IT convergence security

A recent emerging issue in information technology is the convergence of different kinds of applications. Convergence brings a user-centric environment to provide computing and communication services. In order to realize IT advantages, it requires the integration of security and data management to be suitable for pervasive computing environments. Security convergence refers to the convergence of two historically distinct security functions—physical security and information security—within enterprises; both are integral parts of any coherent risk management program. In this special issue, we have discussed current IT-Converged security issues, security policy and new security services which will lead to successful transfer smart space which is a new paradigm of future.     

Cloud Computing: Distributed Internet Computing for IT and Scientific Research

Cloud computing is a disruptive technology with profound implications not only for Internet services but also for the IT sector as a whole. Its emergence promises to streamline the on-demand provisioning of software, hardware, and data as a service, achieving economies of scale in IT solutions' deployment and operation. This issue's articles tackle topics including architecture and management of cloud computing infrastructures, SaaS and IaaS applications, discovery of services and data in cloud computing infrastructures, and cross-platform interoperability. Still, several outstanding issues exist, particularly related to SLAs, security and privacy, and power efficiency. Other open issues include ownership, data transfer bottlenecks, performance unpredictability, reliability, and software licensing issues. Finally, hosted applications' business models must show a clear pathway to monetizing cloud computing. Several companies have already built Internet consumer services such as search, social networking, Web email, and online commerce that use cloud computing infrastructure. Above all, cloud computing's still unknown "killer application" will determine many of the challenges and the solutions we must develop to make this technology work in practice.     

International participation. The continuing march toward security and privacy

To create a future with improved prospects for dealing with security and privacy, nations will have to reach agreement on many issues, including Banking and financial services; privacy laws related to sensitive data such as healthcare information; intellectual property (IP) rights, their reasonable protection, and the significant challenge of achieving international agreement on an enforceable set of common standards; cybercrime laws and penalties for breaking them and new networking technologies that adversely impact privacy, the subtleties of which might not be fully appreciated until a product is well entrenched. Many of these issues have been around since the onset of literacy, but the challenge of dealing with them has grown enormously in the information age owing to the speed, storage capacity, intelligence, and ubiquity of modern IT (and its inherent vulnerabilities).     

Managing information privacy: developing a context for security and privacy standards convergence

Information privacy is much broader than data security. It's about the collection, processing, use, and protection of personal information. Essentially, business processes, IT systems, and compliance controls must support the full set of requirements embodied in these principles and expressed in relevant laws and policies. Implementation choices, including automation level and security control selection, become business and business-risk decisions. To institute such principles, businesses should understand the critical need for policy-driven security and privacy compliance in developing the right business processes and overall technical architecture.     

Model-based services convergence and multi-clouds integration

With the development of cloud computing, IT users (individuals, enterprises and even public services providers) are transferring their jobs or businesses to public online services provided by professional information service companies. These information service companies provide applications as public resources to support the business operation of their customers. However, no cloud computing service vendor (CCSV) can satisfy the full functional information system requirements of its customers. As a result, its customers often have to simultaneously use services distributed in different clouds and do some connectivity jobs manually. Services convergence and multi-clouds integration will lead to new business models and trigger new integration technologies that provide solutions to satisfy IT users’ complicated requirements. This paper firstly reviews the development of cloud computing from business and technical viewpoints and then discusses requirements and challenges of services convergence and multi-clouds integrations. Thirdly, a model based architecture of multi-clouds integration is provided. Business logic modelling for cross-organizational collaboration, service modelling and operation modelling methods with relative model mapping technology are discussed in detail. Some key enabling technologies are also developed. At last, case studies are presented to illustrate the implementation of the technologies developed in the paper.     

Building better government IT: understanding community beliefs and attitudes toward smart card technologies

Government smart cards have promised substantial improvements in public services delivery, yet they often seem to encounter great public suspicion, distrust and hostility. Very few contemporary studies have addressed the issue of understanding the actual beliefs and attitudes toward such initiatives. In this study, we investigate the beliefs and attitudes surrounding the ill-fated Australian Government's Health and Social Services Smart Card. We apply a proven electronic business theory model to address the research question: what are the general beliefs and attitudes of the Australian community and industry toward the introduction and use of the smart card? The study uses a composite concept mapping and content analysis technique to reveal that information security, personal privacy and the spectre of a national identification card engender serious community concerns over the proposed introduction of the smart card. The article brings further empirical understanding of the use of public smart cards, while highlighting the importance of political transparency, broad ranging community consultations, and sound technical design in electronic government projects.     

Secure provision of patient-centered health information technology services in public networks—leveraging security and privacy features provided by the German nationwide health information technology infrastructure

Patient-centered health information technology services (PHS) provide personalized electronic health services to patients. Since provision of PHS entails handling sensitive medical information, a special focus on information security and privacy aspects is required. We present information security and privacy requirements for PHS and examine how security features of large-scale, inter-organizational health information technology networks, like the German health information technology infrastructure (HTI), can be used for ensuring information security and privacy of PHS. Moreover, we illustrate additional security measures that complement the HTI security measures and introduce a guideline for provision of PHS while ensuring information security and privacy. Our elaborations lead to the conclusion that security features of health information technology networks can be used to create a solid foundation for protecting information security and privacy in patient-centered health information technology services offered in public networks like the Internet.     

基于Spark的油田应用日志行为分析系统

随着油田信息化建设的不断发展,越来越多的IT业务系统在油田各级单位普及应用.由于油田应用数量庞大、种类复杂,如何快速评估各类系统的运行情况和安全状况成为油田关注的重要问题.在使用这些应用系统的同时,一些访问信息会以日志的形式储存下来,因此通过分析日志数据可以挖掘出用户访问喜好,发觉业务系统潜在的安全问题,进而为油田应用评估提供决策依据.然而随着IT业务访问量剧增,应用日志的数量、容量也随之增加,仅依靠单机环境对海量数据进行分析已经无法满足油田业务需求.针对这个问题本文提出了基于Spark计算框架的应用日志行为分析方法,同时设计了可视化平台完成对整个分析系统的管理.     

Security architecture for virtual organizations of business web services

Virtual organizations (VO) temporarily aggregate resources of different domains to achieve a common goal. Web services are being positioned as the technological framework for achieving this aggregation in the context of cross-organizational business applications. Numerous architectures have been proposed for securing VOs, mostly for scientific research, such that they do not address all the requirements of business-oriented applications. This paper describes these additional requirements and proposes a novel architecture and approach to managing VO access control policies. Business users can focus on designing business processes, exposing web services and managing their VO partnerships, while the architecture supports and secures the web service interactions involved.     

Banking in the Internet and mobile era

Large parts of today's banking business are based on the application of information technology (IT). This applies to advisory at the customer frontend to and internal operations in banks to the electronic stock exchanges and transaction networks. To position the five contributions in the special issue on ??Banking in the Internet and Mobile Era??, this editorial suggests a framework that structures the application areas of IT in the banking industry. It recognizes IT as the enabler for all four tiers of the banking value chain and highlights the specific role of the regulatory environment in this industry. The special issue emphasizes the transformation of the banking industry towards more customer-orientation as well as the role of Internet and mobile technologies to change established channels and banking services.     

Towards the automatic and optimal selection of risk treatments for business processes using a constraint programming approach

ContextThe use of Business Process Management Systems (BPMS) has emerged in the IT arena for the automation of business processes. In the majority of cases, the issue of security is overlooked by default in these systems, and hence the potential cost and consequences of the materialization of threats could produce catastrophic loss for organizations. Therefore, the early selection of security controls that mitigate risks is a real and important necessity. Nevertheless, there exists an enormous range of IT security controls and their configuration is a human, manual, time-consuming and error-prone task. Furthermore, configurations are carried out separately from the organization perspective and involve many security stakeholders. This separation makes difficult to ensure the effectiveness of the configuration with regard to organizational requirements.ObjectiveIn this paper, we strive to provide security stakeholders with automated tools for the optimal selection of IT security configurations in accordance with a range of business process scenarios and organizational multi-criteria.MethodAn approach based on feature model analysis and constraint programming techniques is presented, which enable the automated analysis and selection of optimal security configurations.ResultsA catalogue of feature models is determined by analyzing typical IT security controls for BPMSs for the enforcement of the standard goals of security: integrity, confidentiality, availability, authorization, and authentication. These feature models have been implemented through constraint programs, and Constraint Programming techniques based on optimized and non-optimized searches are used to automate the selection and generation of configurations. In order to compare the results of the determination of configuration a comparative analysis is given.ConclusionIn this paper, we present innovative tools based on feature models, Constraint Programming and multi-objective techniques that enable the agile, adaptable and automatic selection and generation of security configurations in accordance with the needs of the organization.     

Self-Service Business Intelligence Resulting in Disruptive Technology

Self-Service Business Intelligence (BI) requires a much greater consideration of the knowledge workers or reporting and analytics users' point of view than in traditional reporting. In order to meet the reporting and analytics users' needs, much greater interaction with the BI users was required because the awareness that those doing the development frequently did not share the reporting and analytics users' perspective or even understand it. The purpose of this Self-Service Business Intelligence effort was to provide customers with a window into available business data, so they can easily manipulate their data to answer business questions. This effort explores some of the disruptive technology available to empower a significantly more information-capable customer. In providing Self-Service Business Intelligence, a significant amount of cost savings can be achieved through better communication between business and information technology (IT) individuals, reducing the required development staff in IT, and increasing agility of the enterprise by using the agreed upon Semantic definition of terms and making the business data more accessible.     

ANSWER: AutoNomouS netWorked sEnsoR system

Sensor networks are expected to evolve into long-lived, open, ubiquitous, multi-purpose networked systems. We propose a new concept called AutoNomouS netWorked sEnsoR system (ANSWER) whose mission is to provide in situ users with real-time, secure information that enhances their situational and location awareness. To the best of our knowledge, solutions that accomplish this goal do not yet exist. ANSWER finds immediate applications to both overt and covert operations ranging from tactical battlefield surveillance to crisis management and homeland security. The architectural model of ANSWER is composed of a large number of sensors and of a set of (mobile) aggregation-and-forwarding nodes that organize and manage the sensors in their vicinity. In this paper we present the main features that enable ANSWER to effectively and efficiently provide secure, QoS-aware information services to in situ mobile users; namely, secure dynamic task-based networking and in-network storage to support application-level tasks and queries (each specified with desired QoS and security attributes), while hiding network-level details; and a model-based methodology exploiting QoS and security trade-offs for smart AFN mobility subject to application and network requirements and constraints. This new concept is in sharp departure from the prevalent view in NSS design that networking is independent of the task(s) at hand and information processing and storage are, primarily, the responsibility of remote entities.     

Smart devices and spaces for pervasive computing

Applications and services for pervasive computing have been dramatically grown and have contributed extensively to our daily experiences in recent years. Smart systems, devices, and spaces are proactive for ubiquitous and pervasive computing. Smart information technology (IT) is also an outcome of the state of the art and novel mobile and ubiquitous computing technologies that include highly capable handheld device, pervasive and personal device, etc. This special issue will be a trigger for further related research and technology improvements in pervasive and ubiquitous computing using smart devices and services. This special issue called for original papers describing the latest developments, trends, and solutions of smart devices and spaces for pervasive computing including real-time operating systems (OS), tiny OS and middleware supports, mobile system performance, trustworthy Internet and communications, agents and mobile and pervasive services, among others. In particular, this special issue focuses on a remote control and media-sharing system, flash storage-based smart system, heterogeneous mobile OS, and prediction and auto-execution system for pervasive computing.     

社交网络中的安全隐私问题研究

社交网络作为人类在互联网上传播信息、进行社会交流活动的平台,引发了广泛的应用和关注。然而,安全和隐私问题的不断出现,已经开始制约社会网络的健康持续发展。本文从保密性、完整性、可用性等三个方面分析了社交网络的安全需求,并进一步讨论了几家知名社交网站的安全性,最后给出了解决安全问题几个途径。我们希望引起政策制定者、网络服务提供商、用户以及学术研究者对社交网络安全隐私问题的重视,从而使社交网络向更好方向发展。     

Transaction pseudonyms in mobile environments

Network Operators start to offer formerly hidden services such as location service, messaging services and presence services. This fosters the development of a new class of innovative context aware applications that are operated by third party application providers. However, without the implementation of proper privacy protection mechanisms, location and presence information, that is processed by third party application providers, may also imply severe risks to users. If no privacy protection is foreseen, the user’s identity could be used maliciously which renders such applications dangerous. To protect the user’s sensitive data such as location information we propose a novel service architecture which fosters the development of innovative applications that brings together internet applications with telco services. An underlying privacy enhancing mechanism that is based on the notion of pseudonyms allows even untrusted third party application providers to access sensitive data provided by telco services such as location, presence or messaging services. Due to their high security, pseudonyms guarantee that the user’s identity is kept secret towards the untrusted application providers. Due to its low computational complexity this pseudonym generation scheme can also be implemented on devices such as mobile phones and digital assistants with only little computational power and restricted memory capabilities. To illustrate our approach, we demonstrate a transportation ticket application that implements the proposed service architecture. This application allows the use of transportation tickets which are extended by the location-tracking functionality. Similar to the well known paper based transportation tickets our solution supports anonymity of users even if the ticket application “knows” the location of the holder. Oliver Jorns is a researcher at the Telecommunications Research Center in Vienna and is also a Lecturer at the University of Vienna. Oliver Jung is employed as a Senior Researcher at the Telecommunications Research Center Vienna. He is also member of ISO/IEC JTC1 SC27 (IT security techniques). Gerald Quirchmayr is Professor at the Institute for Computer Science and Business Informatics at the University of Vienna and since January 2005 he heads the Department of Distributed and Multimedia Systems, Faculty of Computer Science, at the University of Vienna.     

Change impact analysis in service-based business processes

In the service-oriented computing paradigm, business processes can be wrapped and exposed as business services. Business processes and services are subject to changes required by the organizational and regulatory policies changes. A required service change can affect its supporting business processes, and a change occurred in business process can affect the services it supports. In this study, we will provide some insights on the challenging issue in the service-based business process change management. Different from the existing work in the field of workflow change management, this work focuses on the analysis of dependencies between services and their supporting business processes. We present a taxonomy for the changes that can happen in services and business processes based on the proposed service-oriented business process model. A set of change impact patterns are defined based on the study of the dependencies between services and business processes and the identified change types. These change types and the impact patterns then can be used to analyze the necessary change propagation occurring in business processes and services. We provide algorithms for determining the impact scopes affected by the service and process change. A prototype that implements the proposed change management mechanisms is developed.     

Security and privacy challenges in open and dynamic environments

Information system security and privacy, once narrow topics primarily of interest to IS designers, have become critically important to society at large. The scope of associated challenges and applications is broadening accordingly, leading to new requirements and approaches. Information networks are evolving into more open and dynamic systems. Security and privacy enforcement is problematic in these systems due to the lack of a common understanding of requirements and information as well as user unpredictability. Shared ontologies, declarative policies, and trust models offer the most promising approaches to meet these challenges.     

智慧黄河三角洲框架技术研究

为强化物联网、大数据、人工智能等信息技术与黄河三角洲业务的深度融合,深入分析黄河三角洲业务智慧应用和信息化建设需求,提出智慧黄河三角洲总体建设思路和分期建设目标.设计建立智慧黄河三角洲的总体框架,并从监测感知、信息汇集、智能服务与分析支撑、业务智能应用、网络安全5个方面详细设计技术参考模型,实现黄河三角洲生态环境保护、...     

An iterative mathematical decision model for cloud migration: A cost and security risk approach

This paper presents an iterative mathematical decision model for organizations to evaluate whether to invest in establishing information technology (IT) infrastructure on‐premises or outsourcing IT services on a multicloud environment. This is because a single cloud cannot cover all types of users’ functional/nonfunctional requirements, in addition to several drawbacks such as resource limitation, vendor lock‐in, and prone to failure. On the other hand, multicloud brings several merits such as vendor lock‐in avoidance, system fault tolerance, cost reduction, and better quality of service. The biggest challenge is in selecting an optimal web service composition in the ever increasing multicloud market in which each provider has its own pricing schemes and delivers variation in the service security level. In this regard, we embed a module in the cloud broker to log service downtime and different attacks to measure the security risk. If security tenets, namely, security service level agreement, such as availability, integrity, and confidentiality for mission‐critical applications, are targeted by cybersecurity attacks, it causes disruption in business continuity, leading to financial losses or even business failure. To address this issue, our decision model extends the cost model by using the cost present value concept and the risk model by using the advanced mean failure cost concept, which are derived from the embedded module to quantify cloud competencies. Then, the cloud economic problem is transformed into a bioptimization problem, which minimizes cost and security risks simultaneously. To deal with the combinatorial problem, we extended a genetic algorithm to find a Pareto set of optimal solutions. To reach a concrete result and to illustrate the effectiveness of the decision model, we conducted different scenarios and a small‐to‐medium business IT development for a 5‐year investment as a case study. The result of different implementation shows that multicloud is a promising and reliable solution against IT on‐premises deployment.