A Secure and Fair Resource Sharing Model for Community Clouds

Cloud computing has gained a lot of importance and has been one of the most discussed segment of today\u27s IT industry. As enterprises explore the idea of using clouds, concerns have emerged related to cloud security and standardization. This thesis explores whether the Community Cloud Deployment Model can provide solutions to some of the concerns associated with cloud computing. A secure framework based on trust negotiations for resource sharing within the community is developed as a means to provide standardization and security while building trust during resource sharing within the community. Additionally, a model for fair sharing of resources is developed which makes the resource availability and usage transparent to the community so that members can make informed decisions about their own resource requirements based on the resource usage and availability within the community. Furthermore, the fair-share model discusses methods that can be employed to address situations when the demand for a resource is higher than the resource availability in the resource pool. Various methods that include reduction in the requested amount of resource, early release of the resources and taxing members have been studied, Based on comparisons of these methods along with the advantages and disadvantages of each model outlined, a hybrid method that only taxes members for unused resources is developed. All these methods have been studied through simulations

AUTOMATED TRUST NEGOTIATION USING CRYPTOGRAPHIC CREDENTIALS

In automated trust negotiation (ATN), two parties exchange digitally signed credentials that contain attribute information to establish trust and make access control decisions. Because the information in question is often sensitive, credentials are protected according to access control policies. In traditional ATN, credentials are transmitted either in their entirety or not at all. This approach can at times fail unnecessarily, either because a cyclic dependency makes neither negotiator willing to reveal her credential before her opponent, because the opponent must be authorized for all attributes packaged together in a credential to receive any of them, or because it is necessary to fully disclose the attributes, rather than merely proving they satisfy some predicate (such as being over 21 years of age). Recently, several cryptographic credential schemes and associated protocols have been developed to address these and other problems. However, they can be used only as fragments of an ATN process. This paper introduces a framework for ATN in which the diverse credential schemes and protocols can be combined, integrated, and used as needed. A policy language is introduced that enables negotiators to specify authorization requirements that must be met by an opponent to receive various amounts of information about certified attributes and the credentials that contain it. The language also supports the use of uncertified attributes, allowing them to be required as part of policy satisfaction, and to place their (automatic) disclosure under policy control

Secure access control for health information sharing systems

The 2009 Health Information Technology for Economic and Clinical Health Act (HITECH) encourages healthcare providers to share information to improve healthcare quality at reduced cost. Such information sharing, however, raises security and privacy concerns that require appropriate access control mechanisms to ensure Health Insurance Portability and Accountability Act (HIPAA) compliance. Current approaches such as Role-Based Access Control (RBAC) and its variants, and newer approaches such as Attribute-Based Access Control (ABAC) are inadequate. RBAC provides simple administration of access control and user permission review, but demands complex initial role engineering and makes access control inflexible. ABAC, on the other hand, simplifies initial setup but increases the complexity of managing privileges and user permissions. These limitations have motivated research into the development of newer access control models that use attributes and policies while preserving RBAC\u27s strengths. The BiLayer Access Control (BLAC) model is a two-step method being proposed to integrate attributes with roles: an access request is checked against pseudoroles, i.e., the list of subject attributes (first layer), and then against rules within the policies (second layer) associated with the requested object. This paper motivates the BLAC approach, outlines the BLAC model, and illustrates its usefulness to healthcare information sharing environments

Minimizing disclosure of private information in credential-based interactions : a graph-based approach

We address the problem of enabling clients to regulate disclosure of their credentials and properties when interacting with servers in open scenarios. We provide a means for clients to specify the sensitivity of information in their portfolio at a fine-grain level and to determine the credentials and properties to disclose to satisfy a server request while minimizing the sensitivity of the information disclosed. Exploiting a graph modeling of the problem, we develop a heuristic approach for determining a disclosure minimizing released information, that offers execution times compatible with the requirements of interactive access to Web resources

Supporting user privacy preferences on information release in open scenarios

Access control solutions for open systems are typically based on the assumption that a client may adopt approached speci\ufb01cally designed for the server to protect the disclosure of her sensitive information. These solutions however do not consider the speci\ufb01c privacy requirements characterizing the client. In this paper, we put forward the idea of adopting a di\ufb00erent model at the client-side, aimed at minimizing the amount of sensitive information released to a server. The model should be based on a formal modeling of the client portfolio and should easily support the de\ufb01nition of privacy preferences and disclosure limitations for empowering the user in the release of her personal information

A Survey on Trust Computation in the Internet of Things

Internet of Things defines a large number of diverse entities and services which interconnect with each other and individually or cooperatively operate depending on context, conditions and environments, produce a huge personal and sensitive data. In this scenario, the satisfaction of privacy, security and trust plays a critical role in the success of the Internet of Things. Trust here can be considered as a key property to establish trustworthy and seamless connectivity among entities and to guarantee secure services and applications. The aim of this study is to provide a survey on various trust computation strategies and identify future trends in the field. We discuss trust computation methods under several aspects and provide comparison of the approaches based on trust features, performance, advantages, weaknesses and limitations of each strategy. Finally the research discuss on the gap of the trust literature and raise some research directions in trust computation in the Internet of Things

Formal definitions for usable access control rule sets from goals to metrics

Access control policies describe high level requirements for access control systems. Access control rule sets ideally translate these policies into a coherent and manageable collection of Allow/Deny rules. Designing rule sets that reect desired policies is a difficult and time-consuming task. The result is that rule sets are difficult to understand and manage. The goal of this paper is to provide means for obtaining usable access control rule sets, which we define as rule sets that (i) reect the access control policy and (ii) are easy to understand and manage. In this paper, we formally define the challenges that users face when generating usable access control rule sets and provide formal tools to handle them more easily. We started our research with a pilot study in which specialists were interviewed. The objective was to list usability challenges regarding the management of access control rule sets and verify how those challenges were handled by specialists. The results of the pilot study were compared and combined with results from related work and refined into six novel, formally defined metrics that are used to measure the security and usability aspects of access control rule sets. We validated our findings with two user studies, which demonstrate that our metrics help users generate statistically significant better rule sets