70,579 research outputs found
On Properties of Policy-Based Specifications
The advent of large-scale, complex computing systems has dramatically
increased the difficulties of securing accesses to systems' resources. To
ensure confidentiality and integrity, the exploitation of access control
mechanisms has thus become a crucial issue in the design of modern computing
systems. Among the different access control approaches proposed in the last
decades, the policy-based one permits to capture, by resorting to the concept
of attribute, all systems' security-relevant information and to be, at the same
time, sufficiently flexible and expressive to represent the other approaches.
In this paper, we move a step further to understand the effectiveness of
policy-based specifications by studying how they permit to enforce traditional
security properties. To support system designers in developing and maintaining
policy-based specifications, we formalise also some relevant properties
regarding the structure of policies. By means of a case study from the banking
domain, we present real instances of such properties and outline an approach
towards their automatised verification.Comment: In Proceedings WWV 2015, arXiv:1508.0338
Bantu lexical reconstruction
Lexical reconstruction has been an important enterprise in Bantu historical linguistics since the earliest days of the discipline. In this chapter a historical overview is provided of the principal scholarly contributions to that field of study. It is also explained how the Comparative Method has been and can be applied to reconstruct ancestral Bantu vocabulary via the intermediate step of phonological reconstruction and how the study of sound change needs to be completed with diachronic semantics in order to correctly reconstruct both the form and the meaning of etymons. Finally, some issues complicating this type of historical linguistic research, such as âosculanceâ due to prehistoric language contact, are addressed, as well as the relationship between reconstruction and classification
Using Event Calculus to Formalise Policy Specification and Analysis
As the interest in using policy-based approaches for systems management grows, it is becoming increasingly important to develop methods for performing analysis and refinement of policy specifications. Although this is an area that researchers have devoted some attention to, none of the proposed solutions address the issues of analysing specifications that combine authorisation and management policies; analysing policy specifications that contain constraints on the applicability of the policies; and performing a priori analysis of the specification that will both detect the presence of inconsistencies and explain the situations in which the conflict will occur. We present a method for transforming both policy and system behaviour specifications into a formal notation that is based on event calculus. Additionally it describes how this formalism can be used in conjunction with abductive reasoning techniques to perform a priori analysis of policy specifications for the various conflict types identified in the literature. Finally, it presents some initial thoughts on how this notation and analysis technique could be used to perform policy refinement
SDN Access Control for the Masses
The evolution of Software-Defined Networking (SDN) has so far been
predominantly geared towards defining and refining the abstractions on the
forwarding and control planes. However, despite a maturing south-bound
interface and a range of proposed network operating systems, the network
management application layer is yet to be specified and standardized. It has
currently poorly defined access control mechanisms that could be exposed to
network applications. Available mechanisms allow only rudimentary control and
lack procedures to partition resource access across multiple dimensions.
We address this by extending the SDN north-bound interface to provide control
over shared resources to key stakeholders of network infrastructure: network
providers, operators and application developers. We introduce a taxonomy of SDN
access models, describe a comprehensive design for SDN access control and
implement the proposed solution as an extension of the ONOS network controller
intent framework
Asia-Pacific cyber insights
This report aims to give insight into the wealth of cyber perspectives across the AsiaâPacific and amplify the regional voice on the key themes and questions of the Global Conference on CyberSpace 2015 in April 2015.
Overview
The Asia-Pacific region incorporates some of the most mature cyber actors in the world as well as some of the least connected. Governments throughout the region are becoming increasingly aware of the importance of cyberspace, however the capabilities, needs, and priorities of each state lie across a wide spectrum. AsiaâPacific cyber perspectives are far more diverse and dynamic than the dominant narratives coming from the âcyber great powersâ and it is important that the regionâs distinct voices are heard in international cyber discussions.
This report aims to give insight into the wealth of cyber perspectives across the AsiaâPacific and amplify the regional voice on the key themes and questions of the Global Conference on CyberSpace 2015 (GCCS) in April 2015. To achieve this the Australian Strategic Policy Instituteâs International Cyber Policy Centre partnered with the Institute of Strategic & International Studies Malaysia to host a multistakeholder workshop to gather and collate the expertise of a broad cross-section of AsiaâPacific cyber experts. With generous support from the Ministry of Foreign Affairs of the Kingdom of the Netherlands, the workshop brought together participants from government, the private sector, academia, think tanks, non-governmental organisations (NGOs), as well as regional and international organisations from 12 AsiaâPacific countries.
The report represents a collation of the thoughts and perspectives from the workshop and subsequent discussions. It is based on the key themes and questions of the GCCS and structured around the GCCS agenda. The intention was not to achieve consensus but instead accurately portray the points of convergence and divergence across the region. Throughout the process the recurring themes of clarity, capacity, and responsibility emerged as ways to ensure a more reliable, secure, and stable cyberspace.
The findings of this effort will be presented at an Asia-Pacific Borrel, an official side-event of the GCCS
My private cloud--granting federated access to cloud resources
We describe the research undertaken in the six month JISC/EPSRC funded My Private Cloud project, in which we built a demonstration cloud file storage service that allows users to login to it, by using their existing credentials from a configured trusted identity provider. Once authenticated, users are shown a set of accounts that they are the owners of, based on their identity attributes. Once users open one of their accounts, they can upload and download files to it. Not only that, but they can then grant access to their file resources to anyone else in the federated system, regardless of whether their chosen delegate has used the cloud service before or not. The system uses standard identity management protocols, attribute based access controls, and a delegation service. A set of APIs have been defined for the authentication, authorisation and delegation processes, and the software has been released as open source to the community. A public demonstration of the system is available online
Semantic-based policy engineering for autonomic systems
This paper presents some important directions in the use of ontology-based semantics in achieving the vision of Autonomic Communications. We examine the requirements of Autonomic Communication with a focus on the demanding needs of ubiquitous computing environments, with an emphasis on the requirements shared with Autonomic Computing. We observe that ontologies provide a strong mechanism for addressing the heterogeneity in user task requirements, managed resources, services and context. We then present two complimentary approaches that exploit ontology-based knowledge in support of autonomic communications: service-oriented models for policy engineering and dynamic semantic queries using content-based networks. The paper concludes with a discussion of the major research challenges such approaches raise
Time Protection: the Missing OS Abstraction
Timing channels enable data leakage that threatens the security of computer
systems, from cloud platforms to smartphones and browsers executing untrusted
third-party code. Preventing unauthorised information flow is a core duty of
the operating system, however, present OSes are unable to prevent timing
channels. We argue that OSes must provide time protection in addition to the
established memory protection. We examine the requirements of time protection,
present a design and its implementation in the seL4 microkernel, and evaluate
its efficacy as well as performance overhead on Arm and x86 processors
- âŠ