140 likes | 262 Views
Aljosa Pasic Atos Origin. Security, Dependability and Trust in Service Infrastructures. Index. Service Oriented World Where is the problem? Examples Security dimensions in Service Oriented World ESFORS and NESSI Research topics Conclusion. Service Oriented World.
E N D
Aljosa Pasic Atos Origin Security, Dependability and Trust in Service Infrastructures
Index • Service Oriented World • Where is the problem? • Examples • Security dimensions in Service Oriented World • ESFORS and NESSI • Research topics • Conclusion
Service Oriented World Applications will need to utilise shared and co-owned services out of different domains of control that require to obey separate security policies and ask for diverse security and dependability qualities
Coming problems • For industry: Demand for Secure software is much higher than available security expertise • For research/technology: New complex scenarios (e.g. ambient intelligence) introduce security issues not addressed by conventional engineering processes • For market consultants: Security properties difficult to measure and it is also difficult to evaluate their “compositional effects” • For users: Security segmentation and market definitions are blurring: “service infrastructure” covers network infrastructure, perimeter, desktop, server and application security • For auditors and lawyers: Who is accountable and liable for what? • For society: Trust becomes a “key enabler” for service provision and use • For everyone: How much should we spend on security?
Example: Secure “Crossroads” Hi, I am a software service Hi, I am a really naughty crossroad Cross - Platform , Cross - device , Cross - domain , Cross - Protocol…
Example: Secure “Crossroads” Platform A, Credentials B… “Factor 5“ Access and identity Shared understanding Platform B, Credentials A… Domain C, policy C Dynamic Adaptation S2M security Device A, Protocol B …,
Secure Services Security as a service Securing Services Security Dimensions in Service Infrastructures
ESFORS NWG TSD ESFORS and NESSI WG TSD • European Security Forum for Web Services, ESFORS • European Technology Platform: Networked European Software & service Initiative , NESSI NESSI SB SC
Objectives • Address the security and dependability requirements, challenges and priorities of emerging service oriented software applications • Bridge two communities: the software engineering (services, GRID) community and the security community • Support the NESSI vision and respond to security challenges • Address long-term research on trust, security and dependability in software and services
NESSI TSD in SRA Vol3. • Widespread and large-scale deployment of Privacy Enhancing Technologies (PETs) • Strong identity management • Security mechanisms for service • Trust & dependability management and assurance • Trusted certification tools for services • Openness as a foundation for systems security • Holistic Management of Trust • Engineering security throughout the whole lifecycle of Service oriented systems • Security of the human-computer interface ______________________________________ 10. Inherently Stable and Safe Architectures (together with SOI NWG)
Current activity within research topic groups • Security mechanisms for services • Trust and dependability • Trust analysis, management and monitoring • Dependability assessment and monitoring • Security and Dependability engineering • Dependable architectures • Identity considerations • Multidisciplinary and integrated approach to TSD • Security of the human-computer interface • Privacy considerations • Certification, auditing and assurance • Openness as a foundation for systems security
Scenario A Scenario B Scenario C Decrease Gap … Handle complexity More sec. knowledge Dynamic & ad-hoc More trusted relations Context dependent More Trusted components Cross-x Mapping challenges, scenarios and research topics User involvement Perception and psychology Social mechanisms Decision Making Economics of security
Conclusions • It is not “business as usual”: we need many stakeholders in order to deal with trust, security and dependability in service oriented software applications • We have the responsibility to build secure software & services that MATCH people´s expectations and notions of trust (and also “trust just a little bit”). • Long-term research on trust, security and dependability in software and services should address components, mechanisms and processes, not all of them have technical nature • A large group of interested parties already started with the discussions within NESSI WG • Join us for the networking session 23/11, room 207 at 11:00
Contact for more information Aljosa Pasic aljosa.pasic@atosorigin.com Trust, Dependability and Security cannot be “bolted on”, it should be “woven in”.