Author Archive

Talk at the European Big Data Value Forum

This year, the European Big Data Value Forum (, was held between 12th and 14th November 2018 in Vienna as part of the Austrian Presidency of the Council of the European Union. During the Forum, a special workshop was dedicated to data protection, entitled “From Data Protection and Privacy to Fairness and Trust: The Way Forward” (


RestAssured was represented in the workshop by Dr. Zoltan Mann (paluno – The Ruhr Institute for Software Technology, University of Duisburg-Essen), who gave an invited talk about current challenges and innovative techniques for data protection.

Cloud Supply Chain Cyber Risk Assessment

This post describes the Cloud Supply Chain Cyber Risk Assessment (CSCCRA) research project from the Cyber Security CDT, Oxford University. Comparisons are also made with the risk assessment processes in RestAssured. 


The researcher is Olusola Akinrolabu, a doctoral student of the Cyber Security CDT in the computer science Department of Oxford University, supervised by Professor Andrew Martin and Dr Steve New.



RestAssured project member OCC participated in the case study as a provider of SaaS (Software as a service), specifically software which relies on multiple suppliers of cloud services. The primary purpose of this study is to validate the applicability of the model to address the gaps in cloud risk assessment and is best described by the study researcher (O. Akinrolabu):


“Security risks associated with the cloud’s multi-tenancy, automation, vendor lock-in, and system complexity continues to be on the rise. Assessing and managing these risks can be a challenge due to the increased numbers of parties, devices and applications involved in cloud service delivery.


In a recent study conducted with cloud experts, we discovered how current risk assessment methods were unable to cope with the dynamic nature of the cloud, a gap linked to their failure to consider the inherent risk of the supply chain. This challenge is further exacerbated by the lack of cloud provider transparency and limited visibility of security controls.”



The exercise aims to “provide SaaS (Software as a service) providers with an opportunity to step back cognitively from their usual approach to risk assessment and fundamentally question and rethink their established interpretations of cloud risks.”


It is easy for SaaS providers to focus their security efforts on the cloud services that they directly control and to not take in to proper consideration the risks associated with the wider supply chain, specifically, the third parties that provide services that integrate with or support their cloud software. Some examples of such services include: databases, DNS, hosting, e-mail, payment and monitoring etc.


For each provider of services in the supply chain the model will produce an associated risk value in monetary terms. This gives the SaaS provider a tangible value to use in decision making, for example to accept or take steps to reduce the risk.


Due to the high degree of uncertainty involved in making risk estimations, the model makes use of the Monte-Carlo simulation technique.


How the CSCCRA Model works


The CSCCRA model is made up of the following steps:


  1. Decompose the cloud application into its component services and map out the supply chain
  2. Assess the security of the supplier of each service component using a multi-criteria decision support system
  3. Identify the weak link(s) within the chain and draw a comprehensive list of cloud security risks
  4. Stakeholders make reasonable estimates of risk values
  5. Input risk values to CSCCRA quantitative simulation tool, to arrive at the risk value in monetary terms.


The predefined criteria used to assess the security of the service suppliers  (step two above), which were the result of a Delphi study tasked with identifying security factors for cloud suppliers, consists of three categories, which were further decomposed as follows:


Data and Infrastructure Controls:


  • Data & System Hosting
  • Data Security Controls
  • Availability of Service

Operational Maturity and Compliance:


  • Maturity of Security Assessment process
  • Maturity of Operational Security
  • Security Governance & Compliance

Access Control and Application Management:


  • Identity & Access Management (IAM)
  • Encryption & Key Management
  • Application Security

It became clear from this stage of the exercise which suppliers were weaker or did not make available enough information about their security processes. Following this step, a list of cloud security risks were identified. These could be grouped in to three main categories: service disruption, breach of personal data and loss of infrastructure.


For each risk, the vulnerability details, threat agent, security effect and any existing security controls were detailed.  Stakeholders then made estimates for the probability of risk occurrence with and without any existing controls, the impact cost if the risk were to occur and the estimated number of occurrences per year. The estimates were based on lower, most likely and upper bound parameters.


A pragmatic approach was taken in estimating impact costs as there is not enough guidance or information available, particularly surrounding GDPR penalties or damage to reputation, to provide accurate numbers.



The final step of the exercise involves feeding the estimates in to the quantitative simulation tool, which will then generate a risk value in monetary terms. This step has not yet been performed, but once complete, the risk values produced can be used by the business to prioritise and decide what effort should be made to reduce or mitigate the risks identified.


Furthermore, the researchers will publish a paper detailing their findings.


Comparison with Risk Modelling and Assessment in RestAssured

Both CSCCRA and RestAssured make use of system maps or graphs to model the relationship of the components in the supply chain, and both approaches generate a list of risks/threats/vulnerabilities.


The methods differ in the way that the risks are identified, for example in the case of RestAssured and the System Security Modeller (see D7.1), the threats are calculated automatically based on the types of components selected, which are derived from a database of known threats, and also the trustworthiness assigned to components in the system model. Whereas CSCCRA relies on stakeholder knowledge for risk identification.


CSCCRA attempts to assess the security procedures of third parties, which as discussed, can be difficult if such information is not publicly accessible, however this does allow stakeholders to create a broader view of the supply chain map at a more abstract level. RestAssured takes a more granular approach to mapping out the components and services, also known as assets, of a cloud hosted application and thus makes fewer assumptions on security and trustworthiness of third party service providers.


Finally, the goals of each method differ: in the case of CSCCRA the result is a risk value in monetary terms, to be used in decision making; compared to RestAssured risk assessment which provides a list of threats against each asset in the system and for each threat any known control measures that would mitigate or reduce the impact, the analyst is then able to decide if the risks are acceptable or select from available control strategies until the risk level of the system model is acceptable.


The original project poster for CSCCRA can be found here.

Paper Presented at Euromicro Conference, SEAA

During the Euromicro Conference on Software Engineering and Advanced Applications (SEAA), taking place from 29th  to 31st  of August in Prague (Czech Republic), Dr. Andreas Metzger from “paluno _ The Ruhr Institute for Software Technology of the University of Duisburg-Essen” presented the paper entitled “Towards an End-to-End Architecture for Run-time Data Protection in the Cloud”.


SEAA is an international forum for researchers and practitioners from industry and academia for presenting and discussing their latest innovations and experiences in the field of Software Engineering and Advanced Applications in information technology for software-intensive systems (


The paper, co-authored by Nazila Gol Mohammadi, Dr. Zoltan A. Mann, Prof. Maritta Heisel from paluno and James Greig from Oxford Computer Consultants, presents the RestAssured architecture for an end-to-end data protection in the cloud.


The presentation is shown below, and the slide annotations are available here


Where Health Data Ends and Personal Data Begins

“Last week, ProPublica published an interesting article (link) about how health insurers are using personal data to supplant a patient’s medical data in order to carry out a risk assessment of the individual and use this as a basis for determining, amongst other things, a risk score concerning the individual — ultimately deriving risk-adjusted pricing for the individual’s health insurance based on factors other than the individual’s actual health.


While legislation concerning health data is strong in many countries, including the US (the target of the article), it is interesting to note that as personal data falls outside the classification of health data, this kind of use of personal data by an industry already under regulation provides a convenient, if unintentional, side-step mechanism by which the safeguards provided health data can be bypassed by leveraging (relatively) less-restricted personal data in ways not anticipated by the individual….”


The full article by Adaptant continues here

RestAssured Secure Data Processing Demonstration

RestAssured has recently demonstrated an implementation of its research in secure data processing in the cloud, highlighting all major aspects of the project in a demonstrative deployment of a real-world, social care service.


The following three and a half minute video explains RestAssured in action, and shows how its technologies can be used to analyse the risk of a proposed deployment, protect sensitive data-in-use, and monitor and adapt a running system when a change occurs to the initial deployment conditions that can threaten the secure operation of the cloud-based service.


The video can also be downloaded here