aniketos trust bus_sept_2012
DESCRIPTION
9th International Conference on Trust, Privacy & Security in Digital Business http://www.ds.unipi.gr/trustbus12/TRANSCRIPT
Miguel Ponce de Leon, Richard Sanders, Per Hakon Meland, Marina Egea, and Zeta Dooly
http://aniketos.eu
Presented by Dmitri Botvich
Aniketos: Challenges and Results
4th – 6th of September 2012
TrustBus, Vienna, Austria
TrustBus 5th Sept 2012 2
Contents
Background Project overview
Objective, facts, partners
Challenges we are facing and what we can do about them…
Box image by ba1969: http://www.sxc.hu/photo/1301543
TrustBus 5th Sept 2012
Aniketos Project The main objective of Aniketos is to help establish
and maintain trustworthiness and secure behaviour in a dynamically changing environment of composite services. Methods, tool support and security services to support
design-time creation and run-time (re-)composition of dynamic services
Notifications about threats and changes Socio-technical evaluations for acceptance and effective
security ICT FP7 Objective 1.4: Secure, dependable and
trusted infrastructures Started August 2010 running until February 2014 See http://aniketos.eu
3
TrustBus 5th Sept 2012
Compose Service Case Studies
Photo by Joe Lipson, CC license
SESAR
Future telecom services
eGovernance: Land buying
Air traffic service pool
4
TrustBus 5th Sept 2012
Aniketos Consortium
Athens Technology Center SA Atos Origin DAEM S.A. DeepBlue SELEX ELSAG (ex Elsag Datamat) Italtel Liverpool John Moores University National Research Council of Italy SAP SEARCH Lab Ltd Stiftelsen SINTEF Tecnalia Research & Innovation Thales University of Salzburg University of Trento Waterford Institute of Technology Wind Telecomunicazioni S.p.A.
5
TrustBus 5th Sept 2012
Composite Security
Not just enforcing single security property on all services Distributed services from multiple providers Difficulty knowing if a policy is violated or not Service providers agree to fulfil a customer’s
policy Need to know whether their service can fulfil it Need to decide whether this is the case Need tools to determine security properties
based on composition
6
TrustBus 5th Sept 2012
Composite Trust
Services require not just security, but also trust Service provider claims to fulfil a security policy How can a service consumer trust this? Need tools for quantification of
trustworthiness and verification
Composite services introduce Composite trust Chains of trust Requirements on careful attribution
Who’s trustworthiness rating should be affected if something goes wrong?
7
TrustBus 5th Sept 2012
Aniketos Remedies for Composite Security and Trust
Express security and trustworthiness requirements through graphical modelling
Generation of security SLA templates Discovery, matching and planning Provide design-time and runtime modules for evaluating
and monitoring security and trustworthiness between service stakeholders
Subscription-based notifications and alerts (“early-warning”)
8
TrustBus 5th Sept 2012
Key Results
Requirements and Architectural Approach. The requirements and architectural approach provides the context
of the Aniketos platform. D1.2 First Aniketos architecture and requirements specification.
Define, Establish and Maintain Trust. The project has described models and methodologies for
establishing and maintaining trust for services. D2.1 Models and Methodologies for Embedding and Monitoring
Trust in Services.
9 / 27
TrustBus 5th Sept 2012
Key Results
Secure Composition of Dynamic Services Producing software and algorithms that support design time and
run-time secure service composition. D3.1 Design-Time Support Techniques for Secure Composition
and Adaptation
Response to Changes and Threats The project has described tools that affect the satisfaction of the
security and trustworthiness requirements, detect and observe changes or threats at run-time and notifies corresponding components when there is a change of the threat level.
D4.1 Methods and design for the response to changes and threats.
10 / 27
TrustBus 5th Sept 2012
Summary of Security and Trust Challenges for the Future Internet
Services made up of other services Service composition may not be obvious externally Services provided by multiple providers Service components change; trust information
may not be available Widespread adoption means security must
be clear for non-technical users
11
Padlock image from arinas74: http://www.sxc.hu/photo/1056349