40,777 research outputs found
Recommended from our members
Immigration: Visa Security Policies
[Excerpt] The report opens with an overview of visa issuance policy. It then explains the key provisions that guide the documentary requirements and approval/disapproval process. The section on consular screening procedures includes an analysis of trends over time in denying visas. Visa revocation, a reoccurring issue of concern to Congress, and the visa security program are discussed as well
SPAN security policies and guidelines
A guide is provided to system security with emphasis on requirements and guidelines that are necessary to maintain an acceptable level of security on the network. To have security for the network, each node on the network must be secure. Therefore, each system manager, must strictly adhere to the requirements and must consider implementing the guidelines discussed. There are areas of vulnerability within the operating system that may not be addressed. However, when a requirement or guideline is discussed, implementation techniques are included. Information related to computer and data security is discussed to provide information on implementation options. The information is presented as it relates to a VAX computer environment
Directed Security Policies: A Stateful Network Implementation
Large systems are commonly internetworked. A security policy describes the
communication relationship between the networked entities. The security policy
defines rules, for example that A can connect to B, which results in a directed
graph. However, this policy is often implemented in the network, for example by
firewalls, such that A can establish a connection to B and all packets
belonging to established connections are allowed. This stateful implementation
is usually required for the network's functionality, but it introduces the
backflow from B to A, which might contradict the security policy. We derive
compliance criteria for a policy and its stateful implementation. In
particular, we provide a criterion to verify the lack of side effects in linear
time. Algorithms to automatically construct a stateful implementation of
security policy rules are presented, which narrows the gap between
formalization and real-world implementation. The solution scales to large
networks, which is confirmed by a large real-world case study. Its correctness
is guaranteed by the Isabelle/HOL theorem prover.Comment: In Proceedings ESSS 2014, arXiv:1405.055
ESPOON: Enforcing Encrypted Security Policies in Outsourced Environments
The enforcement of security policies in outsourced environments is still an
open challenge for policy-based systems. On the one hand, taking the
appropriate security decision requires access to the policies. However, if such
access is allowed in an untrusted environment then confidential information
might be leaked by the policies. Current solutions are based on cryptographic
operations that embed security policies with the security mechanism. Therefore,
the enforcement of such policies is performed by allowing the authorised
parties to access the appropriate keys. We believe that such solutions are far
too rigid because they strictly intertwine authorisation policies with the
enforcing mechanism.
In this paper, we want to address the issue of enforcing security policies in
an untrusted environment while protecting the policy confidentiality. Our
solution ESPOON is aiming at providing a clear separation between security
policies and the enforcement mechanism. However, the enforcement mechanism
should learn as less as possible about both the policies and the requester
attributes.Comment: The final version of this paper has been published at ARES 201
An Economic Analysis of Security Policies
This paper analyses public policy choices in the security economy from an economic perspective. It discusses the role of public goods for national and global security and identifies the importance of the first- and second-order indirect effects of insecurity on economic activity, which include the behavioural responses of agents and the government to security measures, akin to such effects in insurance economics. Furthermore, key public policy trade-offs are outlined, in particular between security and efficiency, globalisation, equity and freedom. The analysis identifies suitable policy options for raising security in the national and international contexts and in view of these trade-offs. A suitable balance between market and non-market instruments in achieving security should be aimed for to minimise the adverse effects of aiming for higher security. In addition, the public good nature of security implies that international coordination of security policies is important, despite this process being itself fraught with enforcement problems.Collective goods; Public policy; Regulation; Risk; Security; Terrorism
ESPOON: Enforcing Security Policies In Outsourced Environments
Data outsourcing is a growing business model offering services to individuals
and enterprises for processing and storing a huge amount of data. It is not
only economical but also promises higher availability, scalability, and more
effective quality of service than in-house solutions. Despite all its benefits,
data outsourcing raises serious security concerns for preserving data
confidentiality. There are solutions for preserving confidentiality of data
while supporting search on the data stored in outsourced environments. However,
such solutions do not support access policies to regulate access to a
particular subset of the stored data.
For complex user management, large enterprises employ Role-Based Access
Controls (RBAC) models for making access decisions based on the role in which a
user is active in. However, RBAC models cannot be deployed in outsourced
environments as they rely on trusted infrastructure in order to regulate access
to the data. The deployment of RBAC models may reveal private information about
sensitive data they aim to protect. In this paper, we aim at filling this gap
by proposing \textbf{} for enforcing RBAC policies in
outsourced environments. enforces RBAC policies in an
encrypted manner where a curious service provider may learn a very limited
information about RBAC policies. We have implemented
and provided its performance evaluation showing a limited overhead, thus
confirming viability of our approach.Comment: The final version of this paper has been accepted for publication in
Elsevier Computers & Security 2013. arXiv admin note: text overlap with
arXiv:1306.482
- …