206 research outputs found
Modelling, validating, and ranking of secure service compositions
This is the author accepted manuscript. The final version is available from the publisher via the DOI in this recordIn the world of large-scale applications, software as a service (SaaS) in general and use of microservices, in particular, is bringing service-oriented architectures to a new level: Systems in general and systems that interact with human users (eg, sociotechnical systems) in particular are built by composing microservices that are developed independently and operated by different parties. At the same time, SaaS applications are used more and more widely by enterprises as well as public services for providing critical services, including those processing security or privacy of relevant data. Therefore, providing secure and reliable service compositions is increasingly needed to ensure the success of SaaS solutions. Building such service compositions securely is still an unsolved problem. In this paper, we present a framework for modelling, validating, and ranking secure service compositions that integrate both automated services as well as services that interact with humans. As a unique feature, our approach for ranking services integrates validated properties (eg, based on the result of formally analysing the source code of a service implementation) as well as contractual properties that are part of the service level agreement and, thus, not necessarily ensured on a technical level
Secure collaboration in onboarding
The process of onboarding a company is characterized by inter-enterprise collaboration between the acquiring and the acquired companies. Multiple cross-functional teams are formed to assimilate and integrate the processes, products, data, customers, and partners of the company under acquisition. Dynamic access control management in such inter-enterprise collaboration is the subject of this thesis. A problem in inter-enterprise collaboration in onboarding is that information assets shared by collaborating teams are not adequately protected. As a result, there is potential for accidental or malicious leakage of sensitive business information like the intellectual property, product roadmaps and strategy, customer lists etc. Also, the statically defined access control policies are not sufficient to address access control requirements of dynamic collaboration where there is a constant change in people, processes, and information assets in collaboration repository. This research proposes a new approach and model to integrate security in onboarding collaboration process. Research methods such as, literature review, field studies including direct experiential projects in onboarding and interviews with experts in Mergers and Acquisitions, and detailed data collection and analysis through surveys are used to identify the issues that need to be addressed in the onboarding process. Literature review enabled the identification of access control requirements from the perspective of statically defined policies and the need to determine access dynamically. From the field studies, it was deciphered that there is a need for a well-defined onboarding collaboration process. The data analysis and interpretation from the survey results provided insights into the needs for integrating security in all phases of onboarding collaboration. All these research methods essentially enabled identification of two key issues that this research addresses: 1) well-defined onboarding collaboration process and 2) building security in all phases of onboarding collaboration. A new approach and model called SCODA is developed to integrate security in all phases of onboarding collaboration. Onboarding collaboration process consists of four phases: create, operate, dissolve, and archive. These phases provide the basis for systematically addressing security and access control when the collaboration team is formed, while it is operating, when the team is dissolved after completing its tasks, and when shared information assets are archived. The research adapts role based access control (RBAC) and formally defines the enterprise, functional, and collaboration roles for making access control management decisions. New ideas are developed in trustbased access control management in dynamic collaboration. The change management aspects are also discussed. The SCODA model is validated and the refinements incorporated accordingly. This research contributed to both theory and practice of information security in general and access control in particular in the context of dynamic collaboration. It proposed a new approach of building security in, i.e. to integrate security in all phases of collaboration. In order to build security in, a new onboarding collaboration process is developed that is adaptable and customizable. It has also developed a new approach for trust based dynamic access control based on the new concepts of strong and weak trust relationships. These trust relationships are also adaptable and customizable. Finally, this research has potential for future research work in the design and implementation of multi-paradigm based enterprise security frameworks and interenterprise collaboration
A Dynamic Access Control Model Using Authorising Workfow and Task Role-based Access Control
Access control is fundamental and prerequisite to govern and safeguard information assets within an organisation. Organisations generally use Web enabled remote access coupled with applications access distributed across various networks. These networks face various challenges including increase operational burden and monitoring issues due to the dynamic and complex nature of security policies for access control. The increasingly dynamic nature of collaborations means that in one context a user should have access to sensitive information, whilst not being allowed access in other contexts. The current access control models are static and lack Dynamic Segregation of Duties (SoD), Task instance level of Segregation, and decision making in real time. This thesis addresses these limitations describes tools to support access management in borderless network environments with dynamic SoD capability and real time access control decision making and policy enforcement. This thesis makes three contributions: i) Defining an Authorising Workflow Task Role Based Access Control (AW-TRBAC) using existing task and workflow concepts. This new workflow integrates dynamic SoD, whilst considering task instance restriction to ensure overall access governance and accountability. It enhances existing access control models such as Role Based Access Control (RBAC) by dynamically granting users access rights and providing access governance. ii) Extension of the OASIS standard of XACML policy language to support dynamic access control requirements and enforce access control rules for real time decision making. This mitigates risks relating to access control, such as escalation of privilege in broken access control, and insucient logging and monitoring. iii) The AW-TRBAC model is implemented by extending the open source XACML (Balana) policy engine to demonstrate its applicability to a real industrial use case from a financial institution. The results show that AW-TRBAC is scalable, can process relatively large numbers of complex requests, and meets the requirements of real time access control decision making, governance and mitigating broken access control risk
Privacy Preserving Enforcement of Sensitive Policies in Outsourced and Distributed Environments
The enforcement of sensitive policies in untrusted environments is still an
open challenge for policy-based systems. On the one hand, taking any
appropriate security decision requires access to these policies. On the other
hand, if such access is allowed in an untrusted environment then confidential
information might be leaked by the policies. The key challenge is how to
enforce sensitive policies and protect content in untrusted environments. In
the context of untrusted environments, we mainly distinguish between outsourced
and distributed environments. The most attractive paradigms concerning
outsourced and distributed environments are cloud computing and opportunistic
networks, respectively.
In this dissertation, we present the design, technical and implementation
details of our proposed policy-based access control mechanisms for untrusted
environments. First of all, we provide full confidentiality of access policies
in outsourced environments, where service providers do not learn private
information about policies. We support expressive policies and take into
account contextual information. The system entities do not share any encryption
keys. For complex user management, we offer the full-fledged Role-Based Access
Control (RBAC) policies.
In opportunistic networks, we protect content by specifying expressive
policies. In our proposed approach, brokers match subscriptions against
policies associated with content without compromising privacy of subscribers.
As a result, unauthorised brokers neither gain access to content nor learn
policies and authorised nodes gain access only if they satisfy policies
specified by publishers. Our proposed system provides scalable key management
in which loosely-coupled publishers and subscribers communicate without any
prior contact. Finally, we have developed a prototype of the system that runs
on real smartphones and analysed its performance.Comment: Ph.D. Dissertation. http://eprints-phd.biblio.unitn.it/1124
IaaS-cloud security enhancement: an intelligent attribute-based access control model and implementation
The cloud computing paradigm introduces an efficient utilisation of huge computing
resources by multiple users with minimal expense and deployment effort
compared to traditional computing facilities. Although cloud computing has incredible
benefits, some governments and enterprises remain hesitant to transfer
their computing technology to the cloud as a consequence of the associated security
challenges. Security is, therefore, a significant factor in cloud computing
adoption. Cloud services consist of three layers: Software as a Service (SaaS), Platform
as a Service (PaaS), and Infrastructure as a Service (IaaS). Cloud computing
services are accessed through network connections and utilised by multi-users who
can share the resources through virtualisation technology. Accordingly, an efficient
access control system is crucial to prevent unauthorised access.
This thesis mainly investigates the IaaS security enhancement from an access
control point of view. [Continues.
RTD Evaluation Toolbox. Assessing the Socio-Economic Impact of RTD-Policies
Abstract not availableJRC.J-Institute for Prospective Technological Studies (Seville
Recommended from our members
Dynamic Trust Management
Trust management forms the basis for communicating policy among system elements and demands credential checking for access to all virtual private service resources—along with careful evaluation of credentials against specified policies—before a party can be trusted
Broadening the Scope of Security Usability from the Individual to the Organizational : Participation and Interaction for Effective, Efficient, and Agile Authorization
Restrictions and permissions in information systems -- Authorization -- can cause problems for those interacting with the systems. Often, the problems materialize as an interference with the primary tasks, for example, when restrictions prevent the efficient completing of work and cause frustration. Conversely, the effectiveness can also be impacted when staff is forced to circumvent the measure to complete work -- typically sharing passwords among each other. This is the perspective of functional staff and the organization. There are further perspectives involved in the administration and development of the authorization measure. For instance, functional staff need to interact with policy makers who decide on the granting of additional permissions, and policy makers, in turn, interact with policy authors who actually implement changes. This thesis analyzes the diverse contexts in which authorization occurs, and systematically examines the problems that surround the different perspectives on authorization in organizational settings. Based on prior research and original research in secure agile development, eight principles to address the authorization problems are identified and explored through practical artifacts
- …