1 / 14

Aljosa Pasic Atos Origin

Aljosa Pasic Atos Origin. Security, Dependability and Trust in Service Infrastructures. Index. Service Oriented World Where is the problem? Examples Security dimensions in Service Oriented World ESFORS and NESSI Research topics Conclusion. Service Oriented World.

Download Presentation

Aljosa Pasic Atos Origin

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Aljosa Pasic Atos Origin Security, Dependability and Trust in Service Infrastructures

  2. Index • Service Oriented World • Where is the problem? • Examples • Security dimensions in Service Oriented World • ESFORS and NESSI • Research topics • Conclusion

  3. Service Oriented World Applications will need to utilise shared and co-owned services out of different domains of control that require to obey separate security policies and ask for diverse security and dependability qualities

  4. Coming problems • For industry: Demand for Secure software is much higher than available security expertise • For research/technology: New complex scenarios (e.g. ambient intelligence) introduce security issues not addressed by conventional engineering processes • For market consultants: Security properties difficult to measure and it is also difficult to evaluate their “compositional effects” • For users: Security segmentation and market definitions are blurring: “service infrastructure” covers network infrastructure, perimeter, desktop, server and application security • For auditors and lawyers: Who is accountable and liable for what? • For society: Trust becomes a “key enabler” for service provision and use • For everyone: How much should we spend on security?

  5. Example: Secure “Crossroads” Hi, I am a software service Hi, I am a really naughty crossroad Cross - Platform , Cross - device , Cross - domain , Cross - Protocol…

  6. Example: Secure “Crossroads” Platform A, Credentials B… “Factor 5“ Access and identity Shared understanding Platform B, Credentials A… Domain C, policy C Dynamic Adaptation S2M security Device A, Protocol B …,

  7. Secure Services Security as a service Securing Services Security Dimensions in Service Infrastructures

  8. ESFORS NWG TSD ESFORS and NESSI WG TSD • European Security Forum for Web Services, ESFORS • European Technology Platform: Networked European Software & service Initiative , NESSI NESSI SB SC

  9. Objectives • Address the security and dependability requirements, challenges and priorities of emerging service oriented software applications • Bridge two communities: the software engineering (services, GRID) community and the security community • Support the NESSI vision and respond to security challenges • Address long-term research on trust, security and dependability in software and services

  10. NESSI TSD in SRA Vol3. • Widespread and large-scale deployment of Privacy Enhancing Technologies (PETs) • Strong identity management • Security mechanisms for service • Trust & dependability management and assurance • Trusted certification tools for services • Openness as a foundation for systems security • Holistic Management of Trust • Engineering security throughout the whole lifecycle of Service oriented systems • Security of the human-computer interface ______________________________________ 10. Inherently Stable and Safe Architectures (together with SOI NWG)

  11. Current activity within research topic groups • Security mechanisms for services • Trust and dependability • Trust analysis, management and monitoring • Dependability assessment and monitoring • Security and Dependability engineering • Dependable architectures • Identity considerations • Multidisciplinary and integrated approach to TSD • Security of the human-computer interface • Privacy considerations • Certification, auditing and assurance • Openness as a foundation for systems security

  12. Scenario A Scenario B Scenario C Decrease Gap … Handle complexity More sec. knowledge Dynamic & ad-hoc More trusted relations Context dependent More Trusted components Cross-x Mapping challenges, scenarios and research topics User involvement Perception and psychology Social mechanisms Decision Making Economics of security

  13. Conclusions • It is not “business as usual”: we need many stakeholders in order to deal with trust, security and dependability in service oriented software applications • We have the responsibility to build secure software & services that MATCH people´s expectations and notions of trust (and also “trust just a little bit”). • Long-term research on trust, security and dependability in software and services should address components, mechanisms and processes, not all of them have technical nature • A large group of interested parties already started with the discussions within NESSI WG • Join us for the networking session 23/11, room 207 at 11:00

  14. Contact for more information Aljosa Pasic aljosa.pasic@atosorigin.com Trust, Dependability and Security cannot be “bolted on”, it should be “woven in”.

More Related