Thomas D. Weigold

Secure Internet banking authentication

This article classifies common Internet banking authentication methods regarding potential threats and their level of security against common credential stealing and channel breaking attacks, respectively. The authors present two challenge/response Internet banking authentication solutions, one based on short-time passwords and one certificate-based, and relate them to the taxonomy above. There further outline how these solutions can be easily extended for nonrepudiation (that is, transaction signing), should more sophisticated content manipulation attacks become a real problem. Finally, they summarize their view on future requirements for secure Internet banking authentication and conclude by referencing real-live implementations

The Zurich Trusted Information Channel --- An Efficient Defence Against Man-in-the-Middle and Malicious Software Attacks

This paper introduces the Zurich Trusted Information Channel (ZTIC, for short), a cost-efficient and easy-to-use approach to defend online services from man-in-the-middle and malicious software attacks. A small, cheap to manufacture and zero-installation USB device with a display runs a highly efficient security software stack providing the communications endpoint between server and customer. The insecure user PC is used solely to relay IP packets and display non-critical transaction information. All critical information is parsed out of the mutually-authenticated SSL/TLS connections that the ZTIC establishes to the server and shown on the display for explicit user approval.

Remote Client Authentication

The effectiveness of remote client-authentication schemes varies significantly in relation to todays security challenges, which include phishing, man-in-the-middle attacks, and malicious software. A survey of remote authentication methods shows how each measures up and includes recommendations for solution developers and consumers.

ePVM - An Embeddable Process Virtual Machine

At the heart of every business process management system resides a workflow engine, here termed process execution engine. Yet despite playing such a central role, contemporary business process engines generally still leave much to be desired in terms of interoperability, versatility, and programmability. Therefore, this paper introduces ePVM, an embeddable process execution engine aimed at solving these issues. Basically, ePVM is built upon two core concepts. Firstly, an execution model which is deeply rooted in the theoretical framework of communicating state machines. Secondly, whereas many efforts have been made to create the ultimate process language, ePVM provides in contrast a low-level run-time environment based on a JavaScript interpreter where higher-level domain specific process definition languages can be mapped to. Our work explores both concepts in more detail and also positions ePVM in the current business process and workflow domain.

Advanced Grid Programming with Components: A Biometric Identification Case Study

Component-oriented software development has been attracting increasing attention for building complex distributed applications. A new infrastructure supporting this advanced concept is our prototype component framework based on the Grid component model. This paper provides an overview of the component framework and presents a case study where we utilise the component-oriented approach to develop a business process application for a biometric identification system. We then introduce the tools being developed as part of an integrated development environment to enable graphical component-based development of Grid applications. Finally, we report our initial findings and experiences of efficiently using the component framework and set of software tools.

Process-driven biometric identification by means of autonomic grid components

Todays business applications are increasingly process driven, meaning that the main application logic is executed by a dedicate process engine. In addition, component-oriented software development has been attracting attention for building complex distributed applications. In this paper, we present the experiences gained from building a process-driven biometric identification application that makes use of grid infrastructures via the Grid Component Model (GCM). GCM, besides guaranteeing access to grid resources, supports autonomic management of notable parallel composite components. This feature is exploited within our biometric identification application to ensure real-time identification of fingerprints. Therefore, we briefly introduce the GCM framework and the process engine used, and we describe the implementation of the application by means of autonomic GCM components. Finally, we summarise the results, experiences and lessons learned focusing on the integration of autonomic GCM components and the process-driven approach.

Seamlessly integrating disk and tape in a multi-tiered distributed file system

The explosion of data volumes in enterprise environments and limited budgets have triggered the need for multi-tiered storage systems. With the bulk of the data being extremely infrequently accessed, tape is a natural fit for storing such data. In this paper we present our approach to a file storage system that seamlessly integrates disk and tape, enabling a bottomless and cost-effective storage architecture that can scale to accommodate Big Data requirements. The proposed system offers access to data through a POSIX filesystem interface under a single global namespace, optimizing the placement of data across disk and tape tiers. Using a self-contained, standardized and open filesystem format on the removable tape media, the proposed system avoids dependence on proprietary software and external metadata servers to access the data stored on tape. By internally managing the tape tier resources, such as tape drives and cartridges, the system relieves the user from the burden of dealing with the complexities of tape storage. Our implementation, which is based on the GPFS and LTFS filesystems, demonstrates the applicability of the proposed architecture in real-world environments. Our experimental evaluation has shown that this is a very promising approach in terms scalability, performance and manageability. The proposed system has been productized by IBM as LTFS Enterprise Edition.

Flexible Persistence Support for State Machine-Based Workflow Engines

This paper introduces a flexible persistence model for state machine workflows. In contrast to the persistence support in contemporary process definition languages and corresponding workflow engines we propose a model where, firstly, an arbitrary number of persistence providers can be attached to the process engine and, secondly, the workflows can dynamically decide when they should be stored persistently and by which persistence provider. Furthermore, we exemplify the implementation of this model within ePVM, an embeddable process virtual machine based on the theoretical foundation of communicating extended finite state machines. Finally, we present results gained from an initial experiment demonstrating that the model can help increasing software efficiency.

Methodology for component-based development of grid applications

Component-based software technologies have emerged as a modern approach to software development for distributed and Grid applications. However, the lack of longer-term experience and the complexity of the target systems demand more research results in the field. This paper provides a generic method to develop applications based on a Grid Component Model (GCM). We discuss the main advantages of our methodology -- reduced development cycle, increased portability, and support of dynamic properties of the GCM-based component framework. We then introduce our integrated environment designed to enable component-based development of Grid applications. After that we illustrate the methodology using as an example the development of a complex distributed business process application for a biometric identification system. Finally, we report our initial findings and experiences of applying the methodology and the integrated environment, to best exploit the GCM framework.

Integrating Autonomic Grid Components and Process-Driven Business Applications

Today’s business applications are increasingly process driven, meaning that the main application logic is executed by a dedicate process engine. In addition, component-oriented software development has been attracting attention for building complex distributed applications. In this paper we present the experiences gained from building a process-driven biometric identification application which makes use of Grid infrastructures via the Grid Component Model (GCM). GCM, besides guaranteeing access to Grid resources, supports autonomic management of notable parallel composite components. This feature is exploited within our biometric identification application to ensure real time identification of fingerprints. Therefore, we briefly introduce the GCM framework and the process engine used, and we describe the implementation of the application using autonomic GCM components. Finally, we summarize the results, experiences, and lessons learned focusing on the integration of autonomic GCM components and the process-driven approach.