SERSCIS

JRS and QinetiQ have published a paper at the Open Knowledge Models workshop at the EKAW 2010 conference. In this paper we present a subset of the ongoing technology developments being undertaken in the SERSCIS project. Rather than focusing on machine interpretable or human interpretable knowledge we attempt to produce a semantic modelling framework and associated software tools that facilitate both. This approach is necessary because our Critical Infrastructure case study requires models that can be used in two ways. Automatic dynamic service orchestration of runtime operations must occur very rapidly and ideally without human intervention. However, human operators need general oversight. Therefore human judgement and authorization will sometimes be needed where there are security or commercial implications in service or configuration details. The modelling framework covers a number of perspectives which are briefly introduced. The software tooling includes dedicated SOA security decision support and a general system knowledge exploration capability as well as dynamic service and workflow adaptation.

Briscombe N., Zeiner H., Halb W., Kirton M., and Derler C. (2010) Dynamic Service Orchestration Using Human and Machine Interpretable System Knowledge with Associated Graphical Software Tools. In: Open Knowledge Models Workshop (OKM 2010), October 2010, Lisbon, Portugal.

On the 1st September, JRS presented the paper “Making Business Processes Adaptive Through Semantically Enhanced Workflow Descriptions” at the scientific poster session at the 6th International Conference on Semantic Systems in Graz, Austria.

Zeiner, H., Halb, W., Jandl, B., Lernbeiß, H. and Derler, C. (2010) Making Business Processes Adaptive Through Semantically Enhanced Workflow Descriptions. In: 6th International Conference on Semantic Systems (I-SEMANTICS), September 2010, Graz, Austria.

A joint paper between IT Innovation and QinetiQ was presented today at the 3rd IEEE International Conference on Cloud Computing. The paper presents a Platform-as-a-Service infrastructure that combines semantic security risk management tools with dynamic web service policy frameworks to support the mitigation of security threats throughout the lifecycle of a service-oriented application deployed within the cloud.

The platform addresses the need to model security requirements, dynamically provision and configure security services and link operational security events to vulnerabilities and impact assessments at the business level. The platform has been evaluated using a collaborative engineering design scenario and a proof-of-concept deployed at a multi-tenant cloud as part of the UK CFMS project. The work is being further enhanced in the SERSCIS project.

Boniface, M., Surridge, M., Hall-May, M., Bertram, S. and Briscombe, N. (2010) On-Demand Dynamic Security for Risk-Based Secure Collaboration in Clouds. In: IEEE International Conference on Cloud Computing 2010, July 2010, Miami, FL, USA.

Today, JRS presented a paper at the 8th IEEE International Conference on Web Services. The approach presented in this paper uses semantically annotated workflow templates and extensions to introduce adaptability which enables agile service oriented architectures.

Halb, W., Zeiner, H., Jandl, B., Lernbeiß, H. and Derler, C. (2010) Agile Service Oriented Architecture with Adaptive Processes Using Semantically Annotated Workflow Templates. In: IEEE International Conference on Web Services 2010 (ICWS 2010), Miami, FL, USA.

A new project brochure for SERSCIS is available that describes the achievements of the project so far and details future targets for our approach. The brochure is available from the Downloads page.

KEMEA presented up-to-date findings and the concept of the SERSCIS project at the 9th Homeland & Corporate Security Conference & Exhibition in Athens (ExpoSec 2010) under the section New Technologies & Security Applications. The ExpoSec Conference hosts prominent political speakers and security experts from Greece and abroad. The audience consists primarily of top executives and officers from public and private security organizations that are responsible for the formulation and implementation of local, national and regional security policy.

IT Innovation today presented a paper on the SERSCIS framework for critical infrastructure management at the Coordination in Complex Software Intensive Systems workshop at the 4th International Conference on Complex, Intelligent and Software Intensive Systems.

Hall-May, M. and Surridge, M. (2010) Resilient Critical Infrastructure Management using Service Oriented Architecture. In: International Workshop On Coordination in Complex Software Intensive Systems (COCOSS), CISIS 2010, February 2010, Krakow, Poland.

Port Technology International has published a paper entitled “EU R&D into port technologies” which covers PAG’s activities in EU FP7 projects, including SERSCIS. PAG has been participating in EU R&D activities since 1992 in the 3rd R&D Framework Programme. Currently, it has a record of more than 50 R&D projects, covering all areas related to port and maritime transport infrastructure and services.

Moyano, H. (2009) EU R&D Into Port Technologies. In: Port Technology International, v42 pp20-22, 2009.

On Thursday 12th November 2009 members of the QinetiQ team will be presenting and demoing aspects of the work undertaken on the SERSCIS project at one of QinetiQ’s regular technology seminars. The ISWG (Information Superiority Working Group) seminars aim to improve internal awareness of a variety of topics, with the November session covering “End-to-End Product Delivery and Systems Engineering”. In addition to QinetiQ staff, attendees include a select number of invited stakeholders to garner wider feedback.

A recent report by the Center for Strategic and International Studies (CSIS), a Washington-based think tank, has looked at the implications of the so-called “Korean” attacks on US and South Korean networks in relation to future ‘cyber conflict’. The conclusion is that while current cyber attacks may not constitute an act of war, they are expected to develop and cyber-terrorism is expected to become more prevalent within the next decade.

Some aspects of the SERSCIS project assess threats to the timely, secure and continued operations of Critical Infrastructure (CI) in light of both internal operational issues (such as resourcing or operation delays) and external issues and effects (such as attacks on confidentiality, integrity or availability of vital information). Real-world terrorism has already targeted CI, including transport infrastructure and financial districts, and the CSIS report foresees increased attacks on ‘virtual’ CI as terrorist organisations increase their technical capabilities.  With the increasing use of information systems within CI, especially those directly or indirectly connected to the Internet, there can be an increased risk of attack from external and potentially anonymised terrorist sources.

Although the CSIS report focuses on attacks that may constitute acts of war, stating that the July 2009 attack on the US and South Korean networks was “not a serious attack…more like a noisy demonstration”, it also says that “in less than a decade, perhaps much less, a terrorist group could … acquire the capabilities needed for a serious cyber attack” allowing them to damage and effect “essential government, economic or military services”. This list of effects could cover a range of critical infrastructure systems.

In the future networked environment more and more systems will become
reliant on information technology, communications infrastructure and interdependency of systems. Although these changes may improve system operations they also increase the attack surface of the systems and the potential impact of an attack on any one system or infrastructure asset.

The CSIS believe that current American defences are “inadequate to repel the attacks of a sophisticated opponent”, but this does not mean that all cyber attacks can defeat all defences. Through proper modelling of risk, security and decision support (as provided by the System Modelling and Decision Support components of the project) we believe that the SERSCIS project can start to help the owners of CI systems mitigate some of the risks posed by cyber-terrorism and other technological attacks.