Context-based confidentiality analysis in dynamic Industry 4.0 scenarios

In Industry 4.0 environments highly dynamic and flexible access control strategies are needed. State of the art strategies are often not included in the modelling process but must be considered afterwards. This makes it very difficult to analyse the security properties of a system. In the framework of the Trust 4.0 project the confidentiality analysis tries to solve this problem using a context-based approach. Thus, there is a security model named context metamodel. Another important problem is that the transformation of an instance of a security model to a wide-spread access control standard is often not possible. This is also the case for the context metamodel. Moreover, another transformation which is very interesting to consider is one to an ensemble based component system which is also presented in the Trust 4.0 project. This thesis introduces an extension to the beforementioned context metamodel in order to add more extensibility to it. Furthermore, the thesis deals with the creation of a concept and an implementation of the transformations mentioned above. For that purpose, at first, the transformation to the attribute-based access control standard XACML is considered. Thereafter, the transformation from XACML to an ensemble based component system is covered. The evaluation indicated that the model can be used for use cases in Industry 4.0 scenarios. Moreover, it also indicated the transformations produce adequately accurate access policies. Furthermore, the scalability evaluation indicated linear runtime behaviour of the implementations of both transformations for respectively higher number of input contexts or XACML rules

Conditional Attribute-Based Proxy Re-Encryption

Proxy re-encryption (PRE) is a cryptographic primitive that allows a semi-trusted proxy to transfer the decryption rights of ciphertexts in a secure and privacy-preserving manner. This versatile primitive has been extended to several powerful variants, leading to numerous applications, such as e-mail forwarding and content distribution. One such variant is attribute-based PRE (AB-PRE), which provides an expressible access control mechanism by allowing the proxy to switch the underlying policy of an attribute-based encryption (ABE) ciphertext. However, the function of AB-PRE is to convert the underlying policies of all ciphertexts indiscriminately, which lacks the flexibility of ciphertext transformation. Therefore, AB-PRE needs to support the property of conditional delegation. Among the other variants of PRE, there is a variant called conditional PRE (C-PRE), which allows fine-grained delegations by restricting the proxy to performing valid re-encryption only for a limited set of ciphertexts. Unfortunately, existing PRE schemes cannot simultaneously achieve expressible access control mechanisms and fine-grained delegations. Specifically, we require a PRE scheme, via which the proxy can convert the underlying policies of an ABE ciphertext only if this ciphertext is in the set of ciphertexts allowing the proxy to perform valid transformations. To address this problem, we formalize the notion of conditional attribute-based PRE (CAB-PRE) in the honest re-encryption attacks (HRA) model, which is more robust and implies chosen-plaintext attacks (CPA) security, and propose the first CAB-PRE scheme. To construct such a scheme, we design as a building block, the first adaptively HRA-secure (ciphertext-policy) AB-PRE based on the learning with errors (LWE) problem. This scheme solves the open problem left by Susilo et al. in ESORICS\u2721 about how to construct an HRA-secure (ciphertext-policy) AB-PRE scheme, and it should be of independent interest. Then, we introduce a well-matched conditional delegation mechanism for this AB-PRE scheme to derive our adaptively HRA-secure CAB-PRE scheme

XRound : A reversible template language and its application in model-based security analysis

Successful analysis of the models used in Model-Driven Development requires the ability to synthesise the results of analysis and automatically integrate these results with the models themselves. This paper presents a reversible template language called XRound which supports round-trip transformations between models and the logic used to encode system properties. A template processor that supports the language is described, and the use of the template language is illustrated by its application in an analysis workbench, designed to support analysis of security properties of UML and MOF-based models. As a result of using reversible templates, it is possible to seamlessly and automatically integrate the results of a security analysis with a model. (C) 2008 Elsevier B.V. All rights reserved

Secure data sharing and processing in heterogeneous clouds

The extensive cloud adoption among the European Public Sector Players empowered them to own and operate a range of cloud infrastructures. These deployments vary both in the size and capabilities, as well as in the range of employed technologies and processes. The public sector, however, lacks the necessary technology to enable effective, interoperable and secure integration of a multitude of its computing clouds and services. In this work we focus on the federation of private clouds and the approaches that enable secure data sharing and processing among the collaborating infrastructures and services of public entities. We investigate the aspects of access control, data and security policy languages, as well as cryptographic approaches that enable fine-grained security and data processing in semi-trusted environments. We identify the main challenges and frame the future work that serve as an enabler of interoperability among heterogeneous infrastructures and services. Our goal is to enable both security and legal conformance as well as to facilitate transparency, privacy and effectivity of private cloud federations for the public sector needs. © 2015 The Authors

A Solution to the Flowgraphs Case Study using Triple Graph Grammars and eMoflon

After 20 years of Triple Graph Grammars (TGGs) and numerous actively maintained implementations, there is now a need for challenging examples and success stories to show that TGGs can be used for real-world bidirectional model transformations. Our primary goal in recent years has been to increase the expressiveness of TGGs by providing a set of pragmatic features that allow a controlled fallback to programmed graph transformations and Java. Based on the Flowgraphs case study of the Transformation Tool Contest (TTC 2013), we present (i) attribute constraints used to express complex bidirectional attribute manipulation, (ii) binding expressions for specifying arbitrary context relationships, and (iii) post-processing methods as a black box extension for TGG rules. In each case, we discuss the enabled trade-off between guaranteed formal properties and expressiveness. Our solution, implemented with our metamodelling and model transformation tool eMoflon (www.emoflon.org), is available as a virtual machine hosted on Share.Comment: In Proceedings TTC 2013, arXiv:1311.753