Future consumer mobile phone security: a case study using the data centric security model

In the interconnected world that we live in, traditional security barriers are\ud broken down. Developments such as outsourcing, increased usage of mobile\ud devices and wireless networks each cause new security problems.\ud To address the new security threats, a number of solutions have been suggested,\ud mostly aiming at securing data rather than whole systems or networks.\ud However, these visions (such as proposed by the Jericho Forum [9] and IBM\ud [4]) are mostly concerned with large (inter-) enterprise systems. Until now, it is\ud unclear what data-centric security could mean for other systems and environments.\ud One particular category of systems that has been neglected is that of\ud consumer mobile phones. Currently, data security is usually limited to a PIN\ud number on startup and the option to disable wireless connections. The lack of\ud protection does not seem justified, as these devices have steadily increased in\ud capabilities and capacity; they can connect wirelessly to the Internet and have\ud a high risk of being lost or stolen [8]. This not only puts end users at risk, but\ud also their contacts, as phones can contain privacy sensitive data of many others.\ud For example, if birth dates and addresses are kept with the contact records, in\ud many cases a thief will have enough information to impersonate a contact and\ud steal his identity.\ud Could consumer mobile phones benefit from data-centric security? How\ud useful is data-centric security in this context? These are the core questions we\ud will try to address here

Information flow audit for PaaS clouds

© 2016 IEEE. With the rapid increase in uptake of cloud services, issues of data management are becoming increasingly prominent. There is a clear, outstanding need for the ability for specified policy to control and track data as it flows throughout cloud infrastructure, to ensure that those responsible for data are meeting their obligations. This paper introduces Information Flow Audit, an approach for tracking information flows within cloud infrastructure. This builds upon CamFlow (Cambridge Flow Control Architecture), a prototype implementation of our model for data-centric security in PaaS clouds. CamFlow enforces Information Flow Control policy both intra-machine at the kernel-level, and inter-machine, on message exchange. Here we demonstrate how CamFlow can be extended to provide data-centric audit logs akin to provenance metadata in a format in which analyses can easily be automated through the use of standard graph processing tools. This allows detailed understanding of the overall system. Combining a continuously enforced data-centric security mechanism with meaningful audit empowers tenants and providers to both meet and demonstrate compliance with their data management obligations.This work was supported by UK Engineering and Physical Sciences Research Council grant EP/K011510 CloudSafetyNet: End-to-End Application Security in the Cloud. We acknowledge the support of Microsoft through the Microsoft Cloud Computing Research Centre

Rethinking De-Perimeterisation: Problem Analysis And Solutions

For businesses, the traditional security approach is the hard-shell model: an organisation secures all its assets using a fixed security border, trusting the inside, and distrusting the outside. However, as technologies and business processes change, this model looses its attractiveness. In a networked world, “inside” and “outside” can no longer be clearly distinguished. The Jericho Forum - an industry consortium part of the Open Group – coined this process deperimeterisation and suggested an approach aimed at securing data rather than complete systems and infrastructures. We do not question the reality of de-perimeterisation; however, we believe that the existing analysis of the exact problem, as well as the usefulness of the proposed solutions have fallen short: first, there is no linear process of blurring boundaries, in which security mechanisms are placed at lower and lower levels, until they only surround data. To the contrary, we experience a cyclic process of connecting and disconnecting of systems. As conditions change, the basic trade-off between accountability and business opportunities is made (and should be made) every time again. Apart from that, data level security has several limitations to start with, and there is a big potential for solving security problems differently: by rearranging the responsibilities between businesses and individuals. The results of this analysis can be useful for security professionals who need to trade off different security mechanisms for their organisations and their information systems

Exploiting Information-centric Networking to Federate Spatial Databases

This paper explores the methodologies, challenges, and expected advantages related to the use of the information-centric network (ICN) technology for federating spatial databases. ICN services allow simplifying the design of federation procedures, improving their performance, and providing so-called data-centric security. In this work, we present an architecture that is able to federate spatial databases and evaluate its performance using a real data set coming from OpenStreetMap within a heterogeneous federation formed by MongoDB and CouchBase spatial database systems

Ethical Control of Unmanned Systems: lifesaving/lethal scenarios for naval operations

Prepared for: Raytheon Missiles & Defense under NCRADA-NPS-19-0227This research in Ethical Control of Unmanned Systems applies precepts of Network Optional Warfare (NOW) to develop a three-step Mission Execution Ontology (MEO) methodology for validating, simulating, and implementing mission orders for unmanned systems. First, mission orders are represented in ontologies that are understandable by humans and readable by machines. Next, the MEO is validated and tested for logical coherence using Semantic Web standards. The validated MEO is refined for implementation in simulation and visualization. This process is iterated until the MEO is ready for implementation. This methodology is applied to four Naval scenarios in order of increasing challenges that the operational environment and the adversary impose on the Human-Machine Team. The extent of challenge to Ethical Control in the scenarios is used to refine the MEO for the unmanned system. The research also considers Data-Centric Security and blockchain distributed ledger as enabling technologies for Ethical Control. Data-Centric Security is a combination of structured messaging, efficient compression, digital signature, and document encryption, in correct order, for round-trip messaging. Blockchain distributed ledger has potential to further add integrity measures for aggregated message sets, confirming receipt/response/sequencing without undetected message loss. When implemented, these technologies together form the end-to-end data security that ensures mutual trust and command authority in real-world operational environments—despite the potential presence of interfering network conditions, intermittent gaps, or potential opponent intercept. A coherent Ethical Control approach to command and control of unmanned systems is thus feasible. Therefore, this research concludes that maintaining human control of unmanned systems at long ranges of time-duration and distance, in denied, degraded, and deceptive environments, is possible through well-defined mission orders and data security technologies. Finally, as the human role remains essential in Ethical Control of unmanned systems, this research recommends the development of an unmanned system qualification process for Naval operations, as well as additional research prioritized based on urgency and impact.Raytheon Missiles & DefenseRaytheon Missiles & Defense (RMD).Approved for public release; distribution is unlimited

Security problems of universal data management systems

Стаття присвячена розгляду проблеми безпеки універсальних систем управління даними. Зроблено аналіз та класифікація сучасних систем управління даними за різними критеріями. На основі аналізу літератури та використання досвіду створення корпоративних систем, визначені два підходи до організації універсальних платформ управління даними: використання мультимодельних систем та інтегрованих платформ управління даними. На підставі проведеного аналізу загроз та засобів захисту даних для SQL, NoSQL, NewSQL систем управління базами даних, сховищ даних (Data WareHouse), озер даних (Data Lake) та хмар даних визначені основні підходи до захисту даних кожної категорії продуктів. Визначені сучасні тенденції розвитку технологій управління даними та засобів захисту даних. Саме стрімкий розвиток NoSQL, NewSQL систем і обмін функціональністю між ними призвів до появи систем, що мають функції багатьох класів. Визначено проблеми захисту даних для мультимодельних СУБД та інтегрованих платформ даних та запропоновано шляхи їх подолання. Адже для універсальної платформи управління даними недостатньо простої інтеграції засобів безпеки різних типів систем управління даними, необхідні нові підходи. Для інтегрованих середовищ особливої актуальності набуває підхід Data Centric Security, який орієнтовано на захист критичних даних на всіх етапах їх обробки – від збору і передачі до аналізу і розміщення в сховищах даних. Організація доступу до даних через логічні вітрини даних з використанням семантичних технологій, онтологічних моделей даних забезпечує перетворення набору розрізнених даних в єдиний масив шляхом «віртуалізації даних». Обґрунтовано актуальність та доцільність застосування когнітивних технологій та штучного інтелекту в області інформаційної безпеки, що відкрило нові можливості для створення автоматизованих, «розумних» засобів безпеки систем управління даними. Таким системам притаманна здатність до самоаналізу і конфігурування. Застосування технології машинного навчання дозволяє виявляти слабкі місця в системі безпеки СУБД. Поєднання інтелектуальних рішень безпеки та управління з технологіями баз даних дозволить швидко реагувати на нові виклики в сфері захисту сховищ та озер даних різного типуThe article deals with the security of universal data management systems. The analysis and classification of modern data management systems by different criteria has been made. Based on the analysis of the literature and the experience of creating corporate systems, two approaches to the organization of universal data management systems have been identified: the use of multimodel systems and integrated data management platforms. Based on the analysis of threats and data protection tools for database management systems SQL, NoSQL, NewSQL, Data Warehouse, Data Lake and data clouds, the main approaches to data protection of each product category have been identified. The current trends in the development of data management technologies and data security have been identified. The development of NoSQL, NewSQL systems and the exchange of functionalities between them has led to the development of systems, which have functions of many classes. The problems of data protection for multimodel database management systems and for integrated data platforms have been identified and ways to overcome the identified problems have been suggested. For a universal data management platform, it is not enough to combine security features of different types of DBMS but new approaches are needed. The Data Centric Security approach is suitable for integrated environments; it is focused on protecting critical data at all stages of their processing - from collection and transmission to analysis and deployment in data warehouses. The organization of access to data through logical data marts using semantic technologies, ontological data models provides the transformation of a set of different types of data into a single array by "data virtualization". The article has substantiated the relevance and feasibility of the use of cognitive technologies and artificial intelligence in the field of information security, which opened new opportunities for the creation of automated, "smart" security tools for data management systems. Such systems have the ability to self-analyse and configure. The use of machine learning technology allows to identify weaknesses in the database security system. The combination of intelligent security and management solutions with database technologies will allow developers to respond quickly to new challenges in the protection of integrated data management systems of various type

Securing the Internet of Things Communication Using Named Data Networking Approaches

The rapid advancement in sensors and their use in devices has led to the drastic increase of Internet-of-Things (IoT) device applications and usage. A fundamental requirement of an IoT-enabled ecosystem is the device’s ability to communicate with other devices, humans etc. IoT devices are usually highly resource constrained and come with varying capabilities and features. Hence, a host-based communication approach defined by the TCP/IP architecture relying on securing the communication channel between the hosts displays drawbacks especially when working in a highly chaotic environment (common with IoT applications). The discrepancies between requirements of the application and the network supporting the communication demands for a fundamental change in securing the communication in IoT applications. This research along with identifying the fundamental security problems in IoT device lifecycle in the context of secure communication also explores the use of a data-centric approach advocated by a modern architecture called Named Data Networking (NDN). The use of NDN modifies the basis of communication and security by defining data-centric security where the data chunks are secured directly and retrieved using specialized requests in a pull-based approach. This work also identifies the advantages of using semantically-rich names as the basis for IoT communication in the current client-driven environment and reinforces it with best-practices from the existing host-based approaches for such networks. We present in this thesis a number of solutions built to automate and securely onboard IoT devices; encryption, decryption and access control solutions based on semantically rich names and attribute-based schemes. We also provide the design details of solutions to sup- port trustworthy and conditionally private communication among highly resource constrained devices through specialized signing techniques and automated certificate generation and distribution with minimal use of the network resources. We also explore the design solutions for rapid trust establishment and vertically securing communication in applications including smart-grid operations and vehicular communication along with automated and lightweight certificate generation and management techniques. Through all these design details and exploration, we identify the applicability of the data-centric security techniques presented by NDN in securing IoT communication and address the shortcoming of the existing approaches in this area

Fortifying Big Data infrastructures to Face Security and Privacy Issues

The explosion of data available on the internet is very increasing in recent years. One of the most challenging issues is how to effectively manage such a large amount of data and identify new ways to analyze large amounts of data and unlock information. Organizations must find a way to manage their data in accordance with all relevant privacy regulations without making the data inaccessible and unusable. Cloud Security Alliance (CSA) has released that the top 10 challenges, which are as follows: 1) secure computations in distributed programming frameworks, 2) security best practices for non-relational data stores, 3) secure data storage and transactions logs, 4) end-point input validation/filtering, 5) real-time security monitoring, 6) scalable and composable privacy-preserving data mining and analytics, 7) cryptographically enforced data centric security, 8) granular access control, 9) granular audits, 10) data Provenance. The challenges themselves can be organized into four distinct aspects of the Big Data ecosystem