A User-Centric Identity Management Framework based on the W3C Verifiable Credentials and the FIDO Universal Authentication Framework

We present a user-centric and decentralized digital identity system that allows anyone to easily benefit from an enriched digital identity made of multi-purpose and multi-origin attributes. It increases usability by the elimination of user passwords. It also makes this digital identity highly trustworthy both for the user (in terms of privacy and sovereignty) and the service provider who requires highly certified information about the user being enrolled to and/or authenticated on its services. We built our system based on the Universal Authentication Framework specified by the FIDO Alliance and the data model proposed by the W3C Verifiable Credentials WG. The whole system has been implemented in a banking scenario

Towards Modular and Flexible Access Control on Smart Mobile Devices

Smart mobile devices, such as smartphones and tablets, have become an integral part of our daily personal and professional lives. These devices are connected to a wide variety of Internet services and host a vast amount of applications, which access, store and process security- and privacy-sensitive data. A rich set of sensors, ranging from microphones and cameras to location and acceleration sensors, allows these applications and their back end services to reason about user behavior. Further, enterprise administrators integrate smart mobile devices into their IT infrastructures to enable comfortable work on the go. Unsurprisingly, this abundance of available high-quality information has made smart mobile devices an interesting target for attackers, and the number of malicious and privacy-intrusive applications has steadily been rising. Detection and mitigation of such malicious behavior are in focus of mobile security research today. In particular, the Android operating system has received special attention by both academia and industry due to its popularity and open-source character. Related work has scrutinized its security architecture, analyzed attack vectors and vulnerabilities and proposed a wide variety of security extensions. While these extensions have diverse goals, many of them constitute modifications of the Android operating system and extend its default permission-based access control model. However, they are not generic and only address specific security and privacy concerns. The goal of this dissertation is to provide generic and extensible system-centric access control architectures, which can serve as a solid foundation for the instantiation of use-case specific security extensions. In doing so, we enable security researchers, enterprise administrators and end users to design, deploy and distribute security extensions without further modification of the underlying operating system. To achieve this goal, we first analyze the mobile device ecosystem and discuss how Android's security architecture aims to address its inherent threats. We proceed to survey related work on Android security, focusing on system-centric security extensions, and derive a set of generic requirements for extensible access control architectures targeting smart mobile devices. We then present two extensible access control architectures, which address these requirements by providing policy-based and programmable interfaces for the instantiation of use-case specific security solutions. By implementing a set of practical use-cases, ranging from context-aware access control, dynamic application behavior analysis to isolation of security domains we demonstrate the advantages of system-centric access control architectures over application-layer approaches. Finally, we conclude this dissertation by discussing an alternative approach, which is based on application-layer deputies and can be deployed whenever practical limitations prohibit the deployment of system-centric solutions

Integrated Single Sign-On System on Open Nebula

The purpose of this research is to make comparative analysis on the single sign-on systems called Shibboleth and Identity Management Machine in order to choose a preferable system to integrate with a cloud infrastructure, OpenNebula. This paper addresses the criteria that an individual has to look at in order to choose a more suitable single sign-on system for implementation. This study is based on the research methodology started by defining problem statement and then making research and analyse the information. Therefore, it has been done by using research and experiment method. The result of the research was likely impact the experiment phase in this project. The research has been conducted for 27 weeks and the result from the research phase provided valuable information for the next phase of the project which was the experiment phase

ProsocialLearn: D2.3 - 1st system requirements and architecture

This document present the first version of the ProsocialLearn architecture covering the principle definition, the requirement collection, the “business”, “information system”, “technology” architecture as defined in the TOGAF methodology

Enhancing cyber assets visibility for effective attack surface management : Cyber Asset Attack Surface Management based on Knowledge Graph

The contemporary digital landscape is filled with challenges, chief among them being the management and security of cyber assets, including the ever-growing shadow IT. The evolving nature of the technology landscape has resulted in an expansive system of solutions, making it challenging to select and deploy compatible solutions in a structured manner. This thesis explores the critical role of Cyber Asset Attack Surface Management (CAASM) technologies in managing cyber attack surfaces, focusing on the open-source CAASM tool, Starbase, by JupiterOne. It starts by underlining the importance of comprehending the cyber assets that need defending. It acknowledges the Cyber Defense Matrix as a methodical and flexible approach to understanding and addressing cyber security challenges. A comprehensive analysis of market trends and business needs validated the necessity of asset security management tools as fundamental components in firms' security journeys. CAASM has been selected as a promising solution among various tools due to its capabilities, ease of use, and seamless integration with cloud environments using APIs, addressing shadow IT challenges. A practical use case involving the integration of Starbase with GitHub was developed to demonstrate the CAASM's usability and flexibility in managing cyber assets in organizations of varying sizes. The use case enhanced the knowledge graph's aesthetics and usability using Neo4j Desktop and Neo4j Bloom, making it accessible and insightful even for non-technical users. The thesis concludes with practical guidelines in the appendices and on GitHub for reproducing the use case

Emerging and Established Trends to Support Secure Health Information Exchange

This work aims to provide information, guidelines, established practices and standards, and an extensive evaluation on new and promising technologies for the implementation of a secure information sharing platform for health-related data. We focus strictly on the technical aspects and specifically on the sharing of health information, studying innovative techniques for secure information sharing within the health-care domain, and we describe our solution and evaluate the use of blockchain methodologically for integrating within our implementation. To do so, we analyze health information sharing within the concept of the PANACEA project that facilitates the design, implementation, and deployment of a relevant platform. The research presented in this paper provides evidence and argumentation toward advanced and novel implementation strategies for a state-of-the-art information sharing environment; a description of high-level requirements for the transfer of data between different health-care organizations or cross-border; technologies to support the secure interconnectivity and trust between information technology (IT) systems participating in a sharing-data “community”; standards, guidelines, and interoperability specifications for implementing a common understanding and integration in the sharing of clinical information; and the use of cloud computing and prospectively more advanced technologies such as blockchain. The technologies described and the possible implementation approaches are presented in the design of an innovative secure information sharing platform in the health-care domain

Integrated Single Sign-On System on Open Nebula

The purpose of this research is to make comparative analysis on the single sign-on systems called Shibboleth and Identity Management Machine in order to choose a preferable system to integrate with a cloud infrastructure, OpenNebula. This paper addresses the criteria that an individual has to look at in order to choose a more suitable single sign-on system for implementation. This study is based on the research methodology started by defining problem statement and then making research and analyse the information. Therefore, it has been done by using research and experiment method. The result of the research was likely impact the experiment phase in this project. The research has been conducted for 27 weeks and the result from the research phase provided valuable information for the next phase of the project which was the experiment phase