2,434 research outputs found
Access and information flow control to secure mobile web service compositions in resource constrained environments
The growing use of mobile web services such as electronic health records systems and applications like twitter, Facebook has increased interest in robust mechanisms for ensuring security for such information sharing services. Common security mechanisms such as access control and information flow control are either restrictive or weak in that they prevent applications from sharing data usefully, and/or allow private information leaks when used independently. Typically, when services are composed there is a resource that some or all of the services involved in the composition need to share. However, during service composition security problems arise because the resulting service is made up of different services from different security domains. A key issue that arises and that we address in this thesis is that of enforcing secure information flow control during service composition to prevent illegal access and propagation of information between the participating services. This thesis describes a model that combines access control and information flow control in one framework. We specifically consider a case study of an e-health service application, and consider how constraints like location and context dependencies impact on authentication and authorization. Furthermore, we consider how data sharing applications such as the e-health service application handle issues of unauthorized users and insecure propagation of information in resource constrained environmentsÂą. Our framework addresses this issue of illegitimate information access and propagation by making use of the concept of program dependence graphs (PDGs). Program dependence graphs use path conditions as necessary conditions for secure information flow control. The advantage of this approach to securing information sharing is that, information is only propagated if the criteria for data sharing are verified. Our solution proposes or offers good performance, fast authentication taking into account bandwidth limitations. A security analysis shows the theoretical improvements our scheme offers. Results obtained confirm that the framework accommodates the CIA-triad (which is the confidentiality, integrity and availability model designed to guide policies of information security) of our work and can be used to motivate further research work in this field
Securing Data in Storage: A Review of Current Research
Protecting data from malicious computer users continues to grow in
importance. Whether preventing unauthorized access to personal photographs,
ensuring compliance with federal regulations, or ensuring the integrity of
corporate secrets, all applications require increased security to protect data
from talented intruders. Specifically, as more and more files are preserved on
disk the requirement to provide secure storage has increased in importance.
This paper presents a survey of techniques for securely storing data, including
theoretical approaches, prototype systems, and existing systems currently
available. Due to the wide variety of potential solutions available and the
variety of techniques to arrive at a particular solution, it is important to
review the entire field prior to selecting an implementation that satisfies
particular requirements. This paper provides an overview of the prominent
characteristics of several systems to provide a foundation for making an
informed decision. Initially, the paper establishes a set of criteria for
evaluating a storage solution based on confidentiality, integrity,
availability, and performance. Then, using these criteria, the paper explains
the relevant characteristics of select storage systems and provides a
comparison of the major differences.Comment: 22 pages, 4 figures, 3 table
Architecture for Provenance Systems
This document covers the logical and process architectures of provenance systems. The logical architecture identifies key roles and their interactions, whereas the process architecture discusses distribution and security. A fundamental aspect of our presentation is its technology-independent nature, which makes it reusable: the principles that are exposed in this document may be applied to different technologies
Internship at Be One Solutions
Included in this document is the report of my internship undertaken in the fulfilment of my
Master of Cybersecurity and Informatic Forensics degree from the Polytechnic Institute of
Leiria, at Be One Solutions. During the internship, I identified several issues regarding
security protocols and procedures at the company, more specifically in regards to credential
management.
After identifying the issues, I started researching enterprise level solutions for credential
management, for which the requirements had been established beforehand with the IT
manager. After comparing a set of solutions based on the features they provided and the
price quoted, it was possible to conclude that all solutions were unsuitable due to either
unreasonable pricing or previous security issues.
Since the solutions analysed were deemed unsuitable, I started working on a Proof of
Concept (PoC) for a custom solution that would be able to integrate with the project structure
already present in the company’s in house project management solution. It started with
defining the concept of the solutions in regards to how the encryption process would be
performed, then the designing of the data structure in order to integrate with the project
management solution, an afterwards came the development process of said solution
- …