Dynamic deployment of context-aware access control policies for constrained security devices

Securing the access to a server, guaranteeing a certain level of protection over an encrypted communication channel, executing particular counter measures when attacks are detected are examples of security requirements. Such requirements are identi ed based on organizational purposes and expectations in terms of resource access and availability and also on system vulnerabilities and threats. All these requirements belong to the so-called security policy. Deploying the policy means enforcing, i.e., con guring, those security components and mechanisms so that the system behavior be nally the one speci ed by the policy. The deployment issue becomes more di cult as the growing organizational requirements and expectations generally leave behind the integration of new security functionalities in the information system: the information system will not always embed the necessary security functionalities for the proper deployment of contextual security requirements. To overcome this issue, our solution is based on a central entity approach which takes in charge unmanaged contextual requirements and dynamically redeploys the policy when context changes are detected by this central entity. We also present an improvement over the OrBAC (Organization-Based Access Control) model. Up to now, a controller based on a contextual OrBAC policy is passive, in the sense that it assumes policy evaluation triggered by access requests. Therefore, it does not allow reasoning about policy state evolution when actions occur. The modi cations introduced by our work overcome this limitation and provide a proactive version of the model by integrating concepts from action speci cation languages

Context-aware Authorization in Highly Dynamic Environments

Highly dynamic computing environments, like ubiquitous and pervasive computing environments, require frequent adaptation of applications. Context is a key to adapt suiting user needs. On the other hand, standard access control trusts users once they have authenticated, despite the fact that they may reach unauthorized contexts. We analyse how taking into account dynamic information like context in the authorization subsystem can improve security, and how this new access control applies to interaction patterns, like messaging or eventing. We experiment and validate our approach using context as an authorization factor for eventing in Web service for device (like UPnP or DPWS), in smart home security

Active architecture for pervasive contextual services

International Workshop on Middleware for Pervasive and Ad-hoc Computing MPAC 2003), ACM/IFIP/USENIX International Middleware Conference (Middleware 2003), Rio de Janeiro, Brazil This work was supported by the FP5 Gloss project IST2000-26070, with partners at Trinity College Dublin and Université Joseph Fourier, and by EPSRC grants GR/M78403/GR/M76225, Supporting Internet Computation in Arbitrary Geographical Locations, and GR/R45154, Bulk Storage of XML Documents.Pervasive services may be defined as services that are available "to any client (anytime, anywhere)". Here we focus on the software and network infrastructure required to support pervasive contextual services operating over a wide area. One of the key requirements is a matching service capable of as-similating and filtering information from various sources and determining matches relevant to those services. We consider some of the challenges in engineering a globally distributed matching service that is scalable, manageable, and able to evolve incrementally as usage patterns, data formats, services, network topologies and deployment technologies change. We outline an approach based on the use of a peer-to-peer architecture to distribute user events and data, and to support the deployment and evolution of the infrastructure itself.Peer reviewe

Active architecture for pervasive contextual services

Pervasive services may be defined as services that are available to any client (anytime, anywhere). Here we focus on the software and network infrastructure required to support pervasive contextual services operating over a wide area. One of the key requirements is a matching service capable of assimilating and filtering information from various sources and determining matches relevant to those services. We consider some of the challenges in engineering a globally distributed matching service that is scalable, manageable, and able to evolve incrementally as usage patterns, data formats, services, network topologies and deployment technologies change. We outline an approach based on the use of a peer-to-peer architecture to distribute user events and data, and to support the deployment and evolution of the infrastructure itself

The contextual database of the generations and gender program in Bulgaria: conceptual framework and an overview of the Bulgarian context concerning the central database topics

This paper outlines the concept and content of the Contextual Database of the international Generations and Gender Program and gives an overview of the context of demographic behavior in Bulgaria. The Contextual Database provides an instrument that together with the Generations and Gender Survey allows studying how differences in context shape demographic processes. The database offers the opportunity to analyze in a comparative way the interaction between the micro and macro dimension. Bulgaria is among the first countries fielding the Generations and Gender Survey and that is engaged in contextual data collection within this comparative framework. While both micro- and contextual data for Bulgaria will become available in the course of the year 2005, we present in this paper a text contribution that provides an overview of the Bulgarian context and introduces the list of variables that make up the database.Bulgaria, data collection

The contextual database of the Generations and Gender Program: overview, conceptual framework and the link to the Generations and Gender Survey

This paper follows two aims. First it intends to give an overview of the contextual database of the Generations and Gender Program and how it is linked to the Generations and Gender Survey. Secondly, it provides a documentation of the approaches taken towards the conceptual definition and construction of the database. The document consists of two parts. The first gives a brief description of the underlying ideas of the database and the approach taken in order to develop its conceptual framework and construct the database. The second part is a note on the link between the Generations and Gender Survey and the contextual database. Starting from the GGS questionnaire, the main interfaces between micro data and contextual domains are investigated.data collection

Closing the loop of SIEM analysis to Secure Critical Infrastructures

Critical Infrastructure Protection is one of the main challenges of last years. Security Information and Event Management (SIEM) systems are widely used for coping with this challenge. However, they currently present several limitations that have to be overcome. In this paper we propose an enhanced SIEM system in which we have introduced novel components to i) enable multiple layer data analysis; ii) resolve conflicts among security policies, and discover unauthorized data paths in such a way to be able to reconfigure network devices. Furthermore, the system is enriched by a Resilient Event Storage that ensures integrity and unforgeability of events stored.Comment: EDCC-2014, BIG4CIP-2014, Security Information and Event Management, Decision Support System, Hydroelectric Da

The Contextual Database of the Generations and Gender Program

The increasing recognition that the study of human behaviors has to take into account the multiple contexts in which they occur has opened a promising research avenue in social sciences. It also presents new challenges, e.g., to complement micro-level surveys with the collection of meaningful contextual data within a common conceptual framework. The Contextual Database of the Generations and Gender Program aims at responding to the new data demands by providing a comparative collection of around 210 variables on a national and sub-national level, thus complementing the individual-level data collected in the Generations and Gender Survey.World, comparative analysis, data banks