Security-Policy Analysis with eXtended Unix Tools

During our fieldwork with real-world organizations---including those in Public Key Infrastructure (PKI), network configuration management, and the electrical power grid---we repeatedly noticed that security policies and related security artifacts are hard to manage. We observed three core limitations of security policy analysis that contribute to this difficulty. First, there is a gap between policy languages and the tools available to practitioners. Traditional Unix text-processing tools are useful, but practitioners cannot use these tools to operate on the high-level languages in which security policies are expressed and implemented. Second, practitioners cannot process policy at multiple levels of abstraction but they need this capability because many high-level languages encode hierarchical object models. Finally, practitioners need feedback to be able to measure how security policies and policy artifacts that implement those policies change over time. We designed and built our eXtended Unix tools (XUTools) to address these limitations of security policy analysis. First, our XUTools operate upon context-free languages so that they can operate upon the hierarchical object models of high-level policy languages. Second, our XUTools operate on parse trees so that practitioners can process and analyze texts at multiple levels of abstraction. Finally, our XUTools enable new computational experiments on multi-versioned structured texts and our tools allow practitioners to measure security policies and how they change over time. Just as programmers use high-level languages to program more efficiently, so can practitioners use these tools to analyze texts relative to a high-level language. Throughout the historical transmission of text, people have identified meaningful substrings of text and categorized them into groups such as sentences, pages, lines, function blocks, and books to name a few. Our research interprets these useful structures as different context-free languages by which we can analyze text. XUTools are already in demand by practitioners in a variety of domains and articles on our research have been featured in various news outlets that include ComputerWorld, CIO Magazine, Communications of the ACM, and Slashdot

Calculating and Evaluating Trustworthiness of Certification Authority

In  a  public  key  infrastructure  trust  model,  a  trust  is transferred along a set of certificates, issued by certificate authorities (CAs) considered  as  trustfully  third  parties,  providing  a  trust chain among  its  entities.  In  order  to  deserve  this trustworthiness,  a  CA should to apply the rigorous procedures for generating keys, checking the  identities,  and  following  reliable  security  practices.  Any deficiency in  these procedures  may in?uence its trustworthiness.  In this  context,  some  authorities  could  be  weaker  than  others.  Then, relying parties (RPs) and certificate holders (CHs) need a mechanism to evaluate CA trustworthiness. In this paper, we provide them this mechanism to have information about its trustworthiness. In fact, we propose  a  trust  level  calculation  algorithm  that  is  based  on  three parameters  which  are  the  CA  reputation,  the  quality  of  procedures described in the certi?cate policy and its security maturity level

Trust Management for Public Key Infrastructures: Implementing the X.509 Trust Broker

A Public Key Infrastructure (PKI) is considered one of the most important techniques used to propagate trust in authentication over the Internet. This technology is based on a trust model defined by the original X.509 (1988) standard and is composed of three entities: the Certification Authority (CA), the certificate holder (or subject) and the Relying Party (RP). The CA plays the role of a trusted third party between the certificate holder and the RP. In many use cases, this trust model has worked successfully. However on the Internet, PKI technology is currently facing many obstacles that slow down its global adoption. In this paper, we argue that most of these obstacles boil down to one problem, which is the trust issue, i.e. how can an RP trust an unknown CA over the Internet? We demonstrate that the original X.509 trust model is not appropriate for the Internet and must be extended to include a new entity, called the Trust Broker, which helps RPs make trust decisions about CAs. We present an approach to assess the quality of a certificate that is related to the quality of the CA’s policy and its commitment to it. The Trust Broker, which is proposed for inclusion in the 2016 edition of X.509, could follow this approach to give RPs trust information about CAs. Finally, we present a prototype Trust Broker that demonstrates how RPs can make informed decisions about certificates in the context of the Web, by using its services

Federated identity architecture of the european eID system

Federated identity management is a method that facilitates management of identity processes and policies among the collaborating entities without a centralized control. Nowadays, there are many federated identity solutions, however, most of them covers different aspects of the identification problem, solving in some cases specific problems. Thus, none of these initiatives has consolidated as a unique solution and surely it will remain like that in a near future. To assist users choosing a possible solution, we analyze different federated identify approaches, showing main features, and making a comparative study among them. The former problem is even worst when multiple organizations or countries already have legacy eID systems, as it is the case of Europe. In this paper, we also present the European eID solution, a purely federated identity system that aims to serve almost 500 million people and that could be extended in midterm also to eID companies. The system is now being deployed at the EU level and we present the basic architecture and evaluate its performance and scalability, showing that the solution is feasible from the point of view of performance while keeping security constrains in mind. The results show a good performance of the solution in local, organizational, and remote environments

Transfer Control for Resilient End-to-End Transport

Residing between the network layer and the application layer, the transport layer exchanges application data using the services provided by the network. Given the unreliable nature of the underlying network, reliable data transfer has become one of the key requirements for those transport-layer protocols such as TCP. Studying the various mechanisms developed for TCP to increase the correctness of data transmission while fully utilizing the network's bandwidth provides us a strong background for our study and development of our own resilient end-to-end transport protocol. Given this motivation, in this thesis, we study the different TCP's error control and congestion control techniques by simulating them under different network scenarios using ns-3. For error control, we narrow our research to acknowledgement methods such as cumulative ACK - the traditional TCP's way of ACKing, SACK, NAK, and SNACK. The congestion control analysis covers some TCP variants including Tahoe, Reno, NewReno, Vegas, Westwood, Westwood+, and TCP SACK

Strong Electronic Identification: Survey & Scenario Planning

The deployment of more high-risk services such as online banking and government services on the Internet has meant that the need and demand for strong electronic identity is bigger today more than ever. Different stakeholders have different reasons for moving their services to the Internet, including cost savings, being closer to the customer or citizen, increasing volume and value of services among others. This means that traditional online identification schemes based on self-asserted identities are no longer sufficient to cope with the required level of assurance demanded by these services. Therefore, strong electronic identification methods that utilize identifiers rooted in real world identities must be provided to be used by customers and citizens alike on the Internet. This thesis focuses on studying state-of-the-art methods for providing reliable and mass market strong electronic identity in the world today. It looks at concrete real-world examples that enable real world identities to be transferred and used in the virtual world of the Internet. The thesis identifies crucial factors that determine what constitutes a strong electronic identity solution and through these factors evaluates and compares the example solutions surveyed in the thesis. As the Internet become more pervasive in our lives; mobile devices are becoming the primary devices for communication and accessing Internet services. This has thus, raised the question of what sort of strong electronic identity solutions could be implemented and how such solutions could adapt to the future. To help to understand the possible alternate futures, a scenario planning and analysis method was used to develop a series of scenarios from underlying key economic, political, technological and social trends and uncertainties. The resulting three future scenarios indicate how the future of strong electronic identity will shape up with the aim of helping stakeholders contemplate the future and develop policies and strategies to better position themselves for the future

Strong Electronic Identification: Survey & Scenario Planning

The deployment of more high-risk services such as online banking and government services on the Internet has meant that the need and demand for strong electronic identity is bigger today more than ever. Different stakeholders have different reasons for moving their services to the Internet, including cost savings, being closer to the customer or citizen, increasing volume and value of services among others. This means that traditional online identification schemes based on self-asserted identities are no longer sufficient to cope with the required level of assurance demanded by these services. Therefore, strong electronic identification methods that utilize identifiers rooted in real world identities must be provided to be used by customers and citizens alike on the Internet. This thesis focuses on studying state-of-the-art methods for providing reliable and mass market strong electronic identity in the world today. It looks at concrete real-world examples that enable real world identities to be transferred and used in the virtual world of the Internet. The thesis identifies crucial factors that determine what constitutes a strong electronic identity solution and through these factors evaluates and compares the example solutions surveyed in the thesis. As the Internet become more pervasive in our lives; mobile devices are becoming the primary devices for communication and accessing Internet services. This has thus, raised the question of what sort of strong electronic identity solutions could be implemented and how such solutions could adapt to the future. To help to understand the possible alternate futures, a scenario planning and analysis method was used to develop a series of scenarios from underlying key economic, political, technological and social trends and uncertainties. The resulting three future scenarios indicate how the future of strong electronic identity will shape up with the aim of helping stakeholders contemplate the future and develop policies and strategies to better position themselves for the future