An Access Control and Trust Management Framework for Loosely-Coupled Multidomain Environment

Multidomain environments where multiple organizations interoperate with each other are becoming a reality as can be seen in emerging Internet-based enterprise applications. Access control to ensure secure interoperation in such an environment is a crucial challenge. A multidomain environment can be categorized as tightly-coupled and loosely-coupled. The access control challenges in the loosely-coupled environment have not been studied adequately in the literature. In a loosely-coupled environment, different domains do not know each other before they interoperate. Therefore, traditional approaches based on users' identities cannot be applied directly. Motivated by this, researchers have developed several attribute-based authorization approaches to dynamically build trust between previously unknown domains. However, these approaches all focus on building trust between individual requesting users and the resource providing domain. We demonstrate that such approaches are inefficient when the requests are issued by a set of users assigned to a functional role in the organization. Moreover, preserving principle of security has long been recognized as a challenging problem when facilitating interoperations. Existing research work has mainly focused on solving this problem only in a tightly-coupled environment where a global policy is used to preserve the principle of security. In this thesis, we propose a role-based access control and trust management framework for loosely-coupled environments. In particular, we allow the users to specify the interoperation requests in terms of requested permissions and propose several role mapping algorithms to map the requested permissions into roles in the resource providing domain. Then, we propose a Simplify algorithm to simplify the distributed proof procedures when a set of requests are issued according to the functions of some roles in the requesting domain. Our experiments show that our Simplify algorithm significantly simplifies such procedures when the total number of credentials in the environment is sufficiently large, which is quite common in practical applications. Finally, we propose a novel policy integration approach using the special semantics of hybrid role hierarchy to preserve the principle of security. At the end of this dissertation a brief discussion of implemented prototype of our framework is present

Security in Distributed, Grid, Mobile, and Pervasive Computing

This book addresses the increasing demand to guarantee privacy, integrity, and availability of resources in networks and distributed systems. It first reviews security issues and challenges in content distribution networks, describes key agreement protocols based on the Diffie-Hellman key exchange and key management protocols for complex distributed systems like the Internet, and discusses securing design patterns for distributed systems. The next section focuses on security in mobile computing and wireless networks. After a section on grid computing security, the book presents an overview of security solutions for pervasive healthcare systems and surveys wireless sensor network security

D7.5 FIRST consolidated project results

The FIRST project commenced in January 2017 and concluded in December 2022, including a 24-month suspension period due to the COVID-19 pandemic. Throughout the project, we successfully delivered seven technical reports, conducted three workshops on Key Enabling Technologies for Digital Factories in conjunction with CAiSE (in 2019, 2020, and 2022), produced a number of PhD theses, and published over 56 papers (and numbers of summitted journal papers). The purpose of this deliverable is to provide an updated account of the findings from our previous deliverables and publications. It involves compiling the original deliverables with necessary revisions to accurately reflect the final scientific outcomes of the project

Access control model for WebServices eGovernment infrastructure.

Tam Ka Wing Matthew.Thesis (M.Phil.)--Chinese University of Hong Kong, 2003.Includes bibliographical references (leaves 84-89).Abstracts in English and Chinese.Acknowledgement --- p.iAbstract --- p.iTable of Contents --- p.iiiChapter 1 --- Introduction --- p.1Chapter 2 --- eGovernment Requirements --- p.5Chapter 2.1 --- Efficient Operation --- p.5Chapter 2.2 --- Citizen-centric Government --- p.7Chapter 2.3 --- Security --- p.10Chapter 2.3.1 --- Confidentiality --- p.10Chapter 2.3.2 --- Integrity --- p.12Chapter 2.3.3 --- Availability --- p.12Chapter 2.4 --- Support of eBusiness --- p.13Chapter 3 --- Webservices for e-Government - A Marriage for Interoperability --- p.15Chapter 4 --- A Webservices Based eGovernment Framework --- p.17Chapter 4.1 --- System Component Model --- p.17Chapter 4.2 --- System Access Model --- p.18Chapter 4.3 --- Security Model --- p.20Chapter 4.3.1 --- Access Right Model --- p.20Chapter 4.3.2 --- Authentication Model --- p.22Chapter 4.4 --- Transaction Model --- p.23Chapter 5 --- eGovernment WebServices Access Control --- p.25Chapter 5.1 --- eGovernment WebService --- p.25Chapter 5.2 --- Request of Access --- p.27Chapter 5.3 --- eGovernment Access Policy --- p.30Chapter 5.3.1 --- Administration Based Policy --- p.32Chapter 5.3.2 --- Legislation Based Policy --- p.33Chapter 6 --- Research in Access Control --- p.38Chapter 6.1 --- Traditional Model --- p.38Chapter 6.2 --- More Advanced Models --- p.39Chapter 6.2.1 --- Role-Based Access Control Model --- p.39Chapter 6.2.2 --- Task-Based Authorisation Control Models --- p.41Chapter 6.2.3 --- Digital Library Authorisation Model --- p.42Chapter 6.3 --- Recent Works --- p.44Chapter 6.4 --- Limitations of the Models --- p.45Chapter 7 --- Proposed Approach --- p.47Chapter 7.1 --- WebService Specific Access Control --- p.48Chapter 7.1.1 --- WebService Access Rules --- p.48Chapter 7.1.2 --- Authorisation Conflict Resolution --- p.50Chapter 7.2 --- Subject Based Access Control --- p.52Chapter 7.2.1 --- Subject Category --- p.52Chapter 7.2.2 --- Subject Access Rules --- p.53Chapter 7.2.3 --- WebService Registration --- p.55Chapter 7.2.4 --- Authorisation Conflict Resolution --- p.56Chapter 7.3 --- The WebServices --- p.57Chapter 7.4 --- Combining Two Level Access Control --- p.57Chapter 7.5 --- Application to Chained WebService Request --- p.58Chapter 7.6 --- Comparison with the Existing Access Control Models --- p.59Chapter 8 --- An Implementation Reference Model --- p.60Chapter 8.1 --- Some Practical Issues --- p.60Chapter 8.1.1 --- Citizen Privacy --- p.60Chapter 8.1.2 --- Trust between eGovernment Systems --- p.61Chapter 8.1.3 --- Authentication --- p.62Chapter 8.2 --- System Architecture --- p.64Chapter 8.2.1 --- eGovernment WebServices Gateway --- p.65Chapter 8.2.2 --- Authentication Engine --- p.66Chapter 8.2.3 --- Access Control Database --- p.66Chapter 8.2.4 --- Access Control Decision Engine --- p.67Chapter 8.2.5 --- A Working Scenario --- p.67Chapter 8.3 --- Implementation --- p.69Chapter 9 --- Evaluation of the Proposed Mechanism --- p.74Chapter 9.1 --- Application Scenarios --- p.75Chapter 9.1.1 --- Citizen Level Access Right --- p.75Chapter 9.1.2 --- Access Means Based Authorisation --- p.76Chapter 9.1.3 --- Access Right Based on Combination of User and Consumer Identity --- p.77Chapter 9.1.4 --- Legislation Based Access Right --- p.78Chapter 9.1.5 --- Joined-up Government --- p.79Chapter 10 --- Conclusion and Future Directions --- p.81References --- p.8

Enforcement of entailment constraints in distributed service-based business processes

Abstract Context: A distributed business process is executed in a distributed computing environment. The service-oriented architecture (SOA) paradigm is a popular option for the integration of software services and execution of distributed business processes. Entailment constraints, such as mutual exclusion and binding constraints, are important means to control process execution. Mutually exclusive tasks result from the division of powerful rights and responsibilities to prevent fraud and abuse. In contrast, binding constraints define that a subject who performed one task must also perform the corresponding bound task(s). Objective: We aim to provide a model-driven approach for the specification and enforcement of task-based entailment constraints in distributed servicebased business processes. Method: Based on a generic metamodel, we define a domain-specific language (DSL) that maps the different modeling-level artifacts to the implementation-level. The DSL integrates elements from role-based access control (RBAC) with the tasks that are performed in a business process. Process definitions are annotated using the DSL, and our software platform uses automated model transformations to produce executable WS-BPEL specifications which enforce the entailment constraints. We evaluate the impact of constraint enforcement on runtime performance for five selected service-based processes from existing literature. Results: Our evaluation demonstrates that the approach correctly enforces task-based entailment constraints at runtime. The performance experiments illustrate that the runtime enforcement operates with an overhead that scales well up to the order of several ten thousand logged invocations. Using our DSL annotations, the user-defined process definition remains declarative and clean of security enforcement code. Conclusion: Our approach decouples the concerns of (non-technical) domain experts from technical details of entailment constraint enforcement. The developed framework integrates seamlessly with WS-BPEL and the Web services technology stack. Our prototype implementation shows the feasibility of the approach, and the evaluation points to future work and further performance optimizations

SECURITY POLICY ENFORCEMENT IN APPLICATION ENVIRONMENTS USING DISTRIBUTED SCRIPT-BASED CONTROL STRUCTURES

Business processes involving several partners in different organisations impose demanding requirements on procedures for specification, execution and maintenance. A framework referred to as business process management (BPM) has evolved for this purpose over the last ten years. Other approaches, such as service-oriented architecture (SOA) or the concept of virtual organisations (VOs), assist in the definition of architectures and procedures for modelling and execution of so-called collaborative business processes (CBPs). Methods for the specification of business processes play a central role in this context, and, several standards have emerged for this purpose. Among these, Web Services Business Process Execution Language (WS-BPEL, usually abbreviated BPEL) has evolved to become the de facto standard for business process definition. As such, this language has been selected as the foundation for the research in this thesis. Having a broadly accepted standard would principally allow the specification of business processes in a platform-independent manner, including the capability to specify them at one location and have them executed at others (possibly spread across different organisations). Though technically feasible, this approach has significant security implications, particularly on the side that is to execute a process. The research project focused upon these security issues arising when business processes are specified and executed in a distributed manner. The central goal has been the development of methods to cope with the security issues arising when BPEL as a standard is deployed in such a way exploiting the significant aspect of a standard to be platform-independent The research devised novel methods for specifying security policies in such a manner that the assessment of compliance with these policies is greatly facilitated such that the assessment becomes suited to be performed automatically. An analysis of the securityrelevant semantics of BPEL as a specification language was conducted that resulted in the identification of so-called security-relevant semantic patterns. Based on these results, methods to specify security policy-implied restrictions in terms of such semantic patterns and to assess the compliance of BPEL scripts with these policies have been developed. These methods are particularly suited for assessment of remotely defined BPEL scripts since they allow for pre-execution enforcement of local security policies thereby mitigating or even removing the security implications involved in distributed definition and execution of business processes. As initially envisaged, these methods are comparatively easy to apply, as they are based on technologies customary for practitioners in this field. The viability of the methods proposed for automatic compliance assessment has been proven via a prototypic implementation of the essential functionality required for proof-of-concept.Darmstadt Node of the NRG Network at University of Applied Sciences Darmstad

Digital rights management for electronic documents

Ph.DDOCTOR OF PHILOSOPH

Information Sharing Solutions for Nato Headquarters

NATO is an Alliance of 26 nations that operates on a consensus basis, not a majority basis. Thorough and timely information exchange between nations is fundamental to the Business Process. Current technology and practices at NATO HQ are inadequate to meet modern-day requirements despite the availability of demonstrated and accredited Cross-Domain technology solutions. This lack of integration between networks is getting more complicated with time, as nations continue to invest in IT and ignore the requirements for inter-networked gateways. This contributes to inefficiencies, fostering an atmosphere where shortcuts are taken in order to get the job done. The author recommends that NATO HQ should improve its presence on the Internet, building on the desired tenets of availability and security

Security Policies That Make Sense for Complex Systems: Comprehensible Formalism for the System Consumer

Information Systems today rarely are contained within a single user workstation, server, or networked environment. Data can be transparently accessed from any location, and maintained across various network infrastructures. Cloud computing paradigms commoditize the hardware and software environments and allow an enterprise to lease computing resources by the hour, minute, or number of instances required to complete a processing task. An access control policy mediates access requests between authorized users of an information system and the system\u27s resources. Access control policies are defined at any given level of abstraction, such as the file, directory, system, or network, and can be instantiated in layers of increasing (or decreasing) abstraction. For the system end-user, the functional allocation of security policy to discrete system components, or subsystems, may be too complex for comprehension. In this dissertation, the concept of a metapolicy, or policy that governs execution of subordinate security policies, is introduced. From the user\u27s perspective, the metapolicy provides the rules for system governance that are functionally applied across the system\u27s components for policy enforcement. The metapolicy provides a method to communicate updated higher-level policy information to all components of a system; it minimizes the overhead associated with access control decisions by making access decisions at the highest level possible in the policy hierarchy. Formal definitions of policy often involve mathematical proof, formal logic, or set theoretic notation. Such policy definitions may be beyond the capability of a system user who simply wants to control information sharing. For thousands of years, mankind has used narrative and storytelling as a way to convey knowledge. This dissertation discusses how the concepts of storytelling can be embodied in computational narrative and used as a top-level requirements specification. The definition of metapolicy is further discussed, as is the relationship between the metapolicy and various access control mechanisms. The use of storytelling to derive the metapolicy and its applicability to formal requirements definition is discussed. The author\u27s hypothesis on the use of narrative to explain security policy to the system user is validated through the use of a series of survey instruments. The survey instrument applies either a traditional requirements specification language or a brief narrative to describe a security policy and asks the subject to interpret the statements. The results of this research are promising and reflect a synthesis of the disciplines of neuroscience, security, and formal methods to present a potentially more comprehensible knowledge representation of security policy

Content sensitivity based access control model for big data

Big data technologies have seen tremendous growth in recent years. They are being widely used in both industry and academia. In spite of such exponential growth, these technologies lack adequate measures to protect the data from misuse or abuse. Corporations that collect data from multiple sources are at risk of liabilities due to exposure of sensitive information. In the current implementation of Hadoop, only file level access control is feasible. Providing users, the ability to access data based on attributes in a dataset or based on their role is complicated due to the sheer volume and multiple formats (structured, unstructured and semi-structured) of data. In this dissertation an access control framework, which enforces access control policies dynamically based on the sensitivity of the data is proposed. This framework enforces access control policies by harnessing the data context, usage patterns and information sensitivity. Information sensitivity changes over time with the addition and removal of datasets, which can lead to modifications in the access control decisions and the proposed framework accommodates these changes. The proposed framework is automated to a large extent and requires minimal user intervention. The experimental results show that the proposed framework is capable of enforcing access control policies on non-multimedia datasets with minimal overhea