94,082 research outputs found
Formal model and policy specification of usage control
The recent usage control model (UCON) is a foundation for next-generation access control models with distinguishing properties of decision continuity and attribute mutability. A usage control decision is determined by combining authorizations, obligations, and conditions, presented as UCON ABC core models by Park and Sandhu. Based on these core aspects, we develop a formal model and logical specification of UCON with an extension of Lamport's temporal logic of actions (TLA). The building blocks of this model include: (1) a set of sequences of system states based on the attributes of subjects, objects, and the system, (2) authorization predicates based on subject and object attributes, (3) usage control actions to update attributes and accessing status of a usage process, (4) obligation actions, and (5) condition predicates based on system attributes. A usage control policy is defined as a set of temporal logic formulas that are satisfied as the system state changes. A fixed set of scheme rules is defined to specify general UCON policies with the properties of soundness and completeness. We show the flexibility and expressive capability of this formal model by specifying the core models of UCON and some applications. © 2005 ACM
On Usage Control for GRID Systems
This paper introduces a formal model, an architecture and a prototype implementation for usage control on GRID systems. The usage control model (UCON) is a new access control paradigm proposed by Park and Sandhu that encompasses and extends several existing models (e.g. MAC, DAC, Bell-Lapadula, RBAC, etc). Its main novelty is based on continuity of the access monitoring and mutability of attributes of subjects and objects. We identified this model as a perfect candidate for managing access/usage control in GRID systems due to their peculiarities, where continuity of control is a central issue. Here we adapt the original UCON model to develop a full model for usage control in GRID systems. We use as policy specification language a process description language and show how this is suitable to model the usage policy models of the original UCON model. We also describe a possible architecture to implement the usage control model. Moreover, we describe a prototype implementation for usage control of GRID computational services, and we show how our language can be used to define a security policy that regulates the usage of network communications to protect the local computational service from the applications that are executed on behalf of remote GRID users
A Framework for an Adaptive Early Warning and Response System for Insider Privacy Breaches
Organisations such as governments and healthcare bodies are increasingly responsible for managing large amounts of personal information, and the increasing complexity of modern information systems is causing growing concerns about the protection of these assets from insider threats. Insider threats are very difficult to handle, because the insiders have direct access to information and are trusted by their organisations. The nature of insider privacy breaches varies with the organisation’s acceptable usage policy and the attributes of an insider. However, the level of risk that insiders pose depends on insider breach scenarios including their access patterns and contextual information, such as timing of access. Protection from insider threats is a newly emerging research area, and thus, only few approaches are available that systemise the continuous monitoring of dynamic insider usage characteristics and adaptation depending on the level of risk. The aim of this research is to develop a formal framework for an adaptive early warning and response system for insider privacy breaches within dynamic software systems. This framework will allow the specification of multiple policies at different risk levels, depending on event patterns, timing constraints, and the enforcement of adaptive response actions, to interrupt insider activity.
Our framework is based on Usage Control (UCON), a comprehensive model that controls previous, ongoing, and subsequent resource usage. We extend UCON to include interrupt policy decisions, in which multiple policy decisions can be expressed at different risk levels. In particular, interrupt policy decisions can be dynamically adapted upon the occurrence of an event or over time. We propose a computational model that represents the concurrent behaviour of an adaptive early warning and response system in the form of statechart. In addition, we propose a Privacy Breach Specification Language (PBSL) based on this computational model, in which event patterns, timing constraints, and the triggered early warning level are expressed in the form of policy rules. The main features of PBSL are its expressiveness, simplicity, practicality, and formal semantics. The formal semantics of the PBSL, together with a model of the mechanisms enforcing the policies, is given in an operational style. Enforcement mechanisms, which are defined by the outcomes of the policy rules, influence the system state by mutually interacting between the policy rules and the system behaviour. We demonstrate the use of this PBSL with a case study from the e-government domain that includes some real-world insider breach scenarios. The formal framework utilises a tool that supports the animation of the enforcement and policy models. This tool also supports the model checking used to formally verify the safety and progress properties of the system over the policy and the enforcement specifications
Secure data sharing and processing in heterogeneous clouds
The extensive cloud adoption among the European Public Sector Players empowered them to own and operate a range of cloud infrastructures. These deployments vary both in the size and capabilities, as well as in the range of employed technologies and processes. The public sector, however, lacks the necessary technology to enable effective, interoperable and secure integration of a multitude of its computing clouds and services. In this work we focus on the federation of private clouds and the approaches that enable secure data sharing and processing among the collaborating infrastructures and services of public entities. We investigate the aspects of access control, data and security policy languages, as well as cryptographic approaches that enable fine-grained security and data processing in semi-trusted environments. We identify the main challenges and frame the future work that serve as an enabler of interoperability among heterogeneous infrastructures and services. Our goal is to enable both security and legal conformance as well as to facilitate transparency, privacy and effectivity of private cloud federations for the public sector needs. © 2015 The Authors
Incremental Control Synthesis in Probabilistic Environments with Temporal Logic Constraints
In this paper, we present a method for optimal control synthesis of a plant
that interacts with a set of agents in a graph-like environment. The control
specification is given as a temporal logic statement about some properties that
hold at the vertices of the environment. The plant is assumed to be
deterministic, while the agents are probabilistic Markov models. The goal is to
control the plant such that the probability of satisfying a syntactically
co-safe Linear Temporal Logic formula is maximized. We propose a
computationally efficient incremental approach based on the fact that temporal
logic verification is computationally cheaper than synthesis. We present a
case-study where we compare our approach to the classical non-incremental
approach in terms of computation time and memory usage.Comment: Extended version of the CDC 2012 pape
Towards Data Protection Compliance
Privacy and data protection are fundamental issues nowadays for every organization. This paper calls for the development of methods, techniques and infrastructure to allow the deployment of privacy-aware IT systems, in which humans are integral part of the organizational processes and accountable for their possible misconduct. In particular, we discuss the challenges to be addressed in order to improve organizations privacy practices, as well as the approach to ensure compliance with legal requirements and increasing efficiency
A Declarative Framework for Specifying and Enforcing Purpose-aware Policies
Purpose is crucial for privacy protection as it makes users confident that
their personal data are processed as intended. Available proposals for the
specification and enforcement of purpose-aware policies are unsatisfactory for
their ambiguous semantics of purposes and/or lack of support to the run-time
enforcement of policies.
In this paper, we propose a declarative framework based on a first-order
temporal logic that allows us to give a precise semantics to purpose-aware
policies and to reuse algorithms for the design of a run-time monitor enforcing
purpose-aware policies. We also show the complexity of the generation and use
of the monitor which, to the best of our knowledge, is the first such a result
in literature on purpose-aware policies.Comment: Extended version of the paper accepted at the 11th International
Workshop on Security and Trust Management (STM 2015
Supporting Management lnteraction and Composition of Self-Managed Cells
Management in ubiquitous systems cannot rely on human intervention or centralised
decision-making functions because systems are complex and devices
are inherently mobile and cannot refer to centralised management applications
for reconfiguration and adaptation directives. Management must be devolved,
based on local decision-making and feedback control-loops embedded in autonomous
components. Previous work has introduced a Self-Managed Cell (SMC)
as an infrastructure for building ubiquitous applications. An SMC consists
of a set of hardware and software components that implement a policy-driven
feedback control-loop. This allows SMCs to adapt continually to changes in
their environment or in their usage requirements. Typical applications include
body-area networks for healthcare monitoring, and communities of unmanned
autonomous vehicles (UAVs) for surveillance and reconnaissance operations.
Ubiquitous applications are typically formed from multiple interacting autonomous
components, which establish peer-to-peer collaborations, federate and
compose into larger structures. Components must interact to distribute management
tasks and to enforce communication strategies. This thesis presents
an integrated framework which supports the design and the rapid establishment
of policy-based SMC interactions by systematically composing simpler abstractions
as building elements of a more complex collaboration. Policy-based
interactions are realised – subject to an extensible set of security functions –
through the exchanges of interfaces, policies and events, and our framework
was designed to support the specification, instantiation and reuse of patterns of
interaction that prescribe the manner in which these exchanges are achieved.
We have defined a library of patterns that provide reusable abstractions for
the structure, task-allocation and communication aspects of an interaction,
which can be individually combined for building larger policy-based systems in
a methodical manner. We have specified a formal model to ensure the rigorous
verification of SMC interactions before policies are deployed in physical devices.
A prototype has been implemented that demonstrates the practical feasibility
of our framework in constrained resources
- …