Auflistung nach Autor:in "Talamo, Maurizio"
1 - 10 von 19
Treffer pro Seite
Sortieroptionen
- KonferenzbeitragAligning ABAC policies with information security policies using controlled vocabulary(2016) Kuhlisch, Raik; Bittins, SörenAttribute-based Access Control (ABAC) policies are based on mutually processable policy attributes. Assigned permissions in such policies need to be reflected or combined with organisational constraints. Best practice in information security dictates having the operational need to access a particular information artifact independent from the function of the specific application systems. Consequently, any policy regulating the behaviour towards information access must adhere to a minimum degree of mutual semantic expressiveness to be combined and processed with the matching ABAC policy. We show how to detect policy attribute conflicts between ABAC policies and information access policies by means of controlled vocabulary and Semantic Web technologies.
- KonferenzbeitragAn eid mechanism built along privacy by design principles using secure elements, pseudonyms and attributes(2016) Pinkas, DenisThis eID mechanism has been built taking into consideration Privacy by Design principles. It uses some of the basic principles of the FIDO model (Fast Identification On-line) adding certain constraints and extending the model to push user attributes. It allows a user to open an anonymous account on a server using a random pseudonym and then to push one or more attributes contained in an access token that has been obtained from an Attribute Issuer. In order to prevent the forwarding of an access token between collaborative users, a Secure Element must be used. That Secure Element shall conform to specific requirements, e.g. defined using a Protection Profile. This eID mechanism will be worldwide usable as soon as the providers of such Secure Elements publish information that can verify the genuineness of these secure elements.
- KonferenzbeitragAn interdisciplinary approach to develop secure, usable and economically successful software(2016) Hofer, Janina; Sellung, RachelleSome argue that software developers of security solutions often neglect the importance of incorporating usability and socio-economic aspects and focus more on security and privacy aspects. However, it can be observed that many solutions are not accepted by both the users and the market, even though they are technically sophisticated. This work-in-progress paper proposes an interdisciplinary approach and a prospective supportive tool that guides the developer through the process, which is referred to as the Wizard. It consists of selected, carefully analyzed and edited methods and standards from the fields of (a) Usability and User Experience, (b) Socioeconomics, and (c) IT-Security and other disciplines. The Wizard proactively recommends various methods according to the status of the development and assists in their selection and application.
- KonferenzbeitragArchitecture for controlled credential issuance enhanced with single sign-on (ACCESSO)(2016) Nemmert, Daniel; Hühnlein, Detlef; Wich, Tobias; Hühnlein, TinaAs more than half of the EU Member States already have rolled out electronic identity cards (eIDs) [Le13], it seems to be a rewarding approach to investigate whether and how eIDs may be used for the purpose of controlling the log-on process for operating systems and similar local access control facilities. While this paper shows that all currently rolled out eIDs may be used for such access control purposes, our investigation also reveals that for some types of eIDs it is significantly harder to support this kind of use case.
- KonferenzbeitragChallenging eID \& eIDAS at University Management(2016) Strack, Hermann; Wefel, SandroBased on national eID solutions for university scenarios, in this paper eIDAS extensions will be discussed, with benefits and Challenges (from eID to eIDAS)
- KonferenzbeitragEthical data handling - beyond risk and compliance(2016) Wilton, RobinWe can all think of instances where we find that data about us has been used in a way that we find surprising, unwelcome, or even harmful. The more our lives are conducted on, or through, online services, the more potential there is for this to happen, and the greater our dependence on the behaviour of other entities over whom we may have little or no control. In that context, how can we optimise the outcomes for ourselves, as individuals, citizens and consumers?
- KonferenzbeitragFuturetrust - future trust services for trustworthy global transactions(2016) Hühnlein, Detlef; Frosch, Tilman; Schwenk, Joerg; Piswanger, Carl-Markus; Sel, Marc; Hühnlein, Tina; Wich, Tobias; Nemmert, Daniel; Lottes, René; Somorovsky, Juraj; Mladenov, Vladislav; Condovici, Cristina; Leitold, Herbert; Stalla-Bourdillon, Sophie; Tsakalakis, Niko; Eichholz, Jan; Kamm, Frank-Michael; Kühne, Andreas; Wabisch, Damian; Dean, Roger; Shamah, Jon; Kapanadze, Mikheil; Ponte, Nuno; Martins, Jose; Portela, Renato; Karabat, Çağatay; Stojičić, Snežana; Nedeljkovic, Slobodan; Bouckaert, Vincent; Defays, Alexandre; Anderson, Bruce; Jonas, Michael; Hermanns, Christina; Schubert, Thomas; Wegener, Dirk; Sazonov, AlexanderAgainst the background of the regulation 2014/910/EU [EU1] on electronic identification (eID) and trusted services for electronic transactions in the internal market (eIDAS), the FutureTrust project, which is funded within the EU Framework Programme for Research and Innovation (Horizon 2020) under Grant Agreement No. 700542, aims at supporting the practical implementation of the regulation in Europe and beyond. For this purpose, the FutureTrust project will address the need for globally interoperable solutions through basic research with respect to the foundations of trust and trustworthiness, actively support the standardisation process in relevant areas, and provide Open Source software components and trustworthy services which will ease the use of eID and electronic signature technology in real world applications. The FutureTrust project will extend the existing European Trust Service Status List (TSL) infrastructure towards a “Global Trust List”, develop a comprehensive Open Source Validation Service as well as a scalable Preservation Service for electronic signatures and seals. Furthermore it will provide components for the eID-based application for qualified certificates across borders, and for the trustworthy creation of remote signatures and seals in a mobile environment. The present contribution provides an overview of the FutureTrust project and invites further stakeholders to actively participate as associated partners and contribute to the development of future trust services for trustworthy global transactions.
- KonferenzbeitragIdentity mining vs identity discovering: a new approach(2016) Caruso, Costantina; Dimitri, Andrea; Mecella, MassimoThe economy of an advanced country is, every day more, based on complex information systems and interconnected networks that made its cyberspace. Security in this cyberspace is an essential requirement. In Italy a national lab for Italian government has been constituted. In this framework identity and identity management systems has been studied. The depicted scenario defines new open questions and new challenges. In this paper we propose to deal with identity management in complex systems using analytical tools coming from anomaly detection for big data.
- KonferenzbeitragLightest - A lightweight infrastructure for global heterogeneous trust management(2016) Bruegger, Bud P.; Lipp, PeterLIGHTest is a project that is partially funded by the European Commission as an Innovation Action as part of the Horizon2020 program under grant agreement number 700321. LIGHTest`s objective is to create a Lightweight Infrastructure for Global Heterogeneous Trust management in support of an open Ecosystem of Stakeholders and Trust schemes. We show supported scenarios, motivate the necessity for global trust management and discuss related work. Then we present how LIGHTest addresses the challenges of global trust management, its reference architecture and the pilot applications.
- KonferenzbeitragNon-technical challenges of building ecosystems for trustable smart assistants in the Internet of things: A socioeconomic and legal perspective(2016) Kubach, Michael; Görwitz, Caterina; Hornung, GerritIn this position paper, we present non-technical challenges that arise while building ecosystems for trustable smart assistants in the Internet of Things. Such non-technical challenges are often neglected in the development process of information systems, even though they are important elements for their success. Only if the assistants are technically effective and fit into the non-technical framework conditions of their application area (e.g. the market structure, stakeholder, liability, and data-protection requirements), they will be able to become successful innovations. We will support this argument in our position paper, focusing on the socioeconomic and legal perspective.