Master FP7 Project

“Management of Assurance & Security Metrics in Service Orchestration”

Included in WISTP 2009, Workshop in Information Security Theory and Practices, September 1-4, 2009, Brussels (


The business of the future will be characterized by highly dynamic service-oriented architectures where outsourcing and distributed management constitute the norm, thereby increasing complexity of security and trust requirements from regulations and business standards. Best-effort security will no longer be accepted and business entities will have to provide certified assurance services to customers and expect assured services from contractors in order to manage the associated business and technology risk.

MASTER aims at providing methodologies and infrastructures that facilitate the monitoring, enforcement, and audit of quantifiable indicators on the security of a business process, and that provide manageable assurance of the security levels, trust levels and regulatory compliance of highly dynamic service- oriented architecture in centralized, distributed (multidomain), and outsourcing contexts.

To this extents MASTER will identify new innovation components in terms of key assurance indicators, key security indicators, protection and regulatory models and security model transformations coupled with the methodological and verification tools for the analysis and assessment of business processes. It will further define an overall infrastructure for the monitoring, enforcement, reaction, diagnosis and assessment of these indicators centralized, distributed (multidomain), and outsourcing contexts. It will show a proof-of-concept implementation in the challenging realms of Banking/Insurance and in the e-Health IT systems.

In the context of WISTP 2009, MASTER wants to initiate discussion on two main topics:

  1. Information assurance and trust management

  2. Security measurements

For more information about MASTER, please visit

About this Session

The session will be structured around the two main topics, with an introduction of the work of MASTER in the field, and invited talks, to motivate discussion from the audience, with the goal of validating and enriching the work of MASTER in these topics. There will be two sessions in series:

Information Assurance and Trust Management

  • Proposals from MASTER on models, technology, and tools to define policies, goals and performance indicators from a security, trust, and assurance perspective

  • Discussion of MASTER’s proposals with other initiatives and the wider audience

Security measurements

  • Proposal on security and assurance metrics from MASTER: Trustworthiness of control processes and effectiveness of control processes.

  • Validation of the proposal from MASTER and exchange with other initiatives.


September 3, 2009


Introduction of MASTER: Objectives & First Results


Information Assurance and Trust Management

  • MASTER approach to Assurance (David Sinclair, Dublin City University)

  • Invited talk: Bernhard M. Hämmerli, CEO Acris GmbH

  • Discussion


Security Measurements

  • MASTER proposed indicators: KSI & KAI (Bruno Crispo, University of Trento)

  • Invited talk: Rafael Vidal, CEO, Setival

  • Invited talk: Reijo Savola, VTT

  • Discussion




End of session