Author: Mariia Bakhtina
Supervisor: Raimundas Matulevičius
Abstract: Imagine a new smart parking solution that allows you to park your vehicle using a mobile app. Such an app will enable you to park in lots owned by any company in the country. In the same app, you can also report illegal parking of others’ vehicles and review your parking tickets and fines for wrong parking. For you as an end user, the app looks like a single system. Yet, it comprises multiple systems managed by parking lot owners, the app development company, and the local parking enforcement agency. As each of these companies already has its built systems, they only agree on the integration to allow you to use a smart parking solution. Even though each separately built system is expected to be secure and protect data, the integration into a new complex system makes each separate one prone to new security threats and data leakages. Traditional information security approaches struggle to support securing collaborative environments, such as those found in smart solutions, so more is needed to protect evolving intelligent solution systems. We propose a method for information security and privacy management in smart solutions to bridge this gap. This method should help organisations which want to provide their information systems as components for a new smart solution. This method should ensure that the newly established smart solution protects both users’ and the companies’ sensitive data. The proposed method should help companies in the three stages. First, it helps define how companies protect information in their system and how integration into a smart solution may contradict the used assumptions. Second, we show how companies can utilise existing open-source tools to check that their systems comply with local privacy laws in the case of integration. Third, we propose two identity management system designs which allow non-traditional trust assumptions to protect the exchanged data with partners.