ESPOONERBAC_{{ERBAC}}: Enforcing Security Policies In Outsourced Environments

Data outsourcing is a growing business model offering services to individuals and enterprises for processing and storing a huge amount of data. It is not only economical but also promises higher availability, scalability, and more effective quality of service than in-house solutions. Despite all its benefits, data outsourcing raises serious security concerns for preserving data confidentiality. There are solutions for preserving confidentiality of data while supporting search on the data stored in outsourced environments. However, such solutions do not support access policies to regulate access to a particular subset of the stored data. For complex user management, large enterprises employ Role-Based Access Controls (RBAC) models for making access decisions based on the role in which a user is active in. However, RBAC models cannot be deployed in outsourced environments as they rely on trusted infrastructure in order to regulate access to the data. The deployment of RBAC models may reveal private information about sensitive data they aim to protect. In this paper, we aim at filling this gap by proposing \textbf{$\mathit{ESPOON_{ERBAC}}$} for enforcing RBAC policies in outsourced environments. $\mathit{ESPOON_{ERBAC}}$ enforces RBAC policies in an encrypted manner where a curious service provider may learn a very limited information about RBAC policies. We have implemented $\mathit{ESPOON_{ERBAC}}$ and provided its performance evaluation showing a limited overhead, thus confirming viability of our approach.Comment: The final version of this paper has been accepted for publication in Elsevier Computers & Security 2013. arXiv admin note: text overlap with arXiv:1306.482

Auditing and Security of ERP Systems

Professors teaching ERP systems may consider including content about the auditing and security of these systems, which is very important for reliability and integrity of data and the IT infrastructure and provides assurance of IT controls that support the financial statement audit. This workshop includes materials that focus on teaching both general controls (i.e. logical access, program change and computer operations) and application controls (controls either configured or programmed into the ERP system), which are two categories of controls that must be in place for an IT audit. In particular, this workshop focuses on logical access in PeopleSoft, specifically, role based access controls. Then, we will learn about how program change control is accomplished in an SAP environment through the SAP transport, followed by discussing necessary controls in a data center, using a Big-4 provided template. Finally, we will discuss the ERP-specific content in the CISA, Certified Information Systems Auditor exam. This session includes a series of exercises that are relevant to instructors and practitioners alike

An Enhancement Role and Attribute Based Access Control Mechanism in Big Data

To be able to leverage big data to achieve enhanced strategic insight and make informed decision, an efficient access control mechanism is needed for ensuring end to end security of such information asset. Attribute Based Access Control (ABAC), Role Based Access Control (RBAC) and Event Based Access Control (EBAC) are widely used access control mechanisms. The ABAC system is much more complex in terms of policy reviews, hence analyzing the policy and reviewing or changing user permission are quite complex task. RBAC system is labor intensive and time consuming to build a model instance and it lacks flexibility to efficiently adapt to changing user’s, objects and security policies. EBAC model considered only the events to allocate access controls. Yet these mechanisms have limitations and offer feature complimentary to each other. So in this paper, Event-Role-Attribute based fine grained Access Control mechanism is proposed, it provide a flexible boundary which effectively adapt to changing user’s, objects and security policies based on the event. The flexible boundary is achieved by using temporal and environment state of an event. It improves the big data security and overcomes the disadvantages of the ABAC and RBAC mechanisms. The experiments are conducted to prove the effectiveness of the proposed Event-Role-Attribute based Access Control mechanism over ABAC and RBAC in terms of computational overhead

Build A Secure Healthcare System Based On the Metadata of Patient Information

Building a secure healthcare system based on metadata involves several key steps to ensure that patient information remains confidential and secure. Metadata refers to information about data, such as the time and date of creation, author, and location, rather than the content of the data itself. In this paper, there are many steps that considered when building a secure healthcare system based on metadata: we begin with defining metadata standards: Establishing metadata standards for healthcare data can help ensure consistency and interoperability across different systems. This can include standards for data elements, data formats, and data models. Implement access controls: Access controls should be implemented to restrict access to sensitive patient data. Role-based access control can be used to limit access to specific data based on job responsibilities. Use encryption: Encryption can be used to protect patient data from unauthorized access. Data encryption should be implemented at rest and in transit to protect data at all times. Secure storage: Patient data should be stored securely, including backups and archives. Secure storage can help prevent data loss and unauthorized access. We obtain a perfect time for processing compare with other resources and perfect time for check the metadata  and hyperlink of patient's information

Role Signatures for Access Control in Grid Computing

Implementing access control efficiently and effectively in an open and distributed grid environment is a challenging problem. One reason for this is that users requesting access to remote resources may be unknown to the authorization service that controls access to the requested resources. Hence, it seems inevitable that pre-defined mappings of principals in one domain to those in the domain containing the resources are needed. A second problem in such environments is that verifying the authenticity of user credentials or attributes can be difficult. In this paper, we propose the concept of role signatures to solve these problems by exploiting the hierarchical structure of a virtual organization within a grid environment. Our approach makes use of a hierarchical identity-based signature scheme whereby verification keys are defined by generic role identifiers defined within a hierarchical namespace. We show that individual member organizations of a virtual organization are not required to agree on principal mappings beforehand to enforce access control to resources. Moreover, user authentication and credential verification is unified in our approach and can be achieved through a single role signature