A Formal Specification and Proof of System Safety Using the Schematic Protection Model

This research formally specifies the Schematic Protection Model (SPM) and provides a sound, flexible tool for reasoning formally about systems that implement a security model like SPM, to prove its ability to provide security services such as confidentiality and integrity. The theory described by the resultant model was logically proved in the Prototype Verification System (PVS), an automated prover. Each component of SPM was tested, as were several anomalous conditions, and each test produced results consistent with the model. The model is internally modular, and therefore easily extensible, yet cohesive since the theory to be proved encompasses the entire specification. This approach ensures the specification is flexible enough to incorporate any extensions that can be expressed algorithmically, such as the deontic logic properties of obligation, permission, possibility and necessity. Furthermore, the modularity enhances the robustness of the model to ensure that previously-proved fundamental properties are not lost in the process of adding functionality

Formal Mitigation Strategies for the Insider Threat: A Security Model and Risk Analysis Framework

The advancement of technology and reliance on information systems have fostered an environment of sharing and trust. The rapid growth and dependence on these systems, however, creates an increased risk associated with the insider threat. The insider threat is one of the most challenging problems facing the security of information systems because the insider already has capabilities within the system. Despite research efforts to prevent and detect insiders, organizations remain susceptible to this threat because of inadequate security policies and a willingness of some individuals to betray their organization. To investigate these issues, a formal security model and risk analysis framework are used to systematically analyze this threat and develop effective mitigation strategies. This research extends the Schematic Protection Model to produce the first comprehensive security model capable of analyzing the safety of a system against the insider threat. The model is used to determine vulnerabilities in security policies and system implementation. Through analysis, mitigation strategies that effectively reduce the threat are identified. Furthermore, an action-based taxonomy that expresses the insider threat through measurable and definable actions is presented. A risk analysis framework is also developed that identifies individuals within an organization that display characteristics indicative of a malicious insider. The framework uses a multidisciplinary process by combining behavior and technical attributes to produce a single threat level for each individual within the organization. Statistical analysis using the t-distribution and prediction interval on the threat levels reveal those individuals that are a potential threat to the organization. The effectiveness of the framework is illustrated using the case study of Robert Hanssen, demonstrating the process would likely have identified him as an insider threat

A FIREWALL MODEL OF FILE SYSTEM SECURITY

File system security is fundamental to the security of UNIX and Linux systems since in these systems almost everything is in the form of a file. To protect the system files and other sensitive user files from unauthorized accesses, certain security schemes are chosen and used by different organizations in their computer systems. A file system security model provides a formal description of a protection system. Each security model is associated with specified security policies which focus on one or more of the security principles: confidentiality, integrity and availability. The security policy is not only about “who” can access an object, but also about “how” a subject can access an object. To enforce the security policies, each access request is checked against the specified policies to decide whether it is allowed or rejected. The current protection schemes in UNIX/Linux systems focus on the access control. Besides the basic access control scheme of the system itself, which includes permission bits, setuid and seteuid mechanism and the root, there are other protection models, such as Capabilities, Domain Type Enforcement (DTE) and Role-Based Access Control (RBAC), supported and used in certain organizations. These models protect the confidentiality of the data directly. The integrity of the data is protected indirectly by only allowing trusted users to operate on the objects. The access control decisions of these models depend on either the identity of the user or the attributes of the process the user can execute, and the attributes of the objects. Adoption of these sophisticated models has been slow; this is likely due to the enormous complexity of specifying controls over a large file system and the need for system administrators to learn a new paradigm for file protection. We propose a new security model: file system firewall. It is an adoption of the familiar network firewall protection model, used to control the data that flows between networked computers, toward file system protection. This model can support decisions of access control based on any system generated attributes about the access requests, e.g., time of day. The access control decisions are not on one entity, such as the account in traditional discretionary access control or the domain name in DTE. In file system firewall, the access decisions are made upon situations on multiple entities. A situation is programmable with predicates on the attributes of subject, object and the system. File system firewall specifies the appropriate actions on these situations. We implemented the prototype of file system firewall on SUSE Linux. Preliminary results of performance tests on the prototype indicate that the runtime overhead is acceptable. We compared file system firewall with TE in SELinux to show that firewall model can accommodate many other access control models. Finally, we show the ease of use of firewall model. When firewall system is restricted to specified part of the system, all the other resources are not affected. This enables a relatively smooth adoption. This fact and that it is a familiar model to system administrators will facilitate adoption and correct use. The user study we conducted on traditional UNIX access control, SELinux and file system firewall confirmed that. The beginner users found it easier to use and faster to learn then traditional UNIX access control scheme and SELinux

Non-Intrusive Subscriber Authentication for Next Generation Mobile Communication Systems

Merged with duplicate record 10026.1/753 on 14.03.2017 by CS (TIS)The last decade has witnessed massive growth in both the technological development, and the consumer adoption of mobile devices such as mobile handsets and PDAs. The recent introduction of wideband mobile networks has enabled the deployment of new services with access to traditionally well protected personal data, such as banking details or medical records. Secure user access to this data has however remained a function of the mobile device's authentication system, which is only protected from masquerade abuse by the traditional PIN, originally designed to protect against telephony abuse. This thesis presents novel research in relation to advanced subscriber authentication for mobile devices. The research began by assessing the threat of masquerade attacks on such devices by way of a survey of end users. This revealed that the current methods of mobile authentication remain extensively unused, leaving terminals highly vulnerable to masquerade attack. Further investigation revealed that, in the context of the more advanced wideband enabled services, users are receptive to many advanced authentication techniques and principles, including the discipline of biometrics which naturally lends itself to the area of advanced subscriber based authentication. To address the requirement for a more personal authentication capable of being applied in a continuous context, a novel non-intrusive biometric authentication technique was conceived, drawn from the discrete disciplines of biometrics and Auditory Evoked Responses. The technique forms a hybrid multi-modal biometric where variations in the behavioural stimulus of the human voice (due to the propagation effects of acoustic waves within the human head), are used to verify the identity o f a user. The resulting approach is known as the Head Authentication Technique (HAT). Evaluation of the HAT authentication process is realised in two stages. Firstly, the generic authentication procedures of registration and verification are automated within a prototype implementation. Secondly, a HAT demonstrator is used to evaluate the authentication process through a series of experimental trials involving a representative user community. The results from the trials confirm that multiple HAT samples from the same user exhibit a high degree of correlation, yet samples between users exhibit a high degree of discrepancy. Statistical analysis of the prototypes performance realised early system error rates of; FNMR = 6% and FMR = 0.025%. The results clearly demonstrate the authentication capabilities of this novel biometric approach and the contribution this new work can make to the protection of subscriber data in next generation mobile networks.Orange Personal Communication Services Lt

Mobile Ad-Hoc Networks

Being infrastructure-less and without central administration control, wireless ad-hoc networking is playing a more and more important role in extending the coverage of traditional wireless infrastructure (cellular networks, wireless LAN, etc). This book includes state-of-the-art techniques and solutions for wireless ad-hoc networks. It focuses on the following topics in ad-hoc networks: quality-of-service and video communication, routing protocol and cross-layer design. A few interesting problems about security and delay-tolerant networks are also discussed. This book is targeted to provide network engineers and researchers with design guidelines for large scale wireless ad hoc networks

Exploring value co-creation within buyer-seller relationship in mobile applications services : a model development

Mobile phones have become an indispensable part of consumers’ life where they access core and supporting services via mobile applications services (m-applications). The focus of the present study is to explore dyadic buyer-seller roles in m-applications services’ value creation taking mobile banking applications services (MB-applications) as a case study. While prior research on value co-creation in service dominant logic (S-d logic) serves as a foundation for this study, it does not provide adequate guidance on how buyer and seller co-create value in m-applications services.To address this shortcoming, semi-structured interviews were carried out with 12 banks’ officials in banks’ headquarters of Saudi Arabia. Also, six focus groups were conducted; three with MB-application services users and three with non-users which were held in Riyadh College of Technology (RCT). In addition, a content analysis of MB-applications services was conducted to support suppliers’ perspectives regarding value propositions (service offering). A conceptual framework is developed for managing co-creation to illustrate practical application of the framework.The findings pointed to six factors that shape shape service suppliers’ ability to offer and deliver value via MB-applications, namely; brand image building, bank’s business vision, customer culture-orientation, bank’s internal environment, information technology system and positioning strategy. These factors combine to establish a value proposition for banks’ customers in the MB-applications services domain.Customer’s value creation as value in-use during usage emerged in different usage situations. A value framework incorporating value consumptions (Sheth et al., 1991a) is proposed. It identifies the main value-adding elements in m-applications and the primary drivers for adopting m-applications. Findings revealed that bank managers attempted to support customers’ value creation, which was reflected in MB-application content. However, support was constrained by some insufficient assumptions about customers and the m-commerce architecture. Factors that impede MB-applications use include consumers’ banking habits, perceived risk (security and privacy); usability hindrance, marketing and promotion, technical problems, and socio-cultural barriers. Implications are drawn for service delivery value perception and mobile marketing theory, and recommendations are made to service suppliers and commercial banks to achieve sustained returns of investment from MB-applications services

Next Generation Business Ecosystems: Engineering Decentralized Markets, Self-Sovereign Identities and Tokenization

Digital transformation research increasingly shifts from studying information systems within organizations towards adopting an ecosystem perspective, where multiple actors co-create value. While digital platforms have become a ubiquitous phenomenon in consumer-facing industries, organizations remain cautious about fully embracing the ecosystem concept and sharing data with external partners. Concerns about the market power of platform orchestrators and ongoing discussions on privacy, individual empowerment, and digital sovereignty further complicate the widespread adoption of business ecosystems, particularly in the European Union. In this context, technological innovations in Web3, including blockchain and other distributed ledger technologies, have emerged as potential catalysts for disrupting centralized gatekeepers and enabling a strategic shift towards user-centric, privacy-oriented next-generation business ecosystems. However, existing research efforts focus on decentralizing interactions through distributed network topologies and open protocols lack theoretical convergence, resulting in a fragmented and complex landscape that inadequately addresses the challenges organizations face when transitioning to an ecosystem strategy that harnesses the potential of disintermediation. To address these gaps and successfully engineer next-generation business ecosystems, a comprehensive approach is needed that encompasses the technical design, economic models, and socio-technical dynamics. This dissertation aims to contribute to this endeavor by exploring the implications of Web3 technologies on digital innovation and transformation paths. Drawing on a combination of qualitative and quantitative research, it makes three overarching contributions: First, a conceptual perspective on \u27tokenization\u27 in markets clarifies its ambiguity and provides a unified understanding of the role in ecosystems. This perspective includes frameworks on: (a) technological; (b) economic; and (c) governance aspects of tokenization. Second, a design perspective on \u27decentralized marketplaces\u27 highlights the need for an integrated understanding of micro-structures, business structures, and IT infrastructures in blockchain-enabled marketplaces. This perspective includes: (a) an explorative literature review on design factors; (b) case studies and insights from practitioners to develop requirements and design principles; and (c) a design science project with an interface design prototype of blockchain-enabled marketplaces. Third, an economic perspective on \u27self-sovereign identities\u27 (SSI) as micro-structural elements of decentralized markets. This perspective includes: (a) value creation mechanisms and business aspects of strategic alliances governing SSI ecosystems; (b) business model characteristics adopted by organizations leveraging SSI; and (c) business model archetypes and a framework for SSI ecosystem engineering efforts. The dissertation concludes by discussing limitations as well as outlining potential avenues for future research. These include, amongst others, exploring the challenges of ecosystem bootstrapping in the absence of intermediaries, examining the make-or-join decision in ecosystem emergence, addressing the multidimensional complexity of Web3-enabled ecosystems, investigating incentive mechanisms for inter-organizational collaboration, understanding the role of trust in decentralized environments, and exploring varying degrees of decentralization with potential transition pathways