Privacy Issues in Web Services: An Ontology Based Solution

AbstractPrivacy is the right of a person to specify that when, how and to what amount information about him is disclosed to others. Due to the tremendous use and popularity of web services, the likelihood of intentional and unintentional privacy disclosures is also increasing. The web services users generate a rich amount of information when they browse the websites of the service providers, access social networking sites to post their comments & product reviews, and store their data in the cloud. The data such generated is a voluminous and valuable treasure for the marketers as well as advertisers. The emerging technologies and fast increasing online activities of users are posing new threats to user's privacy and digital life. While accessing the web services, users unknowingly agree to the privacy policy of the service provider through which they authorize the service providers to collect and share their personally identifiable information. Most of the users think that while accepting the privacy policy of the service provider, they are protecting their privacy but actually they are signing the policy which informs them about the privacy rights they are surrendering to the service providers. In this paper, we aim to minimise the privacy related information disclosure of the user through various prevalent semantic web based technologies

An overview of security ontologies

This paper presents an overview of ontologies in Information Systems Security. Information Systems Security is a broad and dynamic area that clearly benefits from the formalizations of concepts provided by ontologies. After a very short presentation of ontologies and Semantic Web, several works in Security Ontologies targeting different aspects of security engineering are presented together with another study that compares several publicly available security ontologies

A SEMANTIC BASED POLICY MANAGEMENT FRAMEWORK FOR CLOUD COMPUTING ENVIRONMENTS

Cloud computing paradigm has gained tremendous momentum and generated intensive interest. Although security issues are delaying its fast adoption, cloud computing is an unstoppable force and we need to provide security mechanisms to ensure its secure adoption. In this dissertation, we mainly focus on issues related to policy management and access control in the cloud. Currently, users have to use diverse access control mechanisms to protect their data when stored on the cloud service providers (CSPs). Access control policies may be specified in different policy languages and heterogeneity of access policies pose significant problems.An ideal policy management system should be able to work with all data regardless of where they are stored. Semantic Web technologies when used for policy management, can help address the crucial issues of interoperability of heterogeneous CSPs. In this dissertation, we propose a semantic based policy management framework for cloud computing environments which consists of two main components, namely policy management and specification component and policy evolution component. In the policy management and specification component, we first introduce policy management as a service (PMaaS), a cloud based policy management framework that give cloud users a unified control point for specifying authorization policies, regardless of where the data is stored. Then, we present semantic based policy management framework which enables users to specify access control policies using semantic web technologies and helps address heterogeneity issues of cloud computing environments. We also model temporal constraints and restrictions in GTRBAC using OWL and show how ontologies can be used to specify temporal constraints. We present a proof of concept implementation of the proposed framework and provide some performance evaluation. In the policy evolution component, we propose to use role mining techniques to deal with policy evolution issues and present StateMiner, a heuristic algorithm to find an RBAC state as close as possible to both the deployed RBAC state and the optimal state. We also implement the proposed algorithm and perform some experiments to demonstrate its effectiveness

Cyber-security Risk Assessment

Cyber-security domain is inherently dynamic. Not only does system configuration changes frequently (with new releases and patches), but also new attacks and vulnerabilities are regularly discovered. The threat in cyber-security is human, and hence intelligent in nature. The attacker adapts to the situation, target environment, and countermeasures. Attack actions are also driven by attacker's exploratory nature, thought process, motivation, strategy, and preferences. Current security risk assessment is driven by cyber-security expert's theories about this attacker behavior. The goal of this dissertation is to automatically generate the cyber-security risk scenarios by: * Capturing diverse and dispersed cyber-security knowledge * Assuming that there are unknowns in the cyber-security domain, and new knowledge is available frequently * Emulating the attacker's exploratory nature, thought process, motivation, strategy, preferences and his/her interaction with the target environment * Using the cyber-security expert's theories about attacker behavior The proposed framework is designed by using the unique cyber-security domain requirements identified in this dissertation and by overcoming the limitations of current risk scenario generation frameworks. The proposed framework automates the risk scenario generation by using the knowledge as it becomes available (or changes). It supports observing, encoding, validating, and calibrating cyber-security expert's theories. It can also be used for assisting the red-teaming process. The proposed framework generates ranked attack trees and encodes the attacker behavior theories. These can be used for prioritizing vulnerability remediation. The proposed framework is currently being extended for developing an automated threat response framework that can be used to analyze and recommend countermeasures. This framework contains behavior driven countermeasures that uses the attacker behavior theories to lead the attacker away from the system to be protected

Securely sharing dynamic medical information in e-health

This thesis has introduced an infrastructure to share dynamic medical data between mixed health care providers in a secure way, which could benefit the health care system as a whole. The study results of the universally data sharing into a varied patient information system prototypes

SOMWeb: Supporting a Distributed Clinical Community of Practice Using Semantic Web Technologies

This thesis concerns supporting the collaboration and knowledge sharing of distributed clinicians of oral medicine, a sub-discipline of dentistry. The Swedish Oral Medicine Network (SOMNet) holds monthly telephone conferences where a group of clinicians discuss interesting and difficult cases, which distinguishes it from one-to-one teleconsultations. SOMNet can be seen as a distributed community of practice, that is, a group of people sharing a concern and who interact regularly to extend their individual and collective expertise. Related to this, several topics need further investigation: How can geographically distributed clinical collaboration be characterized? What is appropriate functionality for a Web-based system supporting such collaborations? What are the impacts of such systems on collaboration? Further, Semantic Web technologies, such as the Web Ontology Language (OWL), have been proposed as a means of enhancing knowledge sharing. What are benefits and limitations of using these technologies to encode domain knowledge in oral medicine and to support clinical collaboration, and what practical issues face developers? The developed system, SOMWeb, focuses on functionality for meetings and structured cases, and has been regularly used for three years. Interviews, observations, a questionnaire, system log analysis, and case analysis were used to study SOMNet's collaboration and identify system impacts. The documentation of the forms of collaboration in SOMNet can serve as a model for other groups of clinicians wishing to establish a distributed collaboration. SOMNet's meetings provide a necessary rhythm for the community and the cases give context to the clinicians' learning which point toward that the centrality of meetings and cases in a tool will benefit collaboration. Impacts on SOMNet's collaboration include enabling the participation of a wider range of clinics. Factors influencing this are the more accessible submission process as well as the increased tangibility of the collaboration. The thesis also provides recommendations for developers of systems supporting clinical collaboration and knowledge sharing. The use of OWL in examination descriptions has enabled reasoning over cases in the system to provide improved case browsing. At the same time, limitations were found in using OWL for examination templates. Based on the lessons learned in this development, the thesis provides recommendations for using Semantic Web technologies, which can be of value for other developers and to guide future research