Habtamu Abie, PhD

• Adaptive and Evolving Security (AES), Cyber Security
• AI for Security, Cognitive IoT Security (CogSec)
• Game theory, Evolving algorithms
• Security for distributed systems, distributed object computing (CORBA, EJB, DCOM/ActiveX)
• Digital Rights Management, Privacy, Trust, Policy and Risk Management
• Context-awareness, Mobile ad-hoc network, ubiquitous and ambient intelligent computing (self-containdness, self-protecting, self-learning, self-adapting, self-healing, expeditiousness, etc.)
• Architecture and methodology, formal methods and tools
• Data acquisition and control systems, hard real-time systems
• Mobile and personal computing.

Current Activities

• NESIOT - Norwegian Ecosystem for Secure IT-OT Integration
  Focus Area IT/OT Integration: The main objective of the secure IT-OT Integration Focus Area is research to address the security challenges arising from the integration of IT and OT systems. One of its supporting pillars is building a vibrant ecosystem of stakeholders around IT-OT integration to provide sustanbility, security and resilience. Therfore, NESIOT ecosystem brings together multiple stakeholders such as sensor/devices manufacturers, telecom operators, cloud and data analysis solution providers, industrial system operators etc., and to exploit enabling technologies and the secure application of those technologies. It aims at facilitating the different stakeholders to cooperate to ensure end-to-end security for integrating IT-OT in real-time to achieve secure digitalization.
  

• ENFIELD - European Lighthouse to Manifest Trustworthy and Green AI
  ENFIELD will create a unique European Centre of Excellence that excels the fundamental research in the scientific pillars of Adaptive, Green, Human-Centric, and Trustworthy AI that are new, strategic and of paramount importance to successful AI development, deployment, and acceptance in Europe and will further advance the research within verticals of healthcare, energy, manufacturing and space by attracting the best talents, technologies and resources from world-class research and industry players in Europe and by carrying out top-level research activities in synchronisation with industry challenges to reinforce a competitive EU position in AI and create significant socio-economic impact for the benefit of European citizens and businesses.
  ENFIELD will develop, maintain, scale-up and sustain a vibrant European network on AI composed of 30 consortium members from 18 countries, including top-level education and research organisations, large scale businesses, SMEs, and public sector representatives jointly addressing critical issues of research and innovation frontiers in this new topic of the European AI Lighthouse.
  ENFIELD will provide high impact outputs such as >75 unique AI solutions (algorithms, methods, simulations, services, data sets and prototypes), 180 scientific high-impact publications and 200 peer-reviewed presentations, four strategic documents, namely the Common Research Roadmap and Vision, the dynamic Safety and Security Risk Assessment Framework, the White Paper and the Gender and Ethics Framework. The exchange and innovation schemes planned in Open Calls, which will grant financial support to >76 individual researchers and 18 small-scale projects, education, and training activities such as summer schools and hackathons, and a set of well-designed outreach methods and activities will further contribute to the ENFIELD community engagement, enlargement, and continuity.

• CybAlliance - International Alliance for Strengthening Cybersecurity and Privacy in Healthcare
  The main purpose of the CybAlliance project is to establish a long-term partnership between Norwegian Computing Center (NR, Norway), Norwegian University of Science and Technology (NTNU, Norway), Oslo University Hospital (OUS, Norway), University of Colorado (UCCS, USA), Institut Mines Telecom/Telecom SudParis (IMT, France), and Goethe University Frankfurt (GUF, Germany). The primary objective of CybAlliance is to build a long-term strategic alliance in advancing research and education on cybersecurity and privacy in healthcare. The secondary objectives are:
  • organize workshops/webinars and open seminars so that national and international collaborators can meet and discuss the strengths and opportunities of the domain
  • arrange international mobility of students, researchers, and staffs from Norway (NR, NTNU and OUS) to UCCS (USA), GUF (Germany), and IMT (France).
  • facilitate joint supervision of masters and PhD students between national and international partners so that students can get international exposure.
  • organize summer schools for students between national and international partners which focus on cybersecurity and privacy-preserving solutions for health information system.
  • develop strategies for future research collaboration projects and joint research publications between national and international collaborators at NFR or EU or Global levels.
  
  
• FAME - Federated decentralized trusted dAta Marketplace for Embedded finance
  FAME is a joint effort of world-class experts in data management, data technologies, the data economy, and digital finance to develop, deploy and launch to the global market a unique, trustworthy, energy-efficient, and secure federated data marketplace for Embedded Finance (EmFi). The FAME marketplace will alleviate the proclaimed limitations of centralized cloud marketplaces towards demonstrating the full potential of the data economy. In this direction, the project will enhance a state of the art data marketplace infrastructure (i.e., H2020 i3-Market marketplace) with novel functionalities in three complementary directions namely:
  • Secure, interoperable, and regulatory compliant data exchange across multiple federated cloud-based data providers in-line with emerging European initiatives like GAIA-X.
  • Decentralized, programmable, data assets trading and pricing leveraging blockchain tokenization techniques (including support for accruing data assets value in NFTs).
  • Integration of trusted and Energy Efficient (EE) analytics based on novel technologies such as Quantitative Explainable AI, Situation Aware Explainability (SAX), incremental EE analytics, and edge analytics.
  FAME will become operational in a federated cloud environment with multiple providers of EmFi data assets, including datasets, AI/ML models, and more. It will become interconnected with more than 12 data marketplaces that are operated by the project partners, as well as with other data infrastructures that will support the implementation of 7 pilots. Through this process, the catalog of the FAME marketplace will be populated with a critical mass of 1000+ data assets.
  Furthermore, FAME will establish a Learning Center (LC) for tech and non-tech users, as this is a key prerequisite for unlocking the potential of the data economy. FAME will build a vibrant community of EmFi stakeholders around the FAME platform, which will serve as a catalyst for the sustainability of the project’s results.
  

• EU-CIP - European Knowledge Hub and Policy Testbed for Critical Infrastructure Protection
The main goal of EU-CIP is to establish a novel pan European knowledge network for Resilient Infrastructures, which will enable policy makers to shape and produce data-driven evidence-based policies, while boosting the innovation capacity of Critical Infrastructures (CI) operators, authorities, and innovators (including SMEs). In this direction, the partners have already established the European Cluster for Securing Critical infrastructures (ECSCI), which brings together 25 projects that collaborate in CI Resilience. EU-CIP will leverage the capacity, organization, community, and achievements of the ECSCI cluster towards establishing an EU-wide knowledge network with advanced analytical and innovation support capabilities.

• EU-CIP KOM Press Release
• The importance of a structured and automated information processing pipeline: the EU-CIP approach




• ECSCI - European Cluster for Securing Critical Infrastructures
  The ECSCI cluster is a cluster of projects for securing critical infrastructures. Its main objective is to create synergies and foster emerging disruptive solutions to security issues via cross-projects collaboration and innovation. Research activities will focus on how to protect critical infrastructures and services, highlighting the different approaches between the clustered projects and establishing tight and productive connections with closely related and complementary projects. To promote the activities of the cluster, ECSCI will organize international conferences, and national or international workshops, involving both policy makers, industry and academic, practitioners, and representatives from the European Commission.
  
  • ECSCI Official Website
  • The first ECSCI Workshop on Critical Infrastructure Protection and workshop presentations
  • The Second ECSCI Workshop on Critical Infrastructure Protection and workshop presentations
  • Consolidated Proceedings of the 2nd ECSCI Workshop on Critical Infrastructure Protection and Resilience
  • Consolidated Proceedings of the 1st ECSCI Workshop on Critical Infrastructure Protection
  • A Guide to Integrated Cyber-Physical Protection of Modern Critical Infrastructures
  • Securing Critical Infrastructures in Air Transport, Water, Gas, Healthcare, Finance and Industry
  • Computer Security. ESORICS 2021 International Workshops: CyberICPS, SECPRE, ADIoT, SPOSE, CPS4CIP, and CDT&SECOMANE
  • Cyber-Physical Security for Critical Infrastructures Protection
  • Computer Security: ESORICS 2019 International Workshops, IOSec, MSTEC, and FINSEC
  
  
• NORCICS - Norwegian Center for Cybersecurity in Critical Sectors (Norsk Senter for Cybersecurity i Kritiske Sektorer)
  NORCICS' vision is to contribute to making Norway the most securely digitalized country in the world, by improving the cyber security and resilience of its critical sectors, through supporting research-based innovation. The primary research objective of NORCICS is to develop innovative cyber-security solutions to address the needs of a highly dynamic ecosystem of socio-technical cyber-physical systems in critical sectors. NORCICS will contribute to the achievement of the strategic goals of the National Cybersecurity Strategy.
  NORCICS will follow a holistic, comprehensive and systemic approach addressing people, processes and technology to protect critical sectors throughout the cybersecurity core functions (identify, protect, detect, respond, recover). In NORCICS, research on cybersecurity technologies will result in methods and tools, re-usable across different infrastructures, which will cover a wide variety of concepts. These will be validated in a number of demonstrators of different critical sectors.
  
  
• H2020 FINSEC - Integrated Framework for Predictive and Collaborative Security of Financial Infrastructures
  The infrastructures of the financial sector are nowadays more critical, sophisticated and interconnected than ever before, which makes them increasingly vulnerable to security attacks. Despite increased security, most security measures remain fragmented and static i.e. inappropriate for confronting sophisticated and asymmetric attacks.
  FINSEC is a joint effort of prominent stakeholders in the financial sector and global leaders in physical & IT security, towards introducing a novel standards-based reference architecture (RA) for integrated (cyber & physical) security. The RA will enable timely preparation against attacks, while at the same time facilitating stakeholders’ collaboration for risk assessment/mitigation in the financial supply chain, as a means of confronting complex threats and their cascading effects.
  FINSEC will provide a mature implementation of the RA, based on the enhancement and integration of novel solutions of the partners (e.g., Anomaly Detection, AI CCTV Analytics, Risk Assessment Engines, Collaborative Risk Analysis & Management, Compliance), which will be bundled in a toolbox. The RA implementation and the toolbox will be validated through realistic pilots involving stakeholders in the identification, assessment and mitigation of threats. The five pilots involve high-impact scenarios including SWIFT network protection, buildings and ATM networks security, peer-to-peer payments network protection, risk assessment for insurance purposes and securing financial SMEs.
  The pilots will engage >=500 security & finance experts, while providing a representative coverage of the financial services industry (i.e. banking, capital management, insurance, card & P2P payments), which is a sound basis for FINSEC’s broader impact. Towards maximum impact, FINSEC will establish an ecosystem of security solutions for the financial sector, which will be supported by the partners’ dense network of sales, marketing, standardization and regulation channels worldwide.
  Role in the project
  
  • Leads two main activities: adaptive multi-layer data collection and auditing and certification
  • Contributes to modeling and specification, predictive analytics infrastructure and algorithms, security knowledge base, adaptive anomaly detection, risk assessment, and pilots operations & stakeholders evaluation.
  • Takes part in several activities as part of the scientific committee.
  Website: https://www.finsec-project.eu/
  Twitter: @finsec_project
  Linkedin: https://www.linkedin.com/company/finsec-project
  Grant: The FINSEC project is funded by the EU under the Horizon 2020 programme (contract number: 786727)


• IoTSec- Security in IoT for Smart Grids
  The main goal of IoTSec is a reliable and efficient, uninterrupted power network with dynamic configuration of system and security properties. It addresses the needs of businesses and end users of additional IoT services by exploring use cases for value-added services. The project will design the building blocks for future services that consider the necessary security and privacy preconditions of successfully deployed large-scale services, build a robust cluster of research on security in IoT for Smart Grids, and create an industrial Smart Grid Security Centre co-located with the NCE Smart.
  Role in the project
  Contributes to researching and developing adaptive security that will address the protection of "IoT-based smart grids" against evolutionary threats and attacks through the prediction and advanced behavioural analysis of big-data from IoT Smart Grids. The adaptive security methodology addresses threats by increasing awareness and automating prevention, detection, and recovery from the failures of security and privacy protections at runtime. A combination of evolutionary game theory and distributed behavioural analysis will be used to achieve this goal. Optimized machine learning will be used to improve the accuracy of prediction.
  Also see IoTSec in a Nutshell
  Funding: Research Council of Norway in the IKTPLUSS (IKT og digital innovasjon) program


• Ars Forensica - Computational Forensics for Large-scale Fraud Detection, Crime Investigation & Prevention
  The main objective of the CCIS (Center for Cyber and Information Security) Ars Forensica (Computational Forensics for Large-scale Fraud Detection, Crime Investigation & Prevention) project is "to gain new knowledge that signicantly increases the efficiency and effectiveness of large-scale fraud detection, crime investigation and prevention. Special attention is paid to compliance with privacy and legal frameworks. The project aims to bridge the gap between contemporary forensic-science methods and emerging challenges posed by the increasing volume, velocity & variety of data in ICT environments, and hence data intense and widely distributed evidence. The project works towards sustainable investigation methods that follow sound forensic principles, and respect legal & privacy regulations."
  Role in the project
  Contributes to the research and development of methods for situational awareness and resilience to obfuscation to deal with adversarial activities in changing environments with special focus on the Internet of Things (IoT) forensics.
  Funding: Research Council of Norway in the IKTPLUSS (IKT og digital innovasjon) program


• ASSET - Adaptive Security for Smart Internet of Things in eHealth
  Emerging Internet of Things (IoT) technologies provide many benefits to the improvement of eHealth. However their successful deployment depends on ensuring security and privacy, which need to adapt to their processing capabilities and resource use.
  The primary objective of the ASSET project is to research and develop risk-based adaptive security methods and mechanisms for IoT in eHealth using game theory and context-awareness that increase security to an appropriate level. The security methods and mechanisms will adapt to dynamic changing conditions of IoT, including usability, threats, and diversity/heterogeneity.
  The secondary objective is to increase understanding of, and thus ability to develop, interoperable techniques and algorithms which will predict and measure the risk of damages and future benefits and adapt their decisions upon those predictions.
  ASSET's case study will lead to the design of adaptive strategies for the dynamic interplay between security and data transmission in a mobile patient monitoring system. This will use information of link quality, data transmission rate, and processing capabilities of sensor nodes and smart phones. The security adaptation will take into account the latency, energy consumption and reliability as quality of service (QoS) metrics.
  Funding: Research Council of Norway in the VERDIKT (Core Competence and Value Creation in ICT) program

ASSET Publications


• uTRUSTit - Usable TRUST in the Internet of Things
  The Internet of Things (IoT) will connect a large number of communication and information systems. These systems will be part of everyday life in the same way mobile phones have become part of our lives. The information security properties of the IoT are often difficult to understand for its users, because they are hidden in pervasive systems and small devices manufactured by a large number of vendors. Trustworthiness, security functions and privacy implications are vast, and must be assessable to users and consumers.
  The main focus of the uTRUSTit project lies in its objective to integrate the user directly in the trust chain, guaranteeing transparency in the underlying security and reliability properties of the IoT. The results of uTRUSTit enable system manufacturers and system integrators to express the underlying security concepts to users in a comprehensible way, allowing them to make valid judgements on the trustworthiness of such systems. Further, uTRUSTit's design guidelines on trust help the industry to implement the trust-feedback toolkit developed by uTRUSTit in a secure, usable and accessible way.
  The uTRUSTit project will develop a cognitive model of user trust perception, its requirements, and its complete evaluation in simulation and end user trials.


• PETWeb II -- Privacy-respecting Identity Management for e-Norge
  The project addresses societal challenges concerning the future of electronic identifiers and electronic identities. The Project objectives are:
  1. Building of an interdisciplinary framework for privacy-respecting identity management primarily targeted to web services;
  2. Design of a reference model for privacy-respecting identity management;
  3. Provide and validate methods and tools for the evaluation of requirements and approaches to privacy-respecting identity management
  Funding: Research Council of Norway in the VERDIKT (Core Competence and Value Creation in ICT) program


• GEMOM - Genetic Message Oriented Secure Middleware
  The GEMOM project is funded by the European Commission's Seventh Framework Programme (FP7). Its focus is the significant and measurable increase in the end-to-end intelligence, security and resilience of complex, distributed information systems. The primary objective of GEMOM is to be able to rectify vulnerability to faults through researching, developing and deployment of a prototype of a messaging platform that is evolutionary, self-organising, self-healing, scalable and secure.
  
  GEMOM Project Factsheet and Publications
  GEMOM Case Studies:
  • Collaborative business portal: This portal is intended as a generic platform to facilitate collaborative working between professionals in a local government setting with the range of professionals, e.g., the emergency services co-ordination business portal.
  • Dynamic linked exchange: This exchange is intended to match the procurement needs to available suppliers and specialising in local government / SME actors.
  • Financial market data delivery: This service is to deliver trading signals for a range of financial markets to private and institutional investors.
  • Dynamic road management system: This system is a complex operational system for distributing road network traffic and mobility information to a wide range of potential consumers.
  • Banking Scenario: Money Transfers: This system is a Universal Banking HUB in a central architectural position as a pervasive pivoting component of the bank's IT architecture that should be able to exchange, both internally and externally, several types of messages, each representing a specific kind of business fact.


• MARIAGE - Making Rich Media Accessible for Generations
  "A habit of basing convictions upon evidence, and of giving to them only the degree of certainty which the evidence warrants, would, if it became general, cure most of the ills from which the world suffers."- Bertrand Russell
  Factsheet
• LongRec - Records Management over Decades
  To establish and maintain confidence in the preservation of trust and security in records over time, and to use evidential value of a record as an index for the degree of trust and confidence.
  LongRec Project Factsheet and publications
• SAMPOS - Strategies for Seamless Deployment of Mobile Patient Monitoring Systems
  Factsheet
• CORAS++ - A possible CORAS Adaptive Risk Management - follow-up project!

Previous Projects

• Visiting scientist at Faculty of Computer and Information Science, University of Ljubljana and Jozef Stefan Institute, Slovenia, one week stay 01/12-07/12-2007
• PETweb - Privacy Enhancing Technologies for Web-based Services, using the case study, the European E-Government Award 2007 Winning Norway.no - MyPage Services
  To enable communicating organisations to include privacy enhancing technologies (PETs) in large-scale web-based services for the general public and customers.
• PerProt - Personalised Internet-Based Services and Privacy Protection
• DESDIFOR - Defining Standards in Digital Forensics
• CHARM - Challenges in a Holistic, Multidisciplinary and Adaptive Approach to Risk Management
• Smart University - Updating & Sharpening Skills In Smart Card & ID Technologies
• CORAS - A proof-of-concept for one component in a computerized and (semi-)formalized framework for Security Practice in the years ahead!
• HARP - Harmonization of Security in Health Telematics (e-Health)!
• CASENET - Security for e-Commerce and e-Government Transactions!
• DigiRight - Network of Excellence Proposal in DRM under FP6-IST!

Program Committee Memberships & Reviewing

Participations

Publications

Publications
Google Scholar Citations

Norwegian Computing Center
            P.O.Box 114 Blindern, N-0314 Oslo, Norway
            Tel.: +47 22 85 25 95/00    Fax : +47 22 69 76 60
            E-mail: Habtamu.Abie@nr.no