TSSG Security research unit May11_zdooly

586 views

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
586
On SlideShare
0
From Embeds
0
Number of Embeds
8
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • As opposed to static, in-house services
  • TSSG Security research unit May11_zdooly

    1. 1. Security Research Unit<br />Presented by Zeta Dooly<br />
    2. 2. Research Units<br />Research Units<br />2<br />
    3. 3. Research Unit - Projects<br />3<br />
    4. 4. Overview<br /> TSSG's Security Research Unit investigates a number of research topics in the area of IT security<br />
    5. 5. Topics<br /><ul><li> Distributed trust and reputation management
    6. 6. Trust principals for use in
    7. 7. Single service
    8. 8. Sets of independent services
    9. 9. More complex service configurations.</li></li></ul><li>Topics<br /><ul><li>Access control for secure services:
    10. 10. Scalable framework for secure service composition.
    11. 11. Identity and Privacy technologies
    12. 12. Identity management/provisioning
    13. 13. Privacy preserving across networks, services and applications.
    14. 14. Data Protection Access Control
    15. 15. Legal technical frameworks</li></li></ul><li>Topics<br /><ul><li> Protection of critical infrastructures
    16. 16. Securing critical infrastructures
    17. 17. Financial infrastructures
    18. 18. Energy
    19. 19. Transportation
    20. 20. Service policy continuity
    21. 21. Enabling the enforcement of security.</li></li></ul><li>Topics<br /><ul><li> Coordination of international research and policy aspects of trust and security
    22. 22. At the forefront with the European Commission in driving these important coordination activities.</li></li></ul><li>Key Partners<br /><ul><li> Thales
    23. 23. Atos Origon
    24. 24. Hewlett Packard
    25. 25. IBM
    26. 26. SAP
    27. 27. University of Darmstadt
    28. 28. University Tilburg
    29. 29. LSE</li></li></ul><li>Sample Projects<br /><ul><li> Aniketos
    30. 30. PASSIVE
    31. 31. ENDORSE</li></li></ul><li>Aniketos<br /><ul><li>Establishing and maintaining trustworthiness and secure behaviourin dynamic service environments.
    32. 32. Align existing and develop new technologies that support the design-time creation and run-time dynamic behavior of composite services.
    33. 33. Addressing
    34. 34. Service developers
    35. 35. Service providers
    36. 36. Service end users</li></li></ul><li>Aniketos context<br />Dynamically changing<br />composite services <br />and service environment<br />Several service <br />providers involved<br />End users shouldn’t <br />care about what’s <br />under the hood<br />
    37. 37. Service providers<br />Service developers<br />Service end users<br />Invoke<br />Provide<br />Compose<br />Adapt/recompose<br />Component change<br />Change of threats<br />Change of environment<br />Design-time<br />Aniketos goal: Make composite services able to establish and maintainsecurity and trustworthiness<br /><ul><li>End user trust assurance and acceptance
    38. 38. Identification of responsible party
    39. 39. Self-protection
    40. 40. Trust evaluation
    41. 41. Security validation
    42. 42. Discovery and composition support based on trustworthiness, security properties and metrics
    43. 43. Relevant threat awareness
    44. 44. Trust and security monitoring
    45. 45. Threat notification</li></ul>Runtime<br />13<br />
    46. 46. TSSG in Aniketos<br /><ul><li>Trust and Reputation for Composite Services
    47. 47. Extends our work in CoMiFin (Trust Manager)
    48. 48. Community Building
    49. 49. WP leader, opensource community, networking
    50. 50. Secure Behaviour in composition
    51. 51. Testbed to investigate the scalability of service composition security (STACS)
    52. 52. Response to changes and threats, notification, adaptation
    53. 53. User Evaluation</li></li></ul><li>PASSIVE<br /><ul><li>Governments under pressure to reduce CAPEX, lower energy expenditure and consolidate OPEX in many areas.
    54. 54. Virtualisation holds promise for eGov applications.
    55. 55. Shared-resources raise legitimate security concerns.</li></li></ul><li>PASSIVE Goals<br /> PASSIVE proposes improved security model for:<br /><ul><li>Adequate separation of concerns in large scale deployments
    56. 56. Threats from co-hosted operating systems detected and dealt with
    57. 57. Public trust in application providers is maintained even in dynamic hosting environment</li></li></ul><li>ENDORSE Goals:<br /><ul><li>Providing open source tools and technologies to ensure data protection compliance
    58. 58. Privacy Rules Definition Language (PRDL)
    59. 59. Express EU Directives on Data Protection
    60. 60. Express National implementations of Directives (Italy, Netherlands, Spain, Ireland)
    61. 61. Express User Consent & Privacy Policies
    62. 62. PRDL Editor, PRDL Engine, Technology adapters (e.g. PRDL -> XACML)
    63. 63. End-User Verification Tools, Accountability
    64. 64. Certification Methodology</li></li></ul><li>Organisation Interaction<br />PRDL<br />Engine<br />PRDL<br />Editor<br />EU Directive<br />Data<br />Controller<br />National Legislation<br />The data controller describes <br />the company privacy policy via <br />the PRDL Editor. <br />The PRDL Engine checks that the policy is compliant with the national legislation and informs the <br />data controller when compliance is breached.<br />Access control policy documents (e.g. XACML) are automatically <br />Produced to reflect the policy.<br />User Consent<br />Company <br />Privacy Policy<br />Access<br />Control<br />User Data<br />
    65. 65. User Interaction<br />PRDL<br />Engine<br />End User<br />Verification<br />Tool<br />EU Directive<br />National Legislation<br />User Consent<br />Customer<br />Access<br />Logs<br />Company <br />Privacy Policy<br />The customer can request: <br /><ul><li> How its data has been accessed
    66. 66. By whom
    67. 67. What aspects of the company privacy policy allow for this access.</li></ul>Access<br />Control<br />User Data<br />
    68. 68. TSSG & Future Internet<br /><ul><li>Future Internet Assembly (FIA)
    69. 69. Future Internet Forum (CeFims)
    70. 70. 3rd Irish Future Internet Forum-June 1st 2011
    71. 71. Recently commenced 2 projects in FI PPP
    72. 72. FINSENY (use case-smart grids)
    73. 73. INFINITY (CSA-infrastructures & interoperability support core platform & use cases)
    74. 74. Previous project</li></li></ul><li>Thanks for listening<br />Questions???<br />Zeta Dooly <br />zdooly@tssg.org<br />+353 51 302943<br />http://www2.tssg.org/people/zdooly/<br />twitter: zdooly<br />

    ×