BCON : Blockchain Based Access CONtrol across Multiple Conflict of Interest Domains

In today's on-demand computing and virtual coalition environment, cross-domain services are acquired and provided. These business domains may belong to either the same or different conflict of interest system. “Transitive access” can cause leakage of information between competitors through some other conflict of interest system's member. Therefore, a secure access control mechanism is required to detect and deny “transitive access” efficiently with minimal trust in externalist. Existing access control mechanisms focused on either single or multiple conflict of interest domains but with no “transitive access”. In addition, these existing mechanisms are centralized with inherited unfair access control and are a single point of failure. Blockchain (BC) is a shared digital ledger encompassing a list of connected blocks stored on a decentralized distributed network that is secured through cryptography. We propose a BC based access control for conflict of interest domains. We have integrated a BC in our architecture to make access control fair, verifiable and decentralized. Users access histories and “transitive accesses” are stored on BC ledger. We propose a novel mechanism called “Transitive Access Checking and Enforcement (TACE)” i.e., “Algorithm.1”. It makes an authorization decision based on BC endorsement that “transitive access” will not occur. “Algorithm.2” verifies and updates users access histories stored at BC before each request approval. Similarly, “Algorithm.3” detects possible future “transitive accesses” and updates Transitive Access Set (TAS) stored at BC after each request approval. The Simple Promela Interpreter (SPIN) model checker is used to verify the proposed mechanisms for “transitive access” detection and prevention. We have identified four conflicting sequences of execution that can cause “transitive access”. Results show that the proposed mechanism is safe against “transitive access” by checking all the four possible conflicting sequences of execution

Mashup Ecosystems: Integrating Web Resources on Desktop and Mobile Devices

The Web is increasingly used as an application platform, and recent development of it has introduced software ecosystems where different actors collaborate. This collaboration is international from day one, and it evolves and grows rapidly. In web ecosystems applications are provided as services, and interdependencies between ecosystem parts can vary from very strong and obvious to loose and recondite. Mashups -- web application hybrids that combine resources from different services into an integrated system that has increased value from user perspective -- are exploiting services of the Web and creating ecosystems where end-users, mashup authors, and service providers collaborate. The term "resources" is used here in a broad sense, and it can refer to user's local data, infinite content of the Web, and even executable code. This dissertation presents mashups as a new breed of web applications that are intended for parsing the web content into an easily accessed form on both regular desktop computers as well as on mobile devices. Constantly evolving web technologies and new web services open up unforeseen possibilities for mashup development. However, developing mashups with current methods and tools for existing deployment environments is challenging. First, the Web as an application platform faces numerous shortcomings, second, web application development practices in general are still immature, and third, development of mashups has additional requirements that need to be addressed. In addition, mobility sets even more challenges for mashup authoring. This dissertation describes and addresses numerous issues regarding mashup ecosystems and client-side mashup development. To achieve this, we have implemented technical research artifacts including mashup ecosystems and different kinds of mashup compositions. The artifacts are developed with numerous runtime environments and tools and targeted at different end-user platforms. This has allowed us to evaluate methods, tools, and practises used during the implementation. As result, this dissertation identifies the fundamental challenges of mashup ecosystems and describes how service providers and mashup ecosystem authors can address these challenges in practice. In addition, example implementation of a specialized multimedia mashup ecosystem for mobile devices is described. To address mashup development issues, this dissertation introduces practical guidelines and a reference architecture that can be applied when mashups are created with traditional web development tools. Moreover, environments that can be used on mobile devices to create mashups that have access to both web and local resources are introduced. Finally, a novel approach to web software development -- creating software as a mashup -- is introduced, and a realization of such concept is described

Formal Verification of the xDAuth Protocol

Service-oriented architecture offers a flexible paradigm for information flow among collaborating organizations. As information moves out of an organization boundary, various security concerns may arise, such as confidentiality, integrity, and authenticity that needs to be addressed. Moreover, verifying the correctness of the communication protocol is also an important factor. This paper focuses on the formal verification of the xDAuth protocol, which is one of the prominent protocols for identity management in cross domain scenarios. We have modeled the information flow of xDAuth protocol using high-level Petri nets to understand the protocol information flow in a distributed environment. We analyze the rules of information flow using Z language, while Z3 SMT solver is used for the verification of the model. Our formal analysis and verification results reveal the fact that the protocol fulfills its intended purpose and provides the security for the defined protocol specific properties, e.g., secure secret key authentication, and Chinese wall security policy and secrecy specific properties, e.g., confidentiality, integrity, and authenticity