Pekka Savolainen

A Taxonomy of Information Security for Service-Centric Systems

Pervasive communications and the rapid expansion of Internet trigger a myriad of concerns about trust and information security. Moreover, composing software from components and services, originating from diverse sources, without a thorough quality assurance practices may expose serious weaknesses that open up the systems for malicious attacks and misuse. In order to guarantee the security of the systems we need a uniform understanding about what security is and how to measure it. This paper introduces a taxonomy of information security, intended for the use of software architects of service centric systems. The security taxonomy extends our quality oriented architecting environment (QoAE) - an integrated tool environment for defining quality ontologies, describing the quality properties of service architectures, and analyzing quality requirement satisfaction at the level of proposed architecture.

Cognitive Network Management Framework and Approach for Video Streaming Optimization in Heterogeneous Networks

The future Internet will be highly heterogeneous in supporting a multitude of access technologies and networks with overlapping coverages. Optimization of network operations like management of resources, mobility or Quality of Service in order to ensure smooth network operation and high user satisfaction will be very challenging in the future networks. Cognitive network management can provide a solution of managing such complex systems. This paper studies cognitive network management in the context of optimizing video streaming performance in heterogeneous multi-access networks. The paper proposes a network management framework that relies on cognitive decision techniques in the joint optimization of network and video service performance. The proposed solution is also implemented and validated in part in a testbed environment. The results attest the feasibility of the solution as well as the benefits of cognitive decision techniques over non-learning or non-adaptive approaches.

A tool for assessing interdependency of mobile communication and electricity distribution networks

Traditionally, electricity distribution companies have used private communication networks to control medium-voltage network components such as substations, reclosers, disconnectors, and transformers. Proprietary technologies such as microwave links, narrow band VHF/UHF radios, and private mobile radios were often applied. Today, 3G and 2G cellular packet based networks can provide data connections almost anywhere with much lower costs. Those radio access technologies are proof-tested in mass markets, and their availability and reliability improve as the mobile technology evolves and the variety of mobile data services increases. Our goal was to implement a tool to assess the utilization of commercial mobile networks for the remote control of future electricity distribution networks. This is done by calculating coverage redundancy in different fault scenarios.

OntoArch Approach for Reliability-Aware Software Architecture Development

Reliability-aware software architecture development has recently been gaining growing attention among software architects. This paper tackles the issue by introducing an ontology-based approach, called OntoArch, which is characterized by: 1) integration of software reliability engineering and software architecture design; 2) targeting reliability-aware software architecture development; and 3) OntoArch ontology in the context of software architecture design and software reliability engineering. The OntoArch approach is validated by applying the OntoArch approach to the development of a PIR (Personal Information Repository) system architecture.

Towards a Lightweight Security Solution for User-Friendly Management of Distributed Sensor Networks

Wirelessly networked sensors and actuators are a cornerstone of systems that try to introduce smartness in a wide range of outdoor and indoor environments. The robust and secure operation of such systems is of central importance and will definitely play a key role in terms of their adoption by organizations and individuals. However, the commonly applied security mechanisms based on current standards are either resource consuming, inconvenient to use, or both. In this paper, a generic, lightweight and user-friendly approach to implement secure network management and confidentiality in a Distributed Sensor Networks (DSNs) is proposed.

Mitigating IoT security threats with a trusted Network element

Securing the growing amount of IoT devices is a challenge for both the end-users bringing IoT devices into their homes, as well as the corporates and industries exposing these devices into the Internet as part of their service or operations. The exposure of these devices, often poorly configured and secured, offers malicious actors an easy access to the private information of their users, or potential to utilize the devices in further activities, e.g., attacks on other devices via Distributed Denial of Service. This paper discusses the current security challenges of IoT devices and proposes a solution to secure these devices via a trusted Network Edge Device. NED offloads the security countermeasures of the individual devices into the trusted network elements. The major benefit of this approach is that the system can protect the IoT devices with user-defined policies, which can be applied to all devices regardless of the constraints of computing resources in the IoT tags. Additional benefit is the possibility to manage the countermeasures of multiple IoT devices/gateways at once, via a shared interface, thus largely avoiding the per-device maintenance operations.

Toward risk-driven security measurement for Android smartphone platforms

Security for Android smartphone platforms is a challenge arising in part from their openness. We analyse the security objectives of two distinct envisioned public safety and security mobile network systems utilising the Android platform. The analysis is based on an industrial risk analysis activity. In addition, we propose initial heuristics for security objective decomposition aimed at security metrics definition. Systematically defined and applied security metrics can be used for informed risk-driven security decision-making, enabling higher security effectiveness.

Learning Based Proactive Handovers in Heterogeneous Networks

Today, the number of versatile real-time mobile applications is vast, each requiring different data rate, Quality of Service (QoS) and connection availability requirements. There have been strong demands for pervasive communication with advances in wireless technologies. Real-time applications experience significant performance bottlenecks in heterogeneous networks. A critical time for a real-time application is when a vertical handover is done between different radio access technologies. It requires a lot of signalling causing unwanted interruptions to real-time applications. This work presents a utilization of learning algorithms to give time for applications to prepare itself for vertical handovers in the heterogeneous network environment. A testbed has been implemented, which collects PHY (Physical layer), application level QoS and users context information from a terminal and combines these Key Performance Indicators (KPI) with network planning information in order to anticipate vertical handovers by taking into account the preparation time required by a specific real-time application.

Risk-driven security metrics development for software-defined networking

Introduction of SDN (Software-Defined Networking) into the network management turns the formerly quite rigid networks to programmatically reconfigurable, dynamic and high-performing entities, which are managed remotely. At the same time, introduction of the new interfaces evidently widens the attack surface, and new kind of attack vectors are introduced threatening the QoS even critically. Thus, there is need for a security architecture, drawing from the SDN management and monitoring capabilities, and eventually covering the threats posed by the SDN evolution. For efficient security-architecture implementation, we analyze the security risks of SDN and based on that propose heuristic security objectives. Further, we decompose the objectives for effective security control implementation and security metrics definition to support informed security decision-making and continuous security improvement.

A study on cybersecurity industrial end-user perspectives in Finland

Cybersecurity needs, services, and their selection are driven by complex factors, which often vary for different end-users and organizations. We previously studied the cybersecurity service providers views on cybersecurity service landscape. In this paper, we extend our study to cybersecurity end-user organizations, who need to secure their services. The aim is to elicitate a broader understanding of the overall cybersecurity requirements and services landscape, and the driving factors on both sides. The study described in this paper constitutes of two parts. A set of three in-depth thematic interviews were performed with three different organizations. Following this, a broader set of companies were polled using an online-survey and a follow-up discussion in a seminar with the respondents. In this paper, we use these results for understanding how the cybersecurity requirements are manifested, who defines them, and what are the driving factors behind them.