Judith E. Y. Rossebø

eTVRA, a Threat, Vulnerability and Risk Assessment Method and Tool for eEurope

The telecommunications environment is evolving into next generation networks (NGN). On an NGN, telecommunications services are recreated on IP networks, this creates a demand on standardization bodies to adapt and meet the needs of these emerging networks. Securing the service environment for eBusiness and the underlying network are crucial areas cited in the eEurope action plan. Standardization provides an important means for securing the NGN and establishing trust in its services and infrastructure in order to enable the development of modern public services. In response to this, we have developed a threat, vulnerability and risk assessment (eTVRA) method and tool for use in standardisation. Using the eTVRA method and tool, the threats to NGNs can be analyzed and a set of recommended countermeasures identified that when implemented will reduce the overall risk to users of NGNs. In this paper we present the eTVRA method and tool along with the results of its application to the use of enhanced number (ENUM) (Eastlake, 1999) and SIP (Rosenberg et al., 2002) in the NGN

A Policy-driven Approach to Dynamic Composition of Authentication and Authorization Patterns and Services

During the past decade, the telecommunication environment has evolved from single operator featuring voice services to multi-operator featuring a range of different types of services. Services are being provided today in a distributed manner in a connectionless environment requiring cooperation of several components and actors. This paper focuses on the incremental means to ensure access to services for authorized users only by composing authentication and authorization patterns and services. We propose a novel framework of authentication and authorization patterns for securing access to services for authorized users only, and we demonstrate how the patterns can be dynamically composed with services using a policy-driven approach.

Next generation service engineering

Service engineering is the process of service development from domain analysis and requirements capture, through specification, design and implementation, to deployment and adaptation on service delivery platforms. Ideally one would like to specify and analyse services on a high level of abstraction, using modelling concepts close to the user and problem domain rather than at the platform and implementation domain, and then be able to derive design components and implementations from service models with a high degree of automation. It is argued in this paper that this conception is approaching reality and so is worth while pursuing to face the challenges of service engineering in a NGN context. The basis for this is new approaches to model services precisely, to analyse goals and tradeoffs concerning variability and context, and to transform service models into platform independent models from which implementations are automatically generated. Interestingly, the service models can provide information and mechanisms that help dynamic composition and adaptation at runtime. The approach is illustrated using a multimedia call service with access control requirements.

Using Composition Policies to Manage Authentication and Authorization Patterns and Services

This paper presents a policy-driven approach to service engineering, addressing the gap between static structure specification and dynamic behavioral specification. By this we mean providing a more complete means of documenting the composition of separately specified behaviors. We introduce the concept of a policy enforcement statemachine diagram to specify the linking of collaborations for which the behavior has been separately specified using semantic connectors. We also use composition patterns which define constraints/restrictions on collaborations that run in parallel in a service.

e TVRA: a threat, vulnerability and risk assessment tool for e Europe

Securing the evolving telecommunications environment and establishing trust in its services and infrastructure is crucial for enabling the development of modern public services. The security of the underlying network and services environment for eBusiness is addressed as a crucial area in the eEurope action plan [2]. In response to this Specialist Task Force (STF) 292 associated with the European Telecommunication Standardisation Institute (ETSI) TISPAN [3] under contract from eEurope, has developed a threat, vulnerability and risk assessment (eTVRA) method and tool for use in standardisation. Using the eTVRA method and tool, the threats to a next generation network (NGN) can be analyzed and a set of recommended countermeasures identified that when implemented will reduce the overall risk to users of NGNs. In this paper we present the eTVRA method and tool along with the results of using the eTVRA for an analysis of a Voice over IP (VoIP) scenario of the NGN.

Authentication issues in multi-service residential access Networks

Multi-service residential access networks allow residential customers to choose amongst a variety of service offerings, over a range of Core Networks and subject to user requirements such as QoS, mobility, cost and availability. These issues place requirements on authentication for network access, with a need for mutual authentication of the residential gateway (RG) to the local access point (LAP). The EU-IST project TORRENT is building a testbed providing for multi-service residential access networks in order to demonstrate the benefit of intelligent control, both for the customer and for the network operators and service providers. Adequate security measures are essential in order to secure access to the TORRENT system and services and for QoS provisioning to authorised users. This paper examines the authentication issues for the TORRENT system and presents a public key based authentication protocol for mutually authenticating the RG and the LAP.

Specifying Service Composition Using UML 2.x and Composition Policies

In the current and future service environment, service parts are being developed separately while being dynamically combined at runtime. In this paper we address the problem of defining a model-driven process for enabling dynamic composition of services. Composition policies are used to define choices in behaviour under which service roles involved in a composite service can be dynamically combined at runtime. We model policy-ruled choreography of collaboration components using a policy enforcement state machine (PESM). We also define transformation rules for translating a global PESM diagram into a set of local PESM diagrams, one for each role. As an example, we consider the case of dynamically composing an existing service with a set of authentication and authorization collaborations. The approach is supported by a formal syntax and semantics.