A Declarative Framework for Specifying and Enforcing Purpose-aware Policies

Purpose is crucial for privacy protection as it makes users confident that their personal data are processed as intended. Available proposals for the specification and enforcement of purpose-aware policies are unsatisfactory for their ambiguous semantics of purposes and/or lack of support to the run-time enforcement of policies. In this paper, we propose a declarative framework based on a first-order temporal logic that allows us to give a precise semantics to purpose-aware policies and to reuse algorithms for the design of a run-time monitor enforcing purpose-aware policies. We also show the complexity of the generation and use of the monitor which, to the best of our knowledge, is the first such a result in literature on purpose-aware policies.Comment: Extended version of the paper accepted at the 11th International Workshop on Security and Trust Management (STM 2015

Distributed Access Control for Web and Business Processes

Middleware influenced the research community in developing a number of systems for controlling access to distributed resources. Nowadays a new paradigm for the lightweight integration of business resources from different partners is starting to take hold – Web Services and Business Processes for Web Services. Security and access control policies for Web Services protocols and distributed systems are well studied and almost standardized, but there is not yet a comprehensive proposal for an access control architecture for business processes. So, it is worth looking at the available approaches to distributed authorization as a starting point for a better understanding of what they already have and what they still need to address the security challenges for business processes

Privacy in an Ambient World

Privacy is a prime concern in today's information society. To protect\ud the privacy of individuals, enterprises must follow certain privacy practices, while\ud collecting or processing personal data. In this chapter we look at the setting where an\ud enterprise collects private data on its website, processes it inside the enterprise and\ud shares it with partner enterprises. In particular, we analyse three different privacy\ud systems that can be used in the different stages of this lifecycle. One of them is the\ud Audit Logic, recently introduced, which can be used to keep data private when it\ud travels across enterprise boundaries. We conclude with an analysis of the features\ud and shortcomings of these systems

A Policy-Based Management Approach to Security in Cloud Systems

In the era of service-oriented computing, ICT systems exponentially grow in their size and complexity, becoming more and more dynamic and distributed, often spanning across different geographical locations, as well as multiple ownerships and administrative domains. At the same time, complex software systems are serving an increasing number of users accessing digital resources from various locations. In these circumstances, enabling efficient and reliable access control is becoming an inherently challenging task. A representative example here is a hybrid cloud environment, where various parts of a distributed software system may be deployed locally, within a private data centre, or on a remote public cloud. Accordingly, valuable business information is expected to be transferred across these different locations, and yet to be protected from unauthorised/malicious access at all times. Even though existing access control approaches seem to provide a sufficient level of protection, they are often implemented in a rather coarse-grained and inflexible manner, such that access control policies are evaluated without taking into consideration the current locations of requested resources and requesting users. This results in a situation, when in a relatively ‘safe’ environment (e.g., a private enterprise network) unnecessarily complex and resource-consuming access control policies are put in place, and vice versa in external, potentially ‘hostile’ network locations access control enforcement is not sufficient. In these circumstances, it becomes desirable for an access control mechanism to distinguish between various network locations so as to enable differentiated, fine grained, and flexible approach to defining and enforcing access control policies for heterogeneous environments. For example, in its simplest form, more stringent and protective policies need to be in place as long as remote locations are concerned, whereas some constraints may be released as soon as data is moved back to a local secure network. Accordingly, this PhD research efforts aims to address the following research question – How to enable heterogeneous computing systems, spanning across multiple physical and logical network locations, as well as different administrative domains and ownerships, with support for location-aware access control policy enforcement, and implement a differentiated fine-grained access control depending on the current location of users and requested resources? To address this question, the presented thesis introduces the notions of ‘location’ and ‘location-awareness’ that underpin the design and implementation of a novel access control framework, which applies and enforces different access control policies, depending on the current (physical and logical) network locations of policy subjects and objects. To achieve, this the approach takes the existing access control policy language SANTA, which is based on the Interval Temporal Logic, and combines it with the Topological Logic, thereby creating a holistic solution covering both the temporal and the spatial dimensions. As demonstrated by a hypothetical case study, based on a distributed cloud-based file sharing and storage system, the proposed approach has the potential to address the outlined research challenges and advance the state of the art in the field of access control in distributed heterogeneous ICT environments

On Properties of Policy-Based Specifications

The advent of large-scale, complex computing systems has dramatically increased the difficulties of securing accesses to systems' resources. To ensure confidentiality and integrity, the exploitation of access control mechanisms has thus become a crucial issue in the design of modern computing systems. Among the different access control approaches proposed in the last decades, the policy-based one permits to capture, by resorting to the concept of attribute, all systems' security-relevant information and to be, at the same time, sufficiently flexible and expressive to represent the other approaches. In this paper, we move a step further to understand the effectiveness of policy-based specifications by studying how they permit to enforce traditional security properties. To support system designers in developing and maintaining policy-based specifications, we formalise also some relevant properties regarding the structure of policies. By means of a case study from the banking domain, we present real instances of such properties and outline an approach towards their automatised verification.Comment: In Proceedings WWV 2015, arXiv:1508.0338

Dynamic deployment of context-aware access control policies for constrained security devices

Securing the access to a server, guaranteeing a certain level of protection over an encrypted communication channel, executing particular counter measures when attacks are detected are examples of security requirements. Such requirements are identi ed based on organizational purposes and expectations in terms of resource access and availability and also on system vulnerabilities and threats. All these requirements belong to the so-called security policy. Deploying the policy means enforcing, i.e., con guring, those security components and mechanisms so that the system behavior be nally the one speci ed by the policy. The deployment issue becomes more di cult as the growing organizational requirements and expectations generally leave behind the integration of new security functionalities in the information system: the information system will not always embed the necessary security functionalities for the proper deployment of contextual security requirements. To overcome this issue, our solution is based on a central entity approach which takes in charge unmanaged contextual requirements and dynamically redeploys the policy when context changes are detected by this central entity. We also present an improvement over the OrBAC (Organization-Based Access Control) model. Up to now, a controller based on a contextual OrBAC policy is passive, in the sense that it assumes policy evaluation triggered by access requests. Therefore, it does not allow reasoning about policy state evolution when actions occur. The modi cations introduced by our work overcome this limitation and provide a proactive version of the model by integrating concepts from action speci cation languages