Secure data sharing and processing in heterogeneous clouds

The extensive cloud adoption among the European Public Sector Players empowered them to own and operate a range of cloud infrastructures. These deployments vary both in the size and capabilities, as well as in the range of employed technologies and processes. The public sector, however, lacks the necessary technology to enable effective, interoperable and secure integration of a multitude of its computing clouds and services. In this work we focus on the federation of private clouds and the approaches that enable secure data sharing and processing among the collaborating infrastructures and services of public entities. We investigate the aspects of access control, data and security policy languages, as well as cryptographic approaches that enable fine-grained security and data processing in semi-trusted environments. We identify the main challenges and frame the future work that serve as an enabler of interoperability among heterogeneous infrastructures and services. Our goal is to enable both security and legal conformance as well as to facilitate transparency, privacy and effectivity of private cloud federations for the public sector needs. © 2015 The Authors

PEP4Django - A Policy Enforcement Point for Python Web Applications

Traditionally, access control mechanisms have been hard-coded into application components. Such approach is error-prone, mixing business logic with access control concerns, and affecting the flexibility of security policies, as is the case with IFRN SUAP Django-based system. The externalization of access control rules allows their decoupling from business logic, through the use of authorization servers where access control policies are stored and queried for computing access decisions. In this context, this paper presents an approach that allows a Django Web application to delegate access control decisions to an external authorization server. The approach has been integrated into an enterprise level system, which has been used for experimentation. The results obtained indicate a negligible overhead, while allowing the modification of access control policies without interrupting the system

Privacy-Preserving Reengineering of Model-View-Controller Application Architectures Using Linked Data

When a legacy system’s software architecture cannot be redesigned, implementing additional privacy requirements is often complex, unreliable and costly to maintain. This paper presents a privacy-by-design approach to reengineer web applications as linked data-enabled and implement access control and privacy preservation properties. The method is based on the knowledge of the application architecture, which for the Web of data is commonly designed on the basis of a model-view-controller pattern. Whereas wrapping techniques commonly used to link data of web applications duplicate the security source code, the new approach allows for the controlled disclosure of an application’s data, while preserving non-functional properties such as privacy preservation. The solution has been implemented and compared with existing linked data frameworks in terms of reliability, maintainability and complexity

Analysis of Security and Performance Service in Service Oriented Architecture (SOA) and Data Integration

Nowdays, the use of web services in the world of education is very much particular services and information provided in the form of the transaction until the payment - the payment and security in a system that is built in the form of a website. This system does not yet have a system that is integrated with each other and the security that is necessary to develop a system that leads towards it. Services provided requires an integrated system of all related system, the Service Oriented Architecture (SOA) to be used as an efficient solution for integrating distributed applications. In SOA-based environment that focuses on quality of service called WSARCH (Web Services Architecture). With this paper can then propose a system that uses a Service Oriented Architecture (SOA) with Web Services Architecture to resolve accurately than techniques that have a lower negative impact in terms of service performance and security

Analysis of Security Service Oriented Architecture (SOA) With Access Control Models Dynamic Level

Now we are moving towards the "Internet of Things" (IOT) in millions of devices will be interconnected with each other, giving and taking information provided within a network that can work together. Because of computing and information processing itself IOT core supporters, So in this paper introduces "Service-Oriented Computing" (SOA) as one of the models that can be used. Where's it at each device can offer functionality as a standard service [4]. In SOA, we can make the resources available to each other in the IOT together. However, a major challenge in these service-oriented environment is the design of effective access control schemes. In SOA, the service will be invoked by a large number, and at the same time authentication and authorization need to cross several security domains are always used. In this paper, we present the analysis of data safety suatua WorkflowBased Access Control Model associated oriented (WABAC) to troubleshoot problems that occur within a system integration. The analysis showed that the point system function model based integration system that is lower than the legacy model of SOA-based systems, by designing several services using WOA approach. In addition, we have observed that the integrated model can guarantee the quality of service, security and reliability main, by applying SOA approach when needed. Finally, experimental results have proved that the service can be run side by side seamlessly without performance degradation and additional complexity

Analysis of Security Service Oriented Architecture (SOA) with Access Control Models Dynamic Level

Now we are moving towards the "Internet of Things" (IOT) in millions of devices will be interconnected with each other, giving and taking information provided within a network that can work together. Because of computing and information processing itself IOT core supporters, So in this paper introduces "Service-Oriented Computing" (SOA) as one of the models that can be used. Where's it at each device can offer functionality as a standard service [4]. In SOA, we can make the resources available to each other in the IOT together. However, a major challenge in these service-oriented environment is the design of effective access control schemes. In SOA, the service will be invoked by a large number, and at the same time authentication and authorization need to cross several security domains are always used. In this paper, we present the analysis of data safety suatua WorkflowBased Access Control Model associated oriented (WABAC) to troubleshoot problems that occur within a system integration. The analysis showed that the point system function model based integration system that is lower than the legacy model of SOA-based systems, by designing several services using WOA approach. In addition, we have observed that the integrated model can guarantee the quality of service, security and reliability main, by applying SOA approach when needed. Finally, experimental results have proved that the service can be run side by side seamlessly without performance degradation and additional complexity

Analysis of Security and Performance Service in Service Oriented Architecture (SOA) and Data Integration

Nowdays, the use of web services in the world of education is very much particular services and information provided in the form of the transaction until the payment - the payment and security in a system that is built in the form of a website. This system does not yet have a system that is integrated with each other and the security that is necessary to develop a system that leads towards it. Services provided requires an integrated system of all related system, the Service Oriented Architecture (SOA) to be used as an efficient solution for integrating distributed applications. In SOA-based environment that focuses on quality of service called WSARCH (Web Services Architecture). With this paper can then propose a system that uses a Service Oriented Architecture (SOA) with Web Services Architecture to resolve accurately than techniques that have a lower negative impact in terms of service performance and security

Towards alignment of architectural domains in security policy specifications

Large organizations need to align the security architecture across three different domains: access control, network layout and physical infrastructure. Security policy specification formalisms are usually dedicated to only one or two of these domains. Consequently, more than one policy has to be maintained, leading to alignment problems. Approaches from the area of model-driven security enable creating graphical models that span all three domains, but these models do not scale well in real-world scenarios with hundreds of applications and thousands of user roles. In this paper, we demonstrate the feasibility of aligning all three domains in a single enforceable security policy expressed in a Prolog-based formalism by using the Law Governed Interaction (LGI) framework. Our approach alleviates the limitations of policy formalisms that are domain-specific while helping to reach scalability by automatic enforcement provided by LGI