The Development of a graduate course on identity management for the Department of Networking, Security, and Systems Administration

Digital identities are being utilized more than ever as a means to authenticate computer users in order to control access to systems, web services, and networks. To maintain these digital identities, administrators turn to Identity Management solutions to offer protection for users, business partners, and networks. This paper proposes an analysis of Identity Management to be accomplished in the form of a graduate level course of study for a ten-week period for the Networking, Security, and Systems Administration department at Rochester Institute of Technology. This course will be designed for this department because of its emphasis on securing, protecting, and managing the identities of users within and across networks. Much of the security-related courses offered by the department focus primarily on security within enterprises. Therefore, Identity Management, a topic that is becoming more popular within enterprises each day, would compliment these courses. Students that enroll in this course will be more equipped to satisfy the needs of modern enterprises when they graduate because they will have a better understanding of how to address security issues that involve managing user identities across networks, systems, and enterprises. This course will focus on several aspects of Identity Management and its use in enterprises today. Covered during the course will be the frameworks of Identity Management, for instance, Liberty Identity Federation Framework and OASIS SAML 2.0; the Identity Management models; and some of the major Identity Management solutions that are in use today such as Liberty Alliance, Microsoft Passport, and Shibboleth. This course will also provide the opportunity to gain hands on experience by facilitating exemplar technologies used in laboratory investigations

WPSE: Fortifying Web Protocols via Browser-Side Security Monitoring

We present WPSE, a browser-side security monitor for web protocols designed to ensure compliance with the intended protocol flow, as well as confidentiality and integrity properties of messages. We formally prove that WPSE is expressive enough to protect web applications from a wide range of protocol implementation bugs and web attacks. We discuss concrete examples of attacks which can be prevented by WPSE on OAuth 2.0 and SAML 2.0, including a novel attack on the Google implementation of SAML 2.0 which we discovered by formalizing the protocol specification in WPSE. Moreover, we use WPSE to carry out an extensive experimental evaluation of OAuth 2.0 in the wild. Out of 90 tested websites, we identify security flaws in 55 websites (61.1%), including new critical vulnerabilities introduced by tracking libraries such as Facebook Pixel, all of which fixable by WPSE. Finally, we show that WPSE works flawlessly on 83 websites (92.2%), with the 7 compatibility issues being caused by custom implementations deviating from the OAuth 2.0 specification, one of which introducing a critical vulnerability

Smart Urban Water Networks

This book presents the paper form of the Special Issue (SI) on Smart Urban Water Networks. The number and topics of the papers in the SI confirm the growing interest of operators and researchers for the new paradigm of smart networks, as part of the more general smart city. The SI showed that digital information and communication technology (ICT), with the implementation of smart meters and other digital devices, can significantly improve the modelling and the management of urban water networks, contributing to a radical transformation of the traditional paradigm of water utilities. The paper collection in this SI includes different crucial topics such as the reliability, resilience, and performance of water networks, innovative demand management, and the novel challenge of real-time control and operation, along with their implications for cyber-security. The SI collected fourteen papers that provide a wide perspective of solutions, trends, and challenges in the contest of smart urban water networks. Some solutions have already been implemented in pilot sites (i.e., for water network partitioning, cyber-security, and water demand disaggregation and forecasting), while further investigations are required for other methods, e.g., the data-driven approaches for real time control. In all cases, a new deal between academia, industry, and governments must be embraced to start the new era of smart urban water systems

From security to assurance in the cloud: a survey

The cloud computing paradigm has become a mainstream solution for the deployment of business processes and applications. In the public cloud vision, infrastructure, platform, and software services are provisioned to tenants (i.e., customers and service providers) on a pay-as-you-go basis. Cloud tenants can use cloud resources at lower prices, and higher performance and flexibility, than traditional on-premises resources, without having to care about infrastructure management. Still, cloud tenants remain concerned with the cloud's level of service and the nonfunctional properties their applications can count on. In the last few years, the research community has been focusing on the nonfunctional aspects of the cloud paradigm, among which cloud security stands out. Several approaches to security have been described and summarized in general surveys on cloud security techniques. The survey in this article focuses on the interface between cloud security and cloud security assurance. First, we provide an overview of the state of the art on cloud security. Then, we introduce the notion of cloud security assurance and analyze its growing impact on cloud security approaches. Finally, we present some recommendations for the development of next-generation cloud security and assurance solutions

Multi-Agent Systems

This Special Issue ""Multi-Agent Systems"" gathers original research articles reporting results on the steadily growing area of agent-oriented computing and multi-agent systems technologies. After more than 20 years of academic research on multi-agent systems (MASs), in fact, agent-oriented models and technologies have been promoted as the most suitable candidates for the design and development of distributed and intelligent applications in complex and dynamic environments. With respect to both their quality and range, the papers in this Special Issue already represent a meaningful sample of the most recent advancements in the field of agent-oriented models and technologies. In particular, the 17 contributions cover agent-based modeling and simulation, situated multi-agent systems, socio-technical multi-agent systems, and semantic technologies applied to multi-agent systems. In fact, it is surprising to witness how such a limited portion of MAS research already highlights the most relevant usage of agent-based models and technologies, as well as their most appreciated characteristics. We are thus confident that the readers of Applied Sciences will be able to appreciate the growing role that MASs will play in the design and development of the next generation of complex intelligent systems. This Special Issue has been converted into a yearly series, for which a new call for papers is already available at the Applied Sciences journal’s website: https://www.mdpi.com/journal/applsci/special_issues/Multi-Agent_Systems_2019

Design and implementation of extensible middleware for non-repudiable interactions

PhD ThesisNon-repudiation is an aspect of security that is concerned with the creation of irrefutable audits of an interaction. Ensuring the audit is irrefutable and verifiable by a third party is not a trivial task. A lot of supporting infrastructure is required which adds large expense to the interaction. This infrastructure comprises, (i) a non-repudiation aware run-time environment, (ii) several purpose built trusted services and (iii) an appropriate non-repudiation protocol. This thesis presents design and implementation of such an infrastructure. The runtime environment makes use of several trusted services to achieve external verification of the audit trail. Non-repudiation is achieved by executing fair non-repudiation protocols. The Fairness property of the non-repudiation protocol allows a participant to protect their own interests by preventing any party from gaining an advantage by misbehaviour. The infrastructure has two novel aspects; extensibility and support for automated implementation of protocols. Extensibility is achieved by implementing the infrastructure in middleware and by presenting a large variety of non-repudiable business interaction patterns to the application (a non-repudiable interaction pattern is a higher level protocol composed from one or more non-repudiation protocols). The middleware is highly configurable allowing new non-repudiation protocols and interaction patterns to be easily added, without disrupting the application. This thesis presents a rigorous mechanism for automated implementation of non-repudiation protocols. This ensures that the protocol being executed is that which was intended and verified by the protocol designer. A family of non-repudiation protocols are taken and inspected. This inspection allows a set of generic finite state machines to be produced. These finite state machines can be used to maintain protocol state and manage the sending and receiving of appropriate protocol messages. A concrete implementation of the run-time environment and the protocol generation techniques is presented. This implementation is based on industry supported Web service standards and services.EPSRC, The Hewlett Packard Arjuna La

Combining SOA and BPM Technologies for Cross-System Process Automation

This paper summarizes the results of an industry case study that introduced a cross-system business process automation solution based on a combination of SOA and BPM standard technologies (i.e., BPMN, BPEL, WSDL). Besides discussing major weaknesses of the existing, custom-built, solution and comparing them against experiences with the developed prototype, the paper presents a course of action for transforming the current solution into the proposed solution. This includes a general approach, consisting of four distinct steps, as well as specific action items that are to be performed for every step. The discussion also covers language and tool support and challenges arising from the transformation

Design and implementation of extensible middleware for non-repudiable interactions

Non-repudiation is an aspect of security that is concerned with the creation of irrefutable audits of an interaction. Ensuring the audit is irrefutable and verifiable by a third party is not a trivial task. A lot of supporting infrastructure is required which adds large expense to the interaction. This infrastructure comprises, (i) a non-repudiation aware run-time environment, (ii) several purpose built trusted services and (iii) an appropriate non-repudiation protocol. This thesis presents design and implementation of such an infrastructure. The runtime environment makes use of several trusted services to achieve external verification of the audit trail. Non-repudiation is achieved by executing fair non-repudiation protocols. The Fairness property of the non-repudiation protocol allows a participant to protect their own interests by preventing any party from gaining an advantage by misbehaviour. The infrastructure has two novel aspects; extensibility and support for automated implementation of protocols. Extensibility is achieved by implementing the infrastructure in middleware and by presenting a large variety of non-repudiable business interaction patterns to the application (a non-repudiable interaction pattern is a higher level protocol composed from one or more non-repudiation protocols). The middleware is highly configurable allowing new non-repudiation protocols and interaction patterns to be easily added, without disrupting the application. This thesis presents a rigorous mechanism for automated implementation of non-repudiation protocols. This ensures that the protocol being executed is that which was intended and verified by the protocol designer. A family of non-repudiation protocols are taken and inspected. This inspection allows a set of generic finite state machines to be produced. These finite state machines can be used to maintain protocol state and manage the sending and receiving of appropriate protocol messages. A concrete implementation of the run-time environment and the protocol generation techniques is presented. This implementation is based on industry supported Web service standards and services.EThOS - Electronic Theses Online ServiceEPSRC : Hewlett Packard Arjuna LabGBUnited Kingdo

Un cadre de spécification et de déploiement de politiques d'autorisation

Notre travail propose une méthodologie de conception et de développement d'un système d'autorisation adaptable aux différentes facettes que peut recouvrir le contrôle d'accès dans les organisations telles que l'hétérogénéité des pratiques organisationnelles, des technologies utilisées et des contextes à considérer. Pour y répondre, deux approches de gestion ont guidé nos études : le contrôle d'accès basé sur des attributs et la gestion à base de politiques. * Le contrôle d'accès basé sur des attributs permet de spécifier des permissions par rapport à toute caractéristique liée de la sécurité des utilisateurs, des actions, des ressources et de l'environnement. Cette approche répond aux problèmes liés à l'expressivité des langages de politiques d'autorisation. * La gestion à base de politiques, quant à elle, vise à permettre l'adaptabilité dynamique du comportement d'un système par le biais de politiques de gestion. Elle repose sur une architecture mettant en exergue deux entités : le Policy Decision Point (PDP) et le Policy Enforcement Point (PEP). Le PDP est une entité indépendante de l'élément géré, qui prend des décisions de gestion par rapport à une politique donnée. Le PEP fait l'interface entre le PDP et l'élément géré. Lorsqu'une requête est effectuée par un utilisateur sur une ressource, le PEP envoie une demande de décision au PDP et l'applique. Ce type d'architecture favorise l'intégration du système de gestion dans un environnement à gérer. Nous avons donc choisi le standard XACML comme technologie cible car il met en œuvre ces deux approches. Si d'un point de vue théorique XACML semble répondre aux problèmes d'adaptabilité, les systèmes conçus selon ce standard aujourd'hui sont limités à une situation donnée. En effet, un système XACML développé pour des besoins et un environnement technologique donnés ne peut pas être facilement réutilisé dans un autre contexte. Il est donc nécessaire de définir une méthodologie de conception et de développement pour rendre un tel système d'autorisation adaptable dans la pratique. Notre approche consiste à définir un système d'autorisation minimal qui puisse être facilement étendu pour des besoins spécifiques et contextuels (e.g. capacité d'expression et de mise en œuvre de politiques incluant des contraintes complexes, adaptation à un environnement technologique particulier, etc). Ceci amène les questions suivantes : • Quelles extensions doivent être apportées au système d'autorisation minimal ? Est-il possible de réutiliser des extensions pour différentes situations données ? Par exemple, le nombre de technologies utilisées pour stocker les accréditations des utilisateurs est limité (e.g. LDAP, MySQL, Active Directory). Cependant, les accréditations ainsi que la structuration de ces données d'accréditation peuvent différer d'une organisation à une autre. • Comment gérer le cycle de vie des extensions dans le système d'autorisation ? En effet, il existe un lien fort entre l'utilisation d'une extension et les besoins exprimés dans une politique d'autorisation. Par exemple, l'existence dans le système d'autorisation d'une extension permettant de récupérer le rôle de l'utilisateur dans une base de données MySQL n'est nécessaire que si le système d'autorisation doit évaluer au moins une politique incluant des contraintes sur le rôle des utilisateurs. Dans le cas contraire, cette extension n'a pas lieu d'être présente dans le système d'autorisation minimal. De la même manière, si une politique incluant des contraintes sur les rôles des utilisateurs est chargée dans le système d'autorisation, l'extension associée doit être rajoutée. En nous basant sur les différents travaux issus du domaine du génie logiciel liés au concept d'adaptabilité, nous avons défini les besoins d'adaptation des systèmes d'autorisation. Ce travail nous a permis de déterminer une classification des extensions par rapport aux besoins d'adaptabilité des systèmes d'autorisation de type XACML. Nous avons aussi proposé une méthode permettant de faciliter la création d'extensions et favorisant leur réutilisabilité. Enfin, nous avons traité le problème de gestion du cycle de vie des extensions dans le système d'autorisation en proposant le concept de " politique auto-contenue ". Une politique auto-contenue comprend les règles d'autorisation ainsi que toute information nécessaire au système d'autorisation pour qu'il l'interprète et qu'il l'exécute (i.e., les extensions et leurs configurations). Nous avons décrit une architecture pour spécifier et déployer des politiques auto-contenues en utilisant l'approche composants orientés-services. Notre architecture est flexible et dynamiquement adaptable. Nous l'avons implémentée en utilisant le cadriciel OSGi afin de valider notre travail à la fois en termes de faisabilité mais aussi de performance. De plus, nous avons réalisé un éditeur de politique auto-contenue qui facilite l'écriture des règles d'autorisation ainsi que la configuration des extensions utilisées.Our work proposes a methodology for the conception and the development of an adaptable authorization system that can cover the requirements of access control in organizations such as the heterogeneity of organizational practices, the technologies used and the contexts to consider. To answer, two approaches of management have guided our study: the attribute based access control and the policy based management. * The attribute based access control permits to specify permissions related to any security characteristics of users, actions, resources and environment. This approach addresses the problems related to the expressivity of languages of authorization policies. * The policy based management, for its part, aims to enable the dynamic adaptability behavior of the system through the management of policies. Roughly, the architecture supporting this approach consists of two main entities: a policy decision point (PDP), and a policy enforcement point (PEP). The PDP is independent of the managed element, which interprets the policy and takes management decisions based on it. The PEP is the interface between the PDP and the managed element. It compels the managed system to execute the management decisions taken by the PDP. This architecture supports the integration of the management system in a managed environment. Therefore, we have chosen the standard XACML as a target technology because it supports both approaches. If in a theoretical point of view, XACML seems to address the issues of adaptability. However, systems designed according to this standard are limited to a given situation. In fact, a developed XACML system that satisfies the given requirements and a particular technological environment cannot be easily reused in another context. Therefore, it is necessary to define a methodology in order to render such authorization system adaptable in practice. Our approach is to define a minimal authorization system (i.e. a core that only supports the standard XACML) that can be easily extended for specific requirements in a given situation (ex., the ability to express and implement policies including complex constraints, adaptation to a particular technological environment, etc.). This raises the following questions: * What extensions that should be imported to the minimal authorization system? Is it possible to reuse the extensions for different situations? For example, the number of technologies used to store the user credentials is limited (ex., LDAP, MySQL, Active Directory). However, the user credentials and the structuring of the data of user credentials may differ from one organization to another. * How to manage the lifecycle of the extensions in the authorization system ? In fact, there is a strong link between the use of an extension and the requirements expressed in an authorization policy. For example, the existence in the authorization system of an extension to retrieve the role of the user in a MySQL database is required only if the authorization system must evaluate at least one policy that includes constraints on the role of users. Otherwise, this extension does not happen to be present in the minimal authorization system. Similarly, if a policy including constraints on user roles is loaded into the authorization system, the associated extension must be added also. Based on the various studies from the field of software engineering related to the concept of adaptability, we have identified the requirements of adaptation of authorization systems. This work allows us to determine a classification of extensions according to the requirements of adaptability in authorization systems of type XACML. We have also proposed a methodology to facilitate the creation of extensions and promoting their reusability in the authorization system. Finally, we have addressed the problem of managing the lifecycle of the extensions in the authorization system by proposing the concept of "self-contained policy". A self-contained policy includes the authorization rules and any necessary information in order the authorization system interprets and runs it (i.e., the extensions and their configurations). Also, we have described the architecture for specifying and deploying self-contained policies using the approach components-oriented services. Our architecture is flexible and dynamically adaptable. We have implemented it using the OSGi framework in order to validate our work in both terms of feasibility, and performance. In addition, we have conducted a self-contained policy editor that facilitates the writing of authorization rules and the configuration of the used extensions