Політика інформаційної безпеки в системах інформаційно-аналітичного забезпечення підтримки прийняття організаційних рішень

У статті описано політику безпеки інформації у системах підтримки організаційних рішень. Визначені основні вимоги захисту інформаційних об‘єктів, наведені особливості функціонування та інформаційні ресурси інтелектуальної інформаційної технології підтримки прийняття організаційних рішень. Розроблено загальні правила та вимоги розмежування та керування доступу на базі АВАС -моделі.В статье описано политику безопасности информации в системах поддержки организационных решений. Определены основные требования защиты информационных объектов, приведены особенности функционирования и информационные ресурсы интеллектуальной информационной технологии поддержки принятия организационных решений. Разработаны общие правила и требования разграничения и управления доступа на базе АВАС-модели.This article describes an information security policy in systems of support of organizational decisions. It defines the basic requirements for the protection of information objects, information resources and features of functioning Intellectual information technology support organizational decisions are described. The general rules and regulations separation and control access based on ABAC model are developed

Analysis of the methods for attribute-based access control

Приведён аналитический обзор основных моделей и методов разграничения доступа, начиная от традиционных (DAC, MAC, RBAC) и до последних разработок—многочисленных моделей, реализующих атрибутное разграничение доступа (ABAC). Описана разрабатываемая в настоящее время модель типизированного атрибутного разграничения доступа (ТАРД). Сформулированы требования к методам разграничения доступа, обеспечивающие безопасное совместное использование информационных ресурсов как в локальных, так и в глобальных вычислительных средах. Проанализированы достоинства и недостатки существующих моделей ABAC. Показано, что модели ТАРД отвечают поставленным требованиям универсальности, гибкости, удобства администрирования, способствующим обеспечению безопасности разграничения доступа вне зависимости от типа операционной среды

State level attribute compliance measure based efficient access restriction improved security in cloud environment

In this paper, Advanced Encryption Standard was modified to address the low diffusion rate at the early rounds by adding additional primitive operations such as exclusive OR and modulo arithmetic in the cipher round. Furthermore, byte substitution and round constant addition were appended to the key schedule algorithm. The modified AES was tested against the standard AES by means of avalanche effect and frequency test to measure the diffusion and confusion characteristics respectively. The results of the avalanche effect evaluation show that there was an average increase in diffusion of 61.98% in round 1, 14.79% in round 2 and 13.87% in round 3. Consequently, the results of the frequency test demonstrated an improvement in the randomness of the ciphertext since the average difference between the number of ones to zeros is reduced from 11.6 to 6.4 along with better-computed p-values. The results clearly show that the modified AES has improved diffusion and confusion properties and the ciphertext can still be successfully decrypted and recover back the original plaintext

Secure data sharing and processing in heterogeneous clouds

The extensive cloud adoption among the European Public Sector Players empowered them to own and operate a range of cloud infrastructures. These deployments vary both in the size and capabilities, as well as in the range of employed technologies and processes. The public sector, however, lacks the necessary technology to enable effective, interoperable and secure integration of a multitude of its computing clouds and services. In this work we focus on the federation of private clouds and the approaches that enable secure data sharing and processing among the collaborating infrastructures and services of public entities. We investigate the aspects of access control, data and security policy languages, as well as cryptographic approaches that enable fine-grained security and data processing in semi-trusted environments. We identify the main challenges and frame the future work that serve as an enabler of interoperability among heterogeneous infrastructures and services. Our goal is to enable both security and legal conformance as well as to facilitate transparency, privacy and effectivity of private cloud federations for the public sector needs. © 2015 The Authors

Dynamic Mobile Cloud Eco System Security - A Review

Mobile cloud computing is the technique of using cloud technology and various rich mobile applications are intended to be able to run on a variety of mobile devices using the technique called mobile cloud computing. In recent years, huge amounts of data are stored by the clients which are much more easily to the integration of cloud platforms into mobile systems. The ways of security used in portable device settings are one of the key challenges in this respect as the number of people using smartphones continues to rise. None of the models that have been developed with confidence and privacy for precaution of data in mobile cloud systems are impervious to destructive attacks, despite countless attempts. While mobile cloud computing has great potential, security, privacy, viability, and accessibility concerns must still be considered by both consumers and businesses. Additionally, it emphasizes the use of Canny Card Web Services (CCWS) competition to enhance mobile cloud computing security with IOT. This paper has been presented with more than one user application: a smart house and a smart parking in an educational institution, in the inclusion of IOT with cloud computing for demonstrating various admittance control and endorsement requirement. A review regarding this paper concentrated on a little model that is intended the security and privacy ensureability of data in mobile clouds. Additionally, to manage mobile cloud security difficulties and challenges, it is important to look at the current situation with regard to cloud security breaches, the weaknesses of mobile cloud devices, and the best ways to address these issues in the near future with regard to mobile device management and mobile data protection

Attributes Enhanced Role-Based Access Control Model

Abstract. Attribute-based access control (ABAC) and role-based access control (RBAC) are currently the two most popular access con-trol models. Yet, they both have known limitations and offer features complimentary to each other. Due to this fact, integration of RBAC and ABAC has recently emerged as an important area of research. In this paper, we propose an access control model that combines the two mod-els in a novel way in order to unify their benefits. Our approach provides a fine-grained access control mechanism that not only takes contextual information into account while making the access control decisions but is also suitable for applications where access to resources is controlled by exploiting contents of the resources in the policy

On Properties of Policy-Based Specifications

The advent of large-scale, complex computing systems has dramatically increased the difficulties of securing accesses to systems' resources. To ensure confidentiality and integrity, the exploitation of access control mechanisms has thus become a crucial issue in the design of modern computing systems. Among the different access control approaches proposed in the last decades, the policy-based one permits to capture, by resorting to the concept of attribute, all systems' security-relevant information and to be, at the same time, sufficiently flexible and expressive to represent the other approaches. In this paper, we move a step further to understand the effectiveness of policy-based specifications by studying how they permit to enforce traditional security properties. To support system designers in developing and maintaining policy-based specifications, we formalise also some relevant properties regarding the structure of policies. By means of a case study from the banking domain, we present real instances of such properties and outline an approach towards their automatised verification.Comment: In Proceedings WWV 2015, arXiv:1508.0338

RBAC Attack Exposure Auditor. Tracking User Risk Exposure per Role-Based Access Control Permissions

Access control models and implementation guidelines for determining, provisioning, and de-provisioning user permissions are challenging due to the differing approaches, unique for each organization, the lack of information provided by case studies concerning the organization’s security policies, and no standard means of implementation procedures or best practices. Although there are multiple access control models, one stands out, role-based access control (RBAC). RBAC simplifies maintenance by enabling administrators to group users with similar permissions. This approach to managing user permissions supports the principle of least privilege and separation of duties, which are needed to ensure an organization maintains acceptable user access security requirements. However, if not properly maintained, RBAC produces the problem of role explosion. What happens when security administrations cannot maintain the increasing number of roles and their assigned permissions provisioned to the organization users? This paper attempts to solve this problem by implementing a scalable RBAC system and assigning each permission a risk value score determined by the severity of risk it would expose the organization to if someone had unauthorized access to that permission. Using RBAC’s role and permission design, each user will be assigned a risk value score determined by the summation of their roles’ risk based on permission values. This method allows security administrators to view the users and roles with the highest level of risk, therefore prioritizing the highest risk users and roles when maintaining user roles and permissions