178 research outputs found
Architecture for Provenance Systems
This document covers the logical and process architectures of provenance systems. The logical architecture identifies key roles and their interactions, whereas the process architecture discusses distribution and security. A fundamental aspect of our presentation is its technology-independent nature, which makes it reusable: the principles that are exposed in this document may be applied to different technologies
An Architecture for Provenance Systems
This document covers the logical and process architectures of provenance systems. The logical architecture identifies key roles and their interactions, whereas the process architecture discusses distribution and security. A fundamental aspect of our presentation is its technology-independent nature, which makes it reusable: the principles that are exposed in this document may be applied to different technologies
Supporting Management lnteraction and Composition of Self-Managed Cells
Management in ubiquitous systems cannot rely on human intervention or centralised
decision-making functions because systems are complex and devices
are inherently mobile and cannot refer to centralised management applications
for reconfiguration and adaptation directives. Management must be devolved,
based on local decision-making and feedback control-loops embedded in autonomous
components. Previous work has introduced a Self-Managed Cell (SMC)
as an infrastructure for building ubiquitous applications. An SMC consists
of a set of hardware and software components that implement a policy-driven
feedback control-loop. This allows SMCs to adapt continually to changes in
their environment or in their usage requirements. Typical applications include
body-area networks for healthcare monitoring, and communities of unmanned
autonomous vehicles (UAVs) for surveillance and reconnaissance operations.
Ubiquitous applications are typically formed from multiple interacting autonomous
components, which establish peer-to-peer collaborations, federate and
compose into larger structures. Components must interact to distribute management
tasks and to enforce communication strategies. This thesis presents
an integrated framework which supports the design and the rapid establishment
of policy-based SMC interactions by systematically composing simpler abstractions
as building elements of a more complex collaboration. Policy-based
interactions are realised ā subject to an extensible set of security functions ā
through the exchanges of interfaces, policies and events, and our framework
was designed to support the specification, instantiation and reuse of patterns of
interaction that prescribe the manner in which these exchanges are achieved.
We have defined a library of patterns that provide reusable abstractions for
the structure, task-allocation and communication aspects of an interaction,
which can be individually combined for building larger policy-based systems in
a methodical manner. We have specified a formal model to ensure the rigorous
verification of SMC interactions before policies are deployed in physical devices.
A prototype has been implemented that demonstrates the practical feasibility
of our framework in constrained resources
A Data Protection Architecture for Derived Data Control in Partially Disconnected Networks
Every organisation needs to exchange and disseminate data constantly amongst its employees, members, customers
and partners. Disseminated data is often sensitive or confidential and access to it should be restricted to
authorised recipients. Several enterprise rights management (ERM) systems and data protection solutions have
been proposed by both academia and industry to enable usage control on disseminated data, i.e. to allow data
originators to retain control over whom accesses their information, under which circumstances, and how it is
used. This is often obtained by means of cryptographic techniques and thus by disseminating encrypted data
that only trustworthy recipients can decrypt. Most of these solutions assume data recipients are connected to
the network and able to contact remote policy evaluation authorities that can evaluate usage control policies and
issue decryption keys. This assumption oversimplifies the problem by neglecting situations where connectivity
is not available, as often happens in crisis management scenarios. In such situations, recipients may not be
able to access the information they have received. Also, while using data, recipients and their applications can
create new derived information, either by aggregating data from several sources or transforming the original
dataās content or format. Existing solutions mostly neglect this problem and do not allow originators to retain
control over this derived data despite the fact that it may be more sensitive or valuable than the data originally
disseminated.
In this thesis we propose an ERM architecture that caters for both derived data control and usage control in
partially disconnected networks. We propose the use of a novel policy lattice model based on information flow
and mandatory access control. Sets of policies controlling the usage of data can be specified and ordered in a
lattice according to the level of protection they provide. At the same time, their association with specific data
objects is mandated by rules (content verification procedures) defined in a data sharing agreement (DSA) stipulated
amongst the organisations sharing information. When data is transformed, the new policies associated
with it are automatically determined depending on the transformation used and the policies currently associated
with the input data. The solution we propose takes into account transformations that can both increase or reduce
the sensitivity of information, thus giving originators a flexible means to control their data and its derivations.
When data must be disseminated in disconnected environments, the movement of users and the ad hoc connections they establish can be exploited to distribute information. To allow users to decrypt disseminated data
without contacting remote evaluation authorities, we integrate our architecture with a mechanism for authority
devolution, so that users moving in the disconnected area can be granted the right to evaluate policies and issue
decryption keys. This allows recipients to contact any nearby user that is also a policy evaluation authority to
obtain decryption keys. The mechanism has been shown to be efficient so that timely access to data is possible
despite the lack of connectivity. Prototypes of the proposed solutions that protect XML documents have been
developed. A realistic crisis management scenario has been used to show both the flexibility of the presented
approach for derived data control and the efficiency of the authority devolution solution when handling data
dissemination in simulated partially disconnected networks.
While existing systems do not offer any means to control derived data and only offer partial solutions to
the problem of lack of connectivity (e.g. by caching decryption keys), we have defined a set of solutions
that help data originators faced with the shortcomings of current proposals to control their data in innovative,
problem-oriented ways
Temporal meta-model framework for Enterprise Information Systems (EIS) development
This thesis has developed a Temporal Meta-Model Framework for semi-automated Enterprise System Development, which can help drastically reduce the time and cost to develop, deploy and maintain Enterprise Information Systems throughout their lifecycle. It proposes that the analysis and requirements gathering can also perform the bulk of the design phase, stored and available in a suitable model which would then be capable of automated execution with the availability of a set of specific runtime components
Efficient Enforcement of Security Policies in Distributed Systems
Policy-based management (PBM) is an adaptable security policy mechanism in information systems (IS) that confirm only authorised users can access resources.
A few decades ago, the traditional PBM has focused on closed systems, where enforcement mechanisms are trusted by system administrators who define access control policies. Most of current work on the PBM systems focuses on designing a centralised policy decision point (PDP), the component that evaluates an access request against a policy and reports the decision back, which can have performance and resilience drawbacks.
Performance and resilience are a major concern for applications in military, health and national security domains where the performance is desirable to increase situational awareness through collaboration and to decrease the length of the decision making cycle. The centralised PDP also represents a single point of failure. In case of the failure of the centralised PDP, all resources in the system may cease to function. The efficient distribution of enforcement mechanisms is therefore key in building large scale policy managed distributed systems.
Moving from the traditional PBM systems to dynamic PBM systems supports dynamic adaptability of behaviour by changing policy without recoding or stopping the system. The SANTA history-based dynamic PBM system has a formal underpinning in Interval Temporal Logic (ITL) allowing for formal analysis and verification to take place. The main aim of the research to automatically distribute enforcement mechanisms in the distributed system in order to provide resilience against network failure whilst preserving efficiency of policy decision making. The policy formalisation is based on SANTA policy model to provide a high level of assurance.
The contribution of this work addresses the challenge of performance, manageability and security, by designing a Decentralised PBM framework and a corresponding Distributed Enforcements Architecture (DENAR). The ability of enforcing static and dynamic security policies in DENAR is the prime research issue, which balances the desire to distribute systems for flexibility whilst maintaining sufficient security over operations. Our research developed mechanisms to improve the efficiency of the enforcement of security policy mechanisms and their resilience against network failures in distributed information systems
Policy analysis for DiffServ quality of service management
EThOS - Electronic Theses Online ServiceGBUnited Kingdo
- ā¦