Organised by Effectsplus in coordination with the Trust and Security Unit of DG INFSO, this event is a European conference on Cyber Security and Privacy.
The CSP EU Forum 2012 aims to strengthen the links between policies, industry and research in order that we can more effectively meet the needs for trust and security in our networked information society. CSP EU Forum will serve as a venue for learning about state-of-the-art in security and privacy research, and EU Research and Innovation strategies going into 2012 and beyond, giving delegates the opportunity to network with experts in the field. We will facilitate this learning experience by providing Tutorials, Workshops, Demonstrations and panel discussions over two days. The high-level plenary session will be an opportunity to hear perspectives and challenges from a wide range of leading technology experts.
Aniketos will together with ASSERT4SOA and NESSoS organize a half-day clustering workshop at this event within the topic areas Security Contracts, Security Certification, Service-Oriented Architecture and Web Services:
Future software systems will be very different from their counterparts today, due to wider adoption of the Software-as-a-Service (SaaS) paradigm coupled with the use of wireless and mobile technologies. We envision a largely virtualized ICT infrastructure hosting applications dynamically built by composing loosely coupled services. Moving from today’s static services, we will see service consumers that transparently mix and match service components depending on service availability, quality, price and security attributes.
In this scenario, it will be of paramount importance to represent in a machine–readable format the assurance level of service compositions, expressing non-functional properties like security, privacy, and reliability. Contracts are cornerstones of any compositional framework, but current solutions focus mostly on availability and secure message exchange. Developing security SLAs that make it possible to express a wider range of security and trustworthiness requirements will be needed. In this way services will be able to expose offered security contracts and can be composed by using them. Solving this problem is a prerequisite for negotiating and certifying assurance levels at run time. However, it requires careful re-thinking of all software development lifecycle phases, from requirements to testing and verification to operational issues. Current assurance and certification schemes do not provide a way to evaluate the security assurance level of a service composition in the context where (and at the time when) it will be actually executed. There is also a need for mechanisms for ensuring that contracts are fulfilled at both design-time and run-time, as we expect that there will be changes to both individual services and compositions from time to time. There is a wide range of security requirements that can be expressed in a contract, but finding an appropriate abstraction layer, a set of essential requirements, a representation for both humans and machines and mechanisms that are able to work with this content are shared topics between several on-going research projects.
This clustering workshop aims to share ideas and experiences between relevant projects and other interested parties, and align outreach activities in order to achieve a higher impact on the technological standardization and development in Europe and abroad.
Stay informed on our latest news!
Only for users who has an user and a password sent by the administrator.