5 research outputs found
Security policy architecture for web services environment
An enhanced observer is model that observes behaviour of a service and then automatically reports any changes in the state of the service to evaluator model. The e-observer observes the state of a service to determine whether it conforms to and obeys its intended behaviour or policy rules. E-observer techniques address most problems, govern and provide a proven solution that is re-usable in a similar context. This leads to an organisation and formalisation policy which is the engine of the e-observer model. Policies are used to refer to specific security rules for particular systems. They are derived from the goals of management that describe the desired behaviour of distributed heterogeneous systems and networks. These policies should be defended by security which has become a coherent and crucial issue. Security aims to protect these policies whenever possible. It is the first line of protection for resources or assets against events such as loss of availability, unauthorised access or modification of data. The techniques devised to protect information from intruders are general purpose in nature and, therefore, cannot directly enforce security that has no universal definition, the high degree of assurance of security properties of systems used in security-critical areas, such as business, education and financial, is usually achieved by verification.
In addition, security policies express the protection requirements of a system in a precise and unambiguous form. They describe the requirements and mechanisms for securing the resources and assets between the sharing parties of a business transaction.
However, Service-Oriented Computing (SOC) is a new paradigm of computing that considers "services" as fundamental elements for developing applications/solutions. SOC has many advantages that support IT to improve and increase its capabilities. SOC allows flexibility to be integrated into application development. This allows services to be provided in a highly distributed manner by Web services. Many organisations and enterprises have undertaken developments using SOC. Web services (WSs) are examples of SOC. WSs have become more powerful and sophisticated in recent years and are being used successfully for inter-operable solutions across various networks. The main benefit of web services is that they use machine-to-machine interaction.
This leads initially to explore the "Quality" aspect of the services. Quality of Service (QoS) describes many techniques that prioritise one type of traffic or programme that operates across a network connection. Hence, QoS has rules to determine which requests have priority and uses these rules in order to specify their priority to real-time communications. In addition, these rules can be sophisticated and expressed as policies that constrain the behaviour of these services. The rules (policies) should be addressed and enforced by the security mechanism. Moreover, in SOC and in particular web services, services are black boxes where behaviour may be completely determined by its interaction with other services under confederation system.
Therefore, we propose the design and implementation of the “behaviour of services,” which is constrained by QoS policies. We formulate and implement novel techniques for web service policy-based QoS, which leads to the development of a framework for observing services. These services interact with each other by verifying them in a formal and systematic manner. This framework can be used to specify security policies in a succinct and unambiguous manner; thus, we developed a set of rules that can be applied inductively to verify the set of traces generated by the specification of our model’s policy. These rules could be also used for verifying the functionality of the system.
In order to demonstrate the protection features of information system that is able to specify and concisely describe a set of traces generated, we subsequently consider the design and management of Ponder policy language to express QoS and its associated based on criteria, such as, security. An algorithm was composed for analysing the observations that are constrained by policies, and then a prototype system for demonstrating the observation architecture within the education sector. Finally, an enforcement system was used to successfully deploy the prototype’s infrastructure over Web services in order to define an optimisation model that would capture efficiency requirements.
Therefore, our assumption is, tracing and observing the communication between services and then takes the decision based on their behaviour and history. Hence, the big issue here is how do we ensure that some given security requirements are satisfied and enforced? The scenario here is under confederation system and based on the following:
System’s components are Web-services.
These components are black boxes and designed/built by various vendors.
Topology is highly changeable.
Consequently, the main issues are:
• The proposal, design and development of a prototype of observation system that manages security policy and its associated aspects by evaluating the outcome results via the evaluator model.
• Taming the design complexity of the observation system by leaving considerable degrees of freedom for their structure and behaviour and by bestowing upon them certain characteristics, and to learn and adapt with respect to dynamically changing environments.Saudi Arabian Cultural Burea
Recommended from our members
Arabic Language Processing for Text Classification. Contributions to Arabic Root Extraction Techniques, Building An Arabic Corpus, and to Arabic Text Classification Techniques.
The impact and dynamics of Internet-based resources for Arabic-speaking users is increasing in significance, depth and breadth at highest pace than ever, and thus requires updated mechanisms for computational processing of Arabic texts. Arabic is a complex language and as such requires in depth investigation for analysis and improvement of available automatic processing techniques such as root extraction methods or text classification techniques, and for developing text collections that are already labeled, whether with single or multiple labels.
This thesis proposes new ideas and methods to improve available automatic processing techniques for Arabic texts. Any automatic processing technique would require data in order to be used and critically reviewed and assessed, and here an attempt to develop a labeled Arabic corpus is also proposed. This thesis is composed of three parts: 1- Arabic corpus development, 2- proposing, improving and implementing root extraction techniques, and 3- proposing and investigating the effect of different pre-processing methods on single-labeled text classification methods for Arabic.
This thesis first develops an Arabic corpus that is prepared to be used here for testing root extraction methods as well as single-label text classification techniques. It also enhances a rule-based root extraction method by handling irregular cases (that appear in about 34% of texts). It proposes and implements two expanded algorithms as well as an adjustment for a weight-based method. It also includes the algorithm that handles irregular cases to all and compares the performances of these proposed methods with original ones. This thesis thus develops a root extraction system that handles foreign Arabized words by constructing a list of about 7,000 foreign words. The outcome of the technique with best accuracy results in extracting the correct stem and root for respective words in texts, which is an enhanced rule-based method, is used in the third part of this thesis. This thesis finally proposes and implements a variant term frequency inverse document frequency weighting method, and investigates the effect of using different choices of features in document representation on single-label text classification performance (words, stems or roots as well as including to these choices their respective phrases). This thesis applies forty seven classifiers on all proposed representations and compares their performances. One challenge for researchers in Arabic text processing is that reported root extraction techniques in literature are either not accessible or require a long time to be reproduced while labeled benchmark Arabic text corpus is not fully available online. Also, by now few machine learning techniques were investigated on Arabic where usual preprocessing steps before classification were chosen. Such challenges are addressed in this thesis by developing a new labeled Arabic text corpus for extended applications of computational techniques.
Results of investigated issues here show that proposing and implementing an algorithm that handles irregular words in Arabic did improve the performance of all implemented root extraction techniques. The performance of the algorithm that handles such irregular cases is evaluated in terms of accuracy improvement and execution time. Its efficiency is investigated with different document lengths and empirically is found to be linear in time for document lengths less than about 8,000. The rule-based technique is improved the highest among implemented root extraction methods when including the irregular cases handling algorithm. This thesis validates that choosing roots or stems instead of words in documents representations indeed improves single-label classification performance significantly for most used classifiers. However, the effect of extending such representations with their respective phrases on single-label text classification performance shows that it has no significant improvement. Many classifiers were not yet tested for Arabic such as the ripple-down rule classifier. The outcome of comparing the classifiers' performances concludes that the Bayesian network classifier performance is significantly the best in terms of accuracy, training time, and root mean square error values for all proposed and implemented representations.Petra University, Amman (Jordan
Intensional Cyberforensics
This work focuses on the application of intensional logic to cyberforensic
analysis and its benefits and difficulties are compared with the
finite-state-automata approach. This work extends the use of the intensional
programming paradigm to the modeling and implementation of a cyberforensics
investigation process with backtracing of event reconstruction, in which
evidence is modeled by multidimensional hierarchical contexts, and proofs or
disproofs of claims are undertaken in an eductive manner of evaluation. This
approach is a practical, context-aware improvement over the finite state
automata (FSA) approach we have seen in previous work. As a base implementation
language model, we use in this approach a new dialect of the Lucid programming
language, called Forensic Lucid, and we focus on defining hierarchical contexts
based on intensional logic for the distributed evaluation of cyberforensic
expressions. We also augment the work with credibility factors surrounding
digital evidence and witness accounts, which have not been previously modeled.
The Forensic Lucid programming language, used for this intensional
cyberforensic analysis, formally presented through its syntax and operational
semantics. In large part, the language is based on its predecessor and
codecessor Lucid dialects, such as GIPL, Indexical Lucid, Lucx, Objective
Lucid, and JOOIP bound by the underlying intensional programming paradigm.Comment: 412 pages, 94 figures, 18 tables, 19 algorithms and listings; PhD
thesis; v2 corrects some typos and refs; also available on Spectrum at
http://spectrum.library.concordia.ca/977460
Intensional Cyberforensics
This work focuses on the application of intensional logic to cyberforensic analysis and its benefits and difficulties are compared with the finite-state-automata approach. This work extends the use of the intensional programming paradigm to the modeling and implementation of a cyberforensics investigation process with backtracing of event reconstruction, in which evidence is modeled by multidimensional hierarchical contexts, and proofs or disproofs of claims are undertaken in an eductive manner of evaluation. This approach is a practical, context-aware improvement over the finite state automata (FSA) approach we have seen in previous work. As a base implementation language model, we use in this approach a new dialect of the Lucid programming language, called Forensic Lucid, and we focus on defining hierarchical contexts based on intensional logic for the distributed evaluation of cyberforensic expressions. We also augment the work with credibility factors surrounding digital evidence and witness accounts, which have not been previously modeled.
The Forensic Lucid programming language, used for this intensional cyberforensic analysis, formally presented through its syntax and operational semantics. In large part, the language is based on its predecessor and codecessor Lucid dialects, such as GIPL, Indexical Lucid, Lucx, Objective Lucid, MARFL, and JOOIP bound by the underlying intensional programming paradigm