(BSc. 1993 University of Crete, Ph.D. 1998 Imperial College London) is leading the SOA Security Research Group in the IT Futures Research Centre of BT Group CTO. Theo is also leading the security activity of BT’s multidisciplinary research programme in Service Oriented Infrastructures.
He has fifteen years of research and innovation experience in a wide range of topics relating to Information Security, Identity and Access Management, Software and Systems Engineering, Service Oriented Architecture (SOA), Web Services and Grid Computing. He also has strong academic background in the areas of security risk analysis, formal modelling and applications of semantics and logic in computer science.
He has been the vice-chair of an IFIP working group on Trust Management (www.ifip.org) and a member of the IFIP special interest group on Enterprise Interoperability. He is also a member of several journal editorial boards, international conference programme committees, Industrial Advisory Boards of European collaborative research initiatives, and of the steering or programme committees of international conferences in Information Security, Trust Management, SOA and Web Services.
Theo has been the scientific coordinator of some of the largest and most successful research initiatives in Europe, such as the BEinGRID (www.beingrid.eu) programme, which includes 96 partners and oversees 25 business pilots in different market sectors (2006-10); the TrustCoM project (www.eu-trustcom.com) that brought together innovation teams from Atos Origin, BT, Microsoft, IBM and SAP, among others (2004-07); the GRASP project (eu-grasp.net) that developed a service oriented Grid computing platform for SaaS (2002-04) and the CORAS project (coras.sourceforge.net) that developed a framework for security risk analysis (2001-03). He has also contributed in projects in the Defence and Government sectors – most recently a project under the UK MOD’s Research Acquisition Organizaiton on Enabling Secure Information Infrastructure – as well as the Data Information Fusion Defence Technology Centre and UK DTI Foresight projects on Cyber Trust and Crime Prevention.
Theo has also fostered research communities on Trust Management (www.itrust.uoc.gr) and applications of Grid computing (www.lege-wg.org). The former established an international conference series and evolved into an international community that is now the core of the IFIP Trust Management working group.
Prior to this position he was the technical leader of a multi-million collaborative research programme at the Central Laboratory of the Research Councils (UK) and an eCommerce and EDI specialist at Logica (UK). While at Logica he was involved in the development of EDI systems for Barclays Bank, RBOS and Citibank.
Theo Dimitrakos has been the editor or co-editor in five books, two journal special editions, and he has authored more than fifty (50) scientific papers published in international journals and conference proceedings.
Securing the Service Oriented Infrastructure: research challenges and experiences
Abstract
Over the recent years the Service Oriented Architecture has gone through a first critical transition that brought about its fusion with the Web into what is now commonly known as the Web Services Framework and its fusion with Grid Computing into what is now commonly referred to as the Service Oriented Infrastructure paradigm.
Service Oriented Infrastructure (SOI) builds on top of previous advancements in Distributed Systems, Grid Computing, Web Services and SOA in order to offer an appealing paradigm for the network-centric Enterprise. The technologies and capabilities which come together under the banner of the Service Oriented Infrastructure (SOI) offer a solution to both long-standing business needs and also some which are particular to our time. The Service Oriented Infrastructure (SOI) approach allows networked enterprises to use SOA infrastructure capabilities and resources via the network and to aggregate them in tailored solutions that fit their needs and adapt to their growth pattern. In addition to BT, companies such as HP, Cisco and Capgemini use the SOI term and more recently Microsoft launched their own initiative of an SOI to support Microsoft-based SOA deployments, while Amazon Web Services offer another example of a successful application of an SOI variant.
In this talk we will provide an overview of the SOI programme in British Telecom and then we will focus on research challenges, design patterns and technologies for securing the SOI.
The advent of a Service Oriented Infrastructure (SOI) requires security solutions that protect services, information and resources within and across Enterprises.
In this talk we will use as examples some of the SOI security solutions that are being developed at BT’s UK research labs in collaboration with leading academic researchers and SOA vendors. These solutions facilitate secure end-to-end service integration within enterprises and across business partners. This is achieved by securely virtualising enterprise applications and resources, by securing their exposure to customers and by enforcing content- and context-sensitive policies about service presentation, end-to-end transactions, federated identity, usage and access control, intelligent routing and QoS obligations. These SOI security solutions come as stand-alone value-adding security services for i) identity federation, ii) distributed usage and access control, iii) secure messaging, routing and transformation, iv) security autonomics and v) governance or they can be integrated into a comprehensive SOI Secure Service Gateway (SOI-SSG) solution.
Finally we will refer to external collaborations examples where the SOI-SSG concept is being trialled. These include large-scale defence pilots where SOI-SSG is used to facilitate the secure integration of Operational Support Systems (OSS) between Coalition partners, next generation Service Delivery Platforms, and a recent business pilot validating a Virtual Hosting Environment for Online Gaming that was conducted in the context of the BEinGRID research initiative.
Some of the reference implementations of the SOI-SSG components will be further analysed and demonstrated in the Crisis’08 tutorial.
Anas Abou El Kalam is an assistant professor of Network security at the "Institut National Polytechnique", Toulouse, France. He is in charge of
the security option. He had several responsibilities as the head of the
Computer Science Department at ENSIB. He is / was member of the program
committees of several conferences such as IEEE ACSAC08 (24th Annual
Security Application Conference), IFIP SEC (International Information
Security Conference), ESORICS (European Symposium on Research in Computer
Security), IEEE CRiSIS (International Conference on Risks and Security of
Internet and Systems), etc.
His current research interests concern security policies and models,
network security, privacy, security & QoS of embedded systems and
intrusion detection systems
Critical Infrastructures Security Modeling, Enforcement and Runtime
Checking
Abstract
Due to physical and logical vulnerabilities, a critical infrastructure (CI)
can encounter failures of various degrees of severity, and since there are
many interdependencies between CIs, simple failures can have dramatic
consequences on the users. In this presentation, we mainly focus on
malicious threats that might affect the communication and information
systems (the Critical Information Infrastructure, or CII) dedicated to the
control, management, etc. of Critical Infrastructures. We define the most
suitable access control framework, to address the security problems that
are specific of CIIs. This approach offers each organization taking part
in the CII the capacity of collaborating with the other ones, while
maintaining a control on its resources and on its internal security
policy.
Then, we propose a runtime model checker for the interactions between the
organizations forming the CIIs, to verify their compliance with previously
signed contracts. In this respect, not only our security framework handles
secure local and remote accesses, but also audits and verifies the
different interactions. In particular, remote accesses are controlled,
every deviation from the signed contracts triggers an alarm, the concerned
parties are notified, and audits can be used as evidence for sanctioning
the party responsible for the deviation.
Finally, we give details of our implementation. Our approach is
demonstrated on a practical scenario, based on real emergency actions in
an electric power grid infrastructure.
