Tauber, Markus

2013, Bless, R., Hutchison, D., Schoeller, M., Smith, P., Tauber, Markus

2022, Ani Bicaku, Mario Zsilak, Theiler, Peter, Markus Tauber, Jerker Delsing

2010, Tauber, Markus, Kirby, G. N. C., Dearle, A.

2016-04-18, Bicaku, Ani, Balaban, Silvia, Tauber, Markus, Hudic, Aleksandar, Mauthe, Andreas, Hutchison, David

Due to a lack of transparency in cloud based services well-defined security levels cannot be assured within current cloud infrastructures. Hence sectors with stringent security requirements hesitate to migrate their services to the cloud. This applies especially when considering services where high security requirements are combined with legal constraints. To tackle this challenge this paper presents an extension to our existing work on assurance methodologies in cloud based environments by investigating how current state of the art monitoring solutions can be used to support assurance throughout the entire infrastructure. A case study is used in which monitoring information representing a set of relevant security properties is being collected. As result, we propose that a combination of existing tools should be used to harmonize existing monitoring artifacts. We describe and evaluate an Evidence Gathering Mechanism (EGM) that provides this harmonization and show how this can support assurance. This can also underpin legal proceedings from an evidence law perspective.

2017, Carlsson, Oscar, Vera, Daniel, Arceredillo, Eduardo, Tauber, Markus, Bilal, Ahmad, Schmittner, Christoph, Plosz, Sandor, Ruprechter, Thomas, Aldrian, Andreas, Delsing, Jerker

2017-12, Bauer, Elisabeth, Schluga, Oliver, Maksuti, Silia, Bicaku, Ani, Hofbauer, David, Ivkić, Igor, Wöhrer, Alexander, Tauber, Markus

The popularity of cloud based Infrastructure-as-a- Service (IaaS) solutions is becoming increasingly popular. However, since IaaS providers and customers interact in a flexible and scalable environment, security remains a serious concern. To handle such security issues, defining a set of security parameters in the service level agreements (SLA) between both, IaaS provider and customer, is of utmost importance. In this paper, the European Network and Information Security Agency (ENISA) guidelines are evaluated to extract a set of security parameters for IaaS. Furthermore, the level of applicability and implementation of this set is used to assess popular industrial and open-source IaaS cloud platforms, respectively VMware and OpenStack. Both platforms provide private clouds, used as backend infrastructures in Industry 4.0 application scenarios. The results serve as initial work to identify a security baseline and research needs for creating secure cloud environments for Industry 4.0.

2017, Aldrian, Andreas, Priller, Peter, Schmittner, Christoph, Plosz, Sandor, Tauber, Markus, Wagner, Christian, Hein, Daniel, Ebner, Thomas, Maritsch, Martin, Ruprechter, Thomas, Lesjak, Christian

2018-05, Bicaku, Ani, Schmittner, Christoph, Tauber, Markus, Delsing, Jerker

In Industry 4.0 independent entities shall inter-operate to allow flexible and customized production. To assure the parties that individual components are secured to inter-operate, we investigate automated standard compliance. The standard compliance is defined based on given sets of security and safety requirements from which are derived measurable indicator points. Those reflect configurations of systems recommended by security, safety or legally relevant standards and guidelines, which help to demonstrate the state of compliance. We propose in this paper an initial approach to automate such assessment when components are inter-operating with each other by using a monitoring and standard compliance verification framework. This will assure the parties that services or devices within their organizations operate in a secure and standard compliant way, without compromising the underlying infrastructure.

2015, Coulson, Geoff, Mauthe, Andreas, Tauber, Markus

2017-12, Ivkić, Igor, Wolfauer, Stephan, Oberhofer, Thomas, Tauber, Markus

In a world, as complex and constantly changing as ours cloud computing is a driving force for shaping the IT landscape and changing the way we do business. Current trends show a world of people, things and services all digitally interconnected via the Internet of Things (IoT). This applies in particular to an industrial environment where smart devices and intelligent services pave the way for smart factories and smart businesses. This paper investigates in a use case driven study the potential of making use of smart devices to enable direct, automated and voice-controlled smart businesses. Furthermore, the paper presents an initial investigation on methodologies for measuring costs of cyber security controls for cloud services.