Extended role-based access control model for enterprise systems and web services

This thesis intends to develop application-level access control models to address several major security issues in enterprise environments. The first goal is to provide simple and efficient authorization specifications to reduce the complexity of security management. The second goal is to provide dynamic access control for Web service applications. The third goal is to provide an access control framework for Semantic Web services. In this thesis, an Authorization-Function-Based Role-based Access Control (FB-RBAC) model is proposed for controlling enterprise systems at the application level. The unique features of the proposed model are authorization-function-based access control and constraint-based finegrained access control. This model significantly simplifies the management of an access control system by adopting roles and authorization-functions in authorization specifications. An extension of FB-RBAC, Extended FB-RBAC (ERBAC), is applied to Web service applications. New features such as credential-based access control and dynamic role assignment are added to FB-RBAC in order to address user heterogeneity and dynamicity in the Web environment. The proposed ERBAC model is then extended to support Semantic Web services. Each component of the ERBAC model is described by security ontologies. These correlated security ontologies are integrated with Semantic Web services to form a complete ontology network. Ontology-based role assignment is facilitated so that security information can be queries and discovered through a network of ontologies

WSACT : a model for Web Services access control incorporating trust

Today, organisations that seek a competitive advantage are adopting virtual infrastructures that share and manage computing resources. The trend is towards implementing collaborating applications that are supported by web services technology. Even though web services technology is rapidly becoming a fundamental development paradigm, adequate security constitutes the main concern and obstacle to its adoption as an industry solution. An important issue to address is the development of suitable access control models that are able to not only restrict access to unauthorised users, but also to discriminate between users that originate from different collaborating parties. In web services environments, access control is required to cross the borders of security domains, in order to be implemented between heterogeneous systems. Traditional access control systems that are identity-based do not provide a solution, as web services providers have to deal with unknown users, manage a large user population, collaborate with others and at the same time be autonomous of nature. Previous research has pointed towards the adoption of attribute-based access control as a means to address some of these problems. This approach is still not adequate, as the trustworthiness of web services requestors cannot be determined. Trust in web services requestors is thus an important requirement to address. For this reason, the thesis investigated trust, as to promote the inclusion of trust in the web services access control model. A cognitive approach to trust computation was followed that addressed uncertain and imprecise information by means of fuzzy logic techniques. A web services trust formation framework was defined that aims to populate trust concepts by means of automated, machine-based trust assessments. The structure between trust concepts was made explicit by means of a trust taxonomy. This thesis presents the WSACT – or the Web Services Access Control incorporating Trust –model. The model incorporates traditional role-based access control, the trust levels of web services requestors and the attributes of users into one model. This allows web services providers to grant advanced access to the users of trusted web services requestors, in contrast to the limited access that is given to users who make requests through web services requestors with whom a minimal level of trust has been established. Such flexibility gives a web services provider the ability to foster meaningful business relationships with others, which portrays humanistic forms of trust. The WSACT architecture describes the interacting roles of an authorisation interface, authorisation manager and trust manager. A prototype finally illustrates that the incorporation of trust is a viable solution to the problem of web services access control when decisions of an autonomous nature are to be made.Thesis (PhD (Computer Science))--University of Pretoria, 2008.Computer Scienceunrestricte

Pivotal Deterrence and United States Security Policy in the Taiwan Strait

This dissertation presents a model of pivotal deterrence—a version the author loosely terms holistic pivotal deterrence—based on the model originally presented in Crawford\u27s Pivotal Deterrence: Third-Party Statecraft and the Pursuit of Peace, and applies it to a regional case study of U.S. security policy in the Taiwan Strait; placing particular emphasis on the crisis junctures of 1954-55, 1958, 1962, and 1995-96. By contrasting this with other models of deterrence, it provides an alternative perspective with which to consider the empirical data on the United States-China-Taiwan relationship and developments in the Strait. By viewing the data through this lens, this research presents an assessment as to the validity of the holistic pivotal deterrence model in preventing an escalation in conflict, and also tests four hypotheses: (H1) If either China or Taiwan had wished to engage in behavior contrary to the interests of the United States, they would have been more likely to do so if the United States had insured them against the risks of that behavior. (H2) Deterrence was more likely to succeed when China\u27s and Taiwan\u27s alignment options were scarce. (H3) With the United States as a preponderant-power pivot, holistic pivotal deterrence was more likely to be applicable when interests in the Strait were secondary. (H4) Holistic pivotal deterrence was likely to succeed when China and Taiwan each wanted to get or keep what benefits the United States could give or take away more than what they wanted to take from their rival. The first two hypotheses reflect Crawford\u27s original model, addressing the roles of insurance and alignment options. The third hypothesis contradicts the original model\u27s views on the role of interests, and the fourth hypothesis goes beyond the original model—which focuses on elements of military power as a primary factor—to incorporate the role and effect of non-military power. By examining these hypotheses in the full context of the political, military, social, and economic dynamics present in the Strait throughout the second half of the 20th century, this research identifies the strengths, weaknesses, and conditional factors of this modified pivotal deterrence model

A Logic-Based Framework for Web Access Control Policies

With the widespread use of web services, there is a need for adequate security and privacy support to protect the sensitive information these services could provide. As a result, there has been a great interest in access control policy languages which accommodate large, open, distributed and heterogeneous environments like the Web. XACML has emerged as a popular access control language, but because of its rich expressiveness and informal semantics, it suffers from a) a lack of understanding of its formal properties, and b) a lack of automated, compile-time services that can detect errors in expressive, distributed and heterogeneous policies. In this dissertation, I present a logic-based framework for XACML that addresses the above issues. One component of the framework is a Datalog-based mapping for XACML v3.0 that provides a theoretical foundation for the language, namely: a concise logic-based semantics and complexity results for full XACML and various fragments. Additionally, my mapping discovers close relationships between XACML and other logic based languages such as the Flexible Authorization Framework. The second component of this framework provides a practical foundation for static analysis of expressive XACML policies. The analysis services detect semantic errors or differences between policies before they are deployed. To provide these services, I present a mapping from XACML to the Web Ontology Language (OWL), which is the standardized language for representing the semantics of information on the Web. In particular, I focus on the OWL-DL sub-language, which is a logic-based fragment of OWL. Finally, to demonstrate the practicality of using OWL-DL reasoners as policy analyzers, I have implemented an OWL-based XACML analyzer and performed extensive empirical evaluation using both real world and synthetic policy sets

Trust negotiation policy management for service-oriented applications

Service-oriented architectures (SOA), and in particular Web services, have quickly become a popular technology to connect applications both within and across enterprise boundaries. However, as services are increasingly used to implement critical functionality, security has become an important concern impeding the widespread adoption of SOA. Trust negotiation is an approach to access control that may be applied in scenarios where service requesters are often unknown in advance, such as for services available via the public Internet. Rather than relying on requesters' identities, trust negotiation makes access decisions based on the level of trust established between the requester and the provider in a negotiation, during which the parties exchange credentials, which are signed assertions that describe some attributes of the owner. However, managing the evolution of trust negotiation policies is a difficult problem that has not been sufficiently addressed to date. Access control policies have a lifecycle, and they are revised based on applicable business policies. Additionally, because a trust relationship established in a trust negotiation may be long lasting, their evolution must also be managed. Simply allowing a negotiation to continue according to an old policy may be undesirable, especially if new important constraints have been added. In this thesis, we introduce a model-driven trust negotiation framework for service-oriented applications. The framework employs a model for trust negotiation, based on state machines, that allows automated generation of the control structures necessary to enforce trust negotiation policies from the visual model of the policy. Our policy model also supports lifecycle management. We provide sets of operations to modify policies and to manage ongoing negotiations, and operators for identifying and managing impacts of changes to trust negotiation policies on ongoing trust negotiations. The framework presented in the thesis has been implemented in the Trust-Serv prototype, which leverages industry specifications such as WS-Security and WS-Trust to offer a container-centric mechanism for deploying trust negotiation that is transparent to the services being protected

Foreign Policy Evaluation and the Utility of Intervention

This dissertation identifies and explains the factors contributing to the presence and severity of U.S. foreign-policy blunders, or gross errors in strategic judgment resulting in significant harm to the national interest, since the Second World War. It hypothesizes that the grand strategy of preponderance and the overestimation of military power to transform the politics of other states have precipitated U.S. foreign-policy blunders since 1945. Examining the Vietnam War and Iraq War as case studies, it focuses on underlying conditions in the American national identity and the problematic foreign policy decision-making (FPDM) that corresponds to this bifurcated hypothesis, termed the overestimation/preponderance theoretical model (OPM). Four indicators operationalize the OPM: (1) how U.S. foreign policymakers estimated the capacity of military power to transform the political dynamics of the target state through intervention; (2) and (3) how U.S. actors and institutions affected the capacity of the partner state and hostile state and nonstate actors; and (4) how the foreign policy was justified and rationalized within the leadership of government and to the general public as it encountered disconfirming information. In each case, the grand strategy of preponderance instituted a bounded rationality of mission in the FPDM stage and the operationalization stage that precluded the inclusion of an unfavorable outcome. In each case, U.S. foreign policymakers greatly overestimated the capacity of the partner state to establish security and legitimacy and underestimated the capacity of hostile actors to mobilize and threaten the partner state. However, these preference-confirmation biases diametrically contradicted the assessment that victory would be easy to achieve; U.S. foreign policymakers promulgated this corresponding overestimation/underestimation even while inflating the threat far beyond what the actual threat to the national-security element of the national interest represented. The subsequent implementing of this inverted calculation created a national-security national interest where none was extant, then significantly harmed that new interest via intervention. This tactical application of the grand strategy of preponderance facilitated the strategic-tactical gap in U.S. foreign policy by creating monsters in order to have monsters to slay, consistent with the ideological tradition of the imperative of crusade in the modern history of American foreign relations

Military Activities in the EEZ: A U.S.-China Dialogue on Security and International Law in the Maritime Commons

On the wall in the entranceway to the personal offices of the Commander, Pacific Fleet, there hangs prominently displayed a life-size portrait of Adm. Chester William Nimitz, the legendary architect of the American naval victory in the Pacific sixty-five years ago. The painting is specially lit, giving the admiral\u27s thoughtful gaze a lifelike glow as if he were present, judging the decisions and actions of his successors in command as these officers find means to preserve regional peace and guard American interests. In the painting\u27s background are the objects of naval war, standing as striking reminders of the heavy price in American blood and treasure paid for the nearly three generations since then during which the Pacific Ocean has been an American lake. It has been this freedom from serious threat that has provided room for American strategic and operational maneuver during the Korean conflict, the Vietnam War, and the Cold War, that has afforded an avenue for the movement of forces during conflicts in Iraq and Afghanistan, the capacity to deter conflict in East Asia, the access needed to assure the security of allies and partners, and the ability to provide support to populations devastated by disaster.https://digital-commons.usnwc.edu/cmsi-red-books/1006/thumbnail.jp