Hierarchical Group and Attribute-Based Access Control: Incorporating Hierarchical Groups and Delegation into Attribute-Based Access Control

Attribute-Based Access Control (ABAC) is a promising alternative to traditional models of access control (i.e. Discretionary Access Control (DAC), Mandatory Access Control (MAC) and Role-Based Access control (RBAC)) that has drawn attention in both recent academic literature and industry application. However, formalization of a foundational model of ABAC and large-scale adoption is still in its infancy. The relatively recent popularity of ABAC still leaves a number of problems unexplored. Issues like delegation, administration, auditability, scalability, hierarchical representations, etc. have been largely ignored or left to future work. This thesis seeks to aid in the adoption of ABAC by filling in several of these gaps. The core contribution of this work is the Hierarchical Group and Attribute-Based Access Control (HGABAC) model, a novel formal model of ABAC which introduces the concept of hierarchical user and object attribute groups to ABAC. It is shown that HGABAC is capable of representing the traditional models of access control (MAC, DAC and RBAC) using this group hierarchy and that in many cases it’s use simplifies both attribute and policy administration. HGABAC serves as the basis upon which extensions are built to incorporate delegation into ABAC. Several potential strategies for introducing delegation into ABAC are proposed, categorized into families and the trade-offs of each are examined. One such strategy is formalized into a new User-to-User Attribute Delegation model, built as an extension to the HGABAC model. Attribute Delegation enables users to delegate a subset of their attributes to other users in an off-line manner (not requiring connecting to a third party). Finally, a supporting architecture for HGABAC is detailed including descriptions of services, high-level communication protocols and a new low-level attribute certificate format for exchanging user and connection attributes between independent services. Particular emphasis is placed on ensuring support for federated and distributed systems. Critical components of the architecture are implemented and evaluated with promising preliminary results. It is hoped that the contributions in this research will further the acceptance of ABAC in both academia and industry by solving the problem of delegation as well as simplifying administration and policy authoring through the introduction of hierarchical user groups

Access and information flow control to secure mobile web service compositions in resource constrained environments

The growing use of mobile web services such as electronic health records systems and applications like twitter, Facebook has increased interest in robust mechanisms for ensuring security for such information sharing services. Common security mechanisms such as access control and information flow control are either restrictive or weak in that they prevent applications from sharing data usefully, and/or allow private information leaks when used independently. Typically, when services are composed there is a resource that some or all of the services involved in the composition need to share. However, during service composition security problems arise because the resulting service is made up of different services from different security domains. A key issue that arises and that we address in this thesis is that of enforcing secure information flow control during service composition to prevent illegal access and propagation of information between the participating services. This thesis describes a model that combines access control and information flow control in one framework. We specifically consider a case study of an e-health service application, and consider how constraints like location and context dependencies impact on authentication and authorization. Furthermore, we consider how data sharing applications such as the e-health service application handle issues of unauthorized users and insecure propagation of information in resource constrained environments¹. Our framework addresses this issue of illegitimate information access and propagation by making use of the concept of program dependence graphs (PDGs). Program dependence graphs use path conditions as necessary conditions for secure information flow control. The advantage of this approach to securing information sharing is that, information is only propagated if the criteria for data sharing are verified. Our solution proposes or offers good performance, fast authentication taking into account bandwidth limitations. A security analysis shows the theoretical improvements our scheme offers. Results obtained confirm that the framework accommodates the CIA-triad (which is the confidentiality, integrity and availability model designed to guide policies of information security) of our work and can be used to motivate further research work in this field

Spot the difference: Operational event sequence diagrams as a formal method for work allocation in the development of single-pilot operations for commercial aircraft

Function Allocation methods are important for the appropriate allocation of tasks between humans and automated systems. It is proposed that Operational Event Sequence Diagrams (OESDs) provide a simple yet rigorous basis upon which allocation of work can be assessed. This is illustrated with respect to a design concept for a passenger aircraft flown by just a single pilot where the objective is to replace or supplement functions normally undertaken by the second pilot with advanced automation. A scenario-based analysis (take off) was used in which there would normally be considerable demands and interactions with the second pilot. The OESD analyses indicate those tasks that would be suitable for allocation to automated assistance on the flight deck and those tasks that are now redundant in this new configuration (something that other formal Function Allocation approaches cannot identify). Furthermore, OESDs are demonstrated to be an easy to apply and flexible approach to the allocation of function in prospective systems.Practitioner Summary: OESDs provide a simple yet rigorous basis upon which allocation of work can be assessed. The technique can deal with the flexible, dynamic allocation of work and the deletion of functions no longer required. This is illustrated using a novel design concept for a single-crew commercial aircraf

Authorization Strategies for Grid Security: Attribute-Based Multipolicy Access Control (ABMAC) Model

The emergence of Grid computing technology is being followed by three main security concerns: the independence of the domains where the resource providers (RPs) are situated; the need for supporting different security policies andthe non-necessity of the science gateways for user authentication. Great effort has been involved in order to solve these concerns through the appearance of different access control models, like Identity-Based Authorization Control (IBAC) and Role-Based Authorization Control (RBAC), which based their access request decisionson user identity, that is, on user authentication. However, these models proved asinflexible, non-scalable and unmanageable in a distributed environment.Accordingly, a novel approach, known as Atrribute-Based MultipolicyAuthorization Control (ABMAC) model has appeared. ABMAC, which is beingdescribed in this paper, uses the attributes of the Grid entities for user authorization,based on the concepts of service-oriented architecture (SOA) and the eXtensibleMarkup Language (XML) standards - eXtensible Access Control Markup Language(XACML) and Security Assertion Markup Language (SAML). Moreover, ABMAChas been partly implemented in the Globus Toolkit 4 (GT4) Authorization Framework, and consequently it is expected to be outstanding contributor to Gridsecurity

Copyright Notice

Using SHA2 Algorithms with Cryptographic Message Syntax This document describes the conventions for using the Secure Hash Algorithm (SHA) message digest algorithms (SHA-224, SHA-256, SHA-384, SHA-512) with the Cryptographic Message Syntax (CMS). It also describes the conventions for using these algorithms with the CMS an

Assured information sharing for ad-hoc collaboration

Collaborative information sharing tends to be highly dynamic and often ad hoc among organizations. The dynamic natures and sharing patterns in ad-hoc collaboration impose a need for a comprehensive and flexible approach to reflecting and coping with the unique access control requirements associated with the environment. This dissertation outlines a Role-based Access Management for Ad-hoc Resource Shar- ing framework (RAMARS) to enable secure and selective information sharing in the het- erogeneous ad-hoc collaborative environment. Our framework incorporates a role-based approach to addressing originator control, delegation and dissemination control. A special trust-aware feature is incorporated to deal with dynamic user and trust management, and a novel resource modeling scheme is proposed to support fine-grained selective sharing of composite data. As a policy-driven approach, we formally specify the necessary pol- icy components in our framework and develop access control policies using standardized eXtensible Access Control Markup Language (XACML). The feasibility of our approach is evaluated in two emerging collaborative information sharing infrastructures: peer-to- peer networking (P2P) and Grid computing. As a potential application domain, RAMARS framework is further extended and adopted in secure healthcare services, with a unified patient-centric access control scheme being proposed to enable selective and authorized sharing of Electronic Health Records (EHRs), accommodating various privacy protection requirements at different levels of granularity

CovertNet: Circumventing Web Surveillance Using Covert Channels

Senior Project submitted to The Division of Science, Mathematics and Computing of Bard College

The status of hygiene and sanitation practice among rural model families of the Health Extension Program (HEP) in Wolayta and Kembata Tembaro Zones of Southern Nations, Nationalities and Peoples’ Region of Ethiopia

Background: Since the Health Extension Program (HEP) started the training and graduation of model families, little is known about the status and maintenance of hygiene and sanitation practice to inform future directions and decisions.Objective: to assess the status and maintenance of hygiene and sanitation practices among rural model families of the Health Extension Program.Method: A cross-sectional comparative study was conducted from Dec.-June 2010/11 in Wolayta and Kembata Tembaro Zones of Southern Nations, Nationalities and Peoples Regional State of Ethiopia. Two types of comparisons were involved in the study; comparison of hygiene and sanitation practices of a randomly selected 690 model families and 686 non-model families, and comparison of similar practices among model families at the time of graduation, assessed in retrospective interview, versus at the time of survey. Quantitative data were collected from the two zones from Dec- Jan. 2010/11. Qualitative data were also collected in June 2011 to complement the findings of the quantitative data from a purposively selected group of women and men among model families in the study areas. Descriptive and analytics statistics were used to analyse the quantitative data using STATA version 10 while the qualitative data were analysed using Open Code version 3.6.2.0Results: The study showed that among model families, 82% of them had pit latrine, 23.1 % had solid and liquid waste disposal pits, 19.0% had shelves for storing utensils and 34.1 % had separate dwelling for people and cattle as compared to 55.6 %, 9.1%, 6% and 18.5 % of similar practices among non-model families respectively (p<0.001). Latrine availability, storage of water in a narrow necked covered container, possession of shelves for storage of utensils and fuel saving stoves declined from 96.6% to 82.3%, 92.7% to 78.6%, 33.6% to 19.1% and from 6.1% to 3%, respectively among model families after graduation (p<0.01). During FGDs and in-depth interviews, socio-economic and cultural reasons were mentioned as factors that hindered the maintenance of the practices.Conclusion: Generally, model families performed better in most of the hygiene and sanitation practices than nonmodel families. The study also indicated a decline in the maintenance of certain practices among some model families