There is an informative and in-depth article on CoMiFin now available on the IBM R&D News site in Isreal written by Eliezer Dekel.This news item covers the research being done in the project emphasiing its relevance tofinancial critical infrastructure protection. It also provides details for relevant CoMiFin use cases and a partner list.
-- CoMiFin-ICA Workshop March 2011 --
The second CoMiFin
International Collaboration Action (CoMiFin-ICA) workshop brings together representatives of the
EU-sponsored CoMiFin consortium, researchers from Sandia Lab, and IBM
Research as well as financial sector experts. The topics to be discussed
include among others the new approaches to establishing trusted
federations, collaborative security, scalable data sharing, and
distributed event and stream processing as the means of early detection.
The one day program will feature keynotes by event processing and
security experts, presentations by the CoMiFin project and SANDIA Lab, a
discussion panel, and an evening banquet.
A few seats are available. If you are interested please contact one of the organizers below to receive your personal invitation.
phone no: 0039-06-5027-4277
phone no: +972-4-8296234
IBM - Thomas J. Watson Research Center - 1101 Kitchawan Road,
Route 134, Yorktown Heights, N.Y. 10598 – Room 20-043
The latest news and agenda is also available as a pdf here .
-- Dr Lodi wins award for work in CoMiFin --
Congratulations to Dr Giorgia Lodi who has recently won an award in the context of “T-35 giovani innovatori". Dr Lodi applied for the award in Italy in which she
described the work on semantic room and event processing systems carried
out by CINI in the context of the CoMiFin project. She is going to receive the award on March 17, 2011, in Padova (Italy).
Scientific American has an edited transcript of an interview with a senior
US official who supports a bill to increase US government control over the
internet, with the aim of protecting the US from a cyber attack. Clearly
the threat is taken seriously.
-- EU Clustering of Trust and Security Projects --
For those with an interest in EU Trust and Security research project clustering activities. The output report and presentations from the Effectsplus Open Communications Event, February 1st 2011 are now available via the following link.
The EU Coordination Action Effectsplus and the Future Internet Assembly (FIA) are developing a roadmap for research into all aspects of the Future Internet. As part of this effort they are organising an Open Day / workshop on 31st March 2011. The workshop will also include the opportunity to review contributions received to date as well as to hear new contributions to be presented at the workshop.
Date: Thursday 31st March, 10.00 AM to 4.00pm
Location: European Commission, Beaulieu 25, room 0/S1 , Brussels.
In addition, an article by Giorgia Lodi can be found here (also in Italian). Which describes the workshop events.
The video is in Italian.
-- CoMiFin Dashboard Video Demo --
A video of the CoMiFin Dashboard is now available to view online .
This demonstrates the semantic room dashboard highlighting feedback in a graphical user interface.
-- 1st Workshop on Information Sharing for Financial IT Infrastructure --
1st Workshop on Information Sharing
for Financial IT Infrastructure:
Barriers and Opportunities
Rome - October 11th, 2010
Università di Roma “La Sapienza”
The aim of the workshop is to bring together people from
academia, research centers, stakeholders and regulators to
analyze opportunities and risks associated with the sharing of
information in the Financial IT world. Our ultimate aim is to
influence decision and policy makers to take advantage of these
-- 1st Security of IoT Workshop, Tokyo, Japan, 29 Nov. 2010 --
The 1st Workshop on the Security of the Internet of Things, SecIoT 2010 , is being held on November 29th in conjunction with the Internet of Things 2010 conference in Tokyo, Japan. Important dates are the following:
- Paper Submission due: 10 September 2010
- Acceptance notification: 5 October 2010
- Final papers due: 12 October 2010
Most of the Internet of Things (IoT) definitions revolve around the same central concept: a world-wide network of interconnected objects. The services that could be provided by this new paradigm are so vast, ranging from integral e-health management to augmented reality, that its importance in the future of our society has been acknowledged by companies and governments all over the world. However, achieving a secure and usable Internet of Things (IoT) is a daunting task, as it is necessary to protect the interactions between humans, machines, and possibly millions of heterogeneous constrained devices over the Internet.
The main purpose of 1st Workshop on the Security of the Internet of Things, SecIoT'10 (http://www.isac.uma.es/seciot10 ), is precisely to address the most important security research issues that must be solved in order to protect the IoT. Our workshop is completely focused only on all the different security challenges that are related to the Internet of Things: From the protection and interoperability of the different actors and building blocks to the management of the information produced by the interactions between all entities. In particular, the topics of our workshop (which are thoroughly described in http://www.isac.uma.es/seciot10/theme.htm l) include the following:
* New security problems in the context of the IoT.
* Privacy risks and data management problems.
* Identifying, authenticating, and authorizing entities.
* Development of trust frameworks for secure collaboration.
* New cryptographic primitives for constrained "things".
* Connecting heterogeneous ecosystems and technologies.
* Legal Challenges and Governance Issues.
* Resilience to external and internal attacks.
* Context-Aware Security.
* Providing protection to an IP-connected IoT.
* Web services security and other application-layer issues.
Moreover, authors of selected papers will be invited to submit an extended version for possible publication in the "Protecting the Internet of Things" special issue of Wiley's Security and Communication Networks Journal. This international journal publishes original research papers on security and cryptographic mechanisms applied to all types of information and communication networks, and it is indexed in almost all important technical journal index systems, such as ISI, SCI, EI, SCOPUS, etc.
-- ICT 2010, Brussels, 27 - 29th Sept. 2010 --
The ICT 2010 event is fast approaching. The INCO-TRUST project has a networking session on Day 2 of ICT 2010 (28th of September 2010) from 11:00 - 12:30. The focus of the session will be building a long term strategy for international collaboration in trust and security. The purpose of the session is twofold: 1) to outline the key themes and topics across the international communities identified over the years, and 2) to work out ways of achieving global co-operation for these topics and laying out a roadmap to do so over the next 12 months. If you are visiting ICT 2010 and work in ICT Trust, security and privacy or related topics, especially if from a non - EU bases, please make contact with Jim Clarke .
-- 1st Measurability Workshop, MeSSa 2010 --
The 1st International Workshop on Measurability of Security in Software Architectures (MeSSa 2010 ) was held on 23rd August 2010. The workshop had excellent papers on approaches to measuring security in software architectures for determining security level or performance of a system, service or product, required taxonomies and definition of security and security assurance metrics to name a few. The workshop concluded with a panel session on best practices on measuring and gathering evidence of security levels and main research challenges associated to measuring security. The final slides will be available shortly on the MeSSa 2010 web site .
-- CoMiFin-ICA Launch --
Starting from June 1st 2010 CoMiFin is cooperating with SANDIA Laboratory as part of the CoMiFin-ICA (International Cooperation Aspects) project. The objective of the joint work is to show the added value of cooperation in the management of Financial Critical Infrastructure through formal modelling.
Activities in CoMiFin-ICA involve public workshops and internal working sessions to disseminate the results of the CoMiFin project and NISAC/Sandia (www.sandia.gov).
A high level of dissemination will be guaranteed through the participation of representative members of the US and EU financial institutions.
FAB members have also provided assistance in developing an agenda for an upcoming EU-US workshop that will be held between the CoMiFin project and Sandia National Laboratories.
To be held in October 2010
-- U.S. Plans Cyber Shield for Critical Infrastructure --
A recent article from the WSJ about U.S. plans for monitoring Critical
infrastructures (CI). It highlights the value of collaborative
approaches to identifying threats in distributed systems.
From the article:
'The federal government is launching an expansive program dubbed
"Perfect Citizen" to detect cyber assaults on private companies and
government agencies running such critical infrastructure as the
electricity grid and nuclear-power plants'
We're doing some similar work in the CoMiFin project to protect
Financial CI. Our system facilitates information exchange between
participants with distributed event processing for identifying emerging
-- FAB Meeting In Rome June 2010 --
On 17th June 2010, there was a CoMiFin Financial Advisory Board meeting held in Rome. The meeting concentrated on the dissemination of the status of the CoMiFin prototype 1 including a demonstration of a storyboard based development of a Semantic Room (SR) for both Intrusion Detection and Man in the Middle attacks. The following elements were shown in the demonstration:
- SR Management functions that can be activated from the CoMiFin portal;
- SR Service provisioning and related interactions;
- SR service monitoring through the Dashboard that shows metrics and alerts;
- Data gathering and event processing.
In addition to providing valuable feedback on the demonstrations, the FAB members also provided assistance in developing an agenda for an upcoming EU-US workshop that will be held between the CoMiFin project and Sandia
National Laboratories (www.sandia.gov). In addition, the PARSIFAL project key recommendations and outcomes were presented to the FAB members.
-- Inco-Trust workshop in New York City --
F5 Trust and Security project INCO-TRUST
held a workshop on 4-5th May 2010 in New York City. The
workshop was co-organised by the National
Science Foundation, Rutgers
University and the INCO-TRUST
The main focus of the workshop was International Data Exchange with
and Privacy: Applications, Policy, Technology, and Use. There were
from EU, US,
Korea, Japan, Australia,
Canada, South Africa and Brazil.
The workshop slides will be available shortly at
workshop web site.
-- CoMiFin in Irish Financial Services Directory --
The Irish Third Level
Financial Services Directory is an easy to use guide for financial services companies who wish
to identify and access specific expertise within the Irish third level sector with a view to
entering into collaborative projects.
CoMiFin has been listed as one of the projects of interest in this commercial research directory, actively promoting the CoMiFin project to a wide range of business and research stakeholders in the financial area.
-- Parsifal Results --
Parsifal (Protection And tRuSt In FinanciAL infrastructures) is a Coordination Action project, funded by the FP7 Programme under the Strategic Objective: ICT-SEC-2007.1.7 (Critical Infrastructure Protection).
The project began in September 2008 and completed in February 2010. Close ties between CoMiFin and Parsifal have led to a number of successful events and a shared stakeholder group.
Parsifal examined how to better protect Critical Financial Infrastructures (CFIs) and, to this end, returned eight specific recommendations. These recommendations relate to research topics which require attention in order to reduce the risk of CFI attack/degradation.
The recommendations are divided amongst three areas: Controlling instant on-demand business;
Entitlement management and securing content in a perimeter-less environment; and,
Continuity and control in an interdependent service landscape.
The ESRIF (European Security Research and Innovation Forum) final report was recently released and it is now available here. The ESRIF strategy group was setup by the European Commission with the support of the European community to examine the civil security of Europe. Of particular interest to CoMiFin was Working Group 2: Security of Critical Infrastructures. The consideration of financial infrastructure as a key critical infrastructure for Europe was again highlighted (in Topic 8). The level of importantance of financial infrastructure was reflected by finance being included in WG2 sub-groups and WG2 panels.
From the report: "critical infrastructures protection research should place emphasis on risk management, including prediction, prevention, ensuring service continuity and rapid recovery in the event of an incident. Security characteristics therefore should be designed to increase systemic and inherent resilience."
This ethos is summed up nicely: "In three words, what critical infrastructures in Europe need is a culture of resilience". The role of the CoMiFin project in protecting Financial Critical Infrastructure places it at the heart of a resiliant and survivable Europe.