Abstract
HAL 9000 is an Intrusion Tolerant Systems (ITSs) Risk Manager, which assesses configuration risks against potential intrusions. It utilizes gathered threat knowledge and remains operational, even in the absence of updated information. Based on its advice, the ITSs can dynamically and proactively adapt to recent threats to minimize and mitigate future intrusions from malicious adversaries. Our goal is to reduce the risk linked to the exploitation of recently uncovered vulnerabilities that have not been classified and/or do not have a script to reproduce the exploit, considering the potential that they may have already been exploited as zero-day exploits. Our experiments demonstrate that the proposed solution can effectively learn and replicate National Vulnerability Database's evaluation process with 99% accuracy.

Abstract
Traditional identity management (IdM) systems rely on third-party identity providers (IdPs) and are centralised, which can make them vulnerable to data breaches and other security risks. Self-sovereign identity (SSI) is a newer IdM model that allows users to control their own identities by using decentralised technologies like blockchain to store and verify them. However, SSI systems have their own security concerns, such as digital wallet vulnerabilities, blockchain threats and conflicts with general data protection regulation (GDPR). Additionally, the lack of incentives for issuers, verifiers and data owners could limit its acceptance. This paper proposes SPIDVerify, which is a decentralised identity verification framework that utilises an SSI-based architecture to address these issues. The framework uses a mixed method for acquiring a W3C standard verified credentials and to ensure that only a thoroughly verified entity acquires verified credential, and employs secure key cryptographic protocols; Diffie-Hellman (DH) and Extended Triple Diffie-Hellman (X3DH) for forward secrecy secure communication, single-use challenge-response for authentication, and Swarm network for decentralised storage of data. These methods enhance the security of the proposed framework with better resilience against impersonation and credential stealing. To evaluate the proposal, we have outlined the limitations in related works and demonstrated two scenarios to showcase the strength and effectiveness of SPIDVerify in dealing with the threats identified. We have also tested the methods used in SPIDVerify by measuring the time taken to execute certain processes. © 2023 IEEE.

Abstract
The increasing level of sophistication of cyber attacks which are employing cross-cutting strategies that leverage multi-domain attack surfaces, including but not limited to, software defined networking poisoning, biasing of machine learning models to suppress detection, exploiting software (development), and leveraging system design deficiencies. While current defensive solutions exist, they only partially address multi-domain and multi-stage attacks, thus rendering them ineffective to counter the upcoming generation of attacks. More specifically, we argue that a disruption is needed to approach separated knowledge domains, namely Intrusion Tolerant systems, cybersecurity, and machine learning. We argue that current solutions tend to address different concerns/facets of overlapping issues and they tend to make strong assumptions of supporting infrastructure, e.g., assuming that event probes/metrics are not compromised. To address these issues, we present Skynet, a platform that acts as a secure overseer that merges traditional roles of SIEMs with conventional orchestrators while being rooted on the fundamentals introduced by previous generations of intrusion tolerant systems. Our goal is to provide an open-source intrusion tolerant platform that can dynamically adapt to known and unknown security threats in order to reduce potential vulnerability windows.

Abstract
Throughout the modern world, healthcare is in a crisis. In response, health information systems are going through major changes: focusing more on the patient and what the patient can do to help to improve his own health care. A lot has been said about what the patient's role should be in the 21(st) century. However, in a way, the patient is still being left out, without the ability to decide about his role and impotent to exercise his rights as the owner of his own EHR. Moreover, there exists a general lack of awareness among the general public about the major risks involved in the unbounded disclosure of personal health related data. The continuous growth of privacy incidents, resulting from target profiling and mining off individual health histories, by human resource departments or insurance companies, demonstrates the fragile perception the general public has for these matters. To help us in assessing this situation we have conducted several interviews with patients older than 18 years in order to determine their opinion on matters regarding 'patient empowerment' and their associated EHRs: particularly who should have access and what were the real reasons behind those answers. In this paper we analyze the results of our questionnaire and present and discuss in detail the answers provided by 100 patients: 70 female and 30 male from diverse strata of the Portuguese population.

Abstract
Electronic Health Record (EHR) systems are becoming more and more sophisticated and include nowadays numerous applications, which are not only accessed by medical professionals, but also by accounting and administrative personnel. This could represent a problem concerning basic rights such as privacy and confidentiality. The principles, guidelines and recommendations compiled by the OECD protection of privacy and trans-border flow of personal data are described and considered within health information system development. Granting access to an Elf R should be dependent upon the owner of the record; the patient: he must be entitled to define who is allowed to access his EHRs, besides the access control scheme each health organization may have implemented. In this way, it's not only up to health professionals to decide who have access to what, but the patient himself Implementing such a policy is walking towards patient empowerment which society should encourage and governments should promote. The paper then introduces a technical solution based on web security standards. This would give patients the ability to monitor and control which entities have access to their personal EHRs, thus empowering them with the knowledge of how much of his medical history is known and by whom. It is necessary to create standard data access protocols, mechanisms and policies to protect the privacy rights and furthermore, to enable patients, to automatically track the movement (flow) of their personal data and information in the context of health information systems. This solution must be functional and, above all, user-friendly and the interface should take in consideration some heuristics of usability in order to provide the user with the best tools. The current official standards on confidentiality and privacy in health care, currently being developed within the EU, are explained, in order to achieve a consensual idea of the guidelines that all member states should follow to transfer such principles into national laws. A perspective is given on the state of the art concerning web security standards, which can be used to easily engineer health information systems complying with the patient empowering goals. In conclusion health systems with the characteristics thus described are technically feasible and should be generally implemented and deployed.

Abstract
Health Information Systems (HIS) are often deployed with inadequate security mechanisms and with users being generally pointed out as the weakest link. The launch of the Portuguese digital national identification smart card, the Citizen Card (CC), with strong authentication and digital signing capabilities, represents a new and viable economic opportunity for securing a HIS and at the same time foster the creation of a much more secure national health information infrastructure. Smart cards are being deployed in healthcare in several places around the world with highly encouraging results. Major programs have already been deployed with great success, although there are some well identified issues that need to be addressed. The CC is a versatile and secure card, with the latest in encryption and tamper resistance technologies, with standard support for a Public Key Infrastructure (PKI). We present the advantages and enumerate some of the problems of using a smart card in a HIS, as well as the CC possible contributions in this area, namely as an easy, inexpensive, widely deployed way of using current technology to protect HIS security, and ultimately patient information, while at the same time fostering the expansion and deployment of inter operable HIS. Issues are identified that will need to be resolved and a detailed plan for further work to assess the level of impact the CC can have on the national HIS is indicated.