Home
Roadmap

The NESSoS roadmap is available and we would like to know your opinion on it. For the following topics that we have identified as relevant in the area of secure service engineering please indicate to what level they are important or relevant to you or your research. At the end of this survey there will be a space for you to indicate new topics that we have not considered.

From the topics identified in NESSoS roadmap, assign priority (low/medium/high).


Personal information


  1. Title

  2. ( Optional )

  1. Full name

  2. ( Optional )

  1. Email address

  2. ( Optional )

  1. Organization

  2. ( Optional )

Application domains


This question is required
lmh
Cloud
Mobile
SCADA
Web
SmartGrids

  1. Other

  2. ( Optional )

Common properties


This question is required
lmh
Compliance
Privacy
Trust
Identity protection

  1. Other

  2. ( Optional )

Transversal topic: security assurance during SDLC (Service Development Life Cycle)


This question is required
lmh
Security assurance during SDLC
-- Early assurance
---- Step-wise refinement of security (from policies down to mechanisms)
---- Formal verification of policies models (theorem proving, model checking)
---- Certification and audit frameworks for scenarios involving outsourcing of services
-- Implementation assurance
---- Secure programming
---- Testing and debugging
------ Penetration testing (specially model-based penetration testing)
------ Automatic generation of tests for web applications
------ Debugging
---- Runtime monitoring
---- Secured session management for web service security
-- Quantitative security for assurance
---- Formal metrics
---- Metrics for privacy and isolation in cloud computing
---- Validation and comparison frameworks for security metrics
---- Compositional calculation in service-oriented systems

  1. Other

  2. ( Optional )

Transversal topic: risk and cost-aware SDLC (Service Development Life Cycle)


This question is required
lmh
Risk and Cost-aware SDLC
-- Risk and cost analysis process: towards incremental and iterative process through SDLC
-- Risk composition and aggregation
-- Risk and cost evolution
-- Risk validation and integration
-- Applying formal methods to risk management
-- Runtime re-configurability of security based on risk management

  1. Other

  2. ( Optional )

Enabling methodologies and technologies to enhance FI trustworthiness: security requirements engineering


This question is required
lmh
Security requirements engineering
-- High-level modelling of requirements
-- Dealing with huge amounts of stakeholders and devices
-- Emphasis on identity, privacy and trust
-- Stakeholders’ requirements reconciliation
-- Requirements languages for managing legislative constraints and socio-technical and economic aspects
-- Conflicts resolution between security requirements and other requirements
-- Legal compliance
-- Privacy requirements engineering

  1. Other

  2. ( Optional )

Enabling methodologies and technologies to enhance FI trustworthiness: Secure Service Architecture and Design


This question is required
lmh
Secure Service Architectures and Design
-- Reasoning about security in multi-concern design models
-- From design diversity to model-driven diversity synthesis
-- Support for model-driven security dynamic adaptation
-- Integrate security modelling in domain-specific modelling languages
-- Reusable architecture know-how

  1. Other

  2. ( Optional )

Enabling methodologies and technologies to enhance FI trustworthiness: security support in programming environments


This question is required
lmh
Security support in programming environments
-- Service creation
---- Security support for service creation (by composing services or by programming new services from scratch)
-- Service execution
---- Security enforcement at runtime
-- Middleware
---- Monitoring of business compositions
-- Secure service programming
---- Adherence to programming principles and best practices
---- Verifiable concurrency
-- Platform support for security enforcement
---- Secure cross-domain interactions
---- Finely grained execution monitoring
---- Supporting security assurance for FI services

  1. Other

  2. ( Optional )

Enabling methodologies and technologies to enhance FI trustworthiness: service composition and adaptation


This question is required
lmh
Service composition and adaptation
-- Dynamic adaptation at the semantic level
-- Evolution of security contracts during the whole life of software
-- Open market of composable services
-- Assessing risk of a service composition
-- Test-bed for comparing service adaptation by contract approaches

  1. Other

  2. ( Optional )

Enabling methodologies and technologies to enhance FI trustworthiness: runtime verification and enforcement


This question is required
lmh
Runtime verification and enforcement
-- Run-time monitoring of data flow
-- Usage control properties monitoring

  1. Other

  2. ( Optional )

Enabling methodologies and technologies to enhance FI trustworthiness: user security awareness


This question is required
lmh
User security awareness
-- Declarative policies
-- Visual representation of security state

  1. Other

  2. ( Optional )

Enabling methodologies and technologies to enhance FI trustworthiness: security management


This question is required
lmh
Security management
-- Managing security incidents

  1. Other

  2. ( Optional )

Enabling methodologies and technologies to enhance FI trustworthiness: autonomic security


This question is required
lmh
Autonomic security
-- Predictive analysis of security problems
---- Smart reasoners
---- Selecting really valuable data
-- Secure dynamic adaptive architectures

  1. Other

  2. ( Optional )

New topics


  1. Would you like to propose new topics not included in the lists above?

  2. ( Optional )