Conference Paper
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

Multi-party and multi-layer nature of 5G networks implies the inherent distribution of management and orchestration decisions across multiple entities. Therefore, responsibility for management decisions concerning end-to-end services become blurred if no efficient liability and accountability mechanism is used. In this paper, we present the design, building blocks and challenges of a Liability-Aware Security Management (LASM) system for 5G. We describe how existing security concepts such as manifests and Security-by-Contract, root cause analysis, remote attestation, proof of transit, and trust and reputation models can be composed and enhanced to take risk and responsibilities into account for security and liability management.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... • Integration of trusted nodes into distributed learning settings: The distributed nature of intelligence in 6G calls for an integrated operation of disparate parties for smart infrastructure. This is also due to the multi-party and multidomain structure of softwarized and service-based architecture inherited from 5G networks and extended further [186]. However, trustworthiness for AI/ML agents is a not trivial attribute and may impair the intelligence performance in 6G networks. ...
Article
Full-text available
While 5G is at the early deployment state around the globe, the research and industrial communities have already started concentrating their efforts on formulating the overall 6G vision comprising requirements, key enabling technologies, performance indicators, and applications. Following the trend, it is evident that 6G will emerge as highly softwarized and open networks allowing the participation of multiple stakeholders. This undoubtedly will make 6G more flexible, agile, autonomous, intelligent, and cost-efficient networks. However, the programmability and openness will make 6G networks more prone to issues like security, privacy, traceability, interoperability, auditability, resource manageability, spectrum efficiency, and 3D mobility. To address these issues, a deep integration of blockchain technology with 6G networks is foreseen. Thus, we aim to put together blockchain and 6G under a magnifying lens to gain a comprehensive understanding of the role of blockchain in the 6G ecosystem. We begin by providing an overview of the envisioned 6G networks and blockchain technology. Next, we present a high-level view of the role of blockchain for 6G trends and requirements. Following that, we conduct an in-depth study on how the blockchain can provide a secure, transparent, and decentralized underpinning to various technical aspects and use cases of 6G. Thereafter, we discuss the deployment challenges to be faced while integrating blockchain in 6G and the possible solutions. Finally, future research directions are expounded to set the floor for further advancements in the blockchainized 6G.
... Another recent use of the MUD standard in 5G technology has been proposed by the authors in [150], in relation to the 5G slicing concept where several logical networks are deployed on the top of the same infrastructure and each 5G slice is optimized to fulfill certain objectives imposed by the specific use case. In a multi-party and multi-layer 5G architecture, the definition of liabilities and responsibilities in case of a security breach may be complex to manage, but they are still essential to support confidence between parties and compliance with regulation. ...
Article
Full-text available
With the strong development of the Internet of Things (IoT), the definition of IoT devices’ intended behavior is key for an effective detection of potential cybersecurity attacks and threats in an increasingly connected environment. In 2019, the Manufacturer Usage Description (MUD) was standardized within the IETF as a data model and architecture for defining, obtaining and deploying MUD files, which describe the network behavioral profiles of IoT devices. While it has attracted a strong interest from academia, industry, and Standards Developing Organizations (SDOs), MUD is not yet widely deployed in real-world scenarios. In this work, we analyze the current research landscape around this standard, and describe some of the main challenges to be considered in the coming years to foster its adoption and deployment. Based on the literature analysis and our own experience in this area, we further describe potential research directions exploiting the MUD standard to encourage the development of secure IoT-enabled scenarios.
... Liabilities and responses between cooperating actors may be unclear. [76] These factors may lead to information leakage or open up side-channels to systems of federating party. ...
Article
Full-text available
The forthcoming communication networks for public safety authorities rely on the fifth generation (5G) of mobile networking technologies. Police officers, paramedics, border guards, as well as fire and rescue personnel, will connect through commercial operator’s access network and rapidly deployable tactical bubbles. This transition from closed and dedicated infrastructure to hybrid architecture will expand the threat surface and expose mission-critical applications and sensitive information to cyber and physical adversaries. We explore and survey security architecture and enablers for prioritized public safety communication in 5G networks. We identify security threat scenarios and analyze enabling vulnerabilities, threat actors, attacks vectors, as well as risk levels. Security enablers are surveyed for tactical access and core networks, commercial infrastructure, and mission-critical applications, starting from push-to-talk and group video communication and leading to situational-awareness and remote-controlled systems. Two solutions are trialed and described in more detail: remote attestation enhanced access control for constrained devices, and securing of satellite backhauls. We also discuss future research directions highlighting the need for enablers to automate security of rapid deployments, for military-grade cost-effective customizations of commercial network services to ensure robustness, and for hardening of various types of public safety equipment.
... It will develop an integrated security management architecture using relevant frameworks, ZSM paradigm, Trusted Execution Environment (TEE), and address the key security challenges of vertical applications such as connected mobility, smart energy and aerial networks. Moreover, it will integrate trustworthiness and liability into the developed security approach for a holistic architecture [173]. ...
Article
Full-text available
Although the fifth generation (5G) wireless networks are yet to be fully investigated, the visionaries of the 6th generation (6G) echo systems have already come into the discussion. Therefore, in order to consolidate and solidify the security and privacy in 6G networks, we survey how security may impact the envisioned 6G wireless systems, possible challenges with different 6G technologies, and the potential solutions. We provide our vision on 6G security and security key performance indicators (KPIs) with the tentative threat landscape based on the foreseen 6G network architecture. Moreover, we discuss the security and privacy challenges that may encounter with the available 6G requirements and potential 6G applications. We also give the reader some insights into the standardization efforts and research-level projects relevant to 6G security. In particular, we discuss the security considerations with 6G enabling technologies such as distributed ledger technology (DLT), physical layer security, distributed AI/ML, visible light communication (VLC), THz, and quantum computing. All in all, this work intends to provide enlightening guidance for the subsequent research of 6G security and privacy at this initial phase of vision towards reality.
... The manifest uses MUD for the control of the components. These components can be enhanced to take proper responsibilities of liability and security management systems [157]. ...
Article
Full-text available
This paper presents an overview of device identification techniques and the Manufacturer Usage Description (MUD) standard used for the Internet of things to reduce the IoT attack surface. The ongoing diversity and the sheer increase in the number of connected IoT devices have crumpled security efforts. There is a need to reconsider and redesign the underlying concept of developing security systems to resolve IoT security challenges. In this backdrop, device profiling and identification have emerged as an exciting technique that helps to reduce IoT device attack surface. One of the known approaches for device identification is to fingerprint a device. There are many ways to fingerprint the device, mostly using device network flows or device local attributes. The device identification ensures the authenticity of the device attached to the network, like user authentication. Since IoT devices mostly work using machine-to-machine (M2M) communication, this requires identifying each device properly. But there is no unified approach for device identification for the ever-growing world of IoT devices and applications. One of the major steps forward in this direction is the development of the Manufacturer Usage Description (MUD) standard that defines the role of a device within the network. It limits the device to execute the primary task only, which will help to reduce the attack surface. Since the inception of MUD, many security frameworks use this standard for IoT security. However, there is a need to scrutinize the security frameworks based on the MUD, to find out the claimed effectiveness of the standard in IoT security. This paper initially identifies and classifies the potential vulnerabilities in IoT devices. Then, the study provides an overview of the research that focuses on device identification techniques and analyzes their role in IoT security. Finally, the research presents an overview of MUD technology, its implementation scenarios, the limitation of the latest MUD standard, and its applications in the industry. The prime aim of this work is to examine the MUD benefits in IoT security along with the weaknesses and challenges while implementing this standard along with future directions.
Article
Full-text available
Cybersecurity is one of the biggest challenges in the Internet of Things (IoT) domain, as well as one of its most embarrassing failures. As a matter of fact, nowadays IoT devices still exhibit various shortcomings. For example, they lack secure default configurations and sufficient security configurability. They also lack rich behavioural descriptions, failing to list provided and required services. To answer this problem, we envision a future where IoT devices carry behavioural contracts and Fog nodes store network policies. One requirement is that contract consistency must be easy to prove. Moreover, contracts must be easy to verify against network policies. In this paper, we propose to combine the security-by-contract (S × C) paradigm with Fog computing to secure IoT devices. Following our previous work, first we formally define the pillars of our proposal. Then, by means of a running case study, we show that we can model communication flows and prevent information leaks. Last, we show that our contribution enables a holistic approach to IoT security, and that it can also prevent unexpected chains of events.
Chapter
Full-text available
We discuss the limits of current agent organizations, and the benefits of introducing an explicit account of responsibility and accountability. We, then, illustrate how through such notions it is possible to design both organization specifications and organization entities, that are guaranteed to properly distribute responsibilities, that is, not only to own but also to connect the needed, distributed control over the goal so as to enable its achievement.
Article
Full-text available
Although software-defined networks have seen a sharp increase in their deployment around the world, with big tech companies including Microsoft and Google, to name a few, tapping into the enormous potential that these networks offer, there are still various security loopholes that need to be plugged. One such security-related issues is that of a rogue controller bringing down an entire network. As we shall see in this paper, this problem is still short of any definitive solutions, especially when it comes to distributed software-defined networks. We attempt to resolve this issue by developing a centrally managed trust and reputation scheme. By proactively comparing the policies/flow rules that need to be installed in the switches with those that are actually installed, our scheme singles out a malicious controller. We have evaluated the scheme for scalability, message overhead, and for bad-mouthing attacks. Our results suggest that using trust and reputation system can greatly enhance the network security in this scenario as demonstrated by rigorous evaluations in Emulab network emulation testbed.
Conference Paper
Full-text available
Software Defined Networks (SDNs) is a new network paradigm and is gaining significant attention in recent years. However, security remains a great challenge, though several improvements have been proposed. A key security challenge is the lack of trust between the SDN controller and the applications running atop the control plane. SDN controller can easily be attacked if these applications are malicious or compromised by an attacker to control the entire network or even result in network failure since it represents a single point of failure in the SDN. Though trust mechanisms to verify network devices exist, mechanisms to verify management applications are still not well developed. Therefore, this paper proposes a unique direct trust establishment framework between an OpenFlow-based SDN controller and the applications. The objective is to ensure that SDN controller is protected and multitude of applications that regularly consume network resources are always trusted throughout their lifetime. Additionally, the paper introduced the concept of trust access matrix and application identity to ensure efficient control of network resources. Based on its operation, if this proposed trust model is adopted in the OpenFlow architecture, it could go a long way to improve the security of the SDN and protect the controller.
Article
Full-text available
Trust and reputation are concepts that have been traditionally studied in domains such as electronic markets, e-commerce, game theory and bibliomet- rics, among others. More recently, researchers started to investigate the benefits of using these concepts in multi-robot domains: when one robot has to decide if it should cooperate with another one to accomplish a task, should the trust in the other be taken into account? This paper proposes the use of a trust model to define when one agent can take an action that depends on other agents of his team. To implement this idea, a Heuristic Multiagent Rein- forcement Learning algorithm is modified to take into account the trust in the other agents, before se- lecting an action that depends on them. Simulations were made in a robot soccer domain, which extends a very well known one proposed by Littman by ex- panding its size, the number of agents and by us- ing heterogeneous agents. Based on the results it is possible to show the performance of a team of agents can be improved even when using very sim- ple trust models.
Conference Paper
Full-text available
ABSTRACT The classical approach to access control of Web Services is to present a number,of credentials for the access to a ser- vice and possibly negotiate their disclosure using a suitable negotiation protocol and a policy to protect them. In practice a “Web Service” is not really a single service but rather a set of services that can be accessed only through a suitable conversation. Further, in real-life we are often willing to trade the disclosure of personal attributes (fre- quent flyer number, car plate or AAA membership etc.) in change of additional services and only in a particular order. In this paper we propose a novel negotiation framework where services, needed credentials, and behavioral constraints on the disclosure of privileges are bundled together and that clients and servers have a hierarchy of preferences among the different bundles. While the protocol supports arbitrary negotiation strate- gies we sketch two concrete strategies (one for the client and one for the service provider) that make,it possible to successfully complete a negotiation when dealing with a co- operative partner and to resist attacks by malicious agent to ”vacuum-clean” the preference policy of the honest par- ticipant. Categories and Subject Descriptors K.6.5 [Management of Computing and Information Systems]: Security and Protection; H.3.5 [Information Storage and Retrieval]: On-line Information Services— Web-based services, Commercial services; I.2.11 [Artificial Intelligence]: Distributed Artificial Intelligence—Multia-
Conference Paper
Full-text available
Power distribution constitutes a critical service for our economy. To foreseen electricity overload and risks of power blackout according to external perturbations such as the weather, the temperature or the barometric pressure in real time is a crucial challenge. In order to face those problems, research tends to involve consumers in the utilization of the electricity based on weather conditions. Our previous works had proposed an agent based architecture to support this alert mechanism. The architecture exploited a static assignment of functions to agents. That static assignment was a weak point because isolating an agent or breaking the communication channel between two of them created serious damage on the crisis management. In this paper, we complete our previous works and make dynamic the assignment of functions mobile for agents. Our approach exploits the concept of agent responsibility that we dynamically assigned to the agent taking into consideration the agent's reputation.
Conference Paper
Full-text available
This paper concerns the applicability of reputations systems for assessing Quality of Experience (QoE) for web services in the Future Internet. Reputation systems provide mechanisms to manage subjective opinions in societies and yield a general scoring of a particular behavior. Thus, they are likely to become an important ingredient of the Future Internet. Parameters under evaluation by a reputation system may vary greatly and, particularly, may be chosen to assess the users’ satisfaction with (composite) web services. Currently, this satisfaction is usually expressed by QoE, which represents subjective users’ opinions. The goal of this paper is to present a novel framework of web services where a reputation system is incorporated for tracking and predicting of users’ satisfaction. This approach is a beneficial tool which enables providers to facilitate service adaptation according to users’ expectations and maintain QoE at a satisfactory level. Presented reputation systems operate in an environment of composite services that integrate client and server-side. This approach is highly suitable for effective QoE differentiating and maximizing user experience for specific customer profiles as even the service and network resources are shared.
Article
Full-text available
Security-by-contract (SxC) is a paradigm providing security assurances for mobile applications. In this work, we present an extension of SxC enriched with an automatic trust management infrastructure. Indeed, we enhance the already existing architecture by adding new modules and configurations for contracts managing. At deploy-time, our system decides the run-time configuration depending on the credentials of the contract provider. Roughy, the run-time environment can both enforce a security policy and monitor the declared contract. According to the actual behaviour of the running program our architecture updates the trust level associated with the contract provider. The main advantage of this method is an automatic management of the level of trust of software and contract releasers
Conference Paper
Full-text available
Future pervasive environments will be characterised by pervasive client downloads: new (untrusted) clients will be dynamically downloaded in order to exploit the computational power of the nomadic devices to make a better use of the services available in the environment. To address the challenges of this paradigm we propose the notion of security-by-contract (SxC), as in programming-by-contract, based on the notion of a mobile contract that a pervasive download carries with itself. It describes the relevant security features of the application and the relevant security interactions with its nomadic host. In this paper we describe the layered security architecture of the SxC paradigm for pervasive security, the threats and mitigation strategies of security services and sketch some interaction modalities of the security services layer.
Article
In 1999 the United States Congress passed the Y2K Act, a major—but temporary— effort at reshaping American tort law. The Act strictly limited the scope and applicability of lawsuits related to liability for the Year 2000 Problem. This paper excavates the process that led to the Act, including its unlikely signature by President Clinton. The history presented here is based on a reconsideration of the Y2K crisis as a major episode in the history of computing. The Act, and the Y2K crisis more broadly, expose the complex interconnections of software, code, and law at the end of the 20th century, and, taken seriously, argue for the appreciation of the role of liability in the history of technology.
Article
Over the recent years, computational trust and reputation models have become an invaluable method to improve computer-computer and human-computer interaction. As a result, a considerable amount of research has been published trying to solve open problems and improving existing models. This survey will bring additional structure into the already conducted research on both topics. After recapitulating the major underlying concepts, a new integrated review and analysis scheme for reputation and trust models is put forward. Using highly recognized review papers in this domain as a basis, this article will also introduce additional evaluation metrics to account for characteristics so far unstudied. A subsequent application of the new review schema on 40 top recent publications in this scientific field revealed interesting insights. While the area of computational trust and reputation models is still a very active research branch, the analysis carried out here was able to show that some aspects have already started to converge, whereas others are still subject to vivid discussions.
Article
The Internet of Things (IoT) contains a diverse set of sensors, actuators and other Internet-connected devices communicating, processing data and performing a multitude of functions. It is emerging as an integral part of societal infrastructure enabling smart services. However, these connected objects might have various vulnerabilities that can lead to serious security compromises and breaches. Securing and hardening of IoT systems is thus of vital importance. In that regard, attack graphs provide analytical support to prevent multistep network attacks by showing all possible sequences of vulnerabilities and their interactions. Since attack graphs generally consist of a very large number of nodes, it is computationally challenging to analyze them for network hardening. In this paper, we propose a greedy algorithm using compact attack graphs to find a cost-effective solution to protect IoT systems. First, we extract all possible attack paths which reach predetermined critical resources embedded in the network. Then, exploit or initial condition with minimum effective cost is selected to be removed. This cost is calculated as a function of contribution to attack paths (the higher, the better) and removal cost (the lower, the better). This process continues iteratively until the total cost exceeds the allocated budget. The experimental results show that our algorithm scales almost linearly with the network size and it can be applied to large-scale graphs with a very large number of IoT nodes. In addition to network-hardening, our proposal measures the security level of the network in every step to demonstrate the vulnerability grade of the system.
We consider the Proactive Countermeasure Selection Problem (PCSP) for complex Information and Communication Technology (ICT) systems. Given 1) the Risk Assessment Graphs (RAGs), a set of digraphs, in which a node is either an access point which is the start point of an attacker, or an asset-vulnerability node to be secured; 2) a positive security threshold for each access point and each asset-vulnerability node; and 3) a set of countermeasures to deploy on the asset-vulnerability nodes, the PCSP consists in selecting the countermeasures placement with minimal cost, guaranteeing the security of all the most likely paths- from attackers point of view-between each access point and each asset-vulnerability node. We propose a bilevel programming model for the PCSP. We present two single-level reformulations of the bilevel program. The first formulation is a compact one, based on primal-dual optimality conditions. The second formulation is an extended one, employing an exponential number of path constraints. We propose a branch-and-cut algorithm to solve this formulation to optimality. Several series of experiments are conducted on random instances showing the efficiency of the branch-and-cut algorithm to solve the extended formulation. In addition, preliminary computational comparisons between the two formulations are discussed.
Article
ICT systems are becoming increasingly complex and dynamic. They mostly include a large number of heterogeneous and interconnected assets (both physically and logically), which may be in turn exposed to multiple security flaws and vulnerabilities. Moreover, dynamicity is becoming paramount in modern ICT systems, since new assets and device configurations may be constantly added, updated, and removed from the system, leading to new security flaws that were not even existing at design time. From a risk assessment perspective, this adds new challenges to the defenders, as they are required to maintain risks within an acceptable range, while the system itself may be constantly evolving, sometimes in an unpredictable way. This paper introduces a new risk assessment framework that is aimed to address these specific challenges and that advances the state of the art along two distinct directions. First, we introduce the risk assessment graphs (RAGs), which provide a model and formalism that enable to characterize the system and its encountered risks. Nodes in the RAG represent each asset and its associated vulnerability, while edges represent the risk propagation between two adjacent nodes. Risk propagations in the graph are determined through two different metrics, namely the accessibility and potentiality, both formulated as a function of time and respectively capture the topology of the system and its risk exposure, as well as the way they evolve over time. Second, we introduce a quantitative risk assessment approach that leverages the RAGs in order to compute all possible attack paths in the system and to further infer their induced risks. Our approach achieves both flexibility and generality requirements and applies to a wide set of applications. In this paper, we demonstrate its usage in the context of a software-defined networking (SDN) testbed, and we conduct multiple experiments to evaluate the efficiency and scalability of our solution.
Article
The interplay between cloud and fog computing is crucial for the evolution of IoT, but the reach and specification of such interplay is an open problem. Meanwhile, the advances made in managing hyper-distributed infrastructures involving the cloud and the network edge are leading to the convergence of NFV and 5G, supported mainly by ETSI's MANO architecture. This article argues that fog computing will become part of that convergence, and introduces an open and converged architecture based on MANO that offers uniform management of IoT services spanning the continuum from the cloud to the edge. More specifically, we created the first YANG models for fog nodes, for IoT services involving cloud, network, and/or fog, and expanded the concept of "orchestrated assurance" to provision carrier-grade service assurance in IoT. The article also discusses the application of our model in a flagship pilot in the city of Barcelona.
Conference Paper
The SDN paradigm allows networks to be dynamically reconfigurable by network applications. SDN is also of particular interest for NFV which deals with the virtualization of network functions. The network programmability offered by SDN presents then various advantages but it also induces various threats regarding potential attacks on the network. For instance, there is a critical risk that a hacker takes over the network control by exploiting this SDN network programmability (e.g., using the SDN API or tampering a network application running on the SDN controller). This paper proposes then an approach to deal with this possible lack of trust in the SDN controller or in their applications. This approach consists in not relying on a single controller but on several ‘redundant’ controllers that may also run in different execution environments. The network configuration requests coming from these controllers are then compared and, if deemed sufficiently consistent and then trustable, they are actually sent to the network. This approach has been implemented in an intermediary layer (based on a network hypervisor) inserted between the network equipments and the controllers. Experimentations have been performed showing the feasibility of the approach and providing some first evaluations of its impact on the network and the services.
Conference Paper
In this paper, we propose a multi-layer self-diagnosis framework for networking services within SDN and NFV environments. The framework encompasses three main contributions: 1) the definition of multi-layered templates to identify what to supervise while taking into account the physical, logical, virtual and service layers. These templates are also finer-granular, extendable and machine-readable; 2) a self-modeling module that takes as input these templates, instantiates them and generates on-the-fly the diagnosis model that includes the physical, logical, and the virtual dependencies of networking services; 3) a service-aware root-cause analysis module that takes into account the networking services' views and their underlying network resources observations within the aforementioned layers. We also present extensive simulations to prove the fully automated, finer granularity and reduced uncertainty of the root cause of networking services failures and their underlying network resources.
Conference Paper
Maintaining security and privacy in the Cloud is a complex task. The task is made even more challenging as the number of vulnerabilities associated with the cloud infrastructure and applications are increasing very rapidly. Understanding the security service level agreements (SSLAs) and privacy policies offered by service and infrastructure providers is critical for consumers to assess the risks of the Cloud before they consider migrating their IT operations to the Cloud. To address these concerns relative to the assessment of security and privacy risks of the Cloud, we have developed ontologies for representing security SLAs (SSLA) in this paper. Our ontologies for SSLAs can be used to understand the security agreements of a provider, to negotiate desired security levels, and to audit the compliance of a provider with respect to federal regulations (such as HIPAA).
Article
Network virtualization is a promising concept to diversify the Future Internet architecture into separate Virtual Networks (VN) that can co-exist over a shared substrate network. To take full advantage of this paradigm this paper proposed a distributed trust model of VNs or services provided by VNs based on the Bayesian Network. The trust model is carried out by the trust model engine (TME) which develops a naïve Bayesian Network for each VN and collects the evaluation information submitted by the users after interactions with VNs to maintain a responding conditional probability table (CPT) for the trust valuation. Due to the large number of VNs or services, TMEs should be deployed in different domains to reduce the complexity of computation. In addition, the old trust value should be taken into account when updating the new trust value. This can be achieved by introducing a longevity factor which controls the rate at which old evaluations are aged and discounted as a function of time. The experimental results of the model show that the model with longevity factor is more desirable.
Article
How trust establishes and sustains relationship has been widely studied in the fields of social science, economics, business and management. It has been suggested that trust helps to reinforce individuals’ affirmative willingness, confidence, expectation, belief, behavior and to overcome risk/uncertainty. However, trust building has been considered as impossibility due to the divergent interests of the contracting parties. As such, implementing trust in construction contracting has gained limited progress. This study aims to first conceptualize trust in construction by categorizing trust types according to their development bases. Based on a review on previous studies on trust, three major types of trust are identified; system-based, cognition-based and affect-based. To enhance trust-building, these trust conceptions were further reduced to trusting behaviors. In this respect, a trust framework in construction contracting was developed and tested empirically by the technique of structural equation modeling. The correlations of these three forms of trust in construction contracting are significant and close, with the coefficients of 0.99, 0.97 and 0.94 for cognition-based, system-based and affect-based, respectively. These support the statistical fit of the proposed trust framework in construction contracting. The empirical results suggested that all three forms are of almost equal importance in trust building. This reinforces the conventional wise down that trust building is easy to say than do. The three facets of trust co-exist and in factual are mutually dependent. A system is only as good as its weakest point, hence a trust building project manager must be able to install robust system, care for the stakeholders and team members. The trust framework thus enhances our outstanding how trust building can be practiced in construction contracting.
Article
Modern software is infested with flaws having information security aspects. Pervasive computing has made us and our society vulnerable. However, software developers do not fully comprehend what is at stake when faulty software is produced and flaws causing security vulnerabilites are discovered. To address this problem, the main actors involved with software vulnerability processes and the relevant roles inside these groups are identified. This categorisation is illustrated through a fictional case study, which is scrutinised in the light of ethical codes of professional software engineers and common principles of responsibility attribution. The focus of our analysis is on the acute handling of discovered vulnerabilities in software, including reporting, correcting and disclosing these vulnerabilities. We recognise a need for guidelines and mechanisms to facilitate further improvement in resolving processes leading to and in handling software vulnerabilities. In the spirit of disclosive ethics we call for further studies of the complex issues involved.
Conference Paper
The cost evaluation for attacks and/or responses (further called security incidents) in an IT system is a challenging issue. The high rate of service dependencies increases this challenge as the impact on a target service often spreads to its dependent services. This paper evaluates the effect of security incidents using service dependency graphs. It defines security- related properties which are used to propagate impacts in a dependency graph and thus to quantify the real cost of a security incident. The graph-based model described in this paper manages Confidentiality (C), Integrity (I) and Availability (A) propagations. It introduces matrix dependency weights in order to correlate these propagations. It also examines the effect of availability on both C and / propagations as these may exist only when the underlying components are available. This model provides common metrics for both attack and response costs evaluation. It thus enables balancing attack and response costs. An implementation of this model is proposed using CVSS base vectors. The performance of the model is measured according to the graph size and the rate of dependencies in this graph.
Article
Policies are derived from management goals and define the desired behavior of distributed heterogeneous systems, applications, and networks. To apply and deal with this idea, a number of concepts have been defined. Numerous policy definitions, policy hierarchies and policy models have evolved which are all very different, as they were developed from diverse points of view and without a common policy classification. This paper presents and structures the characteristics of policies by introducing a general classification for policies and showing how this classification leads to and aids in the specification of policies. Furthermore, we outline the ideas of a policy life cycle, and that of policy transformation. Policy transformation is a refinement process with conflict resolution which converts policies to become applicable within a management system using management services, such as systems management functions, distributed services, etc. The paper further looks at aspects to be considered when defining policy templates and concludes with a number of open issues still to be looked at in this field of management policies.
How increasing the confidence in the eSIM ecosystem is essential for its adoption
  • C Gaber
  • J.-L Grimault
  • C Loiseaux
  • M Hajj
  • L Coureau
  • J.-P Wary
Risk quantification - Management Diagnosis and Hedging
  • L Condamin
  • J.-P Louisot
  • P Naïm
SUIT CBOR manifest serialisation format (draft)
  • B Moran
  • H Tschofenig
  • H Birkholz
The legal and political battles of Y2K
  • D Mulvin
RFC 8520 - Manufacturer Usage Description Specification
  • E Lear
  • R Droms
  • D Romascanu
Outsourcing incentive and penalty best practices
  • W Maurer
  • R Matlus
  • K Parikh
RFC 8520 - Manufacturer Usage Description Specification
  • lear
SUIT CBOR manifest serialisation format (draft)
  • moran
Outsourcing incentive and penalty best practices
  • maurer