11,551 research outputs found
Combining behavioural types with security analysis
Today's software systems are highly distributed and interconnected, and they
increasingly rely on communication to achieve their goals; due to their
societal importance, security and trustworthiness are crucial aspects for the
correctness of these systems. Behavioural types, which extend data types by
describing also the structured behaviour of programs, are a widely studied
approach to the enforcement of correctness properties in communicating systems.
This paper offers a unified overview of proposals based on behavioural types
which are aimed at the analysis of security properties
Trust realisation in multi-domain collaborative environments
In the Internet-age, the geographical boundaries that have previously impinged upon inter-organisational collaborations have become decreasingly important. Of more importance for such collaborations is the notion and subsequent nature of trust - this is especially so in Grid-like environments where resources are both made available and subsequently accessed and used by remote users from a multitude of institutions with a variety of different privileges spanning across the collaborating resources. In this context, the ability to dynamically negotiate and subsequently enforce security policies driven by various levels of inter-organisational trust is essential. In this paper we present a dynamic trust negotiation (DTN) model and associated prototype implementation showing the benefits and limitations DTN incurs in supporting n-tier delegation hops needed for trust realisation in multi-domain collaborative environments
Leveraging Semantic Web Technologies for Managing Resources in a Multi-Domain Infrastructure-as-a-Service Environment
This paper reports on experience with using semantically-enabled network
resource models to construct an operational multi-domain networked
infrastructure-as-a-service (NIaaS) testbed called ExoGENI, recently funded
through NSF's GENI project. A defining property of NIaaS is the deep
integration of network provisioning functions alongside the more common storage
and computation provisioning functions. Resource provider topologies and user
requests can be described using network resource models with common base
classes for fundamental cyber-resources (links, nodes, interfaces) specialized
via virtualization and adaptations between networking layers to specific
technologies.
This problem space gives rise to a number of application areas where semantic
web technologies become highly useful - common information models and resource
class hierarchies simplify resource descriptions from multiple providers,
pathfinding and topology embedding algorithms rely on query abstractions as
building blocks.
The paper describes how the semantic resource description models enable
ExoGENI to autonomously instantiate on-demand virtual topologies of virtual
machines provisioned from cloud providers and are linked by on-demand virtual
connections acquired from multiple autonomous network providers to serve a
variety of applications ranging from distributed system experiments to
high-performance computing
CamFlow: Managed Data-sharing for Cloud Services
A model of cloud services is emerging whereby a few trusted providers manage
the underlying hardware and communications whereas many companies build on this
infrastructure to offer higher level, cloud-hosted PaaS services and/or SaaS
applications. From the start, strong isolation between cloud tenants was seen
to be of paramount importance, provided first by virtual machines (VM) and
later by containers, which share the operating system (OS) kernel. Increasingly
it is the case that applications also require facilities to effect isolation
and protection of data managed by those applications. They also require
flexible data sharing with other applications, often across the traditional
cloud-isolation boundaries; for example, when government provides many related
services for its citizens on a common platform. Similar considerations apply to
the end-users of applications. But in particular, the incorporation of cloud
services within `Internet of Things' architectures is driving the requirements
for both protection and cross-application data sharing.
These concerns relate to the management of data. Traditional access control
is application and principal/role specific, applied at policy enforcement
points, after which there is no subsequent control over where data flows; a
crucial issue once data has left its owner's control by cloud-hosted
applications and within cloud-services. Information Flow Control (IFC), in
addition, offers system-wide, end-to-end, flow control based on the properties
of the data. We discuss the potential of cloud-deployed IFC for enforcing
owners' dataflow policy with regard to protection and sharing, as well as
safeguarding against malicious or buggy software. In addition, the audit log
associated with IFC provides transparency, giving configurable system-wide
visibility over data flows. [...]Comment: 14 pages, 8 figure
Fiscal rules and discretion under persistent shocks
This paper studies the optimal level of discretion in policymaking. We consider a fiscal policy model where the government has time-inconsistent preferences with a present-bias towards public spending. The government chooses a fiscal rule to trade off its desire to commit to not overspend against its desire to have flexibility to react to privately observed shocks to the value of spending. We analyze the optimal fiscal rule when the shocks are persistent. Unlike under i.i.d: shocks, we show that the ex-ante optimal rule is not sequentially optimal, as it provides dynamic incentives. The ex-ante optimal rule exhibits history dependence, with high shocks leading to an erosion of future fiscal discipline compared to low shocks, which lead to the reinstatement of discipline. The implied policy distortions oscillate over time given a sequence of high shocks, and can force the government to accumulate maximal debt and become immiserated in the long run
A Distributed Calculus for Role-Based Access Control
Role-based access control (RBAC) is increasingly attracting attention because it reduces the complexity and cost of security administration by interposing the notion of role in the assignment of permissions to users. In this paper, we present a formal framework relying on an extension of the π calculus to study the behavior of concurrent systems in a RBAC scenario. We define a type system ensuring that the specified policy is respected during computations, and a bisimulation to equate systems. The theory is then applied to three meaningful examples, namely finding the ‘minimal’ policy to run a given system, refining a system to be run under a given policy (whenever possible), and minimizing the number of users in a given system without changing the overall behavior
- …