1,542 research outputs found
An Audit Logic for Accountability
We describe and implement a policy language. In our system, agents can
distribute data along with usage policies in a decentralized architecture. Our
language supports the specification of conditions and obligations, and also the
possibility to refine policies. In our framework, the compliance with usage
policies is not actively enforced. However, agents are accountable for their
actions, and may be audited by an authority requiring justifications.Comment: To appear in Proceedings of IEEE Policy 200
Grids and the Virtual Observatory
We consider several projects from astronomy that benefit from the Grid paradigm and
associated technology, many of which involve either massive datasets or the federation
of multiple datasets. We cover image computation (mosaicking, multi-wavelength
images, and synoptic surveys); database computation (representation through XML,
data mining, and visualization); and semantic interoperability (publishing, ontologies,
directories, and service descriptions)
Towards Automated PKI Trust Transfer for IoT
IoT deployments grow in numbers and size and questions of long time support
and maintainability become increasingly important. To prevent vendor lock-in,
standard compliant capabilities to transfer control of IoT devices between
service providers must be offered. We propose a lightweight protocol for
transfer of control, and we show that the overhead for the involved IoT devices
is small and the overall required manual overhead is minimal. We analyse the
fulfilment of the security requirements to verify that the stipulated
requirements are satisfied.Comment: Accepted at 2022 IEEE International Conference on Public Key
Infrastructure and its Applications (PKIA). 8 pages, 4 figure
An Enhanced Security Model for Protecting Data Transmission and Communication in Recent IoT Integrated Healthcare Industry Using Machine Learning Algorithm
Different kinds of security need to be applied to various application-centric IoT networks. Safety is one of the most important aspects to be considered regarding user, device, and data. The healthcare industry is a special IoT network fully connected with medical/healthcare IoT devices. The data generated from the IoT devices are transmitted or shared from one hospital to another through the Internet. Healthcare data has more private, medical, and insurance information that intruders can use on the Internet. The intruders misbehave with the patient or the general public registered in the healthcare industry. Some intruders blackmail the patient based on their private/personal information. Healthcare industries and their research team are trying to create a security framework to safeguard the data to avoid these malicious activities. This paper aims to secure and analyze healthcare IoT data using the Support Vector Machine algorithm. It learns the entire dataset, classifies it, and calls the encryption-decryption algorithms (RSA) to secure private data. The proposed SVM and the RSA algorithm are implemented in Python, and the results are verified. The performance of the proposed SVM-RSA is evaluated by comparing its results with the other algorithms
SPADE: SPKI/SDSI for Attribute Release Policies in a Distributed Environment
Shibboleth is a federated administrated system that supports inter-institutional authentication and authorization for sharing of resources. SPKI/SDSI is a public key infrastructure whose creation was motivated by the perception that X.509 is too complex and flawed. This thesis addresses the problem of how users that are part of a Public Key Infrastructure in a distributed computing system can effectively specify, create, and disseminate their Attribute Release Policies for Shibboleth using SPKI/SDSI. This thesis explores existing privacy mechanims, as well as distributed trust management and policy based systems. My work describes the prototype for a Trust Management Framework called SPADE (SPKI/SDSI for Attribute Release Policies in a Distributed Environment) that I have designed, developed and implemented. The principal result of this research has been the demonstration that SPKI/SDSI is a viable approach for trust management and privacy policy specification, especially for minimalistic policies in a distributed environment
TruSDN: Bootstrapping Trust in Cloud Network Infrastructure
Software-Defined Networking (SDN) is a novel architectural model for cloud network infrastructure, improving resource utilization, scalability and administration. SDN deployments increasingly rely on virtual switches executing on commodity operating systems with large code bases, which are prime targets for adversaries attacking the network infrastructure. We describe and implement TruSDN, a framework for bootstrapping trust in SDN infrastructure using Intel Software Guard Extensions (SGX), allowing to securely deploy SDN components and protect communication between network endpoints. We introduce ephemeral flow-specific pre-shared keys and propose a novel defence against cuckoo attacks on SGX enclaves. TruSDN is secure under a powerful adversary model, with a minor performance overhead
Robustness to Inflated Subscription in Multicast Congestion Control
Group subscription is a useful mechanism for multicast congestion control: RLM, RLC, FLID-DL, and WEBRC form a promising line of multi-group protocols where receivers provide no feedback to the sender but control congestion via group membership regulation. Unfortunately, the group subscription mechanism also o#ers receivers an opportunity to elicit self-beneficial bandwidth allocations. In particular, a misbehaving receiver can ignore guidelines for group subscription and choose an unfairly high subscription level in a multi-group multicast session. This poses a serious threat to fairness of bandwidth allocation. In this paper, we present the first solution for the problem of inflated subscription. Our design guards access to multicast groups with dynamic keys and consists of two independent components: DELTA (Distribution of ELigibility To Access) -- a novel method for in-band distribution of group keys to receivers that are eligible to access the groups according to the congestion control protocol, and SIGMA (Secure Internet Group Management Architecture) -- a generic architecture for key-based group access at edge routers
- …