NETWORKED EUROPEAN SOFTWARE & SERVICESINITIATIVE

Future research challenges in dependability -

an industrial perspective from NESSI

Aljosa PasicAtos Origin sae

IARIA workshop

12/12/2007CISTRANA workshop

2

Agenda

■ The need■ The answer■ The process■ The overview■ The challenges

12/12/2007CISTRANA workshop

3

Service Oriented World

Applications will need to utilise shared and co-owned services out of different domains of control that require to

obey separate security policies and ask for diverse security and dependability qualities

12/12/2007CISTRANA workshop

4

Coming problems

For industry: Demand for Secure software is much higher than available security expertise

For research/technology: New complex scenarios (e.g. ambient intelligence) introduce security issues not addressed by conventional engineering processes

For market consultants: Security properties difficult to measure and it is also difficult to evaluate their “compositional effects”

For users: Security segmentation and market definitions are blurring: “service infrastructure” covers network infrastructure, perimeter, desktop, server and application security

For auditors and lawyers: Who is accountable and liable for what?

For society: Trust becomes a “key enabler” for service provision and use

For everyone: How much should we spend on security?

12/12/2007CISTRANA workshop

5

NESSI WG TSD

NESSI

SC SB

NWG TSD

European Technology Platform: Networked European Software & service Initiative , NESSI

12/12/2007CISTRANA workshop

6

Objectives

Address the security and dependability requirements, challenges and priorities of emerging service oriented software applications

Bridge two communities: the software engineering (services, GRID) community and the security community

Support the NESSI vision and respond to security-related NESSI challenges

Address long-term research on trust, security and dependability in software and services

12/12/2007CISTRANA workshop

7

Mapping challenges, concepts and research topics

Development environment

Operational environment

Business dynamics

Decrease Gap

between TSD need

& TSD availability

Security patterns

(FP6 – Serenity)

Trusted computing

(FP6 - Open TC)

Trusted VO

(FP6 – TrustCom)

Handle

complexityRuntime monitoring

(FP6 – Sensoria)

Simulation & modeling

(FP6-Deserec)

Cross-domain scalability

(FP6-GRIDTrust)

Improve TSD Decision Making

Privacy level based(FP6 – Prime)

Risk based

(FP6 – Fastmatch)

Proof based (FP6 – Mobius)

12/12/2007CISTRANA workshop

8

What should it be?

• Dynamic

• Adaptable• Composable• Measurable• Predictive• Scalable• Persuasive• Open• Trustworthy• Interoperable

Approaches, properties and

research challenges

• In TSD engineering and modelling • In TSD control and management• In TSD level assurance

12/12/2007CISTRANA workshop

9

Engineeringtools

“Sys

tem

” P

latf

orm

Service consumers

Infrastructure

ConsumerAdaptation

AbstractedInfrastructure

Service

Composition

BPM view

Ser

vice

Pla

tfo

rm

NEXOF layered Functional View

NativeServices

ExternalServices

InteractionServices

End userInterface

RequirementsCapture

ContextHandling

Mapping users perspectives to business/Integration

Infrastructure and DataAbstraction

DataManagement

ResourcesManagement

KnowledgeModelling

Mo

nit

ori

ng

ServiceModelling

SVNModeling

InfrastructureModelling

SBS/SBAModelling

FormalLanguages

ContextModelling

offered asservices

BusinessProcess Execution

InformationServices

ServiceCommunication

ServiceDiscovery

Mediation SLANegotiation

SVN Lifecycle

Management

ServiceCoordination

IntegrationServices

Reasoning

ServiceExecution

LifecycleManagement

ServiceRegistration

BusinessProcessModeling

SLA@SOI

SOA4ALL

RESERVOIR

MASTER

EzWeb

12/12/2007CISTRANA workshop

10

WG subtopics

1. Privacy in services and service oriented architectures

2. Identity manamgement and identity as a service

3. Security policy langauges and mechanisms for services

4. Trust analysis, managment and monitoring

5. End-to-End (E2E) verification of trust, security, and dependability properties

6. Security and resilience engineering for services

7. Security of the Human Computer Interface

8. Dependable architectures

9. Scalable security

10. Security for event-based infrastructures

12/12/2007CISTRANA workshop

11

Enabling the next wave of servicesaljosa.pasic@atosorigin.com

NETWORKED EUROPEAN SOFTWARE & SERVICE INITIATIVE