Miguel L Pardal

SSL/TLS communication channels play a very important role in Internet security, including cloud computing and server infrastructures. There are often concerns about the strength of the encryption mechanisms used in TLS channels. Vulnerabilities can lead to some of the cipher suites once thought to be secure to become insecure and no longer recommended for use or in urgent need of a software update. However, the deprecation/update process is very slow and weeks or months can go by before most web servers and clients are protected, and some servers and clients may never be updated. In the meantime, the communications are at risk of being intercepted and tampered by attackers. In this paper we propose an alternative to TLS to mitigate the problem of secure communication channels being susceptible to attacks due to unexpected vulnerabilities in its mechanisms. Our solution, called Vulnerability-Tolerant Transport Layer Security (vtTLS), is based on diversity and redundancy of cryptographic mechanisms and certificates to ensure a secure communication even when one or more mechanisms are vulnerable. Our solution relies on a combination of k cipher suites which ensure that even if k − 1 cipher suites are insecure or vulnerable, the remaining cipher suite keeps the communication channel secure. The performance and cost of vtTLS were evaluated and compared with OpenSSL, one of the most widely used implementations of TLS.

Web applications hosted on the cloud are exposed to cyberattacks and can be compromised by HTTP requests that exploit vulnerabilities. Platform as a Service (PaaS) offerings often provide a backup service that allows restoring application state after a serious attack, but all valid state changes since the last backup are lost. We propose Rectify, a new approach to recover from intrusions on applications running in a PaaS. Rectify is a service designed to be deployed alongside the application in a PaaS container. It does not require modifcations to the software and the recovery can be performed by a system administrator. Machine learning techniques are used to associate the requests received by the application to the statements issued to the database. Rectify was evaluated using three widely used web applications – Wordpress, LimeSurvey and MediaWiki – and the results show that the effects of malicious requests can be removed whilst preserving the valid application data.

We present VTTLS, a vulnerability-tolerant communication protocol based on diversity and redundancy. There are often concerns about the strength of some of the encryption mechanisms used in SSL/TLS channels, with some regarded as insecure at some point in time. VTTLS is our solution to mitigate the problem of secure communication channels being vulnerable to attacks due to unexpected vulnerabilities in encryption mechanisms. It is based on diversity and redundancy of cryptographic mechanisms and certificates to provide a secure communication channel even when one or more mechanisms are vulnerable. VTTLS relies on a combination of k cipher suites. Even if k − 1 cipher suites are insecure or vulnerable, VTTLS relies on the remaining cipher suite to maintain the channel secure. We evaluated the performance of VTTLS by comparing it to an OpenSSL channel.

The Border Gateway Protocol (BGP) plays a critical role in the Internet providing connectivity to hosts across the world. Unfortunately, due to its limited security, attackers can hijack traffic by generating invalid routes. Some detection systems for route hijacking have been presented, but they require non-public information, high resources, or can easily be circumvented by attackers. We propose DARSHANA, a monitoring solution that detects route hijacking based solely on data-plane information, and has enough redundancy to prevent attacker countermeasures such as dropping of traceroute probes. DARSHANA uses active probing techniques that enable detection in near real-time. By using diverse methods, DARSHANA can still detect attacks even if the adversary manages to counter some techniques. We show that our solution allows effective detection of many hijacking attacks by emulating them using PlanetLab and Amazon AWS

Communication through the Internet raises privacy and confidentiality concerns. Protocols such as HTTPS may be used to protect the communication, but occasionally vulnerabilities that may allow snooping on packet content are discovered. To address this issue, we present MACHETE, an application-layer multi-path communication mechanism that provides additional confidentiality by splitting data streams in different physical paths. MACHETE has to handle two challenges: sending packets over different paths when Internet’s routing imposes a single path between pairs of network interfaces; splitting streams of data sent over TCP connections. MACHETE is the first to exploit MultiPath TCP (MPTCP) for security purposes. It leverages overlay networks and multihoming to handle the first challenge and MPTCP to handle the second. MACHETE establishes an overlay network and scatters the data over the available paths, thus reducing the effectiveness of snooping attacks. Mechanisms are provided to select paths based on path diversity.

Radio frequency identification (RFID) is an automatic data capture technology that has great potential to improve business. However, RFID projects have significant up-front costs: buying tags and readers, and installing them in business locations. Until now, a physical deployment was required to properly test RFID software and its integration with existing systems. This paper describes EPC Virtual Laboratory (EPC VLab), a physical world simulation engine, that can be used to feed standard RFID information systems with realistic data. The simulator has proved to be useful for preliminary and exploratory testing.

Web Services were designed for Enterprise systems. They are a flexible but complex technology, with numerous performance pitfalls for developers. They also have significant overhead when compared with platform-specific solutions (e.g. Java RMI). The end solutions have to combine (virtualized) platform, application framework, and application-specific code. As a result of this complexity, the performance of the final application is often disappointing and requires improvement. This paper describes the implementation of performance tools for an open-source application framework based on the Java platform and presents the findings of a detailed assessment of Web Services performance using the newly developed tools. The challenges, techniques, and lessons learned are relevant beyond the scope of the used framework because widely used open-source libraries were studied as well, namely: Hibernate, JAX-WS, and Log4J.

Radio Frequency Identification (RFID) is a technology that can be used to tag physical objects and to detect and identify them automatically along the supply chain. A RFID-based traceability information system uses the captured data to answer track, trace, and bill-of-materials queries. There are several published system proposals, but it is unclear how solutions for a given supply chain problem can be compared. This paper presents an analytical model to compare traceability information systems based on the estimated cost of data capture and query processing.

A Discovery Service is an information system designed to facilitate RFID data exchange between trading partners in a supply chain, in a secure and scalable manner. There are several Discovery Service architecture proposals, but it is unclear what is the best architecture for a given supply chain problem. This poster presents a framework that is being built to evaluate and compare Discovery Service architectures with quantitative metrics.

RFID technology enables traceability systems that capture detailed data about goods as they move in the supply chain. Securing this data requires evaluating dynamic conditions to authorize business partners that are not known in advance. Furthermore, the system must promote trust and give incentives so that each partner shares its own data. TrakChain implemented data visibility restriction policies using RDF and SPARQL. These policies can be converted to a standard format, XACML, to reuse existing enforcement infrastructures and tools. The expressiveness of the policies was evaluated against a set of requirements for a pharmaceutical traceability system.

Radio frequency identification (RFID) is an automatic identification technology making its way to supply chains in Retail, Pharmaceutical, and other industries. RFID extends the reach of supply chain information systems in such a way that it will soon be possible and economically feasible to tag valuable physical objects and then to track and trace them, enabling many novel and useful applications. This paper provides an introduction to RFID for practitioners with a computer science background.

Service-Oriented Architecture (SOA) and Web Services (WS) offer advanced flexibility and interoperability capa-bilities. However they imply significant performance overheads that need to be carefully considered. Supply Chain Management (SCM) and Traceability systems are an interesting domain for the use of WS technologies that are usually deemed to be too complex and unnecessary in practical applications, especially regarding security. This paper presents an externalized security architecture that uses the eXtensible Access Control Markup Language (XACML) authorization standard to enforce visibility restrictions on trace-ability data in a supply chain where multiple companies collabo-rate; the performance overheads are assessed by comparing ‘raw’ authorization implementations - Access Control Lists, Tokens, and RDF Assertions - with their XACML-equivalents.

Radio Frequency Identification (RFID) technology allows automatic data capture from tagged objects moving in a supply chain. This data can be very useful if it is used to answer traceability queries, however it is distributed across many different repositories, owned by different companies. Discovery Services (DS) are designed to assist in retrieving the RFID data relevant for traceability queries while enforcing sharing policies that are defined and required by participating companies to prevent sensitive data from being exposed. In this paper we define an interface for Supply Chain Authorization (SC-Az) and describe the implementation of two visibility restriction mechanisms based on Access Control Lists (ACLs) and Capabilities. Both approaches were converted to the standard eXtensible Access Control Markup Language (XACML) and their correctness and performance was evaluated for supply chains with increasing size.

The Pharma(ceuticals) industry is at a cross-roads. There are growing concerns that illegitimate products are penetrating the supply chain. There are proposals in many countries to apply RFID and other traceability technologies to solve this problem. However there are several trade-offs and one of the most crucial is between data visibility and confidentiality. In this paper, we use the TrakChain assessment framework tools to study the US Pharma supply chain and to compare candidate solutions to achieve traceability data security: Point-of-Dispense Authentication, Network-based electronic Pedigree, and Document-based electronic Pedigree. We also propose extensions to a supply chain authorization language that is able to capture expressive data sharing conditions considered necessary by the industry's trading partners.

RFID is a technology that enables the automated capture of observations of uniquely identified physical objects as they move through supply chains. Discovery Services provide links to repositories that have traceability information about specific physical objects. Each supply chain party publishes records to a Discovery Service to create such links and also specifies access control policies to restrict who has visibility of link information, since it is commercially sensitive and could reveal inventory levels, flow patterns, trading relationships, etc. The requirement of being able to share information on a needto- know basis, e.g. within the specific chain of custody of an individual object, poses a particular challenge for authorization and access control, because in many supply chain situations the information owner might not have sufficient knowledge about all the companies who should be authorized to view the information, because the path taken by an individual physical object only emerges over time, rather than being fully pre-determined at the time of manufacture. This led us to consider novel approaches to delegate trust and to control access to information. This poster presents an assessment of visibility restriction mechanisms for Discovery Services capable of handling emergent object paths. We compare three approaches: enumerated access control (EAC), chain-of-communication tokens (CCT), and chainof- trust assertions (CTA). A cost model was developed to estimate the additional cost of restricting visibility in a baseline traceability system and the estimates were used to compare the approaches and to discuss the trade-offs.

RFID is a technology that enables the automated capture of observations of uniquely identified physical objects as they move through supply chains. Discovery Services provide links to repositories that have traceability information about specific physical objects. Each supply chain party publishes records to a Discovery Service to create such links and also specifies access control policies to restrict who has visibility of link information, since it is commercially sensitive and could reveal inventory levels, flow patterns, trading relationships, etc. The requirement of being able to share information on a needto- know basis, e.g. within the specific chain of custody of an individual object, poses a particular challenge for authorization and access control, because in many supply chain situations the information owner might not have sufficient knowledge about all the companies who should be authorized to view the information, because the path taken by an individual physical object only emerges over time, rather than being fully pre-determined at the time of manufacture. This led us to consider novel approaches to delegate trust and to control access to information. This paper presents an assessment of visibility restriction mechanisms for Discovery Services capable of handling emergent object paths. We compare three approaches: enumerated access control (EAC), chain-of-communication tokens (CCT), and chainof- trust assertions (CTA). A cost model was developed to estimate the additional cost of restricting visibility in a baseline traceability system and the estimates were used to compare the approaches and to discuss the trade-offs.

Organizations expect Web Services to make their information systems more agile, so they can better adapt to changes in business requirements. Hence, this technology focuses on interoperability and flexibility giving developers the ability to customize, reuse and enhance Web Service functionalities as well as non-functional extensions such as security, transactions and reliable messaging. This paper describes the core mechanisms necessary to build Web Services extensions, regardless of the underlying platform. This contribution is based on the results of a comprehensive evaluation of existing implementations.

Organizations want to make their information systems more agile so they can better adapt to changes in business requirements. Web Services is a technology proposal to enable such flexible and reusable systems. Interoperability is a critical constraint because most business processes cross organization and technology boundaries. This paper presents WS-Map, a broad and vendor independent standards index, freely accessible over the Internet, comprising a survey of Web Services technology. Using WS-Map, developers, researchers and other Web Services users can put standards in perspective and make more informed technology decisions for their projects.

Web Services (WS) are an important tool for the integration of enterprise applications. With a growing set of WS related standards (WS-*), the technology has become increasingly more complicated to configure and manage, even more so when the Quality of Service (QoS) requirements of the system are changing. This paper presents the results of a study conducted on the ability of the major Web Services implementations to adapt to changing QoS attributes. Their shortcomings are then used as motivation for SmartSTEP, a proposal for a more advanced policy-driven automatic configuration solution.

System reliability can be improved through several ways, the most common is to buy more hardware to cover RFID's reliability issues. A way less costly solution is to improve middleware systems by eliminating the occurrence of false tag reads. This work intends to redesign the Fosstrak's data cleaning module - EPCGlobal compliant middleware. As part of an ongoing work, an adaptive sliding-window technique was implemented and it will be improved with behaviour characteristics of the captured objects. Previous knowledge of the business steps will also make part of this development.

This technical report presents a performance study of the STEP Framework, an open-source application framework based on the Java platform that hasbeen used for several years to teach the development of distributed enterprise applications to Computer Science and Engineering undergrad students.

Organizations want to make their information systems more agile so they can better answer the challenge of adapting to changes in business requirements. Web Services and Service-Oriented Architectures propose systems with greater flexibility, reuse and interoperability. However, the essential security standards and implementations have yet to be sufficiently evaluated in practical uses. This paper presents a survey of Web Services technology with additional detail for security standards and implementations. It also evaluates the technology using a complex and valuable business case-study: real estate transactions. A prototype evidenced insufficiencies in the available implementations.

The forthcoming widespread use of smart things, like RFID tags and sensors, along with omnipresent wireless networks, will create an Internet of Things (IoT), where most everyday objects will be interconnected and part of an universal-purpose system akin to the Internet. This position paper looks at the IoT in a computer science research perspective. It identifies the main challenges to address and points to a set of possible research paths. It also provides some insight into what will change in the way information systems are designed and used in the IoT era.

The forthcoming widespread use of smart things, like RFID tags and sensors, along with omnipresent wireless networks, will create an Internet of Things (IoT), where most everyday objects will be interconnected and part of an universal-purpose system akin to the Internet. This position paper looks at the IoT in a computer science research perspective. It identifies the main challenges to address and points to a set of possible research paths. It also provides some insight into what will change in the way information systems are designed and used in the IoT era.

The TrakChain assessment tools take a description of a physical supply chain – relevant locations, how many goods are received, how often, etc. – and estimate the performance of track and trace queries in a modelled traceability system, providing predictions of how much processing and storage will be required for the working system. The tools were developed at Instituto Superior Técnico, Universidade de Lisboa, Portugal and were evaluated using a Pharmaceuticals supply chain case study.

Organizations expect Web Services to make their information systems more agile so they can better adapt to changes in business requirements. Hence, this technology's design principles focus on interoperability and flexibility to give developers the ability to customize, reuse and enhance functionalities as well as non-functionalities such as security, transactions and reliable messaging. In particular, an effective Web Services customization must give application developers simple and expressive ways to program the changes they need without losing any capabilities available in the platform. We propose customization with Web Services Extensions and present the concept, its core mechanisms and its implementation on the STEP Framework, an open-source multi-layer Java enterprise application framework.

Radio-frequency identification (RFID) enables the total visibility supply chain, where trading partners collect data about physical goods in the supply chain and share it, as long as their own interests are safeguarded. The sharing restrictions can be stated in discovery policies, interpreted and enforced by discovery services that lookup information about physical goods across organizational boundaries and disperse geographic regions. This research proposal aims to study how discovery policies and context data can improve the scalability of secure discovery services.

The combined use of Enterprise Resources Planning (ERP) and Supply Chain Management (SCM) systems has greatly improved the efficiency of supply chains. Further improvements require a deeper connection between the virtual and physical worlds. Automatic identification technologies, like radio-frequency identification (RFID), allow identification data about tagged physical objects to be collected by readers deployed across locations in the supply chain. This data is stored and managed using traceability systems to allow efficient answers to queries like Track and Trace. A practical traceability system should perform adequately for the large number of physical objects flowing in the supply chain (address the scale problem); and it should protect the sensitive business data from unauthorized access (address the data visibility problem). The original contributions of this dissertation are: quantitative cost models that compare traceability systems for given supply chain scenarios; and visibility restriction mechanisms that can be used to define and enforce supply chain data access control policies. The analytic models take supply chain and target system parameters and compute cost estimates for data capture and queries, even when many implementation details are not available. The visibility restriction mechanisms are capable of identifying assets and stating the existence of records and the data access conditions, even if some of the supply chain partners are not known in advance. The policies are authored in RDF format with a distributed data model; and are enforced in a security infrastructure based on the XACML standard. The results are illustrated with examples from several industries and a case study in the Pharmaceutical supply chain.

As organizações procuram agilizar os seus sistemas de informação para melhor responder ao permanente desafio de adaptação aos requisitos de negócio. As arquitecturas de serviços e os Web Services são uma proposta para estruturar os sistemas com maior flexibilidade, reutilização e interoperabilidade. No entanto, as importantes normas e implementações de segurança não foram ainda suficientemente avaliadas na prática. Esta tese avalia a Web Services Security com um caso de estudo real, complexo e com valor: a compra e venda de imóvel. Foi realizado um protótipo que evidenciou insuficiências das implementações disponíveis. O contributo mais significativo desta tese \'{e} o retrato actual e completo da tecnologia de Web Services, com uma avaliação aprofundada das normas e implementações de segurança.

Organizations want to make their information systems more agile so they can better answer the challenge of continuous adaptation to business requirements. Service architectures and Web Services are a proposal to structure systems with greater flexibility, reuse and interoperability. However, the important security standards and implementations have yet to be sufficiently evaluated in practical uses. This thesis evaluates Web Services Security with a complex and valuable business case study: real estate transactions. A prototype evidenced several insufficiencies in the available implementations. The most relevant contribution of this thesis is the up-to-date and complete description of Web Services technology, with an insightful assessment of security standards and implementations.