Cybersecurity Requirements for Supporting Enterprise Interoperability of Multi-sided Platforms
We report on work in capturing cybersecurity requirements for cloud-based and IoT-enabled multi-sided platforms (MSPs). Our approach is designed to capture security aspects related to business rules and constraints of MSPs, thus shaping the platform’s behaviour and the participants’ interaction and leading towards safer enterprise interoperability. We design the MSPs Privacy Requirements Framework and the MSPs Security Architecture, in order to cater for specific use case-centric and platform-centric cybersecurity requirements. To ensure compliance with the upcoming GDPR, we discuss the mapping between elicited cybersecurity requirements and GDPR rules. The new GDPR is expected to have significant implications on businesses in the EU, and our approach is designed to achieve full compliance with it.
KeywordsCybersecurity Platforms Multi-sided platforms Enterprise interoperability Privacy GDPR
- 1.Hagiu, A., & Wright, J. (2011). Multi-sided platforms. Working Paper 12-024. Boston, MA: Harvard Business School.Google Scholar
- 2.Hagiu, A., & Wright, J. (2008). Multi-sided platforms: From microfoundations to design and expansion strategies. Working Paper 09-115. Boston, MA: Harvard Business School.Google Scholar
- 3.Evans, D. S. (2009). How catalysts ignite: The economics of platform-based start-ups. In A. Gawer (Ed.), A platform, markets and innovation (pp. 99–130). Cheltenham and Northampton, US: Edward Elgar.Google Scholar
- 4.Tiwana, A. (2014). Platform ecosystems, aligning architecture, governance, and strategy. Amsterdam: Morgan Kaufmann.Google Scholar
- 5.Staykova, K., & Damsgaard, J. (2016). Adoption of mobile payment platforms: Managing reach and range. Jounal of Theoretical and Applied Electronic Commerce Research. ISSN 0718-1876.Google Scholar
- 6.ISO/IEC 27000:2009 (E). (2009). Information technology—Security techniques—Information security management systems—Overview and vocabulary. ISO/IEC.Google Scholar
- 7.OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (1980). Online: http://bit.ly/2xfYFv3. Last Access September 2017.
- 8.World Privacy Forum. (2008). A brief introduction to fair information practices. Online: http://bit.ly/2xmslsb. Last Access September 2017.
- 9.Gürses, S., Tronsoco, C., & Diaz, C. (2011). Engineering privacy by design. COSIC 2011. Online: https://www.esat.kuleuven.be/cosic/publications/article-2589.pdf.
- 10.Warren, T. (2017). Microsoft finally reveals what data Windows 10 really collects. Online available from: http://bit.ly/2EJRrC2. Last Access October 2017.
- 11.Boomi, D. (2017). How Windows 10 data collection trades privacy for security. Online: http://bit.ly/2gQyhAK. Last Access October 2017.
- 12.Microsoft whitepaper. (2017). Beginning your General Data Protection Regulations (GDPR) Journey for Windows 10. (2017). Online available: http://bit.ly/2iRu1p2.
- 13.Amini, M. (1993). Formal methods for information security. Online: http://bit.ly/2mxvb6Y.
- 14.Martin, A., Lyle, J., & Namilkuo, C. (2012). Provenance as a security control. In Proceedings of the 4th USENIX conference on theory and practice of provenance, USA.Google Scholar
- 15.Sultana, S., Bertino, E., & Shehab, M. (2011). A provenance based mechanism to identify malicious packet dropping adversaries in sensor networks. ICDCSW, 2011, 332–338.Google Scholar
- 16.Overview of the GDPR. (2017). Online: http://bit.ly/29lxF0U.
- 17.Innerbichler, J., Gonul, S., Damjanovic-Behrendt, V., Mandler, B., & Strohmeier, F. (2017). NIMBLE collaboration platform: Microservice architectural approach to federated IoT. In Proceedings of the 1st Global IoT Summit 2017 (GIoTS’17), Switzerland.Google Scholar
- 18.NIMBLE D6.1. (2017). Security and privacy requirements. Project Deliverable. (To appear: https://www.nimble-project.org/deliverables/).
- 19.Shostack, A. (2014). Threat modelling. Designing for security. USA: Wiley.Google Scholar