Vicini S.,eServices for Life and Health |
Alberti F.,eServices for Life and Health |
Sanna A.,eServices for Life and Health |
Notario N.,Atos Research and Innovation Atos |
And 2 more authors.
Proceedings - 2016 11th International Conference on Availability, Reliability and Security, ARES 2016 | Year: 2016
The elicitation and the analysis of security and privacy requirements are generally intended as being mainly performed by field experts. In this paper we show how it is possible to integrate practical Co-Creation processes into Security-and-Privacy-by-Design methodologies. In addition, we present some guidelines showing how it is possible to translate the high-level requirements obtained from the enduser engaging into verifiable low-level requirements and technological requirements. The paper demonstrates as well the feasibility of our approach by applying it in two realistic scenarios where the outsourcing of personal and sensitive data requires high-level of security and privacy. © 2016 IEEE.
Vianello V.,Technical University of Madrid |
Gulisano V.,Technical University of Madrid |
Jimenez-Peris R.,Technical University of Madrid |
Patino-Martinez M.,Technical University of Madrid |
And 3 more authors.
Proceedings - 2013 International Conference on Availability, Reliability and Security, ARES 2013 | Year: 2013
The security event correlation scalability has become a major concern for security analysts and IT administrators when considering complex IT infrastructures that need to handle gargantuan amounts of events or wide correlation window spans. The current correlation capabilities of Security Information and Event Management (SIEM), based on a single node in centralized servers, have proved to be insufficient to process large event streams. This paper introduces a step forward in the current state of the art to address the aforementioned problems. The proposed model takes into account the two main aspects of this field: distributed correlation and query parallelization. We present a case study of a multiple-step attack on the Olympic Games IT infrastructure to illustrate the applicability of our approach. © 2013 IEEE.