23,723 research outputs found
Inter-Domain Integration of Services and Service Management
The evolution of the global telecommunications industry into an open services market presents developers of telecommunication service and management systems with many new challenges. Increased competition, complex service provision chains and integrated service offerings require effective techniques for the rapid integration of service and management systems over multiple organisational domains. These integration issues have been examined in the ACTS project Prospect by developing a working set of integrated, managed telecommunications services for a user trial. This paper presents the initial results of this work detailing the technologies and standards used, the architectural approach taken and the application of this approach to specific services
The Transitivity of Trust Problem in the Interaction of Android Applications
Mobile phones have developed into complex platforms with large numbers of
installed applications and a wide range of sensitive data. Application security
policies limit the permissions of each installed application. As applications
may interact, restricting single applications may create a false sense of
security for the end users while data may still leave the mobile phone through
other applications. Instead, the information flow needs to be policed for the
composite system of applications in a transparent and usable manner. In this
paper, we propose to employ static analysis based on the software architecture
and focused data flow analysis to scalably detect information flows between
components. Specifically, we aim to reveal transitivity of trust problems in
multi-component mobile platforms. We demonstrate the feasibility of our
approach with Android applications, although the generalization of the analysis
to similar composition-based architectures, such as Service-oriented
Architecture, can also be explored in the future
Performance analysis of a security architecture for active networks in Java
Internacional Association of Science and Technology for Development - IASTED, Benalmadena, Spain: 8-10 Septiembre, 2003.Active network technology supports the deployment and execution on the fly of new active services, without interrupting the network operation. Active networks are
composed of special nodes (named Active Router) that are able to execute active code to offer the active services. This technology introduces some security threats that must be solved using a security architecture. We have developed a security architecture (ROSA) for an active network platform (SARA). Java has been used as
programming language in order to provide portability, but it imposes some performance limitations. This paper analyses the penalty of using Java and proposes some mechanisms to improve the performance of cryptographic
implementations in Java.Publicad
Smart cards: State-of-the-art to future directions
The evolution of smart card technology provides an interesting case study of the relationship and interactions between security and business requirements. This paper maps out the milestones for smart card technology, discussing at each step the opportunities and challenges. The paper reviews recently proposed innovative ownership/management models and the security challenges associated with them. The paper concludes with a discussion of possible future directions for the technology, and the challenges these present
GridCertLib: a Single Sign-on Solution for Grid Web Applications and Portals
This paper describes the design and implementation of GridCertLib, a Java
library leveraging a Shibboleth-based authentication infrastructure and the
SLCS online certificate signing service, to provide short-lived X.509
certificates and Grid proxies. The main use case envisioned for GridCertLib, is
to provide seamless and secure access to Grid/X.509 certificates and proxies in
web applications and portals: when a user logs in to the portal using
Shibboleth authentication, GridCertLib can automatically obtain a Grid/X.509
certificate from the SLCS service and generate a VOMS proxy from it. We give an
overview of the architecture of GridCertLib and briefly describe its
programming model. Its application to some deployment scenarios is outlined, as
well as a report on practical experience integrating GridCertLib into portals
for Bioinformatics and Computational Chemistry applications, based on the
popular P-GRADE and Django softwares.Comment: 18 pages, 1 figure; final manuscript accepted for publication by the
"Journal of Grid Computing
An Architecture for Information Commerce Systems
The increasing use of the Internet in business and commerce has created a number of new business opportunities and the need for supporting models and platforms. One of these opportunities is information commerce (i-commerce), a special case of ecommerce focused on the purchase and sale of information as a commodity. In this paper we present an architecture for i-commerce systems using OPELIX (Open Personalized Electronic Information Commerce System) [11] as an example. OPELIX provides an open information commerce platform that enables enterprises to produce, sell, deliver, and manage information products and related services over the Internet. We focus on the notion of information marketplace, a virtual location that enables i-commerce, describe the business and domain model for an information marketplace, and discuss the role of intermediaries in this environment. The domain model is used as the basis for the software architecture of the OPELIX system. We discuss the characteristics of the OPELIX architecture and compare our approach to related work in the field
To Share or Not to Share in Client-Side Encrypted Clouds
With the advent of cloud computing, a number of cloud providers have arisen
to provide Storage-as-a-Service (SaaS) offerings to both regular consumers and
business organizations. SaaS (different than Software-as-a-Service in this
context) refers to an architectural model in which a cloud provider provides
digital storage on their own infrastructure. Three models exist amongst SaaS
providers for protecting the confidentiality data stored in the cloud: 1) no
encryption (data is stored in plain text), 2) server-side encryption (data is
encrypted once uploaded), and 3) client-side encryption (data is encrypted
prior to upload). This paper seeks to identify weaknesses in the third model,
as it claims to offer 100% user data confidentiality throughout all data
transactions (e.g., upload, download, sharing) through a combination of Network
Traffic Analysis, Source Code Decompilation, and Source Code Disassembly. The
weaknesses we uncovered primarily center around the fact that the cloud
providers we evaluated were each operating in a Certificate Authority capacity
to facilitate data sharing. In this capacity, they assume the role of both
certificate issuer and certificate authorizer as denoted in a Public-Key
Infrastructure (PKI) scheme - which gives them the ability to view user data
contradicting their claims of 100% data confidentiality. We have collated our
analysis and findings in this paper and explore some potential solutions to
address these weaknesses in these sharing methods. The solutions proposed are a
combination of best practices associated with the use of PKI and other
cryptographic primitives generally accepted for protecting the confidentiality
of shared information
- …