Handling Policy Conflicts in Call Control

Policies are becoming increasingly important in modern computer systems as a mechanism for end users and organisations to exhibit a level of control over software. Policies have long been established as an effective mechanism for enabling appropriate access control over resources, and for enforcing security considerations. However they are now becoming valued as a more general management mechanism for large-scale heterogeneous systems, including those exhibiting adaptive or autonomic behaviour. In the telecommunications domain, features have been widely used to provide users with (limited) control over calls. However, features have the disadvantage that they are low-level and implementation-oriented in nature. Furthermore, apart from limited parameterisation of some features, they tend to be very inflexible. Policies, in contrast, have the potential to be much higher-level, goaloriented, and very flexible. This paper presents an architecture and its realisation for distributed and hierarchical policies within the telecommunications domain. The work deals with the important issue of policy conflict – the analogy of feature interaction

Providing incentive to peer-to-peer applications

Cooperative peer-to-peer applications are designed to share the resources of participating computers for the common good of ail users. However, users do not necessarily have an incentive to donate resources to the system if they can use the system's resources for free. As commonly observed in deployed applications, this situation adversely affects the applications' performance and sometimes even their availability and usability. While traditional resource management is handled by a centralized enforcement entity, adopting similar solution raises new concerns for distributed peer-to-peer systems. This dissertation proposes to solve the incentive problem in peer-to-peer applications by designing fair sharing policies and enforcing these policies in a distributed manner. The feasibility and practicability of this approach is demonstrated through numerous applications, namely archival storage systems, streaming systems, content distribution systems, and anonymous communication systems

Towards Monitoring Security Policies in Grid Computing: a Survey

Grid computing systems are complex and dynamic environments and therefore require appropriate automated management, which would enable stable and reliable operation of the whole grid environment. The research community has addressed this requirement with a number of monitoring frameworks, which serve to collect data at various levels to support decision taking and management activities within grids. However, these existing solutions seem to implement little support for collecting security-related data and enforcing appropriate security policies and constraints in this respect. With an increasing role of network connections and users remotely accessing computational resources from various locations, grid systems are no longer seen as localised and isolated ecosystems, but are coming to be more open and distributed. In this light, it is becoming more and more important to enable monitoring framework with capabilities to collect security-related data and check whether these observations comply with certain security constraints. Accordingly, in this paper we present a survey of existing grid monitoring systems with a goal to identify an existing gap of insufficient support for handling the security dimension in grids. Our survey suggests that available grid monitoring frameworks are incapable of collecting security-related data metrics and evaluating them against a set of security policies. As a first step towards addressing this issue, we outline several groups of security policies, which we envisage to be further incorporated in our own research work, and by the wider community

Enforcing reputation constraints on business process workflows

The problem of trust in determining the flow of execution of business processes has been in the centre of research interst in the last decade as business processes become a de facto model of Internet-based commerce, particularly with the increasing popularity in Cloud computing. One of the main mea-sures of trust is reputation, where the quality of services as provided to their clients can be used as the main factor in calculating service and service provider reputation values. The work presented here contributes to the solving of this problem by defining a model for the calculation of service reputa-tion levels in a BPEL-based business workflow. These levels of reputation are then used to control the execution of the workflow based on service-level agreement constraints provided by the users of the workflow. The main contribution of the paper is to first present a formal meaning for BPEL processes, which is constrained by reputation requirements from the users, and then we demonstrate that these requirements can be enforced using a reference architecture with a case scenario from the domain of distributed map processing. Finally, the paper discusses the possible threats that can be launched on such an architecture

CamFlow: Managed Data-sharing for Cloud Services

A model of cloud services is emerging whereby a few trusted providers manage the underlying hardware and communications whereas many companies build on this infrastructure to offer higher level, cloud-hosted PaaS services and/or SaaS applications. From the start, strong isolation between cloud tenants was seen to be of paramount importance, provided first by virtual machines (VM) and later by containers, which share the operating system (OS) kernel. Increasingly it is the case that applications also require facilities to effect isolation and protection of data managed by those applications. They also require flexible data sharing with other applications, often across the traditional cloud-isolation boundaries; for example, when government provides many related services for its citizens on a common platform. Similar considerations apply to the end-users of applications. But in particular, the incorporation of cloud services within `Internet of Things' architectures is driving the requirements for both protection and cross-application data sharing. These concerns relate to the management of data. Traditional access control is application and principal/role specific, applied at policy enforcement points, after which there is no subsequent control over where data flows; a crucial issue once data has left its owner's control by cloud-hosted applications and within cloud-services. Information Flow Control (IFC), in addition, offers system-wide, end-to-end, flow control based on the properties of the data. We discuss the potential of cloud-deployed IFC for enforcing owners' dataflow policy with regard to protection and sharing, as well as safeguarding against malicious or buggy software. In addition, the audit log associated with IFC provides transparency, giving configurable system-wide visibility over data flows. [...]Comment: 14 pages, 8 figure

Distributed Access Control for Web and Business Processes

Middleware influenced the research community in developing a number of systems for controlling access to distributed resources. Nowadays a new paradigm for the lightweight integration of business resources from different partners is starting to take hold – Web Services and Business Processes for Web Services. Security and access control policies for Web Services protocols and distributed systems are well studied and almost standardized, but there is not yet a comprehensive proposal for an access control architecture for business processes. So, it is worth looking at the available approaches to distributed authorization as a starting point for a better understanding of what they already have and what they still need to address the security challenges for business processes

A trustworthy mobile agent infrastructure for network management

Despite several advantages inherent in mobile-agent-based approaches to network management as compared to traditional SNMP-based approaches, industry is reluctant to adopt the mobile agent paradigm as a replacement for the existing manager-agent model; the management community requires an evolutionary, rather than a revolutionary, use of mobile agents. Furthermore, security for distributed management is a major concern; agent-based management systems inherit the security risks of mobile agents. We have developed a Java-based mobile agent infrastructure for network management that enables the safe integration of mobile agents with the SNMP protocol. The security of the system has been evaluated under agent to agent-platform and agent to agent attacks and has proved trustworthy in the performance of network management tasks

A Consent-based Workflow System for Healthcare Systems

In this paper, we describe a new framework for healthcare systems where patients are able to control the disclosure of their medical data. In our framework, the patient's consent has a pivotal role in granting or removing access rights to subjects accessing patient's medical data. Depending on the context in which the access is being executed, different consent policies can be applied. Context is expressed in terms of workflows. The execution of a task in a given workflow carries the necessary information to infer whether the consent can be implicitly retrieved or should be explicitly requested from a patient. However, patients are always able to enforce their own decisions and withdraw consent if necessary. Additionally, the use of workflows enables us to apply the need-to-know principle. Even when the patient's consent is obtained, a subject should access medical data only if it is required by the actual situation. For example, if the subject is assigned to the execution of a medical diagnosis workflow requiring access to the patient's medical record. We also provide a complex medical case study to highlight the design principles behind our framework. Finally, the implementation of the framework is outlined