ViotSOC: Controlling Access to Dynamically Virtualized IoT Services using Service Object Capability

Virtualization of Internet of Things(IoT) is a concept of dynamically building customized high-level IoT services which rely on the real time data streams from low-level physical IoT sensors. Security in IoT virtualization is challenging, because with the growing number of available (building block) services, the number of personalizable virtual services grows exponentially. This paper proposes Service Object Capability(SOC) ticket system, a decentralized access control mechanism between servers and clients to effi- ciently authenticate and authorize each other without using public key cryptography. SOC supports decentralized partial delegation of capabilities specified in each server/- client ticket. Unlike PKI certificates, SOC’s authentication time and handshake packet overhead stays constant regardless of each capability’s delegation hop distance from the root delegator. The paper compares SOC’s security bene- fits with Kerberos and the experimental results show SOC’s authentication incurs significantly less time packet overhead compared against those from other mechanisms based on RSA-PKI and ECC-PKI algorithms. SOC is as secure as, and more efficient and suitable for IoT environments, than existing PKIs and Kerberos

Supply Chain Security – Threats and Solutions

In recent years, the cargo transport process has improved mainly in the areas of logistics efficiency and documentation handling. The World Trade Centre terror attack in 2001 changed the world and with it the conditions for logistics world-wide. The logistics consequences were according to[1]: It is instructive to note that these disruptions were not caused by the attack itself, but rather by the governmentâs response to the attack: closing borders, shutting down air traffic and evacuating buildings throughout the country. The aftermath to the attack brought needed attention to the vulnerability of modern supply chains. Supply chain vulnerability reflects sensitivity of the supply chain to disruption [2]. This vulnerability can in many cases be described as âunwanted effectsâ in the supply chain caused either by internal or external forces that create disturbances larger than the supply chain is designed to handle. The objective of Supply chain security is to prevent antagonistic threats from affecting the supply chain performance. Antagonistic threats and other risks and uncertainties are demarcated by three key words: deliberate (caused), illegal (defined by law), and hostile (negative impact for transport network activities) [3]. This chapter presents first the major antagonistic threats to the supply chain and secondly how these threats should be prevented. This leads to the current development of different supply chain security programs

Would You Like that iPhone Locked or Unlocked?: Reconciling Apple's Anticircumvention Measures with the DMCA

When Apple's iPhone first hit the stores it was an epochal media event.2 Apple, long a leader in high-end computers and personal electronics, was poised to make its entry into a highly-competitive market with a new mobile phone that promised groundbreaking technological capabilities in a sleek, ergonomic package. Apple's CEO, Steve Jobs, extolled the iPhone's virtues to an eager press, and, shortly thereafter, Apple's stock jumped dramatically.3 Apple's loyal devotees lined up in anticipation days before the phone's June 29, 2007 release.4 It took Apple a mere seventy-four days to sell one million handsets.5 But some time after the fanfare had settled down, public perception of the iPhone shifted. As consumers began to use the iPhone, the once-beloved phone began to acquire its share of discontents. Consumers expressed frustration in response to 300-page phone bills,6 expensive roaming charges,7 and, perhaps most vocally, to the technological methods Apple used to police its exclusive agreement with AT&T

Intellectual Property Law and the Right to Repair

This Article posits that intellectual property law should accommodate consumers’ right to repair their products. In recent years, there has been a growing push towards state legislation that would provide consumers with a “right to repair” their products. Currently, twenty states have pending legislation that would require product manufacturers to make available replacement parts and repair manuals. Unfortunately, though, this legislation has stalled in many of the states. Manufacturers have been lobbying the legislatures to stop the enactment of these repair laws based on different concerns, including how these laws may impinge on their intellectual property rights. Indeed, a right to repair may not be easily reconcilable with the United States’ far-reaching intellectual property rights regime. For example, requiring manufacturers to release repair manuals could implicate a whole host of intellectual property laws, including trade secrets. Similarly, employing measures that undercut a manufacturer’s control of the market for replacement parts might conflict with patent exclusivity. Nonetheless, this Article holds that intellectual property laws should not be used to prevent a right to repair from being fully implemented. In support of this claim, this Article develops a theoretical framework that justifies a right to repair in a manner that is consistent with intellectual property protection. Based on this theoretical foundation, this Article then explores, for the first time, the various intellectual property rules and doctrines that may be implicated in the context of the current repair movement. As part of this analysis, this Article identifies areas where intellectual property rights could prevent repair laws from being fully realized, even if some of the states pass the legislation, and recommends certain reforms that are necessary to accommodate the need for a right to repair and enable it to take hold

Pluggable type-checking for custom type qualifiers in Java

We have created a framework for adding custom type qualifiers to the Javalanguage in a backward-compatible way. The type system designer definesthe qualifiers and creates a compiler plug-in that enforces theirsemantics. Programmers can write the type qualifiers in their programs andbe informed of errors or assured that the program is free of those errors.The system builds on existing Java tools and APIs.In order to evaluate our framework, we have written four type-checkersusing the framework: for a non-null type system that can detect andprevent null pointer errors; for an interned type system that can detectand prevent equality-checking errors; for a reference immutability typesystem, Javari, that can detect and prevent mutation errors; and for areference and object immutability type system, IGJ, that can detect andprevent even more mutation errors. We have conducted case studies usingeach checker to find real errors in existing software. These case studiesdemonstrate that the checkers and the framework are practical and useful

A Transactional Model and Platform for Designing and Implementing Reactive Systems

A reactive program is one that has ongoing interactions with its environment. Reactive programs include those for embedded systems, operating systems, network clients and servers, databases, and smart phone apps. Reactive programs are already a core part of our computational and physical infrastructure and will continue to proliferate within our society as new form factors, e.g. wireless sensors, and inexpensive (wireless) networking are applied to new problems. Asynchronous concurrency is a fundamental characteristic of reactive systems that makes them difficult to develop. Threads are commonly used for implementing reactive systems, but they may magnify problems associated with asynchronous concurrency, as there is a gap between the semantics of thread-based computation and the semantics of reactive systems: reactive software developed with threads often has subtle timing bugs and tends to be brittle and non-reusable as a holistic understanding of the software becomes necessary to avoid concurrency hazards such as data races, deadlock, and livelock. Based on these problems with the state of the art, we believe a new model for developing and implementing reactive systems is necessary. This dissertation makes four contributions to the state of the art in reactive systems. First, we propose a formal yet practical model for (asynchronous) reactive systems called reactive components. A reactive component is a set of state variables and atomic transitions that can be composed with other reactive components to yield another reactive component. The transitions in a system of reactive components are executed by a scheduler. The reactive component model is based on concepts from temporal logic and models like UNITY and I/O Automata. The major contribution of the reactive component model is a formal method for principled composition, which ensures that 1) the result of composition is always another reactive component, for consistency of reasoning; 2) systems may be decomposed to an arbitrary degree and depth, to foster divide-and-conquer approaches when designing and re-use when implementing; 3)~the behavior of a reactive component can be stated in terms of its interface, which is necessary for abstraction; and 4) properties of reactive components that are derived from transitions protected by encapsulation are preserved through composition and can never be violated, which permits assume-guarantee reasoning. Second, we develop a prototypical programming language for reactive components called rcgo that is based on the syntax and semantics of the Go programming language. The semantics of the rcgo language enforce various aspects of the reactive component model, e.g., the isolation of state between components and safety of concurrency properties, while permitting a number of useful programming techniques, e.g., reference and move semantics for efficient communication among reactive components. For tractability, we assume that each system contains a fixed set of components in a fixed configuration. Third, we provide an interpreter for the rcgo language to test the practicality of the assumptions upon which the reactive component model are founded. The interpreter contains an algorithm that checks for composition hazards like recursively defined transitions and non-deterministic transitions. Transitions are executed using a novel calling convention that can be implemented efficiently on existing architectures. The run-time system also contains two schedulers that use the results of composition analysis to execute non-interfering transitions concurrently. Fourth, we compare the performance of each scheduler in the interpreter to the performance of a custom compiled multi-threaded program, for two reactive systems. For one system, the combination of the implementation and hardware biases it toward an event-based solution, which was confirmed when the reactive component implementation outperformed the custom implementation due to reduced context switching. For the other system, the custom implementation is not prone to excessive context switches and outperformed the reactive component implementations. These results demonstrate that reactive components may be a viable alternative to threads in practice, but that additional work is necessary to generalize this claim

A FIREWALL MODEL OF FILE SYSTEM SECURITY

File system security is fundamental to the security of UNIX and Linux systems since in these systems almost everything is in the form of a file. To protect the system files and other sensitive user files from unauthorized accesses, certain security schemes are chosen and used by different organizations in their computer systems. A file system security model provides a formal description of a protection system. Each security model is associated with specified security policies which focus on one or more of the security principles: confidentiality, integrity and availability. The security policy is not only about “who” can access an object, but also about “how” a subject can access an object. To enforce the security policies, each access request is checked against the specified policies to decide whether it is allowed or rejected. The current protection schemes in UNIX/Linux systems focus on the access control. Besides the basic access control scheme of the system itself, which includes permission bits, setuid and seteuid mechanism and the root, there are other protection models, such as Capabilities, Domain Type Enforcement (DTE) and Role-Based Access Control (RBAC), supported and used in certain organizations. These models protect the confidentiality of the data directly. The integrity of the data is protected indirectly by only allowing trusted users to operate on the objects. The access control decisions of these models depend on either the identity of the user or the attributes of the process the user can execute, and the attributes of the objects. Adoption of these sophisticated models has been slow; this is likely due to the enormous complexity of specifying controls over a large file system and the need for system administrators to learn a new paradigm for file protection. We propose a new security model: file system firewall. It is an adoption of the familiar network firewall protection model, used to control the data that flows between networked computers, toward file system protection. This model can support decisions of access control based on any system generated attributes about the access requests, e.g., time of day. The access control decisions are not on one entity, such as the account in traditional discretionary access control or the domain name in DTE. In file system firewall, the access decisions are made upon situations on multiple entities. A situation is programmable with predicates on the attributes of subject, object and the system. File system firewall specifies the appropriate actions on these situations. We implemented the prototype of file system firewall on SUSE Linux. Preliminary results of performance tests on the prototype indicate that the runtime overhead is acceptable. We compared file system firewall with TE in SELinux to show that firewall model can accommodate many other access control models. Finally, we show the ease of use of firewall model. When firewall system is restricted to specified part of the system, all the other resources are not affected. This enables a relatively smooth adoption. This fact and that it is a familiar model to system administrators will facilitate adoption and correct use. The user study we conducted on traditional UNIX access control, SELinux and file system firewall confirmed that. The beginner users found it easier to use and faster to learn then traditional UNIX access control scheme and SELinux

Safety first: towards responsible arms and ammunition management in DRC's Equateur and Nord-Oubangui Provinces

This Knowledge Note provides an insight into current realities, behaviour and practices in arms and ammunition storage sites in north-western DR Congo. Tailored recommendations for strengthening ammunition and weapons safety by improving physical security measures and renovating infrastructural facilities are a central focus of this report and the corresponding technical studies. In light of these technical findings, and on the basis of on-site observations as well as interviews with community members and armed forces personnel, this Knowledge Note emphasises the importance of factoring in the socio-economic and humanitarian context of the weapons and ammunition storage sites. Through a range of case studies, an analysis of relevant legislative frameworks and how communication is channeled through relevant physical security and stockpile management (PSSM) authorities as well as an examination of the difficulty of translating existing PSSM knowledge into action, the study highlights some of the behavioural practices - and challenges - that underlie the development of an effective PSSM culture. The objective of this Knowledge Note is to help order and prioritize some of these factors, identifying how the national government of the DRC can enhance its efforts to establish a more responsible culture of PSSM-related practices. By highlighting areas of work where targeted interventions would be most useful, the recommendations of this baseline study aim to help guide ongoing regional and national efforts to implement more responsible PSSMrelated practices in a limited resource environment

Death and resurrection of copyright between law and technology

The paper reviews copyright philosophical, economic and social justification confronted by the dematerialization of creative outputs. Digital Rights Management (DRM) is the tool implemented by copyright owners to adjust to the advent of the Digital Era. The claim is that DRM effectively addresses digital threats and market failures. If this is true, what is left of the role of copyright law in the digital environment? This review suggests an argument for traditional copyright justifications to resist in the digital environment. As a consequence, digital tools such as DRM need to be engineered according to these justifications, in order to preserve the balance between law and technology. © 2014 © 2014 Taylor & Francis