Table of Contents

EMFASE Internal Activities

This wiki page describes the main decision points of the EMFASE project.


EMFASE conference call 11 July 2014

Emfase conf call – 07/11/2014 Participants: UNITN: FP, MDG, FM SINTEF: BS, KS DBL: MR

Points to be discussed:

  1. Discussion for comprehension questionnaire
  2. Proposal of DBL
  3. Contribution to D2.1

Comprehension questionnaire

Main hypothesis:

Sub-hypothesis:

Discussion about the definition of graphical model

Direct observation

Actions list

Some interesting article for the experiments Zip files


24-25 June 2014

Participants

Final Agenda

Everybody should submit their slides in the SVN.

Day 1:

Day 2:

Next Deliverable

Timeline

Next Controlled Experiments

Hypothesis to be tested is Comprehensibility Tentative experiments

Case study

Schedule

Next Observational Studies

Proposal is to perform the observation of the SESAR assessment

Decisions

FM contacted RK who said that he will talk to IANS tutorial manager to see whether he will agree.

Next Qualitative Studies

Oct 2014 – Jan 2015 - Interviews with Security Experts (Raminder Ruprai - NGRID, Ivonne Herrera – SINTEF, Birgit Goelz – DFS, Lorenzo Falciani – PwC, Gianluca Gargiulo - NAIS Solutions, etc.)


14/March/2014

Participants

Deliverables

D1.1 (State of the Art). No major issue internally.

RK's Comment: there is a presentation problem: we discuss the existence of the standards but don't discuss whether they complete or not and wat is missing and why tey are different, section 3 describe the criteria, and 4 are well done but the end of chapter 4 explain about verification and we instantiate immediately instantiated to an empirical verification of a subset, why the oter ave not been selected. The revision should address the one to assess of what is missing in the state of the art, how the criteria linked back to SOA or how they help us selecting the case studies).

D2.1 (Case study) The case study deliverable is essentially rephrased from SESAR deliverables. Question of access has been raised with RK (see later).

RK's comment: First 3 chapters ok, with section 4 have some yellow markers, conclusions are empty. migt be a problem of right version of the document.

Decisions

D1.1 RK to send comment so far. BS to address them and We send it back by Friday 28 March.

D2.1. EC to send back the right version immediately and wait for feedback

Access to SESAR Documents

RK comment: a SJU Memo is in preparation for granting access to SESAR documents (at least without IPR claims as foreground). We will foll tat procedure when it is ready.

In the cases where official access is not possible we will use a disclaimer about expert opinion and use an agreed procedure to collect confidential material.UNITN has already used it for the SECRAM list of pre- and post- controls at the WINTER experiment.

Decision

Disclaimer to be used in case study descriptions:

The case study description is based from interviews of experts familiar the Remote Virtual Tower development at SESAR. Its content should not be taken in any way as officially endorsed by SESAR SJU or SESAR's participants

The procedure for handling confidential material for the experiments is the following:

  1. Ask for a confidentiality agreement to be signed by the subjects
  2. watermark their copy of the document that is only given in physical form
  3. collect back the copy at the end of the experiment
  4. archive the signed document and its personal copy

Past Experiments

In part (*) means confidential document is distributed according to the process above.

  1. Experiments during UNITN Course:
    • Participants: students around 60 sort of controlled participants
    • Method: Coras vs Eurocontrol SECRAM (*)
    • Case Study: SmartGrid
    • Final result: excel file with threats and controls, presentations, report
    • Feedback: questionnaire, interview
  2. Experiments during EIT Winter School:
    • Participants: students around 20 sort of controlled participants
    • Method: SESAR SecRAM (*) + [ BSI Catalog vs SECRAM Catalog (*) ]
    • Case Study: Remotely Operated Tower (*)
    • Final result: excel file with requirements, hand-drawn poster for result presentation, report
    • Feedback: questionnaire

Decisions

RK reported a good feedback from Martin Hawley.

Only three groups produced a report in te SESAR format. The other have not done it. We will only evaluate the excel file.

FP to save the excel file produced by the students in the repository and then share the google doc wit Hans De Han, Martin Hawley, AT and BS. Evaluation to be done by them. Internal deadline for feedback to be aligned wit Hans availability.

Next Experiments

The next experiment is Rome

  1. Poste Italiane Experiment (13-14 in Rome in Tor Vergata University):
    • Participants: large scale students+practitioners around 100 too large to distribute confidential documents
    • Method: SESAR SecRAM (*) + CORAS
    • Process: step-wise (training+execution)
    • Case Study: Credit card security at Poste
    • Final result: excel file with threats and controls for SECRAM, powerpoint with details for threats and controls for CORAS plus final table summary with threats and controls
    • Feedback: questionnaire
    • Eurocontrol input: ex-ante validation of the training material
  2. DBL Experiment (15-16 May in Rome location to be determined)
    • Participants: DBL people (12) + other “constellation” of companies in the ATM area
    • Method: SESAR SecRAM (*) + [ BSI Catalog vs SECRAM Catalog (*) ]
    • Process: step-wise (training+execution)
    • Case Study: Remotely Operated Tower
    • Final result: excel file with threats and controls,
    • Feedback: questionnaire + feedback gathering (interviews or post-it notes) (?)
    • Eurocontrol input: Rainer Koeller as official Trainers about SESAR SecRAM

Decisions

MDG will prepare a draft description of these experiments (who, what, when) to be circulated and posted on the SVN (one directory per experiment).

BS to prepare a draft of the CORAS Material to follow te step by step process. FP to prepare draft of the SeCRAM material from Martin Hawley's material from Winter Experiment

EC to set a conference call one for organizing the May experiment

Next Activities

Presentation at SESAR Jamborre (20-22 May) of results to EMFASE activities. RK suggests a slot on Monday.

  1. little show of the students who participated in the winter experiment,
  2. presentation of success criterias of previous Jamboree's interview
  3. presentation of preliminary results of winter experiment

RK suggest to prepare a White paper to be distributed in advance.

Decisions

Deadline end of April.