SlideShare a Scribd company logo

WM2SP16 Keynote: Current and Future challenge of Model and Modelling on Security and Privacy

Nobukazu Yoshioka
Nobukazu Yoshioka

My talk includes current models and modelling on Security and Privacy: Conceptual Models such as SIG, Common Criteria, STIX, SCPM, UML based models such as Misusecase, UMLsec, secureUML, and GORE models such as SecureTropos, i*/Tropos, KAOS etc. Additionally, research challenges on the Security and Privacy Model and Modelling are discussed. Operation on Models on Security and Privacy with consistency Hybrid Models on Security and Privacy Big data and Machine Learning on Security and Privacy Modelling

Software
1 of 54
Download to read offline
Copyright 2016 GRACE Center All Rights Reserved. Current and Future challenge of Model and Modelling on Security and Privacy Nobukazu Yoshioka, National Institute of Informatics 14th November 2016 the 1st Workshop International Workshop for Models and Modelling on Security and Privacy (WM2SP-16) @Gifu
2 Copyright 2016 GRACE Center All Rights Reserved. WM2SP-­16
3 Copyright 2016 GRACE Center All Rights Reserved. What’s Security or Privacy Model? n What’s is a Model on Computing? WM2SP-­16 A computer representation or scientific description of something Mathematics Graphical  or  Graph Structured  Language Natural  Language Longman  Dictionary  4th Edition Security  Aspect or Private  Aspect
4 Copyright 2016 GRACE Center All Rights Reserved. For instance WM2SP-­16 UML  based  Model
5 Copyright 2016 GRACE Center All Rights Reserved. For instance WM2SP-­16 Goal  Oriented  Requirements  Engineering
6 Copyright 2016 GRACE Center All Rights Reserved. WM2SP-­16
7 Copyright 2016 GRACE Center All Rights Reserved. What’s Security or Privacy Modelling? n What’s is Modelling on Computing? WM2SP-­16 the process of making a scientific or computer model of something to show how it works or to understand it better Longman  Dictionary  4th Edition Mathematics Graphical  or  Graph Structured  Language Natural  Language Security  Aspect or Private  Aspect Why  model? To  whom?  What?  How? Who  make?  When?
8 Copyright 2016 GRACE Center All Rights Reserved. For Instance … WM2SP-­16 Domain Analysis Requirements Engineering Architecture Specification Business Planning Design Implementatoin Maintenance & Managements @Runtime @in  Advance Computer Response  team Librarian User Manager Engineer M M M M M M M M M Why? When? To  Whom?
9 Copyright 2016 GRACE Center All Rights Reserved. My Talk 1. Current Models and Modelling on Security and Privacy 1. Conceptual Model: SIG, Common Criteria, STIX, SCPM… 2. UML: Misusecase, UMLsec, secureUML 3. GORE: SecureTropos, i*/Tropos, KAOS 2. Research Challenges on the Security and Privacy Model and Modelling 1. Operation on Models on Security and Privacy with consistency 2. Hybrid Models on Security and Privacy 3. Big data and Machine Learning on Security and Privacy Modelling WM2SP-­16
Copyright 2016 GRACE Center All Rights Reserved. WHAT? Security and Privacy Activities WM2SP-­16
11 Copyright 2016 GRACE Center All Rights Reserved. Security Activities by WM2SP-­16 7  Categories Area
12 Copyright 2016 GRACE Center All Rights Reserved. WM2SP-­16 NICE:  The  National  Initiative  for  Cybersecurity  Education   NICE Cybersecurity Workforce Framework https://www.nist.gov/image/16itl013niceframeworkpng
13 Copyright 2016 GRACE Center All Rights Reserved. Task for Systems Requirements Planning WM2SP-­16
14 Copyright 2016 GRACE Center All Rights Reserved. WM2SP-­16 Knowledge Skill Ability
15 Copyright 2016 GRACE Center All Rights Reserved. Models to support Security Tasks WM2SP-­16 Models Models Models
16 Copyright 2016 GRACE Center All Rights Reserved. Security Activities by WM2SP-­16 The Building Security In Maturity Model: BSIMM6
17 Copyright 2016 GRACE Center All Rights Reserved. WM2SP-­16 Building  Security  In  Maturity  Model  (BSIMM)  Version  6 Models for Attack Patterns
Copyright 2016 GRACE Center All Rights Reserved. WHEN? Security Lifecycle WM2SP-­16
19 Copyright 2016 GRACE Center All Rights Reserved. Security Activities for Security Lifecycle WM2SP-­16 Microsoft  Security  Development  Lifecycle  https://www.microsoft.com/en-­us/sdl/ ModelsModels Models Models
Copyright 2016 GRACE Center All Rights Reserved. WHAT’s Security? Security Conceptual Model WM2SP-­16
21 Copyright 2016 GRACE Center All Rights Reserved. Security Aspect n Asset: data or service to be protected n Stakeholder: owner of an asset or actors of assets n Security objective: security goals to satisfy security n Threat: Possibility to harm to assets n Attack: Activities trying to violate security goals n Attacker: Actors to attack assets n Vulnerability: Weakness of a system to violate security goals n Countermeasure: Activities to prevent, mitigate or avoid attacks n Risk: Possibility to success attack and degree of the damage WM2SP-­16
22 Copyright 2016 GRACE Center All Rights Reserved. Security Goal Conceptual Model WM2SP-­16 Cappelli,  C.,  Cunha,  H.,  Gonzalez-­Baixauli,  B.,  &  Leite,  J.  (2010).  Transparency  versus  security.   Proceedings  of  the  2010  ACM  Symposium  on  Applied  Computing  -­ SAC  ’10,  298.
23 Copyright 2016 GRACE Center All Rights Reserved. Security Conceptual Model by Haley Haley,  C.  B.,  Laney,  R.,  &  Moffett,  J.  D.  (2008).   Security  Requirements  Engineering  :  A  Framework   for  Representation  and  Analysis.  IEEE  Transactions   on  Software  Engineering,  34(1),  133–153. WM2SP-­16
24 Copyright 2016 GRACE Center All Rights Reserved. Security Conceptual Model by Taguchi Taguchi,  K.,  Yoshioka,  N.,  Tobita,  T.,  &  Kaneko,  H.  (2010).  Aligning  security  requirements  and   security  assurance  using  the  common  criteria.  In  SSIRI  2010  -­ 4th  IEEE  International  Conference   on  Secure  Software  Integration  and  Reliability  Improvement (pp.  69–77). WM2SP-­16
25 Copyright 2016 GRACE Center All Rights Reserved. Standardizing Cyber Threat Intelligence Information with the Structured Threat Information eXpression (STIX™) WM2SP-­16 http://stixproject.github.io/getting-­started/whitepaper/
26 Copyright 2016 GRACE Center All Rights Reserved. STIX Models for Security Response WM2SP-­16
27 Copyright 2016 GRACE Center All Rights Reserved. KAOS & Attack Tree for Threat Analysis n by A. Lamsweerde n Refine system goal with AND/OR refinement n Analysis Anti-Goal to threaten security goals Anti-Goal = Obstacle = Security Threat B.  Schneier,  “Attack  trees:  modeling  security   threats,”  Dr.  Dobb’s Journal,  December  1999. WM2SP-­16 van  Lamsweerde,  A.  (2004).  Elaborating  Security  Requirements  by   Construction  of  Intentional  Anti-­Models.  Proceedings.  26th  International   Conference  on  Software  Engineering,  26(May),  148–157.
28 Copyright 2016 GRACE Center All Rights Reserved. GORE: i*/Secure Tropos Actor Goal Dependency Goal  Refinement (AND/OR) i*/Tropos Secure Tropos Security is a constraintAn attacker as an actor GORE:  Goal  Oriented  Requirements  Engineering WM2SP-­16
29 Copyright 2016 GRACE Center All Rights Reserved. Usecase for Security: Misuse cases/Abuse Cases n Abuse Cases n by J. McDermott n with Abuse Actor n Misuse Cases n by G. Sindre n Relation between Threat and Countermeasure Misuse Cases Metamodel WM2SP-­16
30 Copyright 2016 GRACE Center All Rights Reserved. Threat Analysis by CORAS WM2SP-­16 Solhaug,  B.,  &  Stølen,  K.  (2013).  The  CORAS  Language  – Why  it  is  Designed  the   Way  it  is.  Safety,  Reliability,  Risk  and  Life-­Cycle  Performance  of  Structures  and   Infrastructures,  3155–3162.  
31 Copyright 2016 GRACE Center All Rights Reserved. Access Control Model: SecureUML Generate J2EE configuration ※David Basin:Model Driven Security Metamodel n UML Profile by David Basin n Role Based Access Control(RBAC) Model n Automatic Generation of Security Configuration WM2SP-­16
32 Copyright 2016 GRACE Center All Rights Reserved. Security Design Model: UMLsec n Design Model for Secure System by Jan Jurjens n Stereo Types for Security Design and the semantics Secure Protocol for integrity Security Context Control Flow Dependency Data Flow DependencyWM2SP-­16 Jürjens,  J.  (2002).  UMLsec:  Extending  UML  for   secure  systems  development.  Proceedings  of   the  5th  International  Conference  on  The  Unified   Modeling  Language,  412–425.
33 Copyright 2016 GRACE Center All Rights Reserved. Models For Security Activities WM2SP-­16 KAOS i*, Secure Tropos Misuse Cases… UMLsec
34 Copyright 2016 GRACE Center All Rights Reserved. Security Modelling WM2SP-­16 Liu,  L.,  Yu,  E.,  &  Mylopoulos,  J.  (2003).  Security  and  Privacy  Requirements   Analysis  within  a  Social  Setting  (p.  151).  JOUR.  
Copyright 2016 GRACE Center All Rights Reserved. WHAT’s Privacy? Privacy Conceptual Model WM2SP-­16
36 Copyright 2016 GRACE Center All Rights Reserved. Is Privacy a subset of Security? Privacy Requirements ≒ Confidentiality of Personally Identifiable Information + Confidentiality of information about users + ability to control them something private facts = events or data ⊆ Security Requirements Privacy: 1) the state of being able to be alone 2) the state of being free from public attention (Longman Dictionary) The ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively. (wikipedia) WM2SP-­16
37 Copyright 2016 GRACE Center All Rights Reserved. Privacy Conceptual Model by PriS WM2SP-­16 Kalloniatis,  C.,  Kavakli,  E.,  &  Gritzalis,  S.  (2008).  Addressing  privacy  requirements  in   system  design:  The  PriS method.  Requirements  Engineering,  13(3),  241–255.  JOUR.  
38 Copyright 2016 GRACE Center All Rights Reserved. Modelling by LINDDUN WM2SP-­16 Deng,  M.,  Wuyts,  K.,  Scandariato,  R.,  Preneel,  B.,  &  Joosen,  W.  (2011).  A   privacy  threat  analysis  framework:  Supporting  the  elicitation  and  fulfillment   of  privacy  requirements.  Requirements  Engineering,  16(1),  3–32.  JOUR.
39 Copyright 2016 GRACE Center All Rights Reserved. Integrated Model of Security and Privacy WM2SP-­16 Mouratidis,  H.,  Islam,  S.,  Kalloniatis,  C.,  &  Gritzalis,  S.   (2013).  A  framework  to  support  selection  of  cloud   providers  based  on  security  and  privacy   requirements.  Journal  of  Systems  and  Software,   86(9),  2276–2293.  JOUR.  
40 Copyright 2016 GRACE Center All Rights Reserved. Metamodel for Security and Privacy Knowledge in Cloud Services WM2SP-­16
41 Copyright 2016 GRACE Center All Rights Reserved. “All in One” Model on Security and Privacy? WM2SP-­16 All in One Model Various  Views  for  each  activity
Copyright 2016 GRACE Center All Rights Reserved. DIFFICULTY WM2SP-­16
43 Copyright 2016 GRACE Center All Rights Reserved. ModelsModelsModels Difficulty (1) Consistency between Models WM2SP-­16 Models Models Models Models Models Threat Models Attack Models Attack Models Attack Models
44 Copyright 2016 GRACE Center All Rights Reserved. Security  Model  vs.  Privacy  Model Security  Requirements  for  Privacy (e.g.,  confidentiality  of  personal  information)   Privacy  Requirements  for  Security (e.g.,  consent) Privacy Security Disclosure  of   Organizational    Assets Disclosure  of   Personally   identifiable   information   Security  RequirementsPrivacy  Requirements User  participation,   Transparency Minimal  data   collection Availability Integrity Minimal  Privilege Risk  to  Users Risk  to  Business Disclosure  of   Private  Behavior (Privacy  Assets)   Service Risk  Assessment   with  organization WM2SP-­16
45 Copyright 2016 GRACE Center All Rights Reserved. Conflicts between Security & Privacy Model Security  Functions  become  Privacy  threats (e.g.,  Identification  threatens  privacy) Privacy  constricts Security  Requirements Privacy Security Privacy SecurityPrivacy  Functions  become  Security  threats (e.g.,  anonymity  makes  hard  to  detect  attackers) Security  constricts Privacy  Requirements How  to  solve?      Need  Trade-­‐off? WM2SP-­16
46 Copyright 2016 GRACE Center All Rights Reserved. Difficulty (2) Security and Privacy Risk n Risk = Damage × Probability n Statistical Model n Data for estimation is needed n Some incidents affect each others n Risk reasoning is needed n Risk is changeable WM2SP-­16
47 Copyright 2016 GRACE Center All Rights Reserved. Difficulty (3) Modelling @Design Definition of Model at Design stage is difficult n New Threat & Attack n Privacy Preference Model n Runtime configuration is changeable n Network Configuration, Cloud Environment Ø Model Creation @Runtime Ø Adaptation @Runtime WM2SP-­16
Copyright 2016 GRACE Center All Rights Reserved. CHALLENGE WM2SP-­16
49 Copyright 2016 GRACE Center All Rights Reserved. Challenge (1) Model Operations WM2SP-­16 Privacy Models Security Models Solution Model MAINTENANCEIMPLEMENTATIONDESIGNREQUIREMENTS Network Model Solution Model Organization Model refactaring feedback
50 Copyright 2016 GRACE Center All Rights Reserved. Conflict between Security and Privacy Pattern Authentication  PatternsAnonymous  Access  Patterns Privacy  Goal: Never  identify  me Security  Goal: Identify  attackers Pseudonym  Authentication  Patterns Security  Goal: Identify  only  attackers Privacy  Enhanced  Security: Minimal  Indentation Security  meets  Privacy WM2SP-­16
51 Copyright 2016 GRACE Center All Rights Reserved. Win-Win Pattern of Security and Privacy (2)  Notify  Aberrant Privacy  Information Identifiable   Information (1)Monitoring  with  a   Pseudonym (3)  Catch  a  criminal SupervisorSecurity  Officer I don’t know who you are Gun I don’t watch your naked body Identification  Provider Separation  of  Duty Service  Provider Pseudonym  Authentication  Patterns Identifiable   Information Pseudonym Provide  a  Service  with   a  Pseudonym authenticate WM2SP-­16
52 Copyright 2016 GRACE Center All Rights Reserved. Challenge (2) Hybrid Model WM2SP-­16 Privacy Models Security Models Solution Model Model  Composition Hybrid  Model Privacy Models Security Models Risk Risk Logical Statistic
53 Copyright 2016 GRACE Center All Rights Reserved. Challenge (3) Big data and Machine Learning WM2SP-­16 Privacy Models Security Models Solution Model MAINTENANCEIMPLEMENTATIONDESIGNREQUIREMENTS Network Model Solution Model refactaring feedback System Log User Log Environment Log Model  Creation Self-­Adaptation Framework/ Library PatternsIncident Case Catalog Development Log Repository Recommendation
54 Copyright 2016 GRACE Center All Rights Reserved. Conclusions 1. Current Model and Modelling on Security and Privacy 1. UML: Misusecase, UMLsec, secureUML 2. GORE: SecureTropos, i*/Tropos, KAOS 3. Meta-model: SIG, Common Criteria, STIX, SCPM… 2. Research Challenge on the Security and Privacy Model and Modelling 1. Operation on Models on Security and Privacy with consistency 2. Hybrid Models on Security and Privacy 3. Big data and Machine Learning on Security and Privacy Modelling WM2SP-­16

Recommended

Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...
Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...
Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...Vaticle
 
Leveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageLeveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageErik Van Buggenhout
 
Mitre getting-started-with-attack-october-2019
Mitre getting-started-with-attack-october-2019Mitre getting-started-with-attack-october-2019
Mitre getting-started-with-attack-october-2019Thang Nguyen
 
System Security @ NECSTLab
System Security @ NECSTLabSystem Security @ NECSTLab
System Security @ NECSTLabNECST Lab @ Politecnico di Milano
 
Understanding the "Intelligence" in AI
Understanding the "Intelligence" in AIUnderstanding the "Intelligence" in AI
Understanding the "Intelligence" in AIForcepoint LLC
 
Grounding Conversational AI in a Knowledge Base
Grounding Conversational AI in a Knowledge BaseGrounding Conversational AI in a Knowledge Base
Grounding Conversational AI in a Knowledge BaseVaticle
 
One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...
One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...
One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...Forcepoint LLC
 
Jisheng Wang at AI Frontiers: Deep Learning in Security
Jisheng Wang at AI Frontiers: Deep Learning in SecurityJisheng Wang at AI Frontiers: Deep Learning in Security
Jisheng Wang at AI Frontiers: Deep Learning in SecurityAI Frontiers
 

Recommended

Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...
Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...
Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...Vaticle
 
Leveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageLeveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageErik Van Buggenhout
 
Mitre getting-started-with-attack-october-2019
Mitre getting-started-with-attack-october-2019Mitre getting-started-with-attack-october-2019
Mitre getting-started-with-attack-october-2019Thang Nguyen
 
System Security @ NECSTLab
System Security @ NECSTLabSystem Security @ NECSTLab
System Security @ NECSTLabNECST Lab @ Politecnico di Milano
 
Understanding the "Intelligence" in AI
Understanding the "Intelligence" in AIUnderstanding the "Intelligence" in AI
Understanding the "Intelligence" in AIForcepoint LLC
 
Grounding Conversational AI in a Knowledge Base
Grounding Conversational AI in a Knowledge BaseGrounding Conversational AI in a Knowledge Base
Grounding Conversational AI in a Knowledge BaseVaticle
 
One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...
One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...
One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...Forcepoint LLC
 
Jisheng Wang at AI Frontiers: Deep Learning in Security
Jisheng Wang at AI Frontiers: Deep Learning in SecurityJisheng Wang at AI Frontiers: Deep Learning in Security
Jisheng Wang at AI Frontiers: Deep Learning in SecurityAI Frontiers
 
A hard heart
A hard heartA hard heart
A hard heartGardendalechurch
 
Slideshare Upsjb
Slideshare UpsjbSlideshare Upsjb
Slideshare UpsjbRUBYROMEROHUASHUAYO28
 
Los colores
Los coloresLos colores
Los coloresbertafovi
 
Upasana part 2:pdf
Upasana part 2:pdfUpasana part 2:pdf
Upasana part 2:pdfAjit Khatai
 
El sistema solar
El sistema solar El sistema solar
El sistema solar ximena ordoñez montenegro
 
Нарада з питань моніторингу якості освіти
Нарада з питань моніторингу якості освітиНарада з питань моніторингу якості освіти
Нарада з питань моніторингу якості освітиКонстантин Дармостук
 
Teaching data literacy to undergraduates
Teaching data literacy to undergraduatesTeaching data literacy to undergraduates
Teaching data literacy to undergraduatesElaine Lasda
 
Fabrication
FabricationFabrication
FabricationKhaled MD. Ridwan
 
Moldovia: Una republica, Un pais, Una cultura
Moldovia: Una republica, Un pais, Una culturaMoldovia: Una republica, Un pais, Una cultura
Moldovia: Una republica, Un pais, Una culturaJorge Ignacio Sánchez Flores
 
Laboratory Technician-Geologist
Laboratory Technician-GeologistLaboratory Technician-Geologist
Laboratory Technician-GeologistShabeeb Ibrahim.Bsc
 
An ontology-based approach for helping to secure the ETSI Machine-to-Machine ...
An ontology-based approach for helping to secure the ETSI Machine-to-Machine ...An ontology-based approach for helping to secure the ETSI Machine-to-Machine ...
An ontology-based approach for helping to secure the ETSI Machine-to-Machine ...Amélie Gyrard
 
Selected Cloud Security Patterns For Improving End User Security and Privacy ...
Selected Cloud Security Patterns For Improving End User Security and Privacy ...Selected Cloud Security Patterns For Improving End User Security and Privacy ...
Selected Cloud Security Patterns For Improving End User Security and Privacy ...PRISMACLOUD Project
 
Cloud Security: Techniques and frameworks for ensuring the security and priva...
Cloud Security: Techniques and frameworks for ensuring the security and priva...Cloud Security: Techniques and frameworks for ensuring the security and priva...
Cloud Security: Techniques and frameworks for ensuring the security and priva...IRJET Journal
 
Arm the World with SPN based Security
Arm the World with SPN based SecurityArm the World with SPN based Security
Arm the World with SPN based SecurityLiwei Ren任力偉
 
Top Computer Science & Information Technology Articles of 2019
Top Computer Science & Information Technology Articles of 2019 Top Computer Science & Information Technology Articles of 2019
Top Computer Science & Information Technology Articles of 2019 AIRCC Publishing Corporation
 
Trends in Network and Wireless Network Security in 2020
Trends in Network and Wireless Network Security in 2020Trends in Network and Wireless Network Security in 2020
Trends in Network and Wireless Network Security in 2020IJNSA Journal
 
Most trending articles 2020 - International Journal of Network Security & Its...
Most trending articles 2020 - International Journal of Network Security & Its...Most trending articles 2020 - International Journal of Network Security & Its...
Most trending articles 2020 - International Journal of Network Security & Its...IJNSA Journal
 
Top Downloaded Papers : International Journal of Software Engineering & Appli...
Top Downloaded Papers : International Journal of Software Engineering & Appli...Top Downloaded Papers : International Journal of Software Engineering & Appli...
Top Downloaded Papers : International Journal of Software Engineering & Appli...ijseajournal
 
Splunk Enterprise for InfoSec Hands-On Breakout Session
Splunk Enterprise for InfoSec Hands-On Breakout SessionSplunk Enterprise for InfoSec Hands-On Breakout Session
Splunk Enterprise for InfoSec Hands-On Breakout SessionSplunk
 
Self-Learning Systems for Cyber Security
Self-Learning Systems for Cyber SecuritySelf-Learning Systems for Cyber Security
Self-Learning Systems for Cyber SecurityKim Hammar
 
May 2022: Most Downloaded Articles in Computer Science &Information Technology
May 2022: Most Downloaded Articles in Computer Science &Information TechnologyMay 2022: Most Downloaded Articles in Computer Science &Information Technology
May 2022: Most Downloaded Articles in Computer Science &Information TechnologyAIRCC Publishing Corporation
 
EuroCACS 2016 There are giants in the sky
EuroCACS 2016 There are giants in the skyEuroCACS 2016 There are giants in the sky
EuroCACS 2016 There are giants in the skyCarlos Chalico
 

More Related Content

Viewers also liked

Upasana part 2:pdf
Upasana part 2:pdfUpasana part 2:pdf
Upasana part 2:pdfAjit Khatai
 
Нарада з питань моніторингу якості освіти
Нарада з питань моніторингу якості освітиНарада з питань моніторингу якості освіти
Нарада з питань моніторингу якості освітиКонстантин Дармостук
 
Teaching data literacy to undergraduates
Teaching data literacy to undergraduatesTeaching data literacy to undergraduates
Teaching data literacy to undergraduatesElaine Lasda
 

Viewers also liked (10)

A hard heart
A hard heartA hard heart
A hard heart
 
Slideshare Upsjb
Slideshare UpsjbSlideshare Upsjb
Slideshare Upsjb
 
Los colores
Los coloresLos colores
Los colores
 
Upasana part 2:pdf
Upasana part 2:pdfUpasana part 2:pdf
Upasana part 2:pdf
 
El sistema solar
El sistema solar El sistema solar
El sistema solar
 
Нарада з питань моніторингу якості освіти
Нарада з питань моніторингу якості освітиНарада з питань моніторингу якості освіти
Нарада з питань моніторингу якості освіти
 
Teaching data literacy to undergraduates
Teaching data literacy to undergraduatesTeaching data literacy to undergraduates
Teaching data literacy to undergraduates
 
Fabrication
FabricationFabrication
Fabrication
 
Moldovia: Una republica, Un pais, Una cultura
Moldovia: Una republica, Un pais, Una culturaMoldovia: Una republica, Un pais, Una cultura
Moldovia: Una republica, Un pais, Una cultura
 
Laboratory Technician-Geologist
Laboratory Technician-GeologistLaboratory Technician-Geologist
Laboratory Technician-Geologist
 

Similar to WM2SP16 Keynote: Current and Future challenge of Model and Modelling on Security and Privacy

An ontology-based approach for helping to secure the ETSI Machine-to-Machine ...
An ontology-based approach for helping to secure the ETSI Machine-to-Machine ...An ontology-based approach for helping to secure the ETSI Machine-to-Machine ...
An ontology-based approach for helping to secure the ETSI Machine-to-Machine ...Amélie Gyrard
 
Selected Cloud Security Patterns For Improving End User Security and Privacy ...
Selected Cloud Security Patterns For Improving End User Security and Privacy ...Selected Cloud Security Patterns For Improving End User Security and Privacy ...
Selected Cloud Security Patterns For Improving End User Security and Privacy ...PRISMACLOUD Project
 
Cloud Security: Techniques and frameworks for ensuring the security and priva...
Cloud Security: Techniques and frameworks for ensuring the security and priva...Cloud Security: Techniques and frameworks for ensuring the security and priva...
Cloud Security: Techniques and frameworks for ensuring the security and priva...IRJET Journal
 
Arm the World with SPN based Security
Arm the World with SPN based SecurityArm the World with SPN based Security
Arm the World with SPN based SecurityLiwei Ren任力偉
 
Top Computer Science & Information Technology Articles of 2019
Top Computer Science & Information Technology Articles of 2019 Top Computer Science & Information Technology Articles of 2019
Top Computer Science & Information Technology Articles of 2019 AIRCC Publishing Corporation
 
Trends in Network and Wireless Network Security in 2020
Trends in Network and Wireless Network Security in 2020Trends in Network and Wireless Network Security in 2020
Trends in Network and Wireless Network Security in 2020IJNSA Journal
 
Most trending articles 2020 - International Journal of Network Security & Its...
Most trending articles 2020 - International Journal of Network Security & Its...Most trending articles 2020 - International Journal of Network Security & Its...
Most trending articles 2020 - International Journal of Network Security & Its...IJNSA Journal
 
Top Downloaded Papers : International Journal of Software Engineering & Appli...
Top Downloaded Papers : International Journal of Software Engineering & Appli...Top Downloaded Papers : International Journal of Software Engineering & Appli...
Top Downloaded Papers : International Journal of Software Engineering & Appli...ijseajournal
 
Splunk Enterprise for InfoSec Hands-On Breakout Session
Splunk Enterprise for InfoSec Hands-On Breakout SessionSplunk Enterprise for InfoSec Hands-On Breakout Session
Splunk Enterprise for InfoSec Hands-On Breakout SessionSplunk
 
Self-Learning Systems for Cyber Security
Self-Learning Systems for Cyber SecuritySelf-Learning Systems for Cyber Security
Self-Learning Systems for Cyber SecurityKim Hammar
 
May 2022: Most Downloaded Articles in Computer Science &Information Technology
May 2022: Most Downloaded Articles in Computer Science &Information TechnologyMay 2022: Most Downloaded Articles in Computer Science &Information Technology
May 2022: Most Downloaded Articles in Computer Science &Information TechnologyAIRCC Publishing Corporation
 
EuroCACS 2016 There are giants in the sky
EuroCACS 2016 There are giants in the skyEuroCACS 2016 There are giants in the sky
EuroCACS 2016 There are giants in the skyCarlos Chalico
 
07 20251 latest trends, challenges ed
07 20251 latest trends, challenges ed07 20251 latest trends, challenges ed
07 20251 latest trends, challenges edIAESIJEECS
 
CyberSecurity-Forum-2010-Mario Hoffmann
CyberSecurity-Forum-2010-Mario HoffmannCyberSecurity-Forum-2010-Mario Hoffmann
CyberSecurity-Forum-2010-Mario Hoffmannsegughana
 
4182020 Originality Reporthttpsucumberlands.blackboar.docx
4182020 Originality Reporthttpsucumberlands.blackboar.docx4182020 Originality Reporthttpsucumberlands.blackboar.docx
4182020 Originality Reporthttpsucumberlands.blackboar.docxblondellchancy
 
Assistive Technology Considerations TemplateSubject AreaSample.docx
Assistive Technology Considerations TemplateSubject AreaSample.docxAssistive Technology Considerations TemplateSubject AreaSample.docx
Assistive Technology Considerations TemplateSubject AreaSample.docxcockekeshia
 
Data security in cloud environment
Data security in cloud environmentData security in cloud environment
Data security in cloud environmentShivam Singh
 

Similar to WM2SP16 Keynote: Current and Future challenge of Model and Modelling on Security and Privacy (20)

An ontology-based approach for helping to secure the ETSI Machine-to-Machine ...
An ontology-based approach for helping to secure the ETSI Machine-to-Machine ...An ontology-based approach for helping to secure the ETSI Machine-to-Machine ...
An ontology-based approach for helping to secure the ETSI Machine-to-Machine ...
 
Selected Cloud Security Patterns For Improving End User Security and Privacy ...
Selected Cloud Security Patterns For Improving End User Security and Privacy ...Selected Cloud Security Patterns For Improving End User Security and Privacy ...
Selected Cloud Security Patterns For Improving End User Security and Privacy ...
 
Cloud Security: Techniques and frameworks for ensuring the security and priva...
Cloud Security: Techniques and frameworks for ensuring the security and priva...Cloud Security: Techniques and frameworks for ensuring the security and priva...
Cloud Security: Techniques and frameworks for ensuring the security and priva...
 
Arm the World with SPN based Security
Arm the World with SPN based SecurityArm the World with SPN based Security
Arm the World with SPN based Security
 
Top Computer Science & Information Technology Articles of 2019
Top Computer Science & Information Technology Articles of 2019 Top Computer Science & Information Technology Articles of 2019
Top Computer Science & Information Technology Articles of 2019
 
Trends in Network and Wireless Network Security in 2020
Trends in Network and Wireless Network Security in 2020Trends in Network and Wireless Network Security in 2020
Trends in Network and Wireless Network Security in 2020
 
Most trending articles 2020 - International Journal of Network Security & Its...
Most trending articles 2020 - International Journal of Network Security & Its...Most trending articles 2020 - International Journal of Network Security & Its...
Most trending articles 2020 - International Journal of Network Security & Its...
 
Top Downloaded Papers : International Journal of Software Engineering & Appli...
Top Downloaded Papers : International Journal of Software Engineering & Appli...Top Downloaded Papers : International Journal of Software Engineering & Appli...
Top Downloaded Papers : International Journal of Software Engineering & Appli...
 
Splunk Enterprise for InfoSec Hands-On Breakout Session
Splunk Enterprise for InfoSec Hands-On Breakout SessionSplunk Enterprise for InfoSec Hands-On Breakout Session
Splunk Enterprise for InfoSec Hands-On Breakout Session
 
Self-Learning Systems for Cyber Security
Self-Learning Systems for Cyber SecuritySelf-Learning Systems for Cyber Security
Self-Learning Systems for Cyber Security
 
May 2022: Most Downloaded Articles in Computer Science &Information Technology
May 2022: Most Downloaded Articles in Computer Science &Information TechnologyMay 2022: Most Downloaded Articles in Computer Science &Information Technology
May 2022: Most Downloaded Articles in Computer Science &Information Technology
 
EuroCACS 2016 There are giants in the sky
EuroCACS 2016 There are giants in the skyEuroCACS 2016 There are giants in the sky
EuroCACS 2016 There are giants in the sky
 
07 20251 latest trends, challenges ed
07 20251 latest trends, challenges ed07 20251 latest trends, challenges ed
07 20251 latest trends, challenges ed
 
CSSLP Course
CSSLP CourseCSSLP Course
CSSLP Course
 
CyberSecurity-Forum-2010-Mario Hoffmann
CyberSecurity-Forum-2010-Mario HoffmannCyberSecurity-Forum-2010-Mario Hoffmann
CyberSecurity-Forum-2010-Mario Hoffmann
 
4182020 Originality Reporthttpsucumberlands.blackboar.docx
4182020 Originality Reporthttpsucumberlands.blackboar.docx4182020 Originality Reporthttpsucumberlands.blackboar.docx
4182020 Originality Reporthttpsucumberlands.blackboar.docx
 
Assistive Technology Considerations TemplateSubject AreaSample.docx
Assistive Technology Considerations TemplateSubject AreaSample.docxAssistive Technology Considerations TemplateSubject AreaSample.docx
Assistive Technology Considerations TemplateSubject AreaSample.docx
 
Cloud computing advances in 2020
Cloud computing advances in 2020Cloud computing advances in 2020
Cloud computing advances in 2020
 
Data security in cloud environment
Data security in cloud environmentData security in cloud environment
Data security in cloud environment
 
Contents
ContentsContents
Contents
 

More from Nobukazu Yoshioka

AIシステムの要求とプロジェクトマネジメント-後半:機械学習応用システムのための 要求工学と安全性
AIシステムの要求とプロジェクトマネジメント-後半:機械学習応用システムのための 要求工学と安全性AIシステムの要求とプロジェクトマネジメント-後半:機械学習応用システムのための 要求工学と安全性
AIシステムの要求とプロジェクトマネジメント-後半:機械学習応用システムのための 要求工学と安全性Nobukazu Yoshioka
 
AIシステムの要求とプロジェクトマネジメント-前半:機械学習工学概論
AIシステムの要求とプロジェクトマネジメント-前半:機械学習工学概論AIシステムの要求とプロジェクトマネジメント-前半:機械学習工学概論
AIシステムの要求とプロジェクトマネジメント-前半:機械学習工学概論Nobukazu Yoshioka
 
ソフトウェア工学国際会議におけるAI倫理と公平性の研究動向
ソフトウェア工学国際会議におけるAI倫理と公平性の研究動向ソフトウェア工学国際会議におけるAI倫理と公平性の研究動向
ソフトウェア工学国際会議におけるAI倫理と公平性の研究動向Nobukazu Yoshioka
 
機械学習応用システムのための要求工学
機械学習応用システムのための要求工学機械学習応用システムのための要求工学
機械学習応用システムのための要求工学Nobukazu Yoshioka
 
プロジェクトマネージャのための機械学習工学入門
プロジェクトマネージャのための機械学習工学入門プロジェクトマネージャのための機械学習工学入門
プロジェクトマネージャのための機械学習工学入門Nobukazu Yoshioka
 
機械学習応用システムセキュリティガイドライン―背景と公開について
機械学習応用システムセキュリティガイドライン―背景と公開について機械学習応用システムセキュリティガイドライン―背景と公開について
機械学習応用システムセキュリティガイドライン―背景と公開についてNobukazu Yoshioka
 
機械学習デザインパターン: 再現性パターン
機械学習デザインパターン: 再現性パターン機械学習デザインパターン: 再現性パターン
機械学習デザインパターン: 再現性パターンNobukazu Yoshioka
 
機械学習応用システムのためのセキュリティリスク分析手法
機械学習応用システムのためのセキュリティリスク分析手法機械学習応用システムのためのセキュリティリスク分析手法
機械学習応用システムのためのセキュリティリスク分析手法Nobukazu Yoshioka
 
機械学習工学と機械学習応用システムの開発@SmartSEセミナー(2021/3/30)
機械学習工学と機械学習応用システムの開発@SmartSEセミナー(2021/3/30)機械学習工学と機械学習応用システムの開発@SmartSEセミナー(2021/3/30)
機械学習工学と機械学習応用システムの開発@SmartSEセミナー(2021/3/30)Nobukazu Yoshioka
 
機械学習応用システムの安全性の研究動向と今後の展望
機械学習応用システムの安全性の研究動向と今後の展望機械学習応用システムの安全性の研究動向と今後の展望
機械学習応用システムの安全性の研究動向と今後の展望Nobukazu Yoshioka
 
機械学習応用システムの開発技術 (機械学習工学) の現状と今後の展望
機械学習応用システムの開発技術 (機械学習工学) の現状と今後の展望 機械学習応用システムの開発技術 (機械学習工学) の現状と今後の展望
機械学習応用システムの開発技術 (機械学習工学) の現状と今後の展望 Nobukazu Yoshioka
 
セキュリティの知識を共有する セキュリティパターン(2018/6/15)
セキュリティの知識を共有する セキュリティパターン(2018/6/15) セキュリティの知識を共有する セキュリティパターン(2018/6/15)
セキュリティの知識を共有する セキュリティパターン(2018/6/15)Nobukazu Yoshioka
 
A Survery of Approaches to Adaptive Securityの紹介
A Survery of Approaches to Adaptive Securityの紹介A Survery of Approaches to Adaptive Securityの紹介
A Survery of Approaches to Adaptive Securityの紹介Nobukazu Yoshioka
 

More from Nobukazu Yoshioka (14)

AIシステムの要求とプロジェクトマネジメント-後半:機械学習応用システムのための 要求工学と安全性
AIシステムの要求とプロジェクトマネジメント-後半:機械学習応用システムのための 要求工学と安全性AIシステムの要求とプロジェクトマネジメント-後半:機械学習応用システムのための 要求工学と安全性
AIシステムの要求とプロジェクトマネジメント-後半:機械学習応用システムのための 要求工学と安全性
 
AIシステムの要求とプロジェクトマネジメント-前半:機械学習工学概論
AIシステムの要求とプロジェクトマネジメント-前半:機械学習工学概論AIシステムの要求とプロジェクトマネジメント-前半:機械学習工学概論
AIシステムの要求とプロジェクトマネジメント-前半:機械学習工学概論
 
ソフトウェア工学国際会議におけるAI倫理と公平性の研究動向
ソフトウェア工学国際会議におけるAI倫理と公平性の研究動向ソフトウェア工学国際会議におけるAI倫理と公平性の研究動向
ソフトウェア工学国際会議におけるAI倫理と公平性の研究動向
 
機械学習応用システムのための要求工学
機械学習応用システムのための要求工学機械学習応用システムのための要求工学
機械学習応用システムのための要求工学
 
プロジェクトマネージャのための機械学習工学入門
プロジェクトマネージャのための機械学習工学入門プロジェクトマネージャのための機械学習工学入門
プロジェクトマネージャのための機械学習工学入門
 
機械学習応用システムセキュリティガイドライン―背景と公開について
機械学習応用システムセキュリティガイドライン―背景と公開について機械学習応用システムセキュリティガイドライン―背景と公開について
機械学習応用システムセキュリティガイドライン―背景と公開について
 
機械学習デザインパターン: 再現性パターン
機械学習デザインパターン: 再現性パターン機械学習デザインパターン: 再現性パターン
機械学習デザインパターン: 再現性パターン
 
機械学習応用システムのためのセキュリティリスク分析手法
機械学習応用システムのためのセキュリティリスク分析手法機械学習応用システムのためのセキュリティリスク分析手法
機械学習応用システムのためのセキュリティリスク分析手法
 
機械学習工学と機械学習応用システムの開発@SmartSEセミナー(2021/3/30)
機械学習工学と機械学習応用システムの開発@SmartSEセミナー(2021/3/30)機械学習工学と機械学習応用システムの開発@SmartSEセミナー(2021/3/30)
機械学習工学と機械学習応用システムの開発@SmartSEセミナー(2021/3/30)
 
機械学習応用システムの安全性の研究動向と今後の展望
機械学習応用システムの安全性の研究動向と今後の展望機械学習応用システムの安全性の研究動向と今後の展望
機械学習応用システムの安全性の研究動向と今後の展望
 
機械学習応用システムの開発技術 (機械学習工学) の現状と今後の展望
機械学習応用システムの開発技術 (機械学習工学) の現状と今後の展望 機械学習応用システムの開発技術 (機械学習工学) の現状と今後の展望
機械学習応用システムの開発技術 (機械学習工学) の現状と今後の展望
 
セキュリティの知識を共有する セキュリティパターン(2018/6/15)
セキュリティの知識を共有する セキュリティパターン(2018/6/15) セキュリティの知識を共有する セキュリティパターン(2018/6/15)
セキュリティの知識を共有する セキュリティパターン(2018/6/15)
 
A Survery of Approaches to Adaptive Securityの紹介
A Survery of Approaches to Adaptive Securityの紹介A Survery of Approaches to Adaptive Securityの紹介
A Survery of Approaches to Adaptive Securityの紹介
 
CCGrid2012 参加報告
CCGrid2012 参加報告CCGrid2012 参加報告
CCGrid2012 参加報告
 

Recently uploaded

Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024StefanoLambiase
 
Xen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfXen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfStefano Stabellini
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作qr0udbr0
 
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...confluent
 
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...OnePlan Solutions
 
Cyber security and its impact on E commerce
Cyber security and its impact on E commerceCyber security and its impact on E commerce
Cyber security and its impact on E commercemanigoyal112
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesPhilip Schwarz
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Matt Ray
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Angel Borroy López
 
Salesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZSalesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZABSYZ Inc
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtimeandrehoraa
 
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...Akihiro Suda
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsSensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsChristian Birchler
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko
 
Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on IdentityPost Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identityteam-WIBU
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...OnePlan Solutions
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Velvetech LLC
 

Recently uploaded (20)

Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
 
Xen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfXen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdf
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作
 
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
 
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
 
Cyber security and its impact on E commerce
Cyber security and its impact on E commerceCyber security and its impact on E commerce
Cyber security and its impact on E commerce
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a series
 
Advantages of Odoo ERP 17 for Your Business
Advantages of Odoo ERP 17 for Your BusinessAdvantages of Odoo ERP 17 for Your Business
Advantages of Odoo ERP 17 for Your Business
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
 
Salesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZSalesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZ
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtime
 
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort ServiceHot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
 
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsSensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
 
Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on IdentityPost Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identity
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...
 

WM2SP16 Keynote: Current and Future challenge of Model and Modelling on Security and Privacy

  • 1. Copyright 2016 GRACE Center All Rights Reserved. Current and Future challenge of Model and Modelling on Security and Privacy Nobukazu Yoshioka, National Institute of Informatics 14th November 2016 the 1st Workshop International Workshop for Models and Modelling on Security and Privacy (WM2SP-16) @Gifu
  • 2. 2 Copyright 2016 GRACE Center All Rights Reserved. WM2SP-­16
  • 3. 3 Copyright 2016 GRACE Center All Rights Reserved. What’s Security or Privacy Model? n What’s is a Model on Computing? WM2SP-­16 A computer representation or scientific description of something Mathematics Graphical  or  Graph Structured  Language Natural  Language Longman  Dictionary  4th Edition Security  Aspect or Private  Aspect
  • 4. 4 Copyright 2016 GRACE Center All Rights Reserved. For instance WM2SP-­16 UML  based  Model
  • 5. 5 Copyright 2016 GRACE Center All Rights Reserved. For instance WM2SP-­16 Goal  Oriented  Requirements  Engineering
  • 6. 6 Copyright 2016 GRACE Center All Rights Reserved. WM2SP-­16
  • 7. 7 Copyright 2016 GRACE Center All Rights Reserved. What’s Security or Privacy Modelling? n What’s is Modelling on Computing? WM2SP-­16 the process of making a scientific or computer model of something to show how it works or to understand it better Longman  Dictionary  4th Edition Mathematics Graphical  or  Graph Structured  Language Natural  Language Security  Aspect or Private  Aspect Why  model? To  whom?  What?  How? Who  make?  When?
  • 8. 8 Copyright 2016 GRACE Center All Rights Reserved. For Instance … WM2SP-­16 Domain Analysis Requirements Engineering Architecture Specification Business Planning Design Implementatoin Maintenance & Managements @Runtime @in  Advance Computer Response  team Librarian User Manager Engineer M M M M M M M M M Why? When? To  Whom?
  • 9. 9 Copyright 2016 GRACE Center All Rights Reserved. My Talk 1. Current Models and Modelling on Security and Privacy 1. Conceptual Model: SIG, Common Criteria, STIX, SCPM… 2. UML: Misusecase, UMLsec, secureUML 3. GORE: SecureTropos, i*/Tropos, KAOS 2. Research Challenges on the Security and Privacy Model and Modelling 1. Operation on Models on Security and Privacy with consistency 2. Hybrid Models on Security and Privacy 3. Big data and Machine Learning on Security and Privacy Modelling WM2SP-­16
  • 10. Copyright 2016 GRACE Center All Rights Reserved. WHAT? Security and Privacy Activities WM2SP-­16
  • 11. 11 Copyright 2016 GRACE Center All Rights Reserved. Security Activities by WM2SP-­16 7  Categories Area
  • 12. 12 Copyright 2016 GRACE Center All Rights Reserved. WM2SP-­16 NICE:  The  National  Initiative  for  Cybersecurity  Education   NICE Cybersecurity Workforce Framework https://www.nist.gov/image/16itl013niceframeworkpng
  • 13. 13 Copyright 2016 GRACE Center All Rights Reserved. Task for Systems Requirements Planning WM2SP-­16
  • 14. 14 Copyright 2016 GRACE Center All Rights Reserved. WM2SP-­16 Knowledge Skill Ability
  • 15. 15 Copyright 2016 GRACE Center All Rights Reserved. Models to support Security Tasks WM2SP-­16 Models Models Models
  • 16. 16 Copyright 2016 GRACE Center All Rights Reserved. Security Activities by WM2SP-­16 The Building Security In Maturity Model: BSIMM6
  • 17. 17 Copyright 2016 GRACE Center All Rights Reserved. WM2SP-­16 Building  Security  In  Maturity  Model  (BSIMM)  Version  6 Models for Attack Patterns
  • 18. Copyright 2016 GRACE Center All Rights Reserved. WHEN? Security Lifecycle WM2SP-­16
  • 19. 19 Copyright 2016 GRACE Center All Rights Reserved. Security Activities for Security Lifecycle WM2SP-­16 Microsoft  Security  Development  Lifecycle  https://www.microsoft.com/en-­us/sdl/ ModelsModels Models Models
  • 20. Copyright 2016 GRACE Center All Rights Reserved. WHAT’s Security? Security Conceptual Model WM2SP-­16
  • 21. 21 Copyright 2016 GRACE Center All Rights Reserved. Security Aspect n Asset: data or service to be protected n Stakeholder: owner of an asset or actors of assets n Security objective: security goals to satisfy security n Threat: Possibility to harm to assets n Attack: Activities trying to violate security goals n Attacker: Actors to attack assets n Vulnerability: Weakness of a system to violate security goals n Countermeasure: Activities to prevent, mitigate or avoid attacks n Risk: Possibility to success attack and degree of the damage WM2SP-­16
  • 22. 22 Copyright 2016 GRACE Center All Rights Reserved. Security Goal Conceptual Model WM2SP-­16 Cappelli,  C.,  Cunha,  H.,  Gonzalez-­Baixauli,  B.,  &  Leite,  J.  (2010).  Transparency  versus  security.   Proceedings  of  the  2010  ACM  Symposium  on  Applied  Computing  -­ SAC  ’10,  298.
  • 23. 23 Copyright 2016 GRACE Center All Rights Reserved. Security Conceptual Model by Haley Haley,  C.  B.,  Laney,  R.,  &  Moffett,  J.  D.  (2008).   Security  Requirements  Engineering  :  A  Framework   for  Representation  and  Analysis.  IEEE  Transactions   on  Software  Engineering,  34(1),  133–153. WM2SP-­16
  • 24. 24 Copyright 2016 GRACE Center All Rights Reserved. Security Conceptual Model by Taguchi Taguchi,  K.,  Yoshioka,  N.,  Tobita,  T.,  &  Kaneko,  H.  (2010).  Aligning  security  requirements  and   security  assurance  using  the  common  criteria.  In  SSIRI  2010  -­ 4th  IEEE  International  Conference   on  Secure  Software  Integration  and  Reliability  Improvement (pp.  69–77). WM2SP-­16
  • 25. 25 Copyright 2016 GRACE Center All Rights Reserved. Standardizing Cyber Threat Intelligence Information with the Structured Threat Information eXpression (STIX™) WM2SP-­16 http://stixproject.github.io/getting-­started/whitepaper/
  • 26. 26 Copyright 2016 GRACE Center All Rights Reserved. STIX Models for Security Response WM2SP-­16
  • 27. 27 Copyright 2016 GRACE Center All Rights Reserved. KAOS & Attack Tree for Threat Analysis n by A. Lamsweerde n Refine system goal with AND/OR refinement n Analysis Anti-Goal to threaten security goals Anti-Goal = Obstacle = Security Threat B.  Schneier,  “Attack  trees:  modeling  security   threats,”  Dr.  Dobb’s Journal,  December  1999. WM2SP-­16 van  Lamsweerde,  A.  (2004).  Elaborating  Security  Requirements  by   Construction  of  Intentional  Anti-­Models.  Proceedings.  26th  International   Conference  on  Software  Engineering,  26(May),  148–157.
  • 28. 28 Copyright 2016 GRACE Center All Rights Reserved. GORE: i*/Secure Tropos Actor Goal Dependency Goal  Refinement (AND/OR) i*/Tropos Secure Tropos Security is a constraintAn attacker as an actor GORE:  Goal  Oriented  Requirements  Engineering WM2SP-­16
  • 29. 29 Copyright 2016 GRACE Center All Rights Reserved. Usecase for Security: Misuse cases/Abuse Cases n Abuse Cases n by J. McDermott n with Abuse Actor n Misuse Cases n by G. Sindre n Relation between Threat and Countermeasure Misuse Cases Metamodel WM2SP-­16
  • 30. 30 Copyright 2016 GRACE Center All Rights Reserved. Threat Analysis by CORAS WM2SP-­16 Solhaug,  B.,  &  Stølen,  K.  (2013).  The  CORAS  Language  – Why  it  is  Designed  the   Way  it  is.  Safety,  Reliability,  Risk  and  Life-­Cycle  Performance  of  Structures  and   Infrastructures,  3155–3162.  
  • 31. 31 Copyright 2016 GRACE Center All Rights Reserved. Access Control Model: SecureUML Generate J2EE configuration ※David Basin:Model Driven Security Metamodel n UML Profile by David Basin n Role Based Access Control(RBAC) Model n Automatic Generation of Security Configuration WM2SP-­16
  • 32. 32 Copyright 2016 GRACE Center All Rights Reserved. Security Design Model: UMLsec n Design Model for Secure System by Jan Jurjens n Stereo Types for Security Design and the semantics Secure Protocol for integrity Security Context Control Flow Dependency Data Flow DependencyWM2SP-­16 Jürjens,  J.  (2002).  UMLsec:  Extending  UML  for   secure  systems  development.  Proceedings  of   the  5th  International  Conference  on  The  Unified   Modeling  Language,  412–425.
  • 33. 33 Copyright 2016 GRACE Center All Rights Reserved. Models For Security Activities WM2SP-­16 KAOS i*, Secure Tropos Misuse Cases… UMLsec
  • 34. 34 Copyright 2016 GRACE Center All Rights Reserved. Security Modelling WM2SP-­16 Liu,  L.,  Yu,  E.,  &  Mylopoulos,  J.  (2003).  Security  and  Privacy  Requirements   Analysis  within  a  Social  Setting  (p.  151).  JOUR.  
  • 35. Copyright 2016 GRACE Center All Rights Reserved. WHAT’s Privacy? Privacy Conceptual Model WM2SP-­16
  • 36. 36 Copyright 2016 GRACE Center All Rights Reserved. Is Privacy a subset of Security? Privacy Requirements ≒ Confidentiality of Personally Identifiable Information + Confidentiality of information about users + ability to control them something private facts = events or data ⊆ Security Requirements Privacy: 1) the state of being able to be alone 2) the state of being free from public attention (Longman Dictionary) The ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively. (wikipedia) WM2SP-­16
  • 37. 37 Copyright 2016 GRACE Center All Rights Reserved. Privacy Conceptual Model by PriS WM2SP-­16 Kalloniatis,  C.,  Kavakli,  E.,  &  Gritzalis,  S.  (2008).  Addressing  privacy  requirements  in   system  design:  The  PriS method.  Requirements  Engineering,  13(3),  241–255.  JOUR.  
  • 38. 38 Copyright 2016 GRACE Center All Rights Reserved. Modelling by LINDDUN WM2SP-­16 Deng,  M.,  Wuyts,  K.,  Scandariato,  R.,  Preneel,  B.,  &  Joosen,  W.  (2011).  A   privacy  threat  analysis  framework:  Supporting  the  elicitation  and  fulfillment   of  privacy  requirements.  Requirements  Engineering,  16(1),  3–32.  JOUR.
  • 39. 39 Copyright 2016 GRACE Center All Rights Reserved. Integrated Model of Security and Privacy WM2SP-­16 Mouratidis,  H.,  Islam,  S.,  Kalloniatis,  C.,  &  Gritzalis,  S.   (2013).  A  framework  to  support  selection  of  cloud   providers  based  on  security  and  privacy   requirements.  Journal  of  Systems  and  Software,   86(9),  2276–2293.  JOUR.  
  • 40. 40 Copyright 2016 GRACE Center All Rights Reserved. Metamodel for Security and Privacy Knowledge in Cloud Services WM2SP-­16
  • 41. 41 Copyright 2016 GRACE Center All Rights Reserved. “All in One” Model on Security and Privacy? WM2SP-­16 All in One Model Various  Views  for  each  activity
  • 42. Copyright 2016 GRACE Center All Rights Reserved. DIFFICULTY WM2SP-­16
  • 43. 43 Copyright 2016 GRACE Center All Rights Reserved. ModelsModelsModels Difficulty (1) Consistency between Models WM2SP-­16 Models Models Models Models Models Threat Models Attack Models Attack Models Attack Models
  • 44. 44 Copyright 2016 GRACE Center All Rights Reserved. Security  Model  vs.  Privacy  Model Security  Requirements  for  Privacy (e.g.,  confidentiality  of  personal  information)   Privacy  Requirements  for  Security (e.g.,  consent) Privacy Security Disclosure  of   Organizational    Assets Disclosure  of   Personally   identifiable   information   Security  RequirementsPrivacy  Requirements User  participation,   Transparency Minimal  data   collection Availability Integrity Minimal  Privilege Risk  to  Users Risk  to  Business Disclosure  of   Private  Behavior (Privacy  Assets)   Service Risk  Assessment   with  organization WM2SP-­16
  • 45. 45 Copyright 2016 GRACE Center All Rights Reserved. Conflicts between Security & Privacy Model Security  Functions  become  Privacy  threats (e.g.,  Identification  threatens  privacy) Privacy  constricts Security  Requirements Privacy Security Privacy SecurityPrivacy  Functions  become  Security  threats (e.g.,  anonymity  makes  hard  to  detect  attackers) Security  constricts Privacy  Requirements How  to  solve?      Need  Trade-­‐off? WM2SP-­16
  • 46. 46 Copyright 2016 GRACE Center All Rights Reserved. Difficulty (2) Security and Privacy Risk n Risk = Damage × Probability n Statistical Model n Data for estimation is needed n Some incidents affect each others n Risk reasoning is needed n Risk is changeable WM2SP-­16
  • 47. 47 Copyright 2016 GRACE Center All Rights Reserved. Difficulty (3) Modelling @Design Definition of Model at Design stage is difficult n New Threat & Attack n Privacy Preference Model n Runtime configuration is changeable n Network Configuration, Cloud Environment Ø Model Creation @Runtime Ø Adaptation @Runtime WM2SP-­16
  • 48. Copyright 2016 GRACE Center All Rights Reserved. CHALLENGE WM2SP-­16
  • 49. 49 Copyright 2016 GRACE Center All Rights Reserved. Challenge (1) Model Operations WM2SP-­16 Privacy Models Security Models Solution Model MAINTENANCEIMPLEMENTATIONDESIGNREQUIREMENTS Network Model Solution Model Organization Model refactaring feedback
  • 50. 50 Copyright 2016 GRACE Center All Rights Reserved. Conflict between Security and Privacy Pattern Authentication  PatternsAnonymous  Access  Patterns Privacy  Goal: Never  identify  me Security  Goal: Identify  attackers Pseudonym  Authentication  Patterns Security  Goal: Identify  only  attackers Privacy  Enhanced  Security: Minimal  Indentation Security  meets  Privacy WM2SP-­16
  • 51. 51 Copyright 2016 GRACE Center All Rights Reserved. Win-Win Pattern of Security and Privacy (2)  Notify  Aberrant Privacy  Information Identifiable   Information (1)Monitoring  with  a   Pseudonym (3)  Catch  a  criminal SupervisorSecurity  Officer I don’t know who you are Gun I don’t watch your naked body Identification  Provider Separation  of  Duty Service  Provider Pseudonym  Authentication  Patterns Identifiable   Information Pseudonym Provide  a  Service  with   a  Pseudonym authenticate WM2SP-­16
  • 52. 52 Copyright 2016 GRACE Center All Rights Reserved. Challenge (2) Hybrid Model WM2SP-­16 Privacy Models Security Models Solution Model Model  Composition Hybrid  Model Privacy Models Security Models Risk Risk Logical Statistic
  • 53. 53 Copyright 2016 GRACE Center All Rights Reserved. Challenge (3) Big data and Machine Learning WM2SP-­16 Privacy Models Security Models Solution Model MAINTENANCEIMPLEMENTATIONDESIGNREQUIREMENTS Network Model Solution Model refactaring feedback System Log User Log Environment Log Model  Creation Self-­Adaptation Framework/ Library PatternsIncident Case Catalog Development Log Repository Recommendation
  • 54. 54 Copyright 2016 GRACE Center All Rights Reserved. Conclusions 1. Current Model and Modelling on Security and Privacy 1. UML: Misusecase, UMLsec, secureUML 2. GORE: SecureTropos, i*/Tropos, KAOS 3. Meta-model: SIG, Common Criteria, STIX, SCPM… 2. Research Challenge on the Security and Privacy Model and Modelling 1. Operation on Models on Security and Privacy with consistency 2. Hybrid Models on Security and Privacy 3. Big data and Machine Learning on Security and Privacy Modelling WM2SP-­16