29,886 research outputs found
Authorization Framework for the Internet-of-Things
This paper describes a framework that allows fine-grained
and flexible access control to connected devices with very
limited processing power and memory.
We propose a set of security and performance requirements
for this setting and derive an authorization framework distributing
processing costs between constrained devices and less constrained back-end servers while keeping message exchanges
with the constrained devices at a minimum.
As a proof of concept we present performance results from
a prototype implementing the device part of the framework
Integrity protection for code-on-demand mobile agents in e-commerce
The mobile agent paradigm has been proposed as a promising solution to facilitate distributed computing over open and heterogeneous networks. Mobility, autonomy, and intelligence are identified as key features of mobile agent systems and enabling characteristics for the next-generation smart electronic commerce on the Internet. However, security-related issues, especially integrity protection in mobile agent technology, still hinder the widespread use of software agents: from the agent’s perspective, mobile agent integrity should be protected against attacks from malicious hosts and other agents. In this paper, we present Code-on-Demand(CoD) mobile agents and a corresponding agent integrity protection scheme. Compared to the traditional assumption that mobile agents consist of invariant code parts, we propose the use of dynamically upgradeable agent code, in which new agent function modules can be added and redundant ones can be deleted at runtime. This approach will reduce the weight of agent programs, equip mobile agents with more flexibility, enhance code privacy and help the recoverability of agents after attack. In order to meet the security challenges for agent integrity protection, we propose agent code change authorization protocols and a double integrity verification scheme. Finally, we discuss the Java implementation of CoD mobile agents and integrity protection
Dynamic Role Authorization in Multiparty Conversations
Protocol specifications often identify the roles involved in communications.
In multiparty protocols that involve task delegation it is often useful to
consider settings in which different sites may act on behalf of a single role.
It is then crucial to control the roles that the different parties are
authorized to represent, including the case in which role authorizations are
determined only at runtime. Building on previous work on conversation types
with flexible role assignment, here we report initial results on a typed
framework for the analysis of multiparty communications with dynamic role
authorization and delegation. In the underlying process model, communication
prefixes are annotated with role authorizations and authorizations can be
passed around. We extend the conversation type system so as to statically
distinguish processes that never incur in authorization errors. The proposed
static discipline guarantees that processes are always authorized to
communicate on behalf of an intended role, also covering the case in which
authorizations are dynamically passed around in messages.Comment: In Proceedings BEAT 2014, arXiv:1408.556
Security oriented e-infrastructures supporting neurological research and clinical trials
The neurological and wider clinical domains stand to gain greatly from the vision of the grid in providing seamless yet secure access to distributed, heterogeneous computational resources and data sets. Whilst a wealth of clinical data exists within local, regional and national healthcare boundaries, access to and usage of these data sets demands that fine grained security is supported and subsequently enforced. This paper explores the security challenges of the e-health domain, focusing in particular on authorization. The context of these explorations is the MRC funded VOTES (Virtual Organisations for Trials and Epidemiological Studies) and the JISC funded GLASS (Glasgow early adoption of Shibboleth project) which are developing Grid infrastructures for clinical trials with case studies in the brain trauma domain
Context-Awareness Enhances 5G Multi-Access Edge Computing Reliability
The fifth generation (5G) mobile telecommunication network is expected to
support Multi- Access Edge Computing (MEC), which intends to distribute
computation tasks and services from the central cloud to the edge clouds.
Towards ultra-responsive, ultra-reliable and ultra-low-latency MEC services,
the current mobile network security architecture should enable a more
decentralized approach for authentication and authorization processes. This
paper proposes a novel decentralized authentication architecture that supports
flexible and low-cost local authentication with the awareness of context
information of network elements such as user equipment and virtual network
functions. Based on a Markov model for backhaul link quality, as well as a
random walk mobility model with mixed mobility classes and traffic scenarios,
numerical simulations have demonstrated that the proposed approach is able to
achieve a flexible balance between the network operating cost and the MEC
reliability.Comment: Accepted by IEEE Access on Feb. 02, 201
Obligations of trust for privacy and confidentiality in distributed transactions
Purpose – This paper aims to describe a bilateral symmetric approach to authorization, privacy protection and obligation enforcement in distributed transactions. The authors introduce the concept of the obligation of trust (OoT) protocol as a privacy assurance and authorization mechanism that is built upon the XACML standard. The OoT allows two communicating parties to dynamically exchange their privacy and authorization requirements and capabilities, which the authors term a notification of obligation (NoB), as well as their commitments to fulfilling each other's requirements, which the authors term signed acceptance of obligations (SAO). The authors seek to describe some applicability of these concepts and to show how they can be integrated into distributed authorization systems for stricter privacy and confidentiality control.
Design/methodology/approach – Existing access control and privacy protection systems are typically unilateral and provider-centric, in that the enterprise service provider assigns the access rights, makes the access control decisions, and determines the privacy policy. There is no negotiation between the client and the service provider about which access control or privacy policy to use. The authors adopt a symmetric, more user-centric approach to privacy protection and authorization, which treats the client and service provider as peers, in which both can stipulate their requirements and capabilities, and hence negotiate terms which are equally acceptable to both parties.
Findings – The authors demonstrate how the obligation of trust protocol can be used in a number of different scenarios to improve upon the mechanisms that are currently available today.
Practical implications – This approach will serve to increase trust in distributed transactions since each communicating party receives a difficult to repudiate digitally signed acceptance of obligations, in a standard language (XACML), which can be automatically enforced by their respective computing machinery.
Originality/value – The paper adds to current research in trust negotiation, privacy protection and authorization by combining all three together into one set of standardized protocols. Furthermore, by providing hard to repudiate signed acceptance of obligations messages, this strengthens the legal case of the injured party should a dispute arise
- …