Constructing cascade bloom filters for efficient access enforcement

The final publication is available at Elsevier via https://dx.doi.org/10.1016/j.cose.2018.09.015 © 2019. This manuscript version is made available under the CC-BY-NC-ND 4.0 license https://creativecommons.org/licenses/by-nc-nd/4.0/We address access enforcement — the process of determining whether a request for access to a resource by a principal should be granted. While access enforcement is essential to security, it must not unduly impact performance. Consequently, we address the issue of time- and space-efficient access enforcement, and in particular, study a particular data structure, the Cascade Bloom filter, in this context. The Cascade Bloom filter is a generalization of the well-known Bloom filter, which is used for time- and space-efficient membership-checking in a set, while allowing for a non-zero probability of false positives. We consider the problems, in practice, of constructing Bloom, and Cascade Bloom filters, with our particular application, access enforcement, in mind. We identify the computational complexity of the underlying problems, and propose concrete algorithms to construct instances of the data structures. We have implemented our algorithms, and conducted empirical assessments, which also we discuss in this paper. Our code is available for public download. As such, our work is a contribution to efficient access enforcement

Efficient access enforcement in distributed role-based access control (RBAC) deployments

We address the distributed setting for enforcement of a centralized Role-Based Access Control (RBAC) protection state. We present a new approach for time- and space-efficient access enforcement. Underlying our approach is a data structure that we call a cas-cade Bloom filter. We describe our approach, provide details about the cascade Bloom filter, its associated algorithms, soundness and completeness properties for those algorithms, and provide an em-pirical validation for distributed access enforcement of RBAC. We demonstrate that even in low-capability devices such as WiFi net-work access points, we can perform thousands of access checks in a second

Algorithmic Problems in Access Control

Access control is used to provide regulated access to resources by principals. It is an important and foundational aspect of information security. Role-Based Access Control (RBAC) is a popular and widely-used access control model, that, as prior work argues, is ideally suited for enterprise settings. In this dissertation, we address two problems in the context of RBAC. One is the User Authorization Query (UAQ) problem, which relates to sessions that a user creates to exercise permissions. UAQ's objective is the identification of a set of roles that a user needs to activate such that the session is authorized to all permissions that the user wants to exercise in that session. The roles that are activated must respect a set of Separation of Duty constraints. Such constraints restrict the roles that can be activated together in a session. UAQ is known to be intractable (NP-hard). In this dissertation, we give a precise formulation of UAQ as a joint-optimization problem, and analyze it. We examine the manner in which each input parameter contributes to its intractability. We then propose an approach to mitigate its intractability based on our observation that a corresponding decision version of the problem is in NP. We efficiently reduce UAQ to Boolean satisfiability in conjunctive normal form (CNF-SAT), a well-known NP-complete problem for which solvers exist that are efficient for large classes of instances. We also present results for UAQ posed as an approximation problem; our results suggest that efficient approximation is not promising for UAQ. We discuss an open-source implementation of our approach and a corresponding empirical assessment that we have conducted. The other problem we consider in this dissertation regards an efficient data structure for distributed access enforcement. Access enforcement is the process of validating an access request to a resource. Distributed access enforcement has become important with the proliferation of data, which requires access control systems to scale to tens of thousands of resources and permissions. Prior work has shown the effectiveness of a data structure called the Cascade Bloom Filter (CBF) for this problem. In this dissertation, we study the construction of instances of the CBF. We formulate the problem of finding an optimal instance of a CBF, where optimality refers to the number of false positives incurred and the number of hash functions used. We prove that this problem is NP-hard, and a meaningful decision version is in NP. We then propose an approach to mitigate the intractability of the problem by reducing it to CNF-SAT, that allows us to use a SAT solver for instances that arise in practice. We discuss an open-source implementation of our approach and an empirical assessment based on it.4 month

Counteracting Bloom Filter Encoding Techniques for Private Record Linkage

Record Linkage is a process of combining records representing same entity spread across multiple and different data sources, primarily for data analytics. Traditionally, this could be performed with comparing personal identifiers present in data (e.g., given name, surname, social security number etc.). However, sharing information across databases maintained by disparate organizations leads to exchange of personal information pertaining to an individual. In practice, various statutory regulations and policies prohibit the disclosure of such identifiers. Private record linkage (PRL) techniques have been implemented to execute record linkage without disclosing any information about other dissimilar records. Various techniques have been proposed to implement PRL, including cryptographically secure multi-party computational protocols. However, these protocols have been debated over the scalability factors as they are computationally extensive by nature. Bloom filter encoding (BFE) for private record linkage has become a topic of recent interest in the medical informatics community due to their versatility and ability to match records approximately in a manner that is (ostensibly) privacy-preserving. It also has the advantage of computing matches directly in plaintext space making them much faster than their secure mutli-party computation counterparts. The trouble with BFEs lies in their security guarantees: by their very nature BFEs leak information to assist in the matching process. Despite this known shortcoming, BFEs continue to be studied in the context of new heuristically designed countermeasures to address known attacks. A new class of set-intersection attack is proposed in this thesis which re-examines the security of BFEs by conducting experiments, demonstrating an inverse relationship between security and accuracy. With real-world deployment of BFEs in the health information sector approaching, the results from this work will generate renewed discussion around the security of BFEs as well as motivate research into new, more efficient multi-party protocols for private approximate matching

A Taxonomy for and Analysis of Anonymous Communications Networks

Any entity operating in cyberspace is susceptible to debilitating attacks. With cyber attacks intended to gather intelligence and disrupt communications rapidly replacing the threat of conventional and nuclear attacks, a new age of warfare is at hand. In 2003, the United States acknowledged that the speed and anonymity of cyber attacks makes distinguishing among the actions of terrorists, criminals, and nation states difficult. Even President Obama’s Cybersecurity Chief-elect recognizes the challenge of increasingly sophisticated cyber attacks. Now through April 2009, the White House is reviewing federal cyber initiatives to protect US citizen privacy rights. Indeed, the rising quantity and ubiquity of new surveillance technologies in cyberspace enables instant, undetectable, and unsolicited information collection about entities. Hence, anonymity and privacy are becoming increasingly important issues. Anonymization enables entities to protect their data and systems from a diverse set of cyber attacks and preserves privacy. This research provides a systematic analysis of anonymity degradation, preservation and elimination in cyberspace to enhance the security of information assets. This includes discovery/obfuscation of identities and actions of/from potential adversaries. First, novel taxonomies are developed for classifying and comparing well-established anonymous networking protocols. These expand the classical definition of anonymity and capture the peer-to-peer and mobile ad hoc anonymous protocol family relationships. Second, a unique synthesis of state-of-the-art anonymity metrics is provided. This significantly aids an entity’s ability to reliably measure changing anonymity levels; thereby, increasing their ability to defend against cyber attacks. Finally, a novel epistemic-based mathematical model is created to characterize how an adversary reasons with knowledge to degrade anonymity. This offers multiple anonymity property representations and well-defined logical proofs to ensure the accuracy and correctness of current and future anonymous network protocol design

The Planet, 2003, Winter

https://cedar.wwu.edu/planet/1036/thumbnail.jp

From Source to Sea to Sustainability: Integrated Cycles in Wastewater and Nutrient Management

This Curriculum Sourcebook is intended to act as a guide for students, teachers, professionals, and lifelong learners to address the problems caused by two of the most pernicious water pollution sources of our time. It also aims to teach them how they can begin to meet the challenges faced when establishing effective wastewater and nutrient management. This Sourcebook is a companion to the UNEP/Concordia University Massive Open Online Course of the same title

A reputation framework for behavioural history: developing and sharing reputations from behavioural history of network clients

The open architecture of the Internet has enabled its massive growth and success by facilitating easy connectivity between hosts. At the same time, the Internet has also opened itself up to abuse, e.g. arising out of unsolicited communication, both intentional and unintentional. It remains an open question as to how best servers should protect themselves from malicious clients whilst offering good service to innocent clients. There has been research on behavioural profiling and reputation of clients, mostly at the network level and also for email as an application, to detect malicious clients. However, this area continues to pose open research challenges. This thesis is motivated by the need for a generalised framework capable of aiding efficient detection of malicious clients while being able to reward clients with behaviour profiles conforming to the acceptable use and other relevant policies. The main contribution of this thesis is a novel, generalised, context-aware, policy independent, privacy preserving framework for developing and sharing client reputation based on behavioural history. The framework, augmenting existing protocols, allows fitting in of policies at various stages, thus keeping itself open and flexible to implementation. Locally recorded behavioural history of clients with known identities are translated to client reputations, which are then shared globally. The reputations enable privacy for clients by not exposing the details of their behaviour during interactions with the servers. The local and globally shared reputations facilitate servers in selecting service levels, including restricting access to malicious clients. We present results and analyses of simulations, with synthetic data and some proposed example policies, of client-server interactions and of attacks on our model. Suggestions presented for possible future extensions are drawn from our experiences with simulation

Exploring identity within the institutions of the EU and assessing its impact on the Turkish membership bid

Although social constructivism has gained in popularity and increased in application in studies of the European Union, a deficiency still exists in the understanding of identity in the European Parliament and the interests of MEPs. In this study I formulate and employ a social constructivist theoretical framework to answer research questions concerning the presence and nature of European identity; the role the European Parliament plays in the constitution of identity and the impact of identity and normative factors on the interests of MEPs concerning Turkish accession. My analysis is grounded in secondary data sources, primarily statements made by MEPs and members of other EU institutions, and backed up by primary research, interviews and questionnaire responses from MEPs. My research indicates that a European identity is present within the European Parliament, largely based on the stated values of the EU, and is felt alongside other identities by the majority of MEPs. I found the European Parliament itself to be a key factor in the constitution of the identity of actors within it, with an important role in the socialisation of norms, as well as in selecting appropriate norms. Finally, I found that in debates concerning Turkish membership of the EU arguments of identity are sometimes used explicitly, but that ‘rational’ factors in decision making are inextricably tied to ‘normative’ factors, with the result that an analysis ignoring norms and identity would be fundamentally flawed. These findings are important in understanding identity within the EP, and have implications for EU decision making and, potentially, in understanding identity in other institutions. My research allows me to build on the basis of social constructivist theory concerning institutions to explore a model of actor identity within the European Parliament