy EU Forum—CSPEF 2012) . This isplanned to take place in Berlin on 24th and 25th April 2012. the target audience of this event willbe industry/ academia/agencies/ external trust and security initiatives.This event will have two main objectivesObjective 1 : Impact and alignmentObjective 2 : Efficiency and Effectiveness (working well as a community)Day 1 will focus on – objective 1 : The impact of trust and security technology in the real world –the links between R&D results and policy, societal challenges… It is planned to incorporate thefollowing aspects during day 1 of the event programme. • Selected keynote speakers • Panel discussions ( mix of industry/academic experts) • Tutorial workshops • Security research demonstrators (showcase concrete results of as many successful projects )Day 2 will focus on - Clustering, structuring of research efforts for better results and for facilitat-ing innovation. Focusing on• Cross –topical workshops• Research project specific workshopsPlanning is underway with a dedicated organising committee, in the coming months a call forcontributions will be available and will be widely disseminated to all the main key players in thesecurity space. More information will be disseminated to the Effectsplus email lists and also to theuploaded to the Effectsplus website, once available, stating upcoming Calls and submission dead-lines.Supporting slideset can be viewedhttp://www.effectsplus.eu/files/2011/08/CSPEF-2012_planning.pdf Clustering 18

Head Of Unit F5 Jesus Villasante: Closing Speech During the Effectsplus wrap up session on July 5th 2011, Mr Jesús Villasante, closed the Effects-Jesus Villasante plus cluster event with the following main comments.European CommissionHead of Trust & security Mr Villasante was impressed by the practical approach that Effectsplus has taken with its clustering activities. He commented that there is a very friendly atmosphere amongst the attendees andUnit F5 fruitful participation during the event cluster working group sessions. Mr Villasante had the following four main points to address in his closing comments. Collaboration: He stated that currently collaboration is progressing very well, with clear identification of common topics and interests amongst the participating research projects and attendees, and he would encourage such positive interactions to continue and expand as necessary in the future. Impact – Mr Villasante commented that we need to identify the outcomes of the call 1 projects following their completion and have to work to show how their valuable research and outcomes van be made more visible . It is not always easy to show clear outcomes following the finalisation of a project. Sometimes they are instruments to enable further follow on research avenues. But we need to continue to work to improve the outcome and impact from our research activities, this is an important aspect that we need to focus on in the future . Visibility - Effectsplus planned “Cyber-Security and Privacy EU Forum CSPEF 2012” conference in April 2012 is an excellent opportunity. Mr Villasante commented that everyones needs to actively think about how it can be a success for your project and your customers, ensuring that the right people from the right areas will be in attendance. This conference will be a milestone for all security research projects, and something that we can build upon in future years to come. The EC will fully support Effectsplus for this event. The CSPEF 2012 event will be timely as discussions on FP8 will be coming to an end at that time for H2020 and it will be an occasion around this date in 2012 to contact the national delegates to reinforce the message that trust and security is a key issue and we need to put more emphasis on it. For the future – Regarding the future, Mr Villasante remarked on Call 8 . In Call 8 – 80M euros will be invested from the European Commission. It is a key opportunity to redirect what we are going to do in the next 5 years. It is important to structure proposals to highlight main areas to explore. If potential proposes can have discussions prior to the call that would reduce the fragmentation of the proposals, and that would be deemed to be very useful. Activities Effectsplus are doing here is instrumental here in doing this. We should have a structure around this activity. Mr Villasante concluded, with his continued support towards the Effectsplus collaboration activities, encouraging projects to continue and increase their level of activity here. To wrap up the session Mr Villasante openly asked participants What other support they require from EC Unit F5? Can we (EC) do more? He welcomed suggestions and feedback . Clustering 19

FIA related activities : Trust and security FIA Book : Planning for the next FIA Book has commenced with the organising committee. Youcan expect call for contributions in the coming months. FIA newsletter If any trust and security research projects have 1. News items 2. Dissemination of upcoming events 3. Reports for Dissemination Please consider writing a short paragraph and submitting to the FIA newsletter. Next FIA newsletter is planned for September 2011, calls for submission end of August. Cluster event wrap up slide set can be viewed http://www.effectsplus.eu/files/2011/08/next-meeting-_wrap-up.pdf Contact : fcleary@tssg.org and we will include such items for dissemination. Clustering 20

Effectsplus Future Events• Effectsplus Next clustering Event will take place at HP, premises in Bristol, UK in February 2012. Further details will be available on the Effectsplus website in the coming months.• Cyber-Security and Privacy EU Forum—CSPEF 2012 , will take place in Berlin, 24th & 25th April 2012, more details will be available in the coming month on the Effectsplus website www.effectsplus.eu F o r m o r e i n f o rm a t i o n Please see Effectsplus Website http://www.effectsplus.eu/ For further details please contact Effectsplus coordinator Frances Cleary Waterford institute Of technology—TSSG (fcleary@tssg.org) Clustering 21

APPENDIX A Agenda Monday , July 4th , 2011 Tuesday, July 5th , 2011 Clustering 22

Appendix B: Registered AttendeesAttendee Project/ OtherNameCleary, Frances effectsplus coordinatorJefferies, Nigel Effects+Damiani, Ernesto UNIMIMcLaughlin, Mark ENDORSEKotenko, Igor MassifVinagre, Isabel EffectsplusHowker, Keith EffectsplusRieke, Roland MASSIFSoria-Rodriguez, Pedro MASSIFLarsson, Mats B-O VIKINGPapanikolaou, Nick EffectsplusPresenza, Domenico ASSERT4SOAPeter, Steffen WSAN4CIP,TampresSurridge, Mike SERSCISLeijtens, Arthur Actor ~ TDLSommestad, Teodor VIKING - EA models and analysisPlate, Henrik PoseccoCasalino, Matteo PoSecCoLioy, Antonio POSECCO / TCLOUDS / WEBINOSOlivier, BETTAN PoSecCobaldoni, roberto comifinOlkkonen, Kaisa NokiaDavey, James FraunhoferVillasante, Jesus European CommissionMarkatos, Evangelos SysSecHowker, Keith effectsplusAlan Yeung -Llewellyn-Jones, David AniketosDlamini, Bheki internet networkingLudwig, Mike TwisNetPonta, Serena PoSecCoPaci, Federica Secure ChangeWolkerstorfer, Peter uTRUSTitGran, Glenn GINI-SAMeland, Per Håkon AniketosWainwright, Nick EffectsplusBezzi, Michele Effects+Levitt, Karl -Mallery, John -Badii, Atta MOSIPSMartinelli, Fabio NeSSosShiu, Simon HPTiemann, Marco HYDRA Middleware Clustering 23

Appendix C: Cluster Participants Services & Cloud Cluster ParticipantsName OrganisationIsabel Vinagre ATOSPeter Wolkerstorfer CURENick Papanikolaou HPMichele Bezzi SAPSerema Ponta SAPHenrik plate SAPMasco Tiemann Uk ReadingKaisa Olkkonen NOKIACrispo Bruno UNITNFabio Martinelli CNRPer Hakon Meland SINTEFPedro soria Rodriguez ATOSGlenn Gran IKEDErnesto Damiani UNIMIFrances cleary WIT-TSSG Systems and Networks Cluster ParticipantsName OrganisationKeith howker WIT-TSSGRoberto baldoni UniRomaiOlivier bettan ThalesMike Surridge IT InnovationDomenico Presenza Engineering ITJames Davey Fraunhofer IGDMatteo Casalino SAPFederica Paci UNITNAntonio Lioy PolitoTeodor sommestad KTHMats B-O larsson MML ABEvangelos marketos ForthDavid Lewellyn-Jones LJmnSteffen Peter IHPMark Mc loughlin WIT-TSSGNigel Jefferies HuaweiRoland Reike Fraunhofer SIT Clustering 24

APPENDIX D Cluster CommunicationDedicated email lists and LinkedIn Groups have been setup to support the activities of the defined clusters.Services and clouds clusterSubscription to this cluster email list via the following linkhttp://listserv.tssg.org/mailman/listinfo/ts-services_cloudCluster LinkedIn Group: http://www.linkedin.com/e/rdhgt3-gk6q5r9l-3e/vgh/3788378/Systems and networks clusterSubscription to this cluster email list via the following link :http://listserv.tssg.org/mailman/listinfo/ts-systems_networksCluster LinkedIn Group: http://www.linkedin.com/e/rdhgt3-gk6qqejg-16/vgh/3788408/Networking and coordination clusterSubscription to this cluster email list via the following link :http://listserv.tssg.org/mailman/listinfo/ts-networking_coordinationCluster LinkedIn Group: http://www.linkedin.com/e/rdhgt3-gk6qxudg-3h/vgh/3788418/ Clustering 25

APPENDIX E : Cloud & Services Workshop on Software Assurance & TrustAniketos: Supporting trustworthy and secure composition in service and cloud environ-mentsPer Håkon Meland, David Llewellyn-Jones, Erkuden Rios VelascoFor some time the trend in provision of functionality in networked environments has been towardsthe use of services that offer self-contained capabilities, but which can be composed in variousways in order to provide richer services to end users. Moving from today’s static compositions,we will in the Future Internet see a more dynamic mix and match of cloud and non-cloud servicesdepending on service availability, quality, price, trustworthiness and security features. NeelieKroes, Vice-President of the European Commission and responsible for the Digital Agenda, re-cently stated that2“We want to extend our research support and focus on critical issues such assecurity and availability of cloud services.” The main objective of Aniketos is to help establishand maintain trustworthiness and secure behaviour in a dynamically changing environmentof composite services. In order to achieve this objective, a multi-disciplinary effort involvingresearch and industrial partners is currently tackling the following challenges.Trust in the Internet of services: There must be some acceptable trust relationship between thedifferent actors in a composite service. Aniketos will offer a way of expressing different aspectsof trustworthiness and provide design-time and runtime modules for evaluating and moni-toring the trust level between service stakeholders.Secure service composition at design-time and runtime: Trust alone does not guarantee a se-cure service, service components are bound to change and absolute security is an impossible goal.To achieve an open and secure service ecosystem in the Future Internet, we need to assure all par-ties about expected behavior and usage terms. A Service Level Agreement (SLA) is a commonway to specify the conditions under which a service is to be delivered, but unfortunately, securityis not provided or used as a contract term in existing SLAs. Aniketos is developing securitySLAs that make it possible to create and monitor composite services where strong trust rela-tionships do not exist beforehand.Threat detection and response: According to the FORWARD3initiative by the European Com-mission: “identifying the adversarial model and anticipating emerging threats is the first step thatis necessary to build a secure, future Internet”. Service providers will have to deal with a fluctuat-ing threat picture; the users will be in changing operating conditions, new attack methods willemerge, and the services themselves may contain vulnerabilities that result in information leakageor open back-doors. To be prepared for the future, Aniketos is investigating threats to com-posite services in order to understand their nature and how to deal with them.Societal acceptance and effective security: Trust and security are not only technical matters, butdepend heavily on the human factors in order to be effective in everyday use. Though a compositeservice might be complex, the service end user should have an easy and understandable way ofrelying on its trustworthiness. Aniketos will contribute to a user-centred view on service trustand security by investigating user acceptance and their practical usability through casestudies for future European services. Clustering 26

uTrust-It: Usable Trust in the Internet of ThingsPeter Wolkerstorfer, wolkerstorfer@cure.at, CUREWe present uTRUSTit, a 3-year project funded by the EC. Built around 3 main scenarios(smart home, smart office, e-voting) the aim of uTRUSTit is to close the loop of trustbetween the technological and psychological layers in the IoT. To achieve this objectiveuTRUSTit will provide a “trust feedback toolkit”. The toolkit aims at enhancing usertrust perception. Usable trust – as defined in the project – is the basis for users to decideif they want to use a certain IoT technology or not, hence it is about technology accep-tance (If users don’t trust a certain technology they will reject to use it). In uTRUSTit weuse a user-centric procedural approach based on the user-centric design process definedin ISO/TR 16982:2002: Usability methods supporting human-centred design to createhuman-centric trustworthy solutions for the internet of things (IoT).The presentation focuses on human-computer interaction (HCI) work in the project andpresents two results: on the one hand we show which Personas we created for the projectto support user-centric development. Personas are a nearly none-intrusive method to raiseempathy for the users of technological artefacts during the development to ensure usableoutcome. On the other hand we explain how we extended the requirements engineeringprocess with focus groups to include the „usable trust“ elements on a methodologicalbasis.We conclude with an outlook to the challenges we expect. The three main HCI chal-lenges we see are: reduction of complexity in interaction mechanisms and processes, re-search in trust, and research in the underlying cognitive-psychological mechanisms – theresearch on mental models.Posecco: “Leveraging Security Models to Automate Audits and Improvetheir Level of Assurance”(Serena Ponta)Audits allow gaining assurance about the existence and effectiveness of controls to meet certainobjectives, e.g., security objectives motivated by an organization’s business risks or legal environ-ment. Though auditing standards and frameworks such as SAS70 and COBIT provide guidelinesfor performing auditing activities in a standard and repeatable way, the process of collecting andevaluating information about the auditee’s business, systems, and risks is still a mostly manualactivity, thus subject to individual discretion. Complementary to these high-level, risk-driven au-dit standards, the Security Content Automation Protocol (SCAP) is a suite of specifications tocope with the need for security automation on the lower, technical level. Besides well-knownstandards for vulnerability enumeration and measurement (CVE, CVSS), SCAP also includesspecifications which allow to (i) automate checks for known vulnerabilities, (ii) automate the veri-fication of security configuration settings, and (iii) generate reports that link low-level settings tohigh-level requirements.The PoSecCo project aims at establishing and maintaining a traceable link between high-level,business-driven security and compliance requirements and low-level technical configuration set-tings of individual services through landscape-aware security models. A natural question is howthe SCAP emerging standards together with the knowledge about the landscape and its securityrequirements can be used to improve the effectiveness and efficiency of the current auditing prac-tices. In this talk we illustrate how SCAP standards together with comprehensive security modelscan support different phases of an audit process by (i) facilitating the information retrieval byauditees and auditors to build an audit program and (ii) increasing efficiency and/or assurance ofactivities performed during the execution of that audit program. Clustering 27

Assert4SOA: Advanced Security Service Certificate for SOA(Ernesto Damiani)You live in a certified house,you drive a certified car,why would you use an uncertified service?The term "certification" has several different meanings in ICT. Software practitioners can earn acertificate for expertise in a certain hardware or software technology. The maturity of crucial ITprocesses, such as software development, can be and is often certified. Even individual softwaresystems can be certified as having particular non-functional properties, including safety, securityor privacy. However, the latter type of certification (e.g. Common Criteria) has had only a limiteduse to this day. Current trends in the IT industry suggest that software systems in the future will bevery different from their counterparts today, due to greater adoption of Service-Oriented Architec-tures (SOAs) and the wider spread of the deployment of Software-as-a-Service (SaaS).These trends point to large-scale, heterogeneous ICT infrastructures hosting applications that aredynamically built from loosely-coupled, well-separated services, where key non-functional prop-erties like security, privacy, and reliability will be of increased and critical importance. In suchscenarios, certifying software properties will be crucial. Current certification schemes, however,are either insufficient in addressing the needs of such scenarios or not applicable at all and thus,they cannot be used to support and automate run-time security assessment.As a result, today’s certification schemes simply do not provide, from an end-user perspective, areliable way to assess the trustworthiness of a composite applications in the context where (and atthe time when) it will be actually executed.ASSERT4SOA will fill this gap by producing novel techniques and tools – fully integrated withinthe SOA lifecycle – for expressing, assessing and certifying security properties for complex ser-vice-oriented applications, composed of distributed software services that may dynamically beselected, assembled and replaced, and running within complex and continuously evolving soft-ware ecosystemsNESSoS : “A General Method for Assessment of Security in Complex Ser-vices”(Fabio Martinelli)Abstract:NESSoS is a project devoted to perform research activities on engineering secure and trustworthyFuture Internet Services. The ares of interest is very broad. In the workshop, we present a paperwith focus on the assessment of the security of business processes. We assume that a businessprocess is composed from abstract services, each has several concrete instantiations. Essentialpeculiarity of our method is that we express security metrics used for the evaluation of securityproperties as semirings. First, we consider primitive decomposition of the business process into aweighted graph which describes possible implementations of the business process. Second, weevaluate the security using semiring-based methods for graph analysis.Finally, we exploit semirings to describe mapping between security metrics which is useful whendifferent metrics are used for the evaluation of security properties of services. Clustering 28

APPENDIX F : Systems and NetworksWorkshop on modelsObjectives of the Systems & Networks Cluster W orkshop on ModelsPresentation: Roland Rieke, pro ject EFFECTS+/MASSIF The vision of the Future Internet, where multiple services are transparently andseamlessly mixed, already created a paradigm which promises to largely enrich our abil-ity to create new applications and businesses within this new environment. But thisparadigm also enables new possibilities for threats and scales up the risks of financial andalso physical impact. In many cases, the information itself will be the essential productwhich deserves to be protected, in the Internet of Things however, real and virtual cyber-physical resources deserve our attention. Various projects in the ICT Framework Programme are currently using “Models” ofdifferent kinds in order to assess upcoming security and privacy challenges as well as miti-gation strategies w.r.t. their possible impact. The Effectsplus FP7 funded Coordination & Support Action, within the activity ofSystems and Networks cluster, organises this workshop, which aims to provide a forumfor discussing the different approaches of projects in this area. At the end of the workshop, we expect to have a better understanding of possible ar-eas of collaboration among projects. Specifically, we are interested to find out, which con-crete models are publicly available and re-usable in related projects, the gaps betweenexisting approaches and promising areas for future research. Clustering 29

Analytical attack modeling and security evaluation in MASSIFPresentation: Igor Kotenko, pro ject MASSIF The talk suggests the common approach, architecture and main models for analyticalattack modeling and security evaluation investigated in the EU FP7 MASSIF Project. Theapproach is based on processing current alerts, modeling of malefactor’s behavior, gener-ating possible attack subgraphs, cal- culating different security metrics and providing com-prehensive risk analysis procedures. Key elements of suggested architectural solutions for attack modeling and securityevaluation are using security repository (including system configuration, malefactormodels, vulnerabilities, attacks, scores, countermeasures, etc.), effective attack tree gen-eration techniques, taking into account as known as well as new attacks based on zero-dayvulnerabilities, stochastic analytical modeling, combined use of attack graphs and servicedependency graphs, calculation metrics of attack and security countermeasures (includingattack impact, response efficiency, response collateral damages, attack po- tentiality, at-tacker skill level, etc.), interactive decision support to select the solutions on securitymeasures/tools by defining their preferences regarding different types of requirements(risks, costs, benefits) and setting trade-offs between several high-level security objectives. This talk considers shortly the analysis of state-of-the-art in attack modeling, mainfunctional requirements and essence of the approach to analytical attack modeling, mainmodels as well as generalized architecture of Attack Modeling and Security EvaluationComponent (AMSEC) suggested to be developed and implemented in MASSIF project. Clustering 30

Enterprise Architecture Models for Secu- rity AnalysisPresentation: Teodor Sommestad, pro ject VIKING Enterprise architecture is an approach to management of information systems, in-cluding control systems, that relies on models of the systems and their environment.This section briefly outlines the structure of the work carried out by the VIKING projecton the topic of cyber security analysis and modeling. It combines attack- and defensegraphs with Bayesian statistics and enterprise architecture modeling. Attack graphs are a notation used to depict ways that a system can be attacked. Itshows the attack steps involved in attacks (nodes) and the dependencies that existsbetween them (arcs). Defense graphs extend this notation by including security measuresin the graph to represent the attack steps they influence. Both of these notations can beused to create models over systems and to assess the system’s security, e.g. by assess-ing if a particular attack is possible, given that the graph is parameterized. The VIKING project has produced a tool where defense graphs are produced pro-grammatically from a model of an information system or control system and its environ-ment. A user of this tool produces architectural draw- ings of their enterprise (e.g. in-cluding network zones, machines, services, security processes executed) and the based onthis the tool generates a defense graph that represent this specific enterprise’s situation.Based on logical relationships and quantitative data collected from literature and domainex- perts the user can also calculate approximate values for the probability that an at-tempted attacks would succeed against the system. The workshop in Amsterdam will present the work done in VIKING on EnterpriseArchitecture Modeling and how we believe the research work can extended to practicaltools to evaluate existing and new control system for security and to do ”what-if” stud-ies on different control system configura- tions. Clustering 31

Virtual City Simulator (ViCiSi) Presentation: Mats B-O Larsson, pro ject VIKING One of the main objectives of the Viking project is to assess the cost to the societycoming from power outages. In order to do this a virtual society simulator has been de-veloped. The virtual society is created by the Viking City Simulator, ViCiSi. In shortViCiSi is creating a virtual society, with all necessary functions, and it is based on pa-rameters from the EU database Eurostat. ViCiSi can be parameterized to any country inEU country plus Switzerland and Norway. In summary ViCiSi is: • A virtual society with all necessary infra-structure built on blocks, apartments, streets, etc. • With companies, public and private service operations producing welfare • With people living in the city consuming welfare. • Includes a distribution electrical grid with all common voltage levels to give realistic load curves • Calculates the activity in the society at all moments, in terms of Busi- ness Activity • Calculates cost for power outages as lost GDP • Can scale to all EU countries In the workshop in Amsterdam we will present the ViCiSi. We will show how it isdesigned, how it can used to calculate societal costs at power outages, how we presentthe results and how ViCiSi will be integrated into the VIKING Test bed. Clustering 32

BlockMon: a framework for Distrib- uted Network Monitoring and Real-Time Data Intensive AnalysisPresentation: S. Rao, pro ject DEMONS DEMONS project will address the ‘decentralised, cooperative and privacy preservingmonitoring for trustworthiness’. The monitoring scenario of the system architecture tar-gets both intra-domain and inter-domain aspects. Intra-domain monitoring, primary requirements here being scalability, resilience andinnetwork distribution of monitoring tasks; performance effectiveness in terms of detec-tion and mitigation reaction time; and authorized and controlled access to monitoringdata in accordance to domain-specific operational workflow processes and policies; Inter-domain monitoring, core requirement here being the tight control of inter-domain cooperation in terms of which monitoring data is ex- changed and under whichconditions, which protocols should be used for guaranteeing inter-domain inter-operability, and how to exploit and support advanced cryptographic data protection tech-nologies for improving inter- domain cooperation ability and permitting secure jointanalysis and computation over monitoring information provided by the multiple in-volved domains. The presentation will address the BlockMon Monitoring Overlay (BMO) monitoringinfrastructure chosen as the basis of the DEMONS’ Measurement Layer and CoordinationLayer for what concerns the intra-domain monitoring scenario. The internet ExchangePoint (IXP) will coordinate across inter- domains. Clustering 33

Ontologies in ASSERT4SOAPresentation: Domenico Presenza, pro ject ASSERT4SOA The presentation intend to deal with the use of ontologies in the context of the AS-SERT4SOA Project. ASSERT4SOA Project aims to produce novel techniques and tools for expressing,assessing and certifying security properties for service-oriented applications, composed ofdistributed software services that may dynamically be selected, assembled and re-placed, and running within complex and continuously evolving software ecosystems. ASSERT4SOA Advanced Security Certificates (a.k.a. ASSERTs) are ma- chine read-able documents stating that a given Web Service has a given Se- curity Property. An ASSERT also contains a model of the service and a ”proof” that can be usedby the requesters of that Web Service to re-check the asserted Security Property. Basedon the type of provided proof, three different types of ASSERT will be considered: evi-dence-based ASSERT (a.k.a. ASSERT- E), ontology-based ASSERT (a.k.a. ASSERT-O)and model-based ASSERT (a.k.a. ASSERT-M) The use of OWL-DL Ontologies within ASSERT4SOA is twofold: (1) to investigatethe use of an ontology-based approach to describe security properties of services (2) toenable the interoperability and comparison of the other kinds of ASSERTs. The envisaged ASSERT4SOA Ontology will contain the description of both generalconcepts and ASSERT specific ones. The instances of all types of ASSERTs will refer theterms defined in the ASSERT4SOA Ontology. Within the ASSERT4SOA Ontology concepts are represented as OWL- DL classesthus allowing to express decision problems about ASSERTS (e.g. mapping between differ-ent kind of ASSERTs) as Description Logic inference problems (e.g. Class ExpressionSubsumption). Clustering 34

Managing Security and Changes at Model Level throughout the whole System Engi- neering ProcessPresentation: Federica Paci, pro ject NESSoS/SecureChange Security engineering is not a goal per see. Security applies to a system or software,whether large IT or embedded system, which must itself be engineered. Security engi-neering must therefore comply with the constraints and pace of the mainstream system /software engineering processes, methods and tools. Assuming a model driven approach tothe mainstream system / software engineering, we explain how to support evolution whilemaintaining security at all levels of the system / software development process, fromrequirements engineering down to deployment and configuration. A system / software lifecycle typically has seven phases: (i) specification, (ii) design,(iii) realisation or acquisition, (iv) integration and verification, (v) validation and de-ployment, (vi) operation and maintenance, and (vii) disposal. In some cases, a sys-tem / software may occupy several of these phases at the same time. Security engineer-ing can be conducted regardless of the system / software lifecycle phase; however thepursued goals may significantly differ (see Figure 1). During the specification phase, the main goal of security engineering is to influencethe definition of the system / software requirements, and thus gain early assurance thatthe proposed architectural solution is sound with respect to security concerns. This stepencompasses customer security need elicitation and early risk assessment. This early ap-proach contrasts sharply with current-day practices in which risks are only analysedwhen requirements have been elicited, and sometimes even later, when the main systemdesign is frozen or developed. With standard approaches: (i) safeguards may bevery expensive to implement; (ii) some elicited requirements may reveal themselves astoo risky to be fulfilled; (iii) some requirements may be error-prone; (iv) locally designedsafeguards to cope after hand with risky requirements may obstruct the fulfilment ofother requirements. Clustering 35

PoSecCo ModelsPresentation: Antonio Lioy, pro ject PoSecCo PoSecCo aims at addressing some of the main service provider challenges for the vi-ability of Future Internet (FI) applications, that will see dynamic compositions of ser-vices providing a broad diversity of functions, starting with business functionality downto infrastructure services. In fact, in a FI scenario, service providers will need to achieve,maintain and prove compliance with security requirements stemming from internalneeds, third-party demands and international regulations, and to cost-efficiently managepoli- cies and security configuration in operating conditions. PoSecCo overcomes this by establishing a traceable and sustainable link betweenhigh-level requirements and low-level configuration settings through decision support sys-tems. To achieve this goal a consistent effort is being put into system and network model-ling, whose main purpose is to create a set of meta-models and a security ontology thatwill be presented at the Network and System Workshop. First of all, reaching the PoSecCo objectives requires the modelling of FI services, achallenge that PoSecCo is addressing through a refinement loop between the Service Pro-vider partners, providing the requirements ensuring the practical usage, and academiaensuring the self- coherence, extensibility and the possibility to be formally used. The result is the functional system meta-model, including a business and an IT layer.Moreover, since services will be actually implemented on existing (physical or virtual) net-worked systems, the functional system meta-model includes an infrastructural layer thatrefers to a landscape meta-model. Also the policy is represented at three different layers of abstraction, the business, theIT and the landscape configuration layers, therefore the design of three policy meta-models is in progress. The PoSecCo security ontology is being developed to vertically connect all the ab-straction layers and horizontally connecting each abstraction layer with the correspondingpolicy-meta model, and to enrich the knowledge of the systems using the expressivepower that ontologies can guarantee. Clustering 36

Assessment models to Improve the Usabil- ity of Security in Wireless Sensor NetworksPresentation: Peter Steffen, pro ject WSAN4CIP/TAMPRES Wireless Sensor Networks play a major role in the Future Internet. They deliver datathat may influence important decisions in further process steps. To improve the securityand reliability as they are required for such networks, many protocols, algorithms, and ser-vices have been proposed in recent years. The complexity of the approaches is often sig-nificantly and the trade-offs are hardly understood by even by experts. This is aparticular issue in projects such as WSAN4CIP (wireless sensor networks for critical infra-structure protection) where eventually domain experts apply networks in critical envi-ronments. As solution we propose a model-based approach that maps requirements and systemproperties on exchangeable security models, expressed in a flexible meta-model-language.The initial requirements are understood by users, and the system properties are assessedbased on properties of the individual components, which can be stored in pre-configured repositories. The exchangeable security models allow to focus on specific security aspects such asvulnerabilities, attacks, or resistances. As example the models shall evaluate the effects of tamper resistant sensor nodes, asthey are investigated in the TAMPRES project. Naturally, the existence or non-existence of such tamper resistance in the network alters the security properties of theentire network and its application significantly. This has to be respected by the models. The model approach as well as the implications for the projects WSAN4CIPand TAMPRES are addressed in the presentation. Clustering 37

Multi-Dimensional Clustering for the Pur- poses of Root-Cause AnalysisPresentation: James Davey, pro ject VIS-SENSE One of the goals of the VIS-SENSE project is to generate an overview of the mal-ware and spam landscapes in the Internet. A major part of this process is root-causeanalysis, which is the search for and identification of coordinated criminal campaigns.Through a better understanding of how these campaigns evolve over time, security ex-perts should be able to improve the protection of their networks. When analysing the behaviour of spam or malware, a very large number of alerts arecollected every day. What constitutes an alert is defined by the data collection infrastruc-ture used to collect information for the purposes of analyses. The alerts are the startingpoint for our root-cause analysis. The next phase in the analysis process involves the generation of events, based on thealerts. These events are essentially groups of alerts, together with some additional anno-tations. The groups and annotations are derived with the help of rule-based or experi-ence-based models. Events are the first level of aggregation in the root-cause analysis. While this aggrega-tion does increase understanding of the threat landscape, it is not condensed enough toprovide an overview. To attain an overview, a further aggregation step is undertaken. Inthis step, each feature of the events is first considered individually. Based on the datatype of the feature, similarity measures are chosen and, if necessary, parameterised. The feature-based similarities can be used to cluster events on a feature-by-feature basis. These clusters provide clues for the specification of a multi-dimensionalsimilarity measure. With the help ofthis measure, multi-dimensional clustering is possible. Visualizing the re-sults of multi-dimensional clustering reveals a much more insightful overview of the origi-nal malware and spam alerts. Many models exist for the feature-by-feature as well as for the multi- dimensionalsimilarity measures. The choice of models and their param- eteriza-tion has direct implications for the results of the multi-dimensional clustering step. Anoverview of these models will be presented, as well as a description of techniques for thesupport of iterative visualisation and ad- justment of parameters. Through the targeteduse of visualization in the analysis process VIS-SENSE will assist the analyst in the gen-eration of useful overviews of the threat landscape. Clustering 38

Introducing the ENDORSE Privacy Rules Definition LanguagePresentation: Mark McLaughlin, pro ject ENDORSE One of the core outputs of the ENDORSE project will be a Privacy Rules DefinitionLanguage (PRDL). This language will allow organisations to cod- ify their data protectionand privacy operating policies regarding sensitive user data. PRDL will be used forinternal compliance and transparency with regard to external parties. The ENDORSEsystem will use PRDL rules to ensure that personal data are processed legally and appro-priately within the organisation in terms of access control and meeting obligations fordata handling over the lifetime of the data. ENDORSE is taking a model driven architec-ture (MDA) approach to building the ENDORSE platform. As such, the definition ofPRDL is also crucial for generating many of the platform software components. An earlydraft of the PRDL metamodel will be presented. Collaborative Security for Protection ofFinancial Critical Infrastructures: The Se-mantic Room abstraction modelPresentation: Roberto Baldoni, pro ject CoMiFin The growing adoption of Internet in the financial ecosystem has exposed financialinstitutions to a variety of security related risks, such as increas- ingly sophisticated cy-ber attacks aiming at capturing high value and sensitive information, or disrupting serviceoperation for various purposes. To date, single financial institutions have faced individu-ally these attacks using tools that re-enforce their defence perimeter (e.g. intrusiondetection systems, firewalls). However, today’s attacks are more sophisticated making thiskind of defences inadequate. Attacks are typically distributed in space and time meaningthat they can be coordinated on a large scale basis and often con- sist of a preparationphase spanning over days or weeks, involving multiple preparatory steps aiming at identi-fying vulnerabilities (e.g., open ports). In order to detect these attacks a larger view of whatis happening in the Internet is required, which could be obtained by sharing and combiningthe information available at several financial sites. This information must be processedand correlated ”on-the-fly” in order to anticipate threats and frauds, and mitigate theirpossible damages. Even though this sharing can result in a great advantage for financialinstitutions, it should be carried out only on a clear contractual base and in a trustedand secure environment capable of meeting privacy and confidentiality requirements offinancial institutions. In this context, the CoMiFin project, ended last April 2011, devel-oped an open source middleware system for monitoring the Financial Critical In- fra-structure domain. The system is currently a research prototype and has been demon-strated in several occasions even to financial stakeholders such as SWIFT board membersand a number of Italian banks. It facilitates the sharing and processing of critical opera-tional data among interested parties (e.g., financial institutions, telco providers, powergrid operators), and is utilized for timely activating local protection mechanisms. In doingso, the CoMiFin project introduced a novel abstraction model named Semantic Room(SR). Clustering 39

Effectsplus july event report

by fcleary

Accessibility

Categories

Upload Details

Usage Rights

1 Embed 32

Statistics

Effectsplus july event report Document Transcript