1,721,006 research outputs found
Trustworthy systems design using semantic risk modelling
No full textIn this paper, we set out to explore some of the many ways in which Social Network Analysis (SNA) can be applied to the field of security. In particular, we investigate what information someone (e.g., an attacker) could infer if they were able to gather data on a person’s friend-groups or device communications (e.g., email interactions) and whether this could be used to predict the “hierarchical importance” of the individual. This research could be applied to various social networks to help with criminal investigations by identifying the users with high influence within the criminal gangs on DarkWeb Forums, in order to help identify the ring-leaders of the gangs. For this study we conducted an initial investigation on the Enron email dataset, and investigated the effectiveness of existing SNA metrics in establishing hierarchy from the social network created from the email communications metadata. We then tested the metrics on a fresh dataset to assess the practicality of our results to a new network
A novel risk-based approach for online community management
No full textOnline communities play a pivotal role in innovation, marketing, corporate expertise management, product support and advertising. Communities in the order of millions of users are becoming the norm. However, this proliferation of demand is not met with intelligent, scalable, easy to use community management approaches. Current methods are based on basic statistical tools that aggregate data for the community owner/moderator to interpret and take appropriate actions. The data reflects only the current state of the community, which does not constitute an effective warning system of future events. Moreover, the community health becomes highly dependent on the owner’s skill, interpretation, intimate knowledge of the community and its evolution path. This paper presents a proactive, extensible, risk-based management framework supporting advanced analytical services for managing online communities. The solution allows community owners to focus on the community objectives and proactively manage favourable/unfavourable events at the user and community level
A business-oriented Cloud federation model for real-time applications
No full textCloud federation can allow individual Cloud providers working collaboratively to offer best-effort services to service customers. However, the current federated Cloud computing model is not appropriate for computationally intensive Real-time Online Interactive Applications (ROIA). This paper discusses how we propose and develop a business-oriented federated Cloud computing model where multiple independent infrastructure providers can cooperate seamlessly to provide scalable IT infrastructure and QoS-assured hosting services for ROIA. The distinct features of this proposed Cloud federation model is its business layer that can provide an enhanced security features and can trigger the on-demand resource provisioning across multiple infrastructure providers, hence helping to maximize the customer satisfaction, business benefits and resources usage
Securing Real-Time Interactive Applications in Federated Clouds
No full textReal-time systems are of importance to a large number of university laboratories and research institutes worldwide, and without the proper integration of real-time into distributed computing, institutions simply could not function. Achieving Real-Time in Distributed Computing: From Grids to Clouds offers over 400 accounts from a wide range of specific research efforts. Major focus is given to the need for methodologies, tools, and architectures for complex distributed systems that address the practical issues of performance guarantees, timed execution, real-time management of resources, synchronized communication under various load conditions, satisfaction of QoS constraints, and dealing with the trade-offs between these aspect
Run-time risk management in adaptive ICT systems
Full text linkWe will present results of the SERSCIS project related to risk management and mitigation strategies in adaptive multi-stakeholder ICT systems. The SERSCIS approach involves using semantic threat models to support automated design-time threat identification and mitigation analysis. The focus of this paper is the use of these models at run-time for automated threat detection and diagnosis. This is based on a combination of semantic reasoning and Bayesian inference applied to run-time system monitoring data. The resulting dynamic risk management approach is compared to a conventional ISO 27000 type approach, and validation test results presented from an Airport Collaborative Decision Making (A-CDM) scenario involving data exchange between multiple airport service providers
SERSCIS: Semantic Modelling of Dynamic, Multi-Stakeholder Systems
Full text linkThis paper describes a novel approach to semantic system and security modelling developed in the SERSCIS project. The approach is designed to address dynamic multistakeholder systems that are composed from services at run-time. This presents several challenges for security risk modelling and management that are not well addressed by previous work. The biggest challenge is the fact that at design-time one only knows the structure but not the composition of the system, forcing an abstract modelling approach to be used. The SERSCIS approach deals with this by defining a set of OWL classes describing generic system assets, threats and security controls and the relationships between them. This dependability model captures security expertise concerning the types of threats that can arise in general and the controls that can be used to address them. An abstract system model can then be created using OWL subclasses, to capture the types of assets and their relationships in a specific system, but still without specifying how many assets, where they are deployed or what security controls they have. The resulting models can be used as inputs to run-time semantic monitoring tools, where the knowledge encoded in the abstract system model is used to automatically determine system threat activity and system vulnerabilities. The approach was validated in an Airport Collaborative Decision-Making scenario
Experiences using the UML profile for MARTE to stochastically model postproduction interactive applications
No full textAbstract: We describe a practical approach applying the UML 2.0 standard MARTE profile to model stochastic interactive application workflows, using the PapyrusUML editor. We use the PaStep, PaCommStep, PaLogicalResource and GaCommHost MARTE stereotypes and find them sufficient for stochastic modelling with the exception of being unable to define non-standard probability distributions. We have investigated both Markovian stochastic models and discrete event simulation models, serializing UML deployment and state machine diagrams to automate model creation. The choice between using a stochastic model (e.g. PRISM Markov models) or discrete event simulation model (e.g. Monte Carlo simulations) depends on the complexity of the model, accuracy required and compute time needed. We find that PRISM models are fast to execute if the complexity is small and produce numerically accurate results. Discrete event simulation models are slower to execute but scale much better and are probably the default solution to a model of unknown complexity
OPTET D2.4 Socio-economic evaluation of trust and trustworthiness
No full textIn this deliverable, we present the work done on Trust and Trustworthiness models after the D2.3 milestone. The work focused on extending the models, enhancing their performance as well as accuracy when used across the socio-technical system lifecycle. This deliverable also presents the details of the validation and evaluation of these models, and their integration into the WP8 use cases (DADV, AAL and SWC).The Trustworthiness model was enhanced with new asset types, threats and controls restructured in a modular way to allow easier future extension and performance optimisation as systems complexity grows. The GE presented in the 2nd year review was made more robust and finally used for the evaluation requested by the reviewers to show how both the model as well as the GE support the system design and provide additional value compared to the traditional modelling process.The evaluation on the Trust model was done by conducting a large-scale experiment on users of a fictional search engine and questioning them about their perception of trust into the system depending on various factors. Furthermore, we analysed the effect of user trust on the legal framework.The evaluation results and identified software bugs have already been taken into consideration in the final release of the OPTET GE’s
OPTET D2.5 - Consolidated report on the socio-economic basis for trust and trustworthiness
No full textThis deliverable provides a public consolidated report on the socio-economic basis for trust and trustworthiness in OPTET. It summarises the basic definitions of trust and trustworthiness that laid the foundation of developing trust and trusworthiness enabling technology over the different OPTET WPs.Trust in a system is defined as a property of a stakeholder (known as the trustor) reflecting the strength of their belief that engaging in the system for some purpose will produce an acceptable outcome. Trustworthiness on the other side is a property of the system. A system is more trustworthy if it is able to produce an outcome acceptable to all trustors.The approach taken by OPTET WP2 involves the use of several different models during the design and operation of the system. A conceptual unifying model is presented in this deliverable. At the heart of this model is a semantic model of system trustworthiness, in which threats to the system are described in relation to groups of interacting system assets.The repeated findings throughout all the exploratory analyses showed that we can cluster users into segments of similar trust-related behaviour.The foundation established by WP2 has been leveraged by the different OPTET WPs in order to incorporate and manage trust and trustowrthiness over the socio-technical system lifecycle. This includes design, development and certification, distribution and deployment as well as maintenance phase. A specific emphasis in this deliverable is put on the possible future legal measures that are likely to have a role in the overall approach to a trusted Future Internet. The two approaches – trustworthiness-by-design (TWbyD) and data-protection-by-design (DPbyD) – are critically assessed through cross-comparative evaluation. As a result of this critical analysis, this section identifies a need for greater legal integration across the ICT platform lifecycle in order to strengthen a valueby- design approach to a trusted Future Internet environment. In consequence, it proposes the OPTET Legal Integration Model (OPTET-LIM) aimed at raising legal awareness and interdisciplinary exchange from the ICT platform design stage. Finally, it briefly explores the newest legal instrument that explicitly aims at promoting trust online – the Electronic Identification and Trust Services for Electronic Transactions in the Internal Market (eIDAS) Regulation – including its connection to valueby-design and explains why a TWbyD approach is crucial in such an environment.This deliverable discusses the need for an OPTET Legal Integration Model to support TWbyD in the scope of the OPTET lifecycle. The OPTET-LIM framework is aimed at raising legal awareness and interdisciplinary exchange from the ICT platform design stage, and will be reusable for other, trusted Future Internet applications.We also give an overview of the OPTET models and the OPTET lifecycle on which the legal models are proposed to be applied
- …
