Employing a Multilevel Secure Approach in CRM Systems

This research shows how Multilevel Secure (MLS) data models can be used in a Customer Relationship Management (CRM) context. MLS models were originally developed as database models for the management of information in environments characterized by a strict hierarchy of security levels, such as military institutions and government security agencies. Improvements in evolving database technologies have made MLS data modeling practical as well as theoretically appealing. This paper illustrates how an MLS model can be used as a part of the technology for coordinating business-customer interactions with the objective of building long-term customer loyalty. Several examples are used to show how organizing a database management system based on MLS principles can be used to help businesses provide consistent and appropriate content to various customers and partners. Improvements in flexibility and cost of applications, as well as opportunities for new CRM strategies, are discussed as potential benefits of integrating MLS and CRM technology

A Cloud-Oriented Cross-Domain Security Architecture

The Monterey Security Architecture addresses the need to share high-value data across multiple domains of different classification levels while enforcing information flow policies. The architecture allows users with different security authorizations to securely collaborate and exchange information using commodity computers and familiar commercial client software that generally lack the prerequisite assurance and functional security protections. MYSEA seeks to meet two compelling requirements, often assumed to be at odds: enforcing critical, mandatory security policies, and allowing access and collaboration in a familiar work environment. Recent additions to the MYSEA design expand the architecture to support a cloud of cross-domain services, hosted within a federation of multilevel secure (MLS) MYSEA servers. The MYSEA cloud supports single-sign on, service replication, and network-layer quality of security service. This new cross domain, distributed architecture follows the consumption and delivery model for cloud services, while maintaining the federated control model necessary to support and protect cross domain collaboration within the enterprise. The resulting architecture shows the feasibility of high-assurance, cross-domain services hosted within a community cloud suitable for interagency, or joint, collaboration. This paper summarizes the MYSEA architecture and discusses MYSEA's approach to provide an MLS-constrained cloud computing environment.Approved for public release; distribution is unlimited

From Conventional to State-of-the-Art IoT Access Control Models

open access articleThe advent in Online Social Networks (OSN) and Internet of Things (IoT) has created a new world of collaboration and communication between people and devices. The domain of internet of things uses billions of devices (ranging from tiny sensors to macro scale devices) that continuously produce and exchange huge amounts of data with people and applications. Similarly, more than a billion people are connected through social networking sites to collaborate and share their knowledge. The applications of IoT such as smart health, smart city, social networking, video surveillance and vehicular communication are quickly evolving people’s daily lives. These applications provide accurate, information-rich and personalized services to the users. However, providing personalized information comes at the cost of accessing private information of users such as their location, social relationship details, health information and daily activities. When the information is accessible online, there is always a chance that it can be used maliciously by unauthorized entities. Therefore, an effective access control mechanism must be employed to ensure the security and privacy of entities using OSN and IoT services. Access control refers to a process which can restrict user’s access to data and resources. It enforces access rules to grant authorized users an access to resources and prevent others. This survey examines the increasing literature on access control for traditional models in general, and for OSN and IoT in specific. Challenges and problems related to access control mechanisms are explored to facilitate the adoption of access control solutions in OSN and IoT scenarios. The survey provides a review of the requirements for access control enforcement, discusses several security issues in access control, and elaborates underlying principles and limitations of famous access control models. We evaluate the feasibility of current access control models for OSN and IoT and provide the future development direction of access control for the sam

A contextual usage control model

Model praćenja uporabe (UCON) je najnovije veliko poboljšanje tradicionalnih modela za praćenje pristupa. On omogućava promjenljivost atributa subjekta i objekta i kontinuitet praćenja uporabe. Međutim, taj model može zabraniti pristup zbog promjena u okolini čak i ako su zadovoljeni zahtjevi autorizacije i obveze te tako korisnicima stvoriti prekide. Predložen je kontekstualni UCON (CUC) kako bi se prevladala ta osnovna slabost UCONa. U CUC-u se uvodi kontekst kao zamjena za komponentu uvjeta u UCON-u. Dodaje se modul upravljanja za manipuliranje atributima subjekta, objekta i konteksta. CUC izravno kombinira module praćenja i upravljanja i može dinamički prilagođavati promjene u kontekstu te je uistinu baziran na atributima. Primijenjen je algebarski pristup za opis sintakse i semantike CUCa.The usage control model (UCON) is the latest major enhancement of traditional access control models. It enables subject and object attributes mutability and usage control continuity. However, with the model access permission may be denied as a result of the environmental changes even though the authorization and obligation requirements are met, thus causing disruptions to users. Contextual UCON (CUC) was proposed to overcome this major weakness of UCON. In CUC context was introduced to replace the conditions component in UCON. And management module was added to manipulate the subject and object and context attributes. CUC seamlessly combines control and management modules and has the ability to dynamically adapt the changes in context, and is truly attribute-based. An algebra approach was employed to describe CUC syntax and semantics formally

TRADE-OFF ANALYSIS OF RELATIONAL DATABASE STORAGE FOR PRIVACY PURPOSES

In business organizations, person-specific data are collected as part of service re­ quirements from customers or data providers. To maintain the privacy of these per­ sonal data from intra-organizational or external unauthorized access, an Role-based access control (RBAC) extension with privacy purposes has been introduced. Re­ search on role-based access control and privacy has been conducted. Despite all this research, not much investigation into efficient ways to store person-specific data with privacy labels has been conducted. To the best of our knowledge, there is no such re­ search to analyze the characteristics and impact of different storage patterns on RBAC with privacy purposes. In this thesis, we propose some storage schemes for extended RBAC with privacy purpose in a relational database environment. Moreover, we ana­ lyze the performance characteristics and impact of different SQL operations according to different storage schemes for the extension of RBAC with privacy purposes

The Complete MLSK Model—incorporation of lattice operations and XML implementation

Many multilevel security relational models have been proposed and different models offer different advantages. In this paper, we adapt and refine some of the best ideas from these models and add new ones of own to extend our Multilevel Security with Key-polyinstantiation (MLSK) relational model. MLSK now supports relational algebra and user lattice manipulations while ensuring that the soundness, completeness and security that it originally guaranteed are not compromised. We also implement MLSK in a non-relational scenario, thereby demonstrating the extensibility of the model to other environments

The Complete MLSK Model - incorporation of lattice operations and XML implementation

Many multilevel security relational models have been proposed and different models offer different advantages. In this paper, we adapt and refine some of the best ideas from these models and add new ones of own to extend our Multilevel Security with Key-polyinstantiation (MLSK) relational model. MLSK now supports relational algebra and user lattice manipulations while ensuring that the soundness, completeness and security that it originally guaranteed are not compromised. We also implement MLSK in a non-relational scenario, thereby demonstrating the extensibility of the model to other environments

‘Enhanced Encryption and Fine-Grained Authorization for Database Systems

The aim of this research is to enhance fine-grained authorization and encryption so that database systems are equipped with the controls necessary to help enterprises adhere to zero-trust security more effectively. For fine-grained authorization, this thesis has extended database systems with three new concepts: Row permissions, column masks and trusted contexts. Row permissions and column masks provide data-centric security so the security policy cannot be bypassed as with database views, for example. They also coexist in harmony with the rest of the database core tenets so that enterprises are not forced to compromise neither security nor database functionality. Trusted contexts provide applications in multitiered environments with a secure and controlled manner to propagate user identities to the database and therefore enable such applications to delegate the security policy to the database system where it is enforced more effectively. Trusted contexts also protect against application bypass so the application credentials cannot be abused to make database changes outside the scope of the application’s business logic. For encryption, this thesis has introduced a holistic database encryption solution to address the limitations of traditional database encryption methods. It too coexists in harmony with the rest of the database core tenets so that enterprises are not forced to choose between security and performance as with column encryption, for example. Lastly, row permissions, column masks, trusted contexts and holistic database encryption have all been implemented IBM DB2, where they are relied upon by thousands of organizations from around the world to protect critical data and adhere to zero-trust security more effectively