Author Archive

Can Parquet file encryption make you a safer driver?

“The last ten years have seen a dramatic rise in the wireless transmission and use of automotive sensor data — commonly known as “telematics”. UPS, an early pioneer in telematics for delivery fleet management, collects over 1.25 billion telematics records per week, and through analysis of this data, is able to save nearly one million gallons of gasoline a year, as well as improve delivery times. (History and Evolution of Telematics, 2015).

With the expectation of more and more new cars to be produced with integrated global telematics over the next years, new business models are emerging to take advantage of this growing technology. Insurance companies, for example, now have several forms of telematic insurances, such as Pay-As-You-Drive (PAYD) and Pay-How-You-Drive (PHYD) and utilize collected vehicle-monitoring parameters for their insured drivers. The telematics transmitting devices typically monitor GPS location, speed, acceleration and time of day, amongst other parameters. Insurance premiums can then be set based on a specific driver’s driving habits…

…Building on IBM-lead work on adding encryption to Apache Parquet files ( and our work on the European Union sponsored Horizon 2020 project, RestAssured (, we have implemented a prototype of how an end-to-end, Cloud-based PHYD system leveraging the power of Apache Spark analytics while protecting the privacy rights of the data subjects, can be securely implemented.

The basic use-case scenario and implemented architecture can be seen in Figure 1.”

Figure 1: Architecture of the Telematics Insurance Use case

The full article by Eliot Salant and Gidon Gershinsky  of IBM continues here.

Workshops on Software Engineering for the Cloud and Big Data

The University of Duisburg-Essen is co-organizing two workshops at top-tier European software engineering conferences.

The 2nd International Workshop on Ensemble-based Software Engineering for Modern Computing Platforms (EnSEmble 2019) will take place in Tallinn (Estonia) on 26th August 2019, as part of the 27th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2019). The EnSEmble workshop will focus on specific solution approaches to software engineering for modern computing platforms, like cloud computing, containers, and edge and fog computing. Papers can be submitted by 30th May 2019. ESEC/FSE is one of the top software engineering conferences worldwide, ranked A* in the current CORE Ranking.

The 2nd International Workshop on Software Architecture Challenges in Big Data (SACBD 2019) will take place in Paris (France) on 9-10th September 2019, as part of the 13th European Conference on Software Architecture (ECSA 2019). The SACBD workshop will focus on the specific software architecture challenges of big data systems, including security and privacy issues. Papers can be submitted by 7th June 2019. ECSA is one of the top software architecture conferences worldwide, ranked A in the current CORE Ranking.

Context Analysis of Cloud Computing Systems Using a Pattern-Based Approach

paluno _ The Ruhr Institute for Software Technology of the University of Duisburg-Essen published the paper entitled “Context Analysis of Cloud Computing Systems Using a Pattern-Based Approach” in Future Internet.

Future Internet is a scholarly peer-reviewed open access journal on Internet technologies and the information society for presenting science and research concerned with evolution of Internet technologies and related smart systems (

The paper, co-authored by Ludger Goeke, Nazila Gol Mohammadi and Prof. Maritta Heisel from paluno presents the approach of  RestAssured for the context definition prior to risk assessment.

The paper is available here (

Further RestAssured publications can be found here

Talk at the European Big Data Value Forum

This year, the European Big Data Value Forum (, was held between 12th and 14th November 2018 in Vienna as part of the Austrian Presidency of the Council of the European Union. During the Forum, a special workshop was dedicated to data protection, entitled “From Data Protection and Privacy to Fairness and Trust: The Way Forward” (


RestAssured was represented in the workshop by Dr. Zoltan Mann (paluno – The Ruhr Institute for Software Technology, University of Duisburg-Essen), who gave an invited talk about current challenges and innovative techniques for data protection.

Cloud Supply Chain Cyber Risk Assessment

This post describes the Cloud Supply Chain Cyber Risk Assessment (CSCCRA) research project from the Cyber Security CDT, Oxford University. Comparisons are also made with the risk assessment processes in RestAssured. 


The researcher is Olusola Akinrolabu, a doctoral student of the Cyber Security CDT in the computer science Department of Oxford University, supervised by Professor Andrew Martin and Dr Steve New.



RestAssured project member OCC participated in the case study as a provider of SaaS (Software as a service), specifically software which relies on multiple suppliers of cloud services. The primary purpose of this study is to validate the applicability of the model to address the gaps in cloud risk assessment and is best described by the study researcher (O. Akinrolabu):


“Security risks associated with the cloud’s multi-tenancy, automation, vendor lock-in, and system complexity continues to be on the rise. Assessing and managing these risks can be a challenge due to the increased numbers of parties, devices and applications involved in cloud service delivery.


In a recent study conducted with cloud experts, we discovered how current risk assessment methods were unable to cope with the dynamic nature of the cloud, a gap linked to their failure to consider the inherent risk of the supply chain. This challenge is further exacerbated by the lack of cloud provider transparency and limited visibility of security controls.”



The exercise aims to “provide SaaS (Software as a service) providers with an opportunity to step back cognitively from their usual approach to risk assessment and fundamentally question and rethink their established interpretations of cloud risks.”


It is easy for SaaS providers to focus their security efforts on the cloud services that they directly control and to not take in to proper consideration the risks associated with the wider supply chain, specifically, the third parties that provide services that integrate with or support their cloud software. Some examples of such services include: databases, DNS, hosting, e-mail, payment and monitoring etc.


For each provider of services in the supply chain the model will produce an associated risk value in monetary terms. This gives the SaaS provider a tangible value to use in decision making, for example to accept or take steps to reduce the risk.


Due to the high degree of uncertainty involved in making risk estimations, the model makes use of the Monte-Carlo simulation technique.


How the CSCCRA Model works


The CSCCRA model is made up of the following steps:


  1. Decompose the cloud application into its component services and map out the supply chain
  2. Assess the security of the supplier of each service component using a multi-criteria decision support system
  3. Identify the weak link(s) within the chain and draw a comprehensive list of cloud security risks
  4. Stakeholders make reasonable estimates of risk values
  5. Input risk values to CSCCRA quantitative simulation tool, to arrive at the risk value in monetary terms.


The predefined criteria used to assess the security of the service suppliers  (step two above), which were the result of a Delphi study tasked with identifying security factors for cloud suppliers, consists of three categories, which were further decomposed as follows:


Data and Infrastructure Controls:


  • Data & System Hosting
  • Data Security Controls
  • Availability of Service

Operational Maturity and Compliance:


  • Maturity of Security Assessment process
  • Maturity of Operational Security
  • Security Governance & Compliance

Access Control and Application Management:


  • Identity & Access Management (IAM)
  • Encryption & Key Management
  • Application Security

It became clear from this stage of the exercise which suppliers were weaker or did not make available enough information about their security processes. Following this step, a list of cloud security risks were identified. These could be grouped in to three main categories: service disruption, breach of personal data and loss of infrastructure.


For each risk, the vulnerability details, threat agent, security effect and any existing security controls were detailed.  Stakeholders then made estimates for the probability of risk occurrence with and without any existing controls, the impact cost if the risk were to occur and the estimated number of occurrences per year. The estimates were based on lower, most likely and upper bound parameters.


A pragmatic approach was taken in estimating impact costs as there is not enough guidance or information available, particularly surrounding GDPR penalties or damage to reputation, to provide accurate numbers.



The final step of the exercise involves feeding the estimates in to the quantitative simulation tool, which will then generate a risk value in monetary terms. This step has not yet been performed, but once complete, the risk values produced can be used by the business to prioritise and decide what effort should be made to reduce or mitigate the risks identified.


Furthermore, the researchers will publish a paper detailing their findings.


Comparison with Risk Modelling and Assessment in RestAssured

Both CSCCRA and RestAssured make use of system maps or graphs to model the relationship of the components in the supply chain, and both approaches generate a list of risks/threats/vulnerabilities.


The methods differ in the way that the risks are identified, for example in the case of RestAssured and the System Security Modeller (see D7.1), the threats are calculated automatically based on the types of components selected, which are derived from a database of known threats, and also the trustworthiness assigned to components in the system model. Whereas CSCCRA relies on stakeholder knowledge for risk identification.


CSCCRA attempts to assess the security procedures of third parties, which as discussed, can be difficult if such information is not publicly accessible, however this does allow stakeholders to create a broader view of the supply chain map at a more abstract level. RestAssured takes a more granular approach to mapping out the components and services, also known as assets, of a cloud hosted application and thus makes fewer assumptions on security and trustworthiness of third party service providers.


Finally, the goals of each method differ: in the case of CSCCRA the result is a risk value in monetary terms, to be used in decision making; compared to RestAssured risk assessment which provides a list of threats against each asset in the system and for each threat any known control measures that would mitigate or reduce the impact, the analyst is then able to decide if the risks are acceptable or select from available control strategies until the risk level of the system model is acceptable.


The original project poster for CSCCRA can be found here.