Antonio Maña

• PhD
• Professor at University of Malaga

This paper presents a novel Security Engineering Process for the creation of security-enhanced system models. The process offers a language for the definition of a domain-specific security knowledge language, the creation of security artefacts using the previous architecture and the use of these artefacts in a system model for fulfilling its sec...

A coalition consists of independent organizations that share resources and skills to achieve significant mission objectives. Dynamic Coalition (DC) formations occur in response to some market demands, business requests, or disaster responses, to name a few. Partners forming a coalition are automatically selected given some business criteria and bec...

Mobile agent is a promising paradigm for emerging ubiquitous computing and ambient intelligent scenarios. We believe that security is the most important issue for the widespread deployment of applications based on mobile agent technology. Indeed, community agrees that without the proper security mechanisms, use of mobile agent-based applications wi...

In software engineering, pattern papers serve the purpose of providing a description of a generalized, reusable solution to recurring design problems, based on practical experience and established best practices. This paper presents an architectural pattern for a Secure Auditable Registry service based on Message-Oriented Middleware to be used in l...

The goal of this paper is to draw the lessons learned from a project that involved security systems engineers, computer scientists, lawyers and social scientists. Since one of the goals of the project was to propose actual solutions following the privacy by design approach, its aim was to go beyond multidisciplinarity and build on the variety of ex...

Despite its immense benefits in terms of flexibility, resource consumption, and simplified management, cloud computing raises several concerns due to lack of trust and transparency. Like all computing paradigms based on outsourcing, the use of cloud computing is largely a matter of trust. There is an increasing pressure by cloud customers for solut...

The creation of secure applications is more than ever a complex task because it requires from system engineers increasing levels of knowledge in security requirements, design and implementation. In fact, the fast increasing size and volatility of this knowledge has reached a point in which it is unrealistic to expect that system engineers can keep...

The modelling, engineering and development of systems with security requirements (which today means all systems) have been the target of different research works that are intended to deal with the increasing complexity of systems and characteristics such as distribution, real-time constraints and heterogeneity and with the need to provide increasin...

This paper presents a sample surveillance use-case based on a video archive search scenario. Privacy and accountability concerns related to video surveillance systems are identified and described here, thus assessing the impact on privacy of this type of systems. Then, after a description of the scenario, we produce the design for this particular c...

This chapter presents a certification-based assurance solution for the cloud, which has been developed as part of the FP7 EU Project CUMULUS. It provides an overview of the CUMULUS certification models, which are at the basis of the certification processes implemented and managed by the CUMULUS certification framework. Certification models drive th...

The modelling, engineering and development of systems with security requirements (which today means all systems) have been the target of different research works that are intended to deal with the increasing complexity of systems and characteristics such as distribution, real-time constraints and heterogeneity and with the need to provide increasin...

Development of secure cloud applications requires a supportive approach that should also enable software assessment and certification by different mechanisms. These can assure by independent means that the required security is present. In this paper we present a Core Security Metamodel (CSM) that is the director of a security engineering process th...

Privacy impacts of video surveillance systems are a major concern. This paper presents our ongoing multidisciplinary approach to integrate privacy concerns in the design of video surveillance systems. The project aims at establishing a reference framework for the collection of privacy concepts and principles, the description of surveillance context...

Given the highly variable physical layer characteristics in cognitive radio sensor networks (CRSN), it is indispensable to provide the performance analysis for cognitive radio users for smooth operations of the higher layer protocols. Taking into account ...

The creation of secure systems of systems is a complex process. A large variety of security expertise and knowledge specific for application domains is required. This is even more important if systems of systems span different application domains. Then, security threats specific to different application-domains need to be considered. One example is...

Cloud and Web Services technologies offer a powerful cost-effective and fast growing approach to the provision of infrastructure, platform and software as services. However, these technologies still raise significant concerns regarding security assurance and compliance of data and software services offered. A new trend of a service security certifi...

This paper presents a security engineering process for the modelling of security-sensitive systems using a real use case of metering devices. The process provides a security framework that can be used with other existing processes (such as the agile ones). It helps to develop and model systems bearing in mind their heterogeneity, real-time and dyna...

The engineering and development of complex security-sensitive systems is becoming increasingly difficult due to the need to address aspects like heterogeneity (of application domains, requirements, regulations, solutions, etc.), dynamism and runtime adaptation necessities, and the high demands for security and privacy of the users and agencies invol...

Application-level access control is an important requirement in many distributed environments. For instance, in new scenarios such as e-commerce, access to resources by previously unknown users is an essential problem to be solved. The integration of Privilege Management Infrastructure (PMI) services in the access control system represents a scalab...

Despite the fact that software security certification has important advantages; among these we highlighted that it allows to increase users' trust by means of attesting security properties. However, in most of cases the system that is subject of certification is considered to be monolithic. This fact implies that existing certification schemes do n...

Software certification has been successfully used with traditional "static" software. With the introduction of new computing paradigms such as service-oriented computing and cloud computing, the existing way to represent software certifications based in verbose human-oriented documents, exhibits many limitations, to the point of making the approach...

Service Oriented Computing (SOC) has facilitated a paradigm shift in software provisioning models: software gets consumed as a "service" providing enormous benefits, however lack of security assurance of third-party services is hampering their wider adoption in business- and security-critical domains. Security certification typically provides the r...

The concept of Dynamic Coalitions (DCs) provides a scalable approach for service-based business integration suitable to Small and Medium-size Enterprises (SMEs). An outcome of a DC model is a composite service offered to a market place. The notion of security-by-design certified coalition enables coalition designers/owners to request a certificatio...

Live media streaming is a field that recently has had a great impact in the scientific community, especially in the case of interactive media streaming. In this paper we propose a reference architecture conceptualizing an immersive view effect by considering heterogeneous tracking devices and enriched movement control over heterogeneous stream imag...

In recent years the number of Ambient Intelligent systems is growing steadily, especially several fields such as domotic and remote teaching are practical applications of AmI. A relevant characteristic of these systems is sharing a double goal, comfort and simplicity of final users. However, the adoption of these scenarios lacks of a security basis...

This paper presents a security engineering process for the development of secure systems focusing on the specification and development of the Set-top Boxes. The paper describes the Set-top Box characteristics and functionalities and, using the process and its secure artefacts, models what we call a Domain Security Metamodel that defines all the sec...

The use of clouds raises significant security concerns for the services they provide. Addressing these concerns requires novel models of cloud service certification based on multiple forms of evidence including testing and monitoring data, and trusted computing proofs. CUMULUS is a novel infrastructure for realising such certification models.

Security is considered one of the crucial issues for the widespread adoption of cloud computing. Despite all research done in preventive security for cloud computing, the high complexity and the interdependence of many software layers and infrastructures mean that in practice there are always chances for something going wrong. For this reason, ther...

The OKKAM project aims at enabling the Web of Entities, a global digital space for publishing and managing information about entities. The project provides a scalable and sustainable infrastructure, called the Entity Name System (ENS), for the systematic reuse of global and unique entity identifiers. The ENS provides a collection of core services s...

The development of systems based on embedded components is a challenging task because of their distributed, reactive and real-time nature. From a security point of view, embedded devices are basically systems owned by a certain entity, used frequently as part of systems owned by other entities and operated in a potentially hostile environment. The...

Nowadays, tourists have access to a lot of different web sites in order to find information about destinations. This has a direct impact on tourism destination management organizations and tourism providers. These stakeholders have a lot of problems in order to find reliable and up-todate information about their destinations. This paper presents an...

In this chapter, the authors provide an overview of the importance of the monitoring of security properties in cloud computing scenarios. They then present an approach based on monitoring security properties in cloud systems based on a diagnosis framework that supports the specification and monitoring of properties expressed in Event Calculus (EC)...

An architecture for dynamic security monitoring and enforcement for client software running in virtualized environments is presented. Virtualization is heavily used in cloud computing in order to allow a proper trade-off between isolation and resource usage. In this new architecture, monitoring mechanisms check a set of policy-defined conditions at...

The development of systems based on embedded components is a challenging task because of the distributed, reactive and real-time nature of such systems. From a security point of view, embedded devices are basically systems owned by a certain entity and operated in a potentially hostile environment. Currently, a security engineering process for syst...

Resource constrained embedded systems (RCES) refers to systems which have memory and/or computational processing power constraints. They can be found literally everywhere, in many application sectors such as automotive, aerospace, and home control. They are in many types of devices, like sensors, automotive electronic control units, intelligent swi...

Trusted platform modules (TPMs) specification is highly complex and therefore the deployment of TPM –based security solutions is equally complicated and difficult; although they can provide a wide range of security functionalities. In order to make TPM technology available to system engineers without their needing to have in-depth knowledge of trus...

Currently, SOAs are the major trend for large -- scale infrastructures and applications that are built from loosely -- coupled well -- separated services and that are subject to dynamic configuration, operation and evolution. Concretely, in open SOAs, trust becomes an essential element and certification of security properties offered by the service...

Development of systems based on embedded components is a challenging task because of the distributed, reactive and real-time nature of such systems. From a security point of view, it is essential to take into account that frequently embedded devices are basically system components owned by a certain entity, used as part of systems owned by other en...

An architecture for dynamic security monitoring and enforcement for client software running in Virtualized Environments for Cloud computing is presented. Monitoring mechanisms check a set of policy-defined conditions at runtime in order to detect threats or anomalous behaviour. Enforcement is achievable by using secure software execution methods th...

Cloud computing is one of the biggest trends in information technology, with individuals, companies and even governments moving towards their use to save costs and increase flexibility. Cloud infrastructures are typically based on virtualised environments, to allow physical infrastructure to be shared by multiple end users. These infrastructures ca...

In this paper we present the design of an architecture for dynamic security monitoring and enforcement, based on software protection scheme, for client software running in Virtualized Environments. Monitoring mechanisms check a set of policy-defined conditions at runtime to detect threats or anomalous behaviour. Enforcement will be achieved using s...

Children that spend long periods in hospitals suffer different negative effects that affect their emotional and psychological development including sleep disorders, stress, and degradation of school performance. A common reason behind these effects is related to breaking of normal relationships and lack of contacts with the daily environments (fami...

Agent-systems can bring important benefits especially in applications scenarios where highly distributed, autonomous, intelligence, self-organizing, and robust systems are required. Furthermore, the high levels of autonomy and self-organizations of agent systems provide excellent support for developments of systems in which dependability is essenti...

In terms of the mobile agent paradigm, multi-agent systems represent a promising technology for emerging Ambient Intelligent scenarios in which a huge number of devices interact. Unfortunately, the lack of appropriate security mechanisms, both their enforcement and usability, is hindering the application of this paradigm in real world applications....

Service-oriented architectures (SOA) constitute a major architectural style for large-scale infrastructures and applications built from loosely-coupled services and subject to dynamic configuration, operation and evolution. They are the structuring principle of a multitude of applications and the enabling technology for recent software paradigms li...

Cloud computing is one of the biggest trends in information technology , with individuals, companies and even governments moving towards their use to save costs and increase flexibility. Cloud infrastructures are typically based on virtualised environments, to allow physical infrastructure to be shared by multiple end users. These infrastructures c...

ASSERT4SOA project proposes machine readable certificates to be used to allow Web service requesters to automatically assess the security properties of Web services (and their providers) as certified by a trusted third party. This vision promises to open up an entire new market for certification services.

Security is usually not in the main focus in the development of embedded systems. However, strongly interconnected em-bedded systems play vital roles in many everyday processes and also in industry and critical infrastructures. Therefore, security engineering for embedded systems is a discipline that currently attracts more interest. This paper pre...

Agent-systems can bring important benefits especially in applications scenarios where highly distributed, autonomous, intelligence, self-organizing and robust systems are required. Furthermore, high levels of autonomy and self-organization of agent systems provide excellent support for development of systems with high dependability requirements. Tw...

Children that spend long periods in hospitals suffer different negative effects that affect their emotional and psychological development and their family life. Among these effects, sleep disorders, stress, and degradation of school performance are the most frequent. A common reason behind these effects seems to be related with the disruption of th...

We present the Entity Name System (ENS), an enabling infrastructure, which can host descriptions of named entities and provide unique identifiers, on large-scale. In this way, it opens new perspectives to realize entity-oriented, rather than keyword-oriented, Web information systems. We describe the architecture and the functionality of the ENS, al...

The agent-based computing represents a promising paradigm for emerging ubiquitous computing and ambient intelligence scenarios due to the nature of the mobile agents that fit perfectly in these environments. However, the lack of the appropriate security mechanisms is hindering the application of this paradigm in real world applications. The protect...

In this chapter the authors present a policy-based security engineering process for service oriented applications, developed in the SERENITY and MISTICO projects. Security and dependability (S&D) are considered as first-class citizens in the proposed engineering process, which is based on the precise description of reusable security and dependabili...

Software agents represent a promising computing paradigm. They are an elegant technology to solve problems that can not be easily solved in other way. The Scientific Community has proved that the use of the software agents approach simplifies the solution of difierent type of traditional computing problems. A proof of this is that several important...

Certifying the security and dependability properties of individual web services or of entire business processes hosted on a Service Oriented Architecture (SOA) is a major challenge of SOA research. It is widely recognized that the unique features of WS/SOA require new security assessment approaches, including novel service testing and process monit...

Current approaches for software development fail in the integration of security aspects. Usually, this is because of the software complexity and the specific expertise needed for the integration of modern security solutions. In this paper we present the SERENITY Project which proposes a framework addressing this issue. SERENITY is based on the separ...

This paper describes the SERENITY infrastructure for the maintenance and evolution of dynamically provided security and dependability (S&D) solutions. The main characteristics of the infrastructure are presented, along with the different mechanisms that conform this infrastructure. A scenario is described to illustrate the application of the presen...

Software agents are a promising computing paradigm. Scientific community has devoted important efforts to this field [1]. Indeed, several important applications exist based on this technology. Despite of their benefits, the lack of the appropriate security mechanisms for agent based systems represents a barrier for the widespread use of this techno...

Research results from industry-academic collaborative projects in service-oriented computing describe practical, achievable solutions. Service-Oriented Applications and Architectures (SOAs) have captured the interest of industry as a way to support business-to-business interaction, and the SOA market grew by $4.9 billion in 2005. SOAs and in partic...

In this chapter we present an overview of the SERENITY approach. We describe the SERENITY model of secure and dependable applications and show how it addresses the challenge of developing, integrating and dynamically maintaining security and dependability mechanisms in open, dynamic, distributed and heterogeneous computing systems and in particular...

In order to satisfy the requests of SERENITY-aware applications, the SERENITY Runtime Framework’s main task is to perform pattern selection, to provide the application with the most suitable S&D Solution that satisfies the request. The result of this selection process depends on two main factors: the content of the S&D Library and the information s...

In this chapter we describe the potential of SERENITY in Ambient Intelligence (AmI) Ecosystems. As a proof of concept, we describe the implementation of a prototype based on the application of the SERENITY model (including processes, artefacts and tools) to an industrial AmI scenario. A complete description of this prototype, along with all Securit...

The SERENITY Runtime Framework (SRF) provides support for applications at runtime, by managing S&D Solutions and monitoring the systems’ context. The main functionality of the SRF, amongst others, is to provide S&D Solutions, by means of Executable Components, in response to applications security requirements. Runtime environment is defined in SRF...

Traditionally, security patterns have successfully been used to describe security and dependability. In the SERENITY Project the notion of security and dependability (S&D) pattern has been extended to exact specifications of re-usable security mechanisms for Ambient Intelligence (AmI) systems. These S&D Patterns include information on the security...

This chapter presents an infrastructure supporting the implementation of Executable Components (ECs). ECs represent S&D solutions at the implementation level, that is, by means of pieces of executable code. ECs are instantiated by the Serenity runtime Framework (SRF) as a result of requests coming from applications. The development of ECs requires...

AmI considerations lead us to argue that it is essential for Security and Dependability (S&D) mechanisms to be able to adapt themselves to renewable context conditions in order to be applied to the ever-changing AmI scenarios. The key for this dynamic adaptation relies on the ability to capture the expertise of S&D engineers in such a way that it c...

In this chapter we present the prospects of the SERENITY approach towards secure and dependable AmI ecosystems and identify issues for further research. We also describe the foreseen impact that the SERENITY model, processes, tools, and technologies can produce.

The agent paradigm can play an important role and can suit the needs of many applications in new emerging Ambient Intelligence scenarios. Unfortunately the lack of security is hindering the application of this technology in real world applications. The problem known as malicious hosts is considered the most difficult to solve in mobile agent. Ther...

Agent-based computing represents a promising paradigm for distributed computing. Unfortunately the lack of security is hindering the application of this paradigm in real world applications. We focus on a new agent migration protocol that takes advantage of TPM technology. The protocol has been validated using AVISPA model checking toolsuite. In ord...

After a first phase of great activity in the field of multi-agent systems, researchers seemed to loose interest in the paradigm, mainly due to the lack of scenarios where the highly distributed nature of these systems could be appropriate. However, recent computing models such as ubiquitous computing and ambient intelligence have introduced the nee...

Mobile agents are processes that can migrate autonomously from new hosts. Despite of the huge number of fields of application of this technology, a lack in the security exists. The main approach of this work is based on the provision of a secure execution environment for mobile agents. Our approach is based on the idea of the trusted migration. Thi...

Traditionally, security patterns have successfully been used to describe security and dependability (S&D) solutions, making them available to system engineers not being security experts. Recently, in the SERENITY research project, the notion of S&D pattern was extended to exact specifications of re-usable S&D mechanisms for Ambient Intelligence (Am...

Ambient intelligence (AmI) refers to an environment that is sensitive, responsive, interconnected, contextualized, transparent, intelligent, and acting on behalf of humans. AmI environments impose some constraints in the connectivity framework, power computing as well as energy budget. This makes of AmI a significantly different case within distrib...

Agent-based computing represents a promising paradigm for distributed computing. Unfortunately the lack of security is hindering the application of this paradigm in real world applications. The protection of malicious hosts is considered the most difficult security problem to solve in mobile agent systems. In this paper we provide a mechanism that...

Current practices for developing secure systems are still closer to art than to an engineering discipline. Security is still treated too frequently as an add-on and is therefore not integrated into IT systems development practices and tools. Experienced security artisans continue to be the key for achieving acceptable levels of security in IT syste...

This paper describes the SERENITY infrastructure for the maintenance and evolution of dynamically provided security and dependability (S&D) solutions. The main characteristics of the infrastructure are presented, along with the different mechanisms that conform this infrastructure. A scenario is described to illustrate the application of the presen...

In this chapter we present IMPRESS, a tool-supported integrated framework for security-aware software engineering, supported by automated transformations and validations. IMPRESS is based on semantic description mechanisms and formal methods resulted from the research in the SERENITY Project, and it centres on the precise description of reusable se...

The vision of Ambient Intelligence (AmI) depict scenarios where people are surrounded by intelligent and intuitive interfaces embedded in everyday objects, integrated in an environment recognising and responding transparently to the presence of individuals. The realisation of this vision involves challenges for both software and hardware elements....

Recognizing that information from different sources refers to the same (real world) entity is a crucial challenge in instance-level information integration, as it is a pre-requisite for combining the information about one entity from different sources. The required entity matching is time consuming and thus imposes a crucial limit for large-scale,...

Mobile agents are software entities consisting of code and data that can migrate autonomously from host to host executing their code. Despite its benefits, security issues strongly restrict the use of code mobility. The protection of mobile agents against the attacks of malicious hosts is considered the most difficult security problem to solve in m...

Ambient Intelligence (AmI) refers to an environment that is sensitive, responsive, interconnected, contextualized, transparent, intelligent, and acting on behalf of humans. This environment is coupled with ubiquity of computing devices that enables it to transparently sense context changes, to react accordingly, and even to take the initiative towa...

In this paper, we examine the special requirements of lifecycle management for entities in the context of an entity management system for the semantic web. We study the requirements with respect to creating and modifying these entities, as well as to managing their evolution over time. Furthermore, we present the issues arising from the access cont...

Current number of Ambient Intelligent systems is growning steadlily in last years. Moreover, several fields Such as domotic and remote teaching are practical applications of AmI. These are some systems that interact with different ones, that is the reason of "AmI Ecosystem" term is used. An AmI Ecosystem is defined as the environment in which users...

OKKAM project aims at enabling a web of entities by pro- viding an infrastructure of decentralized online repositories, each owned by either a public or a private organization. A repository is designed to handle a large number of entries (as the Web identities are) where creators of entries are end-users. In this paper we present a semantic approac...

One of the most interesting paradigms of Ambient Intelligence is that networks of pervasive intelligent interfaces recognize our presence and mould our environment to our immediate needs. In this paper, we present an example of how an access control model such as XACML adapts its functionality at runtime to new and unforeseen requirements. In previ...

With the increasing number of mobile terminals, the development of applications that will provide new dedicated services by taking advantage of the technology is an effective challenge. The combination of such terminals communicating with each other in a peertopeer and dynamically self organized manner is referred to as a Mobile Ad Hoc NETwork, MAN...

Due to the nature of ubiquitous environments there is a strong relation between them and auto-configurable systems. In ubiquitous computing environments, devices interact with the context performing an auto-configuration of system settings. The main idea presented in this paper is the use of profiles as an important key to provide auto configurabil...

The EuroTRUSTAmI workshop was organised by the Serenity, a European integrated project dedicated to “system engineering for Security and dependability” with the help of an Advisory Committee1, and with the active participation and involvement of 27 other IST European research projects and platforms2 funded by the European Union in the context of th...