Dynamic deployment of context-aware access control policies for constrained security devices

Securing the access to a server, guaranteeing a certain level of protection over an encrypted communication channel, executing particular counter measures when attacks are detected are examples of security requirements. Such requirements are identi ed based on organizational purposes and expectations in terms of resource access and availability and also on system vulnerabilities and threats. All these requirements belong to the so-called security policy. Deploying the policy means enforcing, i.e., con guring, those security components and mechanisms so that the system behavior be nally the one speci ed by the policy. The deployment issue becomes more di cult as the growing organizational requirements and expectations generally leave behind the integration of new security functionalities in the information system: the information system will not always embed the necessary security functionalities for the proper deployment of contextual security requirements. To overcome this issue, our solution is based on a central entity approach which takes in charge unmanaged contextual requirements and dynamically redeploys the policy when context changes are detected by this central entity. We also present an improvement over the OrBAC (Organization-Based Access Control) model. Up to now, a controller based on a contextual OrBAC policy is passive, in the sense that it assumes policy evaluation triggered by access requests. Therefore, it does not allow reasoning about policy state evolution when actions occur. The modi cations introduced by our work overcome this limitation and provide a proactive version of the model by integrating concepts from action speci cation languages

ConXsense - Automated Context Classification for Context-Aware Access Control

We present ConXsense, the first framework for context-aware access control on mobile devices based on context classification. Previous context-aware access control systems often require users to laboriously specify detailed policies or they rely on pre-defined policies not adequately reflecting the true preferences of users. We present the design and implementation of a context-aware framework that uses a probabilistic approach to overcome these deficiencies. The framework utilizes context sensing and machine learning to automatically classify contexts according to their security and privacy-related properties. We apply the framework to two important smartphone-related use cases: protection against device misuse using a dynamic device lock and protection against sensory malware. We ground our analysis on a sociological survey examining the perceptions and concerns of users related to contextual smartphone security and analyze the effectiveness of our approach with real-world context data. We also demonstrate the integration of our framework with the FlaskDroid architecture for fine-grained access control enforcement on the Android platform.Comment: Recipient of the Best Paper Awar

Disappearing Legal Black Holes and Converging Domains: Changing Individual Rights Protection in National Security and Foreign Affairs

This Essay attempts to describe what is distinctive about the way the protection of individual rights in the areas of national security and foreign affairs has been occurring in recent decades. Historically, the right to protection under the U.S. Constitution and courts has been sharply limited by categorical distinctions based on geography, war, and, to some extent, citizenship. These categorical rules carved out domains where the courts and Constitution provided protections and those where they did not. The institutional design and operating rules of the national security state tracked these formal, categorical rules about the boundaries of protection. There have been many “legal black holes” historically, domains where legal protections did not exist for certain people. Foreign affairs and national security have historically been areas defined by their legal black holes. In recent years, legal black holes are disappearing, and previously distinct domains are converging. The importance of U.S. citizenship to protection under the Constitution and courts is decreasing, formal barriers to legal protection and judicial review based on geography and war are dissolving, and the dissolution of these categorical boundaries is changing the design and operation of the national security state. National security and foreign affairs law is being domesticated and normalized, as rights protections available in ordinary, domestic, peacetime contexts are extended into what were previously legal black holes. The jurisprudence of categorization and boundary-marking is fading away. The core of this Essay identifies, names, and discusses these trends, seeking to give a vocabulary and conceptual and historical coherence to current discussions of individual rights protection in national security and foreign affairs contexts. Secondarily, this Essay suggests some factors that might be driving convergence and closing of legal black holes today. Because most of these potential causal drivers are still exerting their force on the shape of the law, this Essay concludes that the future of national security law will likely see more convergence and fewer black legal holes and then offers several specific predictions

CRiBAC: Community-centric role interaction based access control model

As one of the most efficient solutions to complex and large-scale problems, multi-agent cooperation has been in the limelight for the past few decades. Recently, many research projects have focused on context-aware cooperation to dynamically provide complex services. As cooperation in the multi-agent systems (MASs) becomes more common, guaranteeing the security of such cooperation takes on even greater importance. However, existing security models do not reflect the agents' unique features, including cooperation and context-awareness. In this paper, we propose a Community-based Role interaction-based Access Control model (CRiBAC) to allow secure cooperation in MASs. To do this, we refine and extend our preliminary RiBAC model, which was proposed earlier to support secure interactions among agents, by introducing a new concept of interaction permission, and then extend it to CRiBAC to support community-based cooperation among agents. We analyze potential problems related to interaction permissions and propose two approaches to address them. We also propose an administration model to facilitate administration of CRiBAC policies. Finally, we present the implementation of a prototype system based on a sample scenario to assess the proposed work and show its feasibility. © 2012 Elsevier Ltd. All rights reserved

HIV/AIDS, Security and Conflict: New Realities, New Responses

Ten years after the HIV/AIDS epidemic itself was identified as a threat to international peace and security, findings from the three-year AIDS, Security and Conflict Initiative (ASCI)(1) present evidence of the mutually reinforcing dynamics linking HIV/AIDS, conflict and security

Overview of Constitutional Challenges to NSA Collection Activities and Recent Developments

[Excerpt] Beginning in the summer of 2013, media reports of foreign intelligence activities conducted by the National Security Agency (NSA) have been published and are apparently based on unauthorized disclosures of classified information by Edward Snowden, a former NSA contractor. The reports have focused on two main NSA collection activities conducted under the auspices of the Foreign Intelligence Surveillance Act (FISA) of 1978. The first is the bulk collection of telephony metadata for domestic and international telephone calls. The second involves the interception of Internet-based communications and is targeted at foreigners who are not within the United States, but may also inadvertently acquire the communications of U.S. persons. As the public’s awareness of these programs has grown, Members of Congress and the public have increasingly voiced concerns about the constitutionality of these programs. This report provides a description of these two programs and the various constitutional challenges that have arisen in judicial forums with respect to each. Although a brief overview of the constitutional arguments and issues raised in the assorted cases is included, a detailed analysis or evaluation of those arguments is beyond the scope of this report