3,064 research outputs found

    Privacy in an Ambient World

    Get PDF
    Privacy is a prime concern in today's information society. To protect\ud the privacy of individuals, enterprises must follow certain privacy practices, while\ud collecting or processing personal data. In this chapter we look at the setting where an\ud enterprise collects private data on its website, processes it inside the enterprise and\ud shares it with partner enterprises. In particular, we analyse three different privacy\ud systems that can be used in the different stages of this lifecycle. One of them is the\ud Audit Logic, recently introduced, which can be used to keep data private when it\ud travels across enterprise boundaries. We conclude with an analysis of the features\ud and shortcomings of these systems

    Formalisation and Implementation of the XACML Access Control Mechanism

    Get PDF
    We propose a formal account of XACML, an OASIS standard adhering to the Policy Based Access Control model for the specifica- tion and enforcement of access control policies. To clarify all ambiguous and intricate aspects of XACML, we provide it with a more manageable alternative syntax and with a solid semantic ground. This lays the basis for developing tools and methodologies which allow software engineers to easily and precisely regulate access to resources using policies. To demonstrate feasibility and effectiveness of our approach, we provide a software tool, supporting the specification and evaluation of policies and access requests, whose implementation fully relies on our formal development

    Towards Model-Driven Development of Access Control Policies for Web Applications

    Get PDF
    We introduce a UML-based notation for graphically modeling systems’ security aspects in a simple and intuitive way and a model-driven process that transforms graphical specifications of access control policies in XACML. These XACML policies are then translated in FACPL, a policy language with a formal semantics, and the resulting policies are evaluated by means of a Java-based software tool

    Publication of XML documents without Information Leakage with data inference

    Get PDF
    Recent applications are using an increasing need that publishing XML documents should meet precise security requirements. In this paper, we are considering data publishing applications where the publisher specifies what information is more sensitive and should be protected from outside world user. We show that if a given document is published carelessly then users can use common knowledge to guess any information. The goal here is to protect such information in the presence of data inference with common knowledge. The most important feature of XML formatting is it allows for adding schema declarations with integrity constraints to instance data and allow composing individual pieces of data in a tree-like fashion in which a link from a parent node to a sub tree carries some ontological information about the relationship between individual pieces of data This system work as inference problem in XML documents consists of potentially secrets and important information. Our work gives solution for this problem by providing the control mechanism for enforcing inference usability of XML document. Output of our work is again a XML document that is under their inference capabilities which neither contain nor imply any confidential information and it is indistinguishable from the actual XML document. In the proposed work it produced the weaken document which takes the consideration of inference capabilities and according to this modifies there schemas and produce inference proof documents. DOI: 10.17762/ijritcc2321-8169.15077

    Specifying Access Policies for Secure Content Dissemination of XML: A Technique Inspired by DNA Cryptography

    Get PDF
    SOA helps to provide business agility by configuring entities to maximize loose coupling and reuse. XML is the most relevant means to provide interoperatablity among various entities. When in network, a XML file can be prone to hacking and unauthorized access, thus data integrity and confidentiality are the important issues of communication. Secure dissemination of an XML file is one of the techniques to ensure data integrity and confidentiality. This paper presents a secure dissemination technique such that extraneous data not meant for a legitimate consumer is inaccessible, there will be no information leak. The technique applies DNA cryptography due to its feature of compactness and simplicity. The technique encrypts the data and hides it in a garbage file; such that only legitimate consumer can see only the subscribed amount of data according to the access policies using the restriction enzymes. The paper also presents multicast dissemination interface that implements the proposed technique at the server level. The interface is built dynamically and asynchronously using a publish–subscribe methodology. The results indicate that the proposed technique not only satisfies the requirement specification of secure dissemination, but also points out its robustness in terms of time required to break the key. The technique is computationally secure as the time to crack the key is quite long and increases with increase in key length.</p

    The RAppArmor Package: Enforcing Security Policies in R Using Dynamic Sandboxing on Linux

    Get PDF
    The increasing availability of cloud computing and scientific super computers brings great potential for making R accessible through public or shared resources. This allows us to efficiently run code requiring lots of cycles and memory, or embed R functionality into, e.g., systems and web services. However some important security concerns need to be addressed before this can be put in production. The prime use case in the design of R has always been a single statistician running R on the local machine through the interactive console. Therefore the execution environment of R is entirely unrestricted, which could result in malicious behavior or excessive use of hardware resources in a shared environment. Properly securing an R process turns out to be a complex problem. We describe various approaches and illustrate potential issues using some of our personal experiences in hosting public web services. Finally we introduce the RAppArmor package: a Linux based reference implementation for dynamic sandboxing in R on the level of the operating system

    Composing Systemic Aspects into Component-Oriented DOC Middleware

    Get PDF
    The advent and maturation of component-based middleware frameworks have sim-pliïŹed the development of large-scale distributed applications by separating system devel-opment and conïŹguration concerns into different aspects that can be speciïŹed and com-posed at various stages of the application development lifecycle. Conventional component middleware technologies, such as J2EE [73] and .NET [34], were designed to meet the quality of service (QoS) requirements of enterprise applications, which focus largely on scalability and reliability. Therefore, conventional component middleware speciïŹcations and implementations are not well suited for distributed real-time and embedded (DRE) ap-plications with more stringent QoS requirements, such as low latency/jitter, timeliness, and online fault recovery. In the DRE system development community, a new generation of enhanced commercial off-the-shelf (COTS) middleware, such as Real-time CORBA 1.0 (RT-CORBA)[39], is increasingly gaining acceptance as (1) the cost and time required to develop and verify DRE applications precludes developers from implementing complex DRE applications from scratch and (2) implementations of standard COTS middleware specifications mature and encompass key QoS properties needed by DRE systems. However, although COTS middleware standardizes mechanisms to configure and control underlying OS support for an application’s QoS requirements, it does not yet provide sufficient abstractions to separate QoS policy configurations such as real-time performance requirements, from application functionality. Developers are therefore forced to configure QoS policies in an ad hoc way, and the code to configure these policies is often scattered throughout and tangled with other parts of a DRE system. As a result, it is hard for developers to configure, validate, modify, and evolve complex DRE systems consistently. It is therefore necessary to create a new generation of QoS-enabled component middleware that provides more comprehensive support for addressing QoS-related concerns modularly, so that they can be introduced and configured as separate systemic aspects. By analyzing and identifying the limitations of applying conventional middleware technologies for DRE applications, this dissertation presents a new design and its associated techniques for enhancing conventional component-oriented middleware to provide programmability of DRE relevant real-time QoS concerns. This design is realized in an implementation of the standard CORBA Component Model (CCM) [38], called the Component-Integrated ACE ORB (CIAO). This dissertation also presents both architectural analysis and empirical results that demonstrate the effectiveness of this approach. This dissertation provides three contributions to the state of the art in composing systemic behaviors into component middleware frameworks. First, it illustrates how component middleware can simplify development and evolution of DRE applications while ensuring stringent QoS requirements by composing systemic QoS aspects. Second, it contributes to the design and implementation of QoS-enabled CCM by analyzing and documenting how systemic behaviors can be composed into component middleware. Finally, it presents empirical and analytical results to demonstrate the effectiveness and the advantage of composing systemic behaviors in component middleware. The work in this dissertation has a broader impact beyond the CCM in which it was developed, as it can be applied to other component-base middleware technologies which wish to support DRE applications
    • 

    corecore