Towards a Secure and Reliable IT-Ecosystem in Seaports
This addresses security challenges for stakeholders in seaport IT ecosystems, but it appears incremental as it builds on existing decomposition and mechanism approaches without introducing a new paradigm.
The paper tackles the problem of securing complex digital workflows in seaports by analyzing global security requirements like accountability and confidentiality, decomposing them into obligations for individual actors, and presenting mechanisms to satisfy these requirements to ensure overall workflow security.
Digitalization in seaports dovetails the IT infrastructure of various actors (e.g., shipping companies, terminals, customs, port authorities) to process complex workflows for shipping containers. The security of these workflows relies not only on the security of each individual actor but actors must also provide additional guarantees to other actors like, for instance, respecting obligations related to received data or checking the integrity of workflows observed so far. This paper analyses global security requirements (e.g., accountability, confidentiality) of the workflows and decomposes them - according to the way workflow data is stored and distributed - into requirements and obligations for the individual actors. Security mechanisms are presented to satisfy the resulting requirements, which together with the guarantees of all individual actors will guarantee the security of the overall workflow.