networked european software & services initiative future research challenges in dependability -...
TRANSCRIPT
NETWORKED EUROPEAN SOFTWARE & SERVICESINITIATIVE
Future research challenges in dependability -
an industrial perspective from NESSI
Aljosa PasicAtos Origin sae
IARIA workshop
12/12/2007CISTRANA workshop
2
Agenda
■ The need■ The answer■ The process■ The overview■ The challenges
12/12/2007CISTRANA workshop
3
Service Oriented World
Applications will need to utilise shared and co-owned services out of different domains of control that require to
obey separate security policies and ask for diverse security and dependability qualities
12/12/2007CISTRANA workshop
4
Coming problems
For industry: Demand for Secure software is much higher than available security expertise
For research/technology: New complex scenarios (e.g. ambient intelligence) introduce security issues not addressed by conventional engineering processes
For market consultants: Security properties difficult to measure and it is also difficult to evaluate their “compositional effects”
For users: Security segmentation and market definitions are blurring: “service infrastructure” covers network infrastructure, perimeter, desktop, server and application security
For auditors and lawyers: Who is accountable and liable for what?
For society: Trust becomes a “key enabler” for service provision and use
For everyone: How much should we spend on security?
12/12/2007CISTRANA workshop
5
NESSI WG TSD
NESSI
SC SB
NWG TSD
European Technology Platform: Networked European Software & service Initiative , NESSI
12/12/2007CISTRANA workshop
6
Objectives
Address the security and dependability requirements, challenges and priorities of emerging service oriented software applications
Bridge two communities: the software engineering (services, GRID) community and the security community
Support the NESSI vision and respond to security-related NESSI challenges
Address long-term research on trust, security and dependability in software and services
12/12/2007CISTRANA workshop
7
Mapping challenges, concepts and research topics
Development environment
Operational environment
Business dynamics
Decrease Gap
between TSD need
& TSD availability
Security patterns
(FP6 – Serenity)
Trusted computing
(FP6 - Open TC)
Trusted VO
(FP6 – TrustCom)
Handle
complexityRuntime monitoring
(FP6 – Sensoria)
Simulation & modeling
(FP6-Deserec)
Cross-domain scalability
(FP6-GRIDTrust)
Improve TSD Decision Making
Privacy level based(FP6 – Prime)
Risk based
(FP6 – Fastmatch)
Proof based (FP6 – Mobius)
12/12/2007CISTRANA workshop
8
What should it be?
• Dynamic
• Adaptable• Composable• Measurable• Predictive• Scalable• Persuasive• Open• Trustworthy• Interoperable
Approaches, properties and
research challenges
• In TSD engineering and modelling • In TSD control and management• In TSD level assurance
12/12/2007CISTRANA workshop
9
Engineeringtools
“Sys
tem
” P
latf
orm
Service consumers
Infrastructure
ConsumerAdaptation
AbstractedInfrastructure
Service
Composition
BPM view
Ser
vice
Pla
tfo
rm
NEXOF layered Functional View
NativeServices
ExternalServices
InteractionServices
End userInterface
RequirementsCapture
ContextHandling
Mapping users perspectives to business/Integration
Infrastructure and DataAbstraction
DataManagement
ResourcesManagement
KnowledgeModelling
Mo
nit
ori
ng
ServiceModelling
SVNModeling
InfrastructureModelling
SBS/SBAModelling
FormalLanguages
ContextModelling
offered asservices
BusinessProcess Execution
InformationServices
ServiceCommunication
ServiceDiscovery
Mediation SLANegotiation
SVN Lifecycle
Management
ServiceCoordination
IntegrationServices
Reasoning
ServiceExecution
LifecycleManagement
ServiceRegistration
BusinessProcessModeling
SLA@SOI
SOA4ALL
RESERVOIR
MASTER
EzWeb
12/12/2007CISTRANA workshop
10
WG subtopics
1. Privacy in services and service oriented architectures
2. Identity manamgement and identity as a service
3. Security policy langauges and mechanisms for services
4. Trust analysis, managment and monitoring
5. End-to-End (E2E) verification of trust, security, and dependability properties
6. Security and resilience engineering for services
7. Security of the Human Computer Interface
8. Dependable architectures
9. Scalable security
10. Security for event-based infrastructures
12/12/2007CISTRANA workshop
11
Enabling the next wave of [email protected]
NETWORKED EUROPEAN SOFTWARE & SERVICE INITIATIVE