Automated Certification of Authorisation Policy Resistance

Attribute-based Access Control (ABAC) extends traditional Access Control by considering an access request as a set of pairs attribute name-value, making it particularly useful in the context of open and distributed systems, where security relevant information can be collected from different sources. However, ABAC enables attribute hiding attacks, allowing an attacker to gain some access by withholding information. In this paper, we first introduce the notion of policy resistance to attribute hiding attacks. We then propose the tool ATRAP (Automatic Term Rewriting for Authorisation Policies), based on the recent formal ABAC language PTaCL, which first automatically searches for resistance counter-examples using Maude, and then automatically searches for an Isabelle proof of resistance. We illustrate our approach with two simple examples of policies and propose an evaluation of ATRAP performances.Comment: 20 pages, 4 figures, version including proofs of the paper that will be presented at ESORICS 201

Securing Access to Cloud Computing for Critical Infrastructure

Cloud computing offers cost effective services on-demand which encourage critical infrastructure providers to consider migrating to the cloud. Critical infrastructures are considered as a backbone of modern societies such as power plants and water. Information in cloud computing is likely to be shared among different entities, which could have various degrees of sensitivity. This requires robust isolation and access control mechanisms. Although various access control models and policies have been developed, they cannot fulfil requirements for a cloud based access control system. The reason is that cloud computing has a diverse sets of security requirements and unique security challenges such as multi-tenant and heterogeneity of security policies, rules and domains. This thesis provides a detailed study of cloud computing security challenges and threats, which were used to identify security requirements for various critical infrastructure providers. We found that an access control system is a crucial security requirement for the surveyed critical infrastructure providers. Furthermore, the requirement analysis was used to propose a new criteria to evaluate access control systems for cloud computing. Moreover, this work presents a new cloud based access control model to meet the identified cloud access control requirements. The model does not only ensure the secure sharing of resources among potential untrusted tenants, but also has the capacity to support different access permissions for the same cloud user. Our focused in the proposed model is the lack of data isolation in lower levels (CPU caches), which could lead to bypass access control models to gain some sensitive information by using cache side-channel attacks. Therefore, the thesis investigates various real attack scenarios and the gaps in existing mitigation approaches. It presents a new Prime and Probe cache side-channel attack, which can give detailed information about addresses accessed by a virtual machine with no need for any information about cache sets accessed by the virtual machine. The design, implementation and evaluation of a proposed solution preventing cache side-channel attacks are also presented in the thesis. It is a new lightweight solution, which introduces very low overhead (less than 15,000 CPU cycles). It can be applied in any operating system and prevents cache side-channel attacks in cloud computing. The thesis also presents a new detecting cache side-channel attacks solution. It focuses on the infrastructure used to host cloud computing tenants by counting cache misses caused by a virtual machine. The detection solutions has 0% false negative and 15% false positive

Impact and management of influenza in aged care facilities in Australia from 2018-2020, including lessons learnt from the COVID-19 pandemic

Aged care facilities in Australia are at high risk of influenza outbreaks with significant mortality and morbidity. Susceptible residents living in close proximity in poorly ventilated and designed facilities, and low vaccination rates among aged care staff have been associated with transmission of influenza. This thesis investigates the impact of influenza and associated policy changes in 9 aged care facilities in Sydney, Australia from 2018 to 2020 highlighting areas of priority that should be addressed by efforts to prevent and control influenza outbreaks. Findings are informed by an analysis of national policies, meta-analysis of published studies and an observational epidemiological study. Most of the evidence for existing infection prevention and control recommendations is based on research conducted in other healthcare settings. There is a substantial gap in the coverage of recommendations on the physical layout of aged care facilities (built environment) in infection control and prevention policies. Existing recommendations lack adequate details, and do not cite high-quality evidence. The meta-analysis found that attack rates were significantly lower in multiple smaller detached facilities than in standalone buildings. A single unit increase in the number of beds and number of common areas was significantly associated with an increase in influenza case counts in our observational study sample. There is some evidence to support the smaller-size cottage model of facilities with adequate space for physical distancing. From 2018 to 2020, influenza case numbers were low in Australia probably due to seasonal variations, introduction of enhanced vaccines among older adults (aged ≥ 65 years old), high vaccination rates among aged care staff and residents and implementation of COVID-19 mitigation measures, and it is challenging to isolate the impact of each factor. Aged care staff who were less than 40 years old, current smokers and overseas-born were identified as less likely to be repeatedly vaccinated against influenza. To tailor vaccination campaigns, further qualitative study on barriers to vaccination would be useful. Understanding gained in the thesis can help formulate policies at the facility level and guide future research on prevention and control measures in response to influenza outbreaks in aged care facilities especially to improve surveillance, vaccination and physical layout