Distributed Access Control for Web and Business Processes

Middleware influenced the research community in developing a number of systems for controlling access to distributed resources. Nowadays a new paradigm for the lightweight integration of business resources from different partners is starting to take hold – Web Services and Business Processes for Web Services. Security and access control policies for Web Services protocols and distributed systems are well studied and almost standardized, but there is not yet a comprehensive proposal for an access control architecture for business processes. So, it is worth looking at the available approaches to distributed authorization as a starting point for a better understanding of what they already have and what they still need to address the security challenges for business processes

Web-based access control system

This article describes a web-based system to control and manage the access to the ESTCB, which it is under development as a student’s final project. Beyond an important pedagogical and technological value, we believe that this work is an important step towards offering strong and efficient security management for access control systems. We make use of standard technologies in use on the Web, to make an effective campus-wide security system. The system management and configuration, the consultation of access information for schedules, users, spaces, among others, will be carried out through the Internet. The proposed model is based on the use of two data nets: a CAN field bus to which are connected magnetic cards readers, door locks and sensors of each access place and the Ethernet that establishes connection between different CAN field bus and servers, which contain information about users and access rules

Authentication and Authorization Modules for Open Messaging Interface (O-MI)

With the constant rise of new technology, developments in the fields of computer science, wireless networks, storage capabilities and sensing possibilities along with the demand for continuous connectivity have lead to the formation of the Internet of Things (IoT) concept. Today, there are numerous organizations working on the IoT technology aimed at developing smart products and services. Each company proposes its own methods directed for a particular field of industry thus, it ends up with having several protocols. This has poorly followed the concept of a unified system. The Open Group attempted to address this issue by proposing Open Messaging Interface (O-MI) and Open Data Format (O-DF) protocols and claimed O-MI to be an IoT messaging standard as that of HTTP for world-wide-web (WWW). The proposed protocols have been designed to ensure robust development, data standardization, and required security level. However, the security model needs to be upgraded with the recent security techniques. This thesis attempts to specify appropriate authentication and authorization (access control) mechanisms that manage various consumers and provide functionalities that fit into O-MI/O-DF standards. The thesis first discusses several challenges regarding IoT security and then different authentication and authorization techniques available today. It then describes in detail the design decisions and implementation technicalities of the autonomous services created for the reference implementation of O-MI and O-DF

Java Card:An analysis of the most successful smart card operating system

To explain why the Java Card operating system has become the most successful smart card operating system to date, we analyze the realized features of the current Java Card version, we argue it could be enhanced by adding a number of intended features and we discuss a set of complementary features that have been suggested. No technology can be successful without the right people and the right circumstances, so we provide some insights in the personal and historical historic aspects of the success of Java Card

Server-based and server-less BYOD solutions to support electronic learning

Over the past 10 years, bring your own device has become an emerging practice across the commercial landscape and has empowered employees to conduct work-related business from the comfort of their own phone, tablet, or other personal electronic device. Currently in the Department of Defense, and specifically the Department of the Navy, no viable solution exists for the delivery of eLearning content to a service member's personal device that satisfy existing policies. The purpose of this thesis is to explore two potential solutions: a server-based method and a server-less method, both of which would allow Marines and Sailors to access eLearning course material by way of their personal devices. This thesis will test the feasibility and functionality of our server-based and server-less solutions by implementing a basic proof of concept for each. The intent is to provide a baseline from which further research and development can be conducted, and to demonstrate how these solutions present a low-risk environment that preserves government network security while still serving as a professional military education force multiplier. Both solutions, while demonstrated with limited prototypes, have the potential to finally introduce bring your own device into the Department of the Navy's eLearning realm.http://archive.org/details/serverbasedndser1094549343Captain, United States Marine CorpsCaptain, United States Marine CorpsApproved for public release; distribution is unlimited

Between Hype, Hope, and Reality: A Lifecycle-Driven Perspective on Non-Fungible Token

Advocates consider NFTs a potentially disruptive blockchain-enabled innovation. In light of surging popularity and low theoretical insights, we study NFTs from a lifecycle-driven perspective. We develop a taxonomy that adheres to a habitual method and draws on a five-step process of analyzing literature and real-world projects. Our taxonomy contributes to descriptive knowledge by structuring NFTs with 20 dimensions and 77 characteristics along the perspectives of origination, distribution, transfer, trade, and redeem. We enable researchers and practitioners to grasp the NFT phenomenon in a structured manner and demonstrate the applicability of our taxonomy through expert interviews and case studies

Perceiving is Believing. Authentication with Behavioural and Cognitive Factors

Most computer users have experienced login problems such as, forgetting passwords, loosing token cards and authentication dongles, failing that complicated screen pattern once again, as well as, interaction difficulties in usability. Facing the difficulties of non-flexible strong authentication solutions, users tend to react with poor acceptance or to relax the assumed correct use of authentication procedures and devices, rendering the intended security useless. Biometrics can, sort of, solve some of those problems. However, despite the vast research, there is no perfect solution into designing a secure strong authentication procedure, falling into a trade off between intrusiveness, effectiveness, contextual adequacy and security guarantees. Taking advantage of new technology, recent research onmulti-modal, behavioural and cognitive oriented authentication proposals have sought to optimize trade off towards precision and convenience, reducing intrusiveness for the same amount of security. But these solutions also fall short with respect to different scenarios. Users perform currently multiple authentications everyday, through multiple devices, in panoply of different situations, involving different resources and diverse usage contexts, with no "better authentication solution" for all possible purposes. The proposed framework enhances the recent research in user authentication services with a broader view on the problems involving each solution, towards an usable secure authentication methodology combining and exploring the strengths of each method. It will than be used to prototype instances of new dynamic multifactor models (including novel models of behavioural and cognitive biometrics), materializing the PiB (perceiving is believing) authentication. Ultimately we show how the proposed framework can be smoothly integrated in applications and other authentication services and protocols, namely in the context of SSO Authentication Services and OAuth

Cyber Security and Critical Infrastructures

This book contains the manuscripts that were accepted for publication in the MDPI Special Topic "Cyber Security and Critical Infrastructure" after a rigorous peer-review process. Authors from academia, government and industry contributed their innovative solutions, consistent with the interdisciplinary nature of cybersecurity. The book contains 16 articles: an editorial explaining current challenges, innovative solutions, real-world experiences including critical infrastructure, 15 original papers that present state-of-the-art innovative solutions to attacks on critical systems, and a review of cloud, edge computing, and fog's security and privacy issues

OpenDSU: Digital Sovereignty in PharmaLedger

Distributed ledger networks, chiefly those based on blockchain technologies, currently are heralding a next generation of computer systems that aims to suit modern users' demands. Over the recent years, several technologies for blockchains, off-chaining strategies, as well as decentralised and respectively self-sovereign identity systems have shot up so fast that standardisation of the protocols is lagging behind, severely hampering the interoperability of different approaches. Moreover, most of the currently available solutions for distributed ledgers focus on either home users or enterprise use case scenarios, failing to provide integrative solutions addressing the needs of both. Herein we introduce the OpenDSU platform that allows to interoperate generic blockchain technologies, organised - and possibly cascaded in a hierarchical fashion - in domains. To achieve this flexibility, we seamlessly integrated a set of well conceived OpenDSU components to orchestrate off-chain data with granularly resolved and cryptographically secure access levels that are nested with sovereign identities across the different domains. Employing our platform to PharmaLedger, an inter-European network for the standardisation of data handling in the pharmaceutical industry and in healthcare, we demonstrate that OpenDSU can cope with generic demands of heterogeneous use cases in both, performance and handling substantially different business policies. Importantly, whereas available solutions commonly require a pre-defined and fixed set of components, no such vendor lock-in restrictions on the blockchain technology or identity system exist in OpenDSU, making systems built on it flexibly adaptable to new standards evolving in the future.Comment: 18 pages, 8 figure