20,227 research outputs found
Dynamic User Role Assignment in Remote Access Control
The Role-Based Access Control (RBAC) model has been widely applied to a single domain in which users are known to the administrative unit of that domain, beforehand. However, the application of the conventional RBAC model for remote access control scenarios is not straightforward. In such scenarios, the access requestor is outside of the provider domain and thus, the user population is heterogeneous and dynamic. Here, the main challenge is to automatically assign users to appropriate roles of the provider domain. Trust management has been proposed as a supporting technique to solve the problem of remote access control. The key idea is to establish a mutual trust between the requestor and provider based on credentials they exchange. However, a credential doesn't convey any information about the behavior of its holder during the time it is being used. Furthermore, in terms of privileges granted to the requestor, existing trust management systems are either too restrictive or not restrictive enough. In this paper, we propose a new dynamic user-role assignment approach for remote access control, where a stranger requests for access from a provider domain. Our approach has two advantages compared to the existing dynamic user-role assignment techniques. Firstly, it addresses the principle of least privilege without degrading the efficiency of the access control system. Secondly, it takes into account both credentials and the past behavior of the requestor in such a way that he cannot compensate for the lack of necessary credentials by having a good past behavior
Toward Semantics-aware Representation of Digital Business Processes
An extended enterprise (EE) can be described by a set of models each representing a specific aspect of the EE.
Aspects can for example be the process flow or the value description. However, different models are done by different
people, which may use different terminology, which prevents relating the models. Therefore, we propose a framework
consisting of process flow and value aspects and in addition a static domain model with structural and relational
components. Further, we outline the usage of the static domain model to enable relating the different aspects
Pay as You Go: A Generic Crypto Tolling Architecture
The imminent pervasive adoption of vehicular communication, based on
dedicated short-range technology (ETSI ITS G5 or IEEE WAVE), 5G, or both, will
foster a richer service ecosystem for vehicular applications. The appearance of
new cryptography based solutions envisaging digital identity and currency
exchange are set to stem new approaches for existing and future challenges.
This paper presents a novel tolling architecture that harnesses the
availability of 5G C-V2X connectivity for open road tolling using smartphones,
IOTA as the digital currency and Hyperledger Indy for identity validation. An
experimental feasibility analysis is used to validate the proposed architecture
for secure, private and convenient electronic toll payment
Development and Performance Evaluation of a Connected Vehicle Application Development Platform (CVDeP)
Connected vehicle (CV) application developers need a development platform to build,
test and debug real-world CV applications, such as safety, mobility, and environmental
applications, in edge-centric cyber-physical systems. Our study objective is to develop
and evaluate a scalable and secure CV application development platform (CVDeP)
that enables application developers to build, test and debug CV applications in realtime.
CVDeP ensures that the functional requirements of the CV applications meet the
corresponding requirements imposed by the specific applications. We evaluated the
efficacy of CVDeP using two CV applications (one safety and one mobility application)
and validated them through a field experiment at the Clemson University Connected
Vehicle Testbed (CU-CVT). Analyses prove the efficacy of CVDeP, which satisfies the
functional requirements (i.e., latency and throughput) of a CV application while
maintaining scalability and security of the platform and applications
Recommended from our members
Secure & trusted communication in emergency situations
In this paper we propose SETS, a protocol with main aim to provide secure and private communication during emergency situations. SETS achieves security of the exchanged information, attack resilience and user’s privacy. In addition, SETS can be easily adapted for mobile devices, since field experimental results show the effectiveness of the protocol on actual smart-phone platforms
Data Minimisation in Communication Protocols: A Formal Analysis Framework and Application to Identity Management
With the growing amount of personal information exchanged over the Internet,
privacy is becoming more and more a concern for users. One of the key
principles in protecting privacy is data minimisation. This principle requires
that only the minimum amount of information necessary to accomplish a certain
goal is collected and processed. "Privacy-enhancing" communication protocols
have been proposed to guarantee data minimisation in a wide range of
applications. However, currently there is no satisfactory way to assess and
compare the privacy they offer in a precise way: existing analyses are either
too informal and high-level, or specific for one particular system. In this
work, we propose a general formal framework to analyse and compare
communication protocols with respect to privacy by data minimisation. Privacy
requirements are formalised independent of a particular protocol in terms of
the knowledge of (coalitions of) actors in a three-layer model of personal
information. These requirements are then verified automatically for particular
protocols by computing this knowledge from a description of their
communication. We validate our framework in an identity management (IdM) case
study. As IdM systems are used more and more to satisfy the increasing need for
reliable on-line identification and authentication, privacy is becoming an
increasingly critical issue. We use our framework to analyse and compare four
identity management systems. Finally, we discuss the completeness and
(re)usability of the proposed framework
ROSA: Realistic Open Security Architecture for active networks
Proceedings of IFIP-TC6 4th International Working Conference, IWAN 2002 Zurich, Switzerland, December 4–6, 2002.Active network technology enables fast deployment of new network
services tailored to the specific needs of end users, among other features.
Nevertheless, security is still a main concern when considering the industrial
adoption of this technology. In this article we describe an open security
architecture for active network platforms that follow the discrete approach. The
proposed solution provides all the required security features, and it also grants
proper scalability of the overall system, by using a distributed key-generation
algorithm. The performance of the proposal is validated with experimental data
obtained from a prototype implementation of the solution.Publicad
I2PA : An Efficient ABC for IoT
Internet of Things (IoT) is very attractive because of its promises. However,
it brings many challenges, mainly issues about privacy preserving and
lightweight cryptography. Many schemes have been designed so far but none of
them simultaneously takes into account these aspects. In this paper, we propose
an efficient ABC scheme for IoT devices. We use ECC without pairing, blind
signing and zero knowledge proof. Our scheme supports block signing, selective
disclosure and randomization. It provides data minimization and transactions'
unlinkability. Our construction is efficient since smaller key size can be used
and computing time can be reduced. As a result, it is a suitable solution for
IoT devices characterized by three major constraints namely low energy power,
small storage capacity and low computing power
SciTokens: Capability-Based Secure Access to Remote Scientific Data
The management of security credentials (e.g., passwords, secret keys) for
computational science workflows is a burden for scientists and information
security officers. Problems with credentials (e.g., expiration, privilege
mismatch) cause workflows to fail to fetch needed input data or store valuable
scientific results, distracting scientists from their research by requiring
them to diagnose the problems, re-run their computations, and wait longer for
their results. In this paper, we introduce SciTokens, open source software to
help scientists manage their security credentials more reliably and securely.
We describe the SciTokens system architecture, design, and implementation
addressing use cases from the Laser Interferometer Gravitational-Wave
Observatory (LIGO) Scientific Collaboration and the Large Synoptic Survey
Telescope (LSST) projects. We also present our integration with widely-used
software that supports distributed scientific computing, including HTCondor,
CVMFS, and XrootD. SciTokens uses IETF-standard OAuth tokens for
capability-based secure access to remote scientific data. The access tokens
convey the specific authorizations needed by the workflows, rather than
general-purpose authentication impersonation credentials, to address the risks
of scientific workflows running on distributed infrastructure including NSF
resources (e.g., LIGO Data Grid, Open Science Grid, XSEDE) and public clouds
(e.g., Amazon Web Services, Google Cloud, Microsoft Azure). By improving the
interoperability and security of scientific workflows, SciTokens 1) enables use
of distributed computing for scientific domains that require greater data
protection and 2) enables use of more widely distributed computing resources by
reducing the risk of credential abuse on remote systems.Comment: 8 pages, 6 figures, PEARC '18: Practice and Experience in Advanced
Research Computing, July 22--26, 2018, Pittsburgh, PA, US
- …