Service selection is a key issue in the Future Internet, where applications are built by composing services and content offered by different service providers. Most existing service selection schemas only focus on QoS properties of services such as throughput, latency and response time, or on their trust and reputation level. By contrast, the risk of privacy breaches arising from the selection of component services whose privacy policy is not compliant with customers' privacy preferences is largely ignored. In this paper, we propose a novel privacy-preserving Web service composition and selection approach which (i) makes it possible to verify the compliance between users' privacy requirements and providers' privacy policies and (ii) ranks the composite Web services with respect to the privacy level they offer. We demonstrate our approach using a travel agency Web service as an example of service composition.
Trust is essential in the e-business world: to allow the cooperation needed in this setting, independent service providers have to trust each other and, also, end-users have to trust service providers. Trust Management, i.e. the process of establishing trust amongst the parties involved in a transaction, can be carried out using different approaches, methods and technologies. The end-user is an important party involved in this process. Trust Perception models attempt to understand the end-user’s point of view and the pattern he adopts to trust a service over the Internet. In this chapter the authors provide a state of the art for Trust Management in e-business. They review the most important Trust Management technologies and concepts including credentials and PKI, reputation, authorization and access control, trust policies, and trust languages. A conceptual map is presented clarifying the meaning and the links between different elements of a Trust Management system. Moreover, the authors discuss the end-user’s Trust Perception. The chapter presents a literature study on Trust Perception models and introduces the new model, able to list the trust signals the end-user considers to make trust decision. Examples of such signals can be the reputation of a website, the use of security protocols, the privacy policies adopted, and the look and feel of its user interface. Finally, the directions of future work are presented, and conclusions are drawn.
Classifying devices connected to an enterprise network is a fundamental security control that is nevertheless challenging due to the limitations of fingerprint-based classification and black-box machine learning. In this paper, we address such limitations by proposing a similarity-based clustering method. We evaluate our solution and compare it to a state-of-the-art fingerprint-based classification engine using data from 20,000 devices. The results show that we can successfully classify around half of the unclassified devices with a high accuracy. We also validate our approach with domain experts to demonstrate its usability in producing new fingerprinting rules.
Nowadays, the internal network communication of Industrial Control Systems (ICS) usually takes place in unencrypted form. This, however, seems to be bound to change in the future: as we write, encryption of network traffic is seriously being considered as a standard for future ICS. In this paper we take a critical look at the pro's and con's of traffic encryption in ICS. We come to the conclusion that encrypting this kind of network traffic may actually result in a reduction of the security and overall safety. As such, sensible versus non-sensible use of encryption needs to be carefully considered both in developing ICS standards and systems.
Service selection is a key issue in the Future Internet, where applications are built by composing services and content offered by different service providers. Most existing service selection schemas only focus on QoS properties of services such as throughput, latency and response time, or on their trust and reputation level. By contrast, the risk of privacy breaches arising from the selection of component services whose privacy policy is not compliant with customers’ privacy preferences is largely ignored. In this paper, the authors propose a novel privacy-preserving Web service composition and selection approach which (i) makes it possible to verify the compliance between users’ privacy requirements and providers’ privacy policies and (ii) ranks the composite Web services with respect to the privacy level they offer. The authors illustrate their approach using an eCommerce Web service as an example of service composition. Moreover, the authors present a possible Java-based implementation of the proposed approach and present an extension to WS-Policy standard to specify privacy related assertions.
Trust is an essential ingredient in our daily activities. The fact that these activities are increasingly carried out using the large number of available services on the Internet makes it necessary to understand how users perceive trust in the online environment. A wide body of literature concerning trust perception and ways to model it already exists. A trust perception model generally lists a set of factors influencing a person trusting another person, a computer, or a website. Different models define different set of factors, but a single unifying model, applicable to multiple scenarios in different settings, is still missing. Moreover, there are no conclusions on the importance each factor has on trust perception. In this paper, we review the existing literature and provide a general trust perception model, which is able to measure the trustworthiness of a website. Such a model takes into account a comprehensive set of trust factors, ranking them based on their importance, and can be easily adapted to different application domains. A user study has been used to determine the importance, or weight, of each factor. The results of the study show evidence that such weight differs from one application domain (e.g. e-banking or e-health) to another. We also demonstrate that the weight of certain factors is related to the users knowledge in the IT Security field. This paper constitutes a first step towards the ability to measure the trustworthiness of a website, helping developers to create more trustworthy websites, and users to make their trust decisions when using on-line services.
The disclosure of sensitive data to unauthorized entities is a critical issue for organizations. Timely detection of data leakage is crucial to reduce possible damages. Therefore, breaches should be detected as early as possible, e.g., when data are leaving the database. In this paper, we focus on data leakage detection by monitoring database activities. We present a framework that automatically learns normal user behavior, in terms of database activities, and detects anomalies as deviation from such behavior. In addition, our approach explicitly indicates the root cause of an anomaly. Finally, the framework assesses the severity of data leakages based on the sensitivity of the disclosed data.
An increasing number of business services for private companies and citizens are accomplished trough the web and mobile devices. Such a scenario is characterized by high dynamism and untrustworthiness, as a large number of applications exchange different kinds of data. This poses an urgent need for effective means in preserving data privacy. This paper proposes an approach, inspired to the front-end trust filter paradigm, to manage data privacy in a very flexible way. Preliminary experimentation suggests that the solution could be a promising path to follow for web-based transactions which will be very widespread in the next future.
