Developing a Framework to Implement Public Key Infrastructure Enabled Security in XML Documents

This paper concentrates on proposing a framework to implement the PKI enables security in XML documents, by defining a common framework and processing rules that can be shared across applications using common tools, avoiding the need for extensive customization of applications to add security. The Framework reuses the concepts, algorithms and core technologies of legacy security systems while introducing changes necessary to support extensible integration with XML. This allows interoperability with a wide range of existing infrastructures and across deployments. Currently no strict security models and mechanisms are available that can provide specification and enforcement of security policies for XML documents. Such models are crucial in order to facilitate a secure dissemination of XML documents, containing information of different sensitivity levels, among (possibly large) user communities

Social Security in Developing Countries: Myth or Necessity? Evidence from India

This paper discusses the importance of social security policies in developing economies, using empirical evidence from India. The paper discusses the viability of implementing systems of social protection in developing countries and provides an empirical analysis of the effects of socio-economic security policies on Indian’s economic performance between 1973 and 1999, using a two-stage least square model adapted to data from a panel of 14 Indian states. The results show that policies that strengthen the social and economic security of the Indian population have been an important endogenous variable to both the reduction of poverty and the economic growth in India.Social security, social protection, economic growth, India, simultaneous equation models, panel data

Reasoning on the usage control security policies over data artifact business process models

The inclusion of security aspects in organizations is a crucial aspect to ensure compliance with both internal and external regulations. Business process models are a well-known mechanism to describe and automate the activities of the organizations, which should include security policies to ensure the correct performance of the daily activities. Frequently, these security policies involve complex data which cannot be represented using the standard Business Process Model Notation (BPMN). In this paper, we propose the enrichment of the BPMN with a UML class diagram to describe the data model, that is also combined with security policies defined using the UCONABC framework annotated within the business process model. The integration of the business process model, the data model, and the security policies provides a context where more complex reasoning can be applied about the satisfiability of the security policies in accordance with the business process and data models. To do so, wetransform the original models, including security policies, into the BAUML framework (an artifact-centric approach to business process modelling). Once this is done, it is possible to ensure that there are no inherent errors in the model (verification) and that it fulfils the business requirements (validation), thus ensuring that the business process and the security policies are compatible and that they are aligned with the business security requirements.This work has been supported by Project PID2020-112540RB-C44 funded by MCIN/AEI/ 10.13039/501100011033, Project TIN2017-87610-R funded by MCIN/AEI/10.13039/501100011033 and FEDER “Una manera de hacer Europa”, Project 2017-SGR-1749 by the Generalitat de Catalunya, Projects COPERNICA (P20 01224) and METAMORFOSIS by the Junta de Andalucía.Peer ReviewedPostprint (published version

Applying the take-grant protection model

The Take-Grant Protection Model has in the past been used to model multilevel security hierarchies and simple protection systems. The models are extended to include theft of rights and sharing information, and additional security policies are examined. The analysis suggests that in some cases the basic rules of the Take-Grant Protection Model should be augmented to represent the policy properly; when appropriate, such modifications are made and their efforts with respect to the policy and its Take-Grant representation are discussed