Enforcing reputation constraints on business process workflows

The problem of trust in determining the flow of execution of business processes has been in the centre of research interst in the last decade as business processes become a de facto model of Internet-based commerce, particularly with the increasing popularity in Cloud computing. One of the main mea-sures of trust is reputation, where the quality of services as provided to their clients can be used as the main factor in calculating service and service provider reputation values. The work presented here contributes to the solving of this problem by defining a model for the calculation of service reputa-tion levels in a BPEL-based business workflow. These levels of reputation are then used to control the execution of the workflow based on service-level agreement constraints provided by the users of the workflow. The main contribution of the paper is to first present a formal meaning for BPEL processes, which is constrained by reputation requirements from the users, and then we demonstrate that these requirements can be enforced using a reference architecture with a case scenario from the domain of distributed map processing. Finally, the paper discusses the possible threats that can be launched on such an architecture

Towards a Pervasive Access Control within Video Surveillance Systems

Part 1: Cross-Domain Conference and Workshop on Multidisciplinary Research and Practice for Information Systems (CD-ARES 2013)International audienceThis paper addresses two emerging challenges that multimedia distributed systems have to deal with: the user’s constant mobility and the information’s sensitivity. The systems have to adapt, in real time, to the user’s context and situation in order to provide him with relevant results without breaking the security and privacy policies. Distributed multimedia systems, such as the oneproposed by the LINDO project, do not generally consider both issues. In this paper, we apply an access control layer on top of the LINDO architecture that takes into consideration the user’s context and situation and recommends alternative resources to the user when he is facing an important situation. The proposed solution was implemented and tested in a video surveillance use case

Automated Analysis of Source Code Patches using Machine Learning Algorithms

An updated version of a tool for automated analysis of source code patches and branch differences is presented. The upgrade involves the use of machine learning techniques on source code, comments, and messages. It aims to help analysts, code reviewers, or auditors perform repetitive tasks continuously. The environment designed encourages collaborative work. It systematizes certain tasks pertaining to reviewing or auditing processes. Currently, the scope of the automated test is limited. Current work aims to increase the volume of source code analyzed per time unit, letting users focus on alerts automatically generated. The tool is distributed as open source software. This work also aims to provide arguments in support of the use of this type of tool. A brief overview of security problems in open source software is presented. It is argued that these problems were or may have been discovered reviewing patches and branch differences, released before the vulnerability was disclosed.IV Workshop de Seguridad Informática (WSI)Red de Universidades con Carreras en Informática (RedUNCI

Automated Analysis of Source Code Patches using Machine Learning Algorithms

An updated version of a tool for automated analysis of source code patches and branch differences is presented. The upgrade involves the use of machine learning techniques on source code, comments, and messages. It aims to help analysts, code reviewers, or auditors perform repetitive tasks continuously. The environment designed encourages collaborative work. It systematizes certain tasks pertaining to reviewing or auditing processes. Currently, the scope of the automated test is limited. Current work aims to increase the volume of source code analyzed per time unit, letting users focus on alerts automatically generated. The tool is distributed as open source software. This work also aims to provide arguments in support of the use of this type of tool. A brief overview of security problems in open source software is presented. It is argued that these problems were or may have been discovered reviewing patches and branch differences, released before the vulnerability was disclosed.IV Workshop de Seguridad Informática (WSI)Red de Universidades con Carreras en Informática (RedUNCI

Plausibilistic Entropy and Anonymity *

Abstract A common approach behind measuring anonymity is that the larger the anonymity set is the higher the degree of anonymity it supports. Our approach builds upon this intuition proposing a very general and yet precise measure for security properties. Introduced in a paper accepted for ARES 2013 conference, plausibilistic entropy promises to offer an expressive and cost effective solution for quantifying anonymity. This article focuses on a detailed side-by-side comparison between plausibilistic entropy and Shannon entropy and underlines a promising level of compatibility between the two of them. Towards the end we present our vision on how to define a measure for anonymity based on plausibilistic entropy and how such a definition can be employed to serve practical purposes

An Extended Discussion on a High-Capacity Covert Channel for the Android Operating System

In “Exploring a High-Capacity Covert Channel for the Android Operating System” [1], a covert channel for communicating between different applications on the Android operating system was introduced and evaluated. This covert channel proved to be capable of a much higher throughput than any other comparable channels which had been explored previously. This article will expand on the work which was started in [1]. Specifically, further improvements on the initial covert channel concept will be detailed and their impact with regards to channel throughput will be evaluated. In addition, a new protocol for managing connections and communications between collaborating applications purely using this channel will be defined and explored. A number of different potential mechanisms and techniques for detecting the presence and use of this covert channel will also be described and discussed, including possible counter-measures, which could be implemented

PACE Solver Description: Bute-Plus: A Bottom-Up Exact Solver for Treedepth

This note introduces Bute-Plus, an exact solver for the treedepth problem. The core of the solver is a positive-instance driven dynamic program that constructs an elimination tree of minimum depth in a bottom-up fashion. Three features greatly improve the algorithm's run time. The first of these is a specialised trie data structure. The second is a domination rule. The third is a heuristic presolve step can quickly find a treedepth decomposition of optimal depth for many instances.Comment: 4 pages, 1 appendix pages, 0 figures. A version of this tool description paper without the appendix is published in the proceedings of IPEC 2020: https://drops.dagstuhl.de/opus/volltexte/2020/13337/pdf/LIPIcs-IPEC-2020-34.pdf . Changes: this version expands the paper from a preliminary versio

Sustainable Identity and Access Management

For today's enterprises, information technology (IT) evolved into a key success factor affecting nearly all areas of value chains. As a consequence, identity and access management (IAM) is established for centralized and structured management of digital identities together with their access to internal assets. During this effort, a centralized management platform is created, which serves as middle-ware among available software systems and human resource applications, thereby creating a unified view and enabling business-oriented management. This enables the implementation of an according level of IT-security, business process automation and the alignment to external compliance requirements. However, as IT-infrastructures evolve over time, thereby leading to continuous changes and varying demands, these developments need to be addressed within IAM in a constant manner. As IAM is designed as a cross-cutting topic between business and IT , business requirements such as restructurings need to be realized likewise. Additionally, more and more legal requirements are set in place by external authorities which affect the way digital information are to be managed. Bringing together requirements of these different stakeholders in a comprehensive way imposes high complexity for enterprises, thereby leading to high administrational effort. This leads to a situation where enterprises are in need to constantly evaluate and adapt their implemented IAM strategy and execution. Thus the dissertation at hand is devoted to provide means of aligning IAM to a more sustainable way of operation. Within information systems research, sustainability comprises the ability to meet the needs of today without hindering future developments. To achieve this, the two concepts IAM measurement and IAM policies are leveraged. Firstly, IAM measurement enables enterprises to achieve detailed information concerning the state of an IAM infrastructure. Secondly, this effort is fostered to shift IAM to a more dynamic way of operation and provide suitable recommendations concerning how to adjust different aspects of IAM in a long-term manner. During the research process, the presented approaches have been evaluated within real-world scenarios to outline their relevance and demonstrate practical applicability