Security Policy Consistency

With the advent of wide security platforms able to express simultaneously all the policies comprising an organization's global security policy, the problem of inconsistencies within security policies become harder and more relevant. We have defined a tool based on the CHR language which is able to detect several types of inconsistencies within and between security policies and other specifications, namely workflow specifications. Although the problem of security conflicts has been addressed by several authors, to our knowledge none has addressed the general problem of security inconsistencies, on its several definitions and target specifications.Comment: To appear in the first CL2000 workshop on Rule-Based Constraint Reasoning and Programmin

BALANCING PRIVACY, PRECISION AND PERFORMANCE IN DISTRIBUTED SYSTEMS

Privacy, Precision, and Performance (3Ps) are three fundamental design objectives in distributed systems. However, these properties tend to compete with one another and are not considered absolute properties or functions. They must be defined and justified in terms of a system, its resources, stakeholder concerns, and the security threat model. To date, distributed systems research has only considered the trade-offs of balancing privacy, precision, and performance in a pairwise fashion. However, this dissertation formally explores the space of trade-offs among all 3Ps by examining three representative classes of distributed systems, namely Wireless Sensor Networks (WSNs), cloud systems, and Data Stream Management Systems (DSMSs). These representative systems support large part of the modern and mission-critical distributed systems. WSNs are real-time systems characterized by unreliable network interconnections and highly constrained computational and power resources. The dissertation proposes a privacy-preserving in-network aggregation protocol for WSNs demonstrating that the 3Ps could be navigated by adopting the appropriate algorithms and cryptographic techniques that are not prohibitively expensive. Next, the dissertation highlights the privacy and precision issues that arise in cloud databases due to the eventual consistency models of the cloud. To address these issues, consistency enforcement techniques across cloud servers are proposed and the trade-offs between 3Ps are discussed to help guide cloud database users on how to balance these properties. Lastly, the 3Ps properties are examined in DSMSs which are characterized by high volumes of unbounded input data streams and strict real-time processing constraints. Within this system, the 3Ps are balanced through a proposed simple and efficient technique that applies access control policies over shared operator networks to achieve privacy and precision without sacrificing the systems performance. Despite that in this dissertation, it was shown that, with the right set of protocols and algorithms, the desirable 3P properties can co-exist in a balanced way in well-established distributed systems, this dissertation is promoting the use of the new 3Ps-by-design concept. This concept is meant to encourage distributed systems designers to proactively consider the interplay among the 3Ps from the initial stages of the systems design lifecycle rather than identifying them as add-on properties to systems

Cloud transactions and caching for improved performance in clouds and DTNs

In distributed transactional systems deployed over some massively decentralized cloud servers, access policies are typically replicated. Interdependencies ad inconsistencies among policies need to be addressed as they can affect performance, throughput and accuracy. Several stringent levels of policy consistency constraints and enforcement approaches to guarantee the trustworthiness of transactions on cloud servers are proposed. We define a look-up table to store policy versions and the concept of Tree-Based Consistency approach to maintain a tree structure of the servers. By integrating look-up table and the consistency tree based approach, we propose an enhanced version of Two-phase validation commit (2PVC) protocol integrated with the Paxos commit protocol with reduced or almost the same performance overhead without affecting accuracy and precision. A new caching scheme has been proposed which takes into consideration Military/Defense applications of Delay-tolerant Networks (DTNs) where data that need to be cached follows a whole different priority levels. In these applications, data popularity can be defined not only based on request frequency, but also based on the importance like who created and ranked point of interests in the data, when and where it was created; higher rank data belonging to some specific location may be more important though frequency of those may not be higher than more popular lower priority data. Thus, our caching scheme is designed by taking different requirements into consideration for DTN networks for defense applications. The performance evaluation shows that our caching scheme reduces the overall access latency, cache miss and usage of cache memory when compared to using caching schemes --Abstract, page iv

OWL-POLAR : A Framework for Semantic Policy Representation and Reasoning

Peer reviewedPreprin

The Obama Administration’s November 2014 Immigration Initiatives: Questions and Answers

[Excerpt] On November 20, 2014, President Obama delivered a televised address wherein he broadly described the steps that his administration is taking to “fix” what he has repeatedly described as a “broken immigration system.” Following the President’s address, executive agencies made available intra-agency memoranda and fact sheets detailing specific actions that have already been taken, or will be taken in the future. These actions generally involve either border security, the current unlawfully present population, or future legal immigration. The announced executive actions—particularly the granting of deferred action and employment authorization to some unlawfully present aliens, discussed below (see “Unlawfully Present Population”)—have revived debate about the executive’s discretionary authority over immigration like that which followed the Administration’s June 2012 announcement of the Deferred Action for Childhood Arrivals (DACA) initiative. DACA has permitted some unlawfully present aliens who were brought to the United States as children and raised here to obtain temporary relief from removal and, in many cases, employment authorization. Some have argued that DACA constitutes an abdication of the executive’s duty to enforce the laws and runs afoul of specific requirements found in the Immigration and Nationality Act (INA), among other things. Others, however, have maintained that the DACA initiative is a lawful exercise of the discretionary authority conferred on the executive by the Constitution and federal statute. Similar arguments will likely be made as to the November 2014 actions, which affect a significantly larger number of aliens than DACA. This report provides the answers to key legal questions related to the various immigration-related actions announced by the Obama Administration on November 20, 2014. Because the various documents outlining these actions have been available for a limited period of time, and additional information is expected to be released in the future, these answers are necessarily preliminary. It is anticipated that the report will be updated to reflect further developments

The Internationalization of Agency Actions

U.S. agencies routinely base their domestic regulations on international considerations, such as the benefits of coordinating American and foreign standards or the foreign policy advantages of a particular policy. I refer to this phenomenon as the internationalization of agency actions. This Article examines what the internationalization of agency actions means for agency decision-making processes, institutional design, and legal doctrine. It creates a stylized model of how agencies determine whether to coordinate their standards with foreign regulations. Among other institutional design findings, it shows that court opinions that reduce the stringency of judicial review when agencies implement internationally coordinated standards make such coordination more likely to occur, but they simultaneously deprive the executive of bargaining power because U.S. agencies cannot credibly threaten that any coordinated agreement must align more closely with U.S. values or risk being overturned in U.S. courts. This Article also develops a taxonomy of international factors relied on by agencies and applies that taxonomy to help clarify the doctrinal issue of whether and when agencies can use international factors to justify their actions in court. This taxonomical approach shows how the Supreme Court’s opinion in Massachusetts v. EPA can reasonably be read to allow agencies to invoke a far broader range of foreign policy rationales than some prevailing views suggest

Security Policy Specification Using a Graphical Approach

A security policy states the acceptable actions of an information system, as the actions bear on security. There is a pressing need for organizations to declare their security policies, even informal statements would be better than the current practice. But, formal policy statements are preferable to support (1) reasoning about policies, e.g., for consistency and completeness, (2) automated enforcement of the policy, e.g., using wrappers around legacy systems or after the fact with an intrusion detection system, and (3) other formal manipulation of policies, e.g., the composition of policies. We present LaSCO, the Language for Security Constraints on Objects, in which a policy consists of two parts: the domain (assumptions about the system) and the requirement (what is allowed assuming the domain is satisfied). Thus policies defined in LaSCO have the appearance of conditional access control statements. LaSCO policies are specified as expressions in logic and as directed graphs, giving a visual view of policy. LaSCO has a simple semantics in first order logic (which we provide), thus permitting policies we write, even for complex policies, to be very perspicuous. LaSCO has syntax to express many of the situations we have found to be useful on policies or, more interesting, the composition of policies. LaSCO has an object-oriented structure, permitting it to be useful to describe policies on the objects and methods of an application written in an object-oriented language, in addition to the traditional policies on operating system objects. A LaSCO specification can be automatically translated into executable code that checks an invocation of a program with respect to a policy. The implementation of LaSCO is in Java, and generates wrappers to check Java programs with respect to a policy.Comment: 28 pages, 22 figures, in color (but color is not essential for viewing); UC Davis CS department technical report (July 22, 1998

Towards Safer Information Sharing in the Cloud

Web interactions usually require the exchange of personal and confidential information for a variety of purposes, including enabling business transactions and the provisioning of services. A key issue affecting these interactions is the lack of trust and control on how data is going to be used and processed by the entities that receive it. In the traditional world, this problem is addressed by using contractual agreements, those are signed by the involved parties, and law enforcement. This could be done electronically as well but, in ad- dition to the trust issue, there is currently a major gap between the definition of legal contracts regulat- ing the sharing of data, and the software infrastructure required to support and enforce them. How to enable organisations to provide more automation in this pro- cess? How to ensure that legal contracts can be actually enforced by the underlying IT infrastructure? How to enable end-users to express their preferences and con- straints within these contracts? This article describes our R&D work to make progress towards addressing this gap via the usage of electronic Data Sharing Agree- ments (e-DSA). The aim is to share our vision, discuss the involved challenges and stimulate further research and development in this space. We specifically focus on a cloud scenario because it provides a rich set of?use cases involving interactions and information shar- ing among multiple stakeholders, including users and service providers.?