The POLIPO Security Framework

Systems of systems are dynamic coalitions of distributed, autonomous and heterogeneous systems that collaborate to achieve a common goal. While offering several advantages in terms of scalability and flexibility, the systems of systems paradigm has a significant impact on systems interoperability and on the security requirements of the collaborating systems. In this chapter we introduce POLIPO, a security framework that protects the information exchanged among the systems in a system of systems, while preserving systems’ autonomy and interoperability. Information is protected from unauthorized access and improper modification by combining context-aware access control with trust management. Autonomy and interoperability are enabled by the use of ontology-based services. More precisely, each authority may refer to different ontologies to define the semantics of the terms used in the security policy of the system it governs and to describe domain knowledge and context information. A semantic alignment technique is then employed to map concepts from different ontologies and align the systems’ vocabularies. We demonstrate the applicability of our solution with a prototype implementation of the framework for a scenario in the maritime safety and security domain

Privacy Data Decomposition and Discretization Method for SaaS Services

In cloud computing, user functional requirements are satisfied through service composition. However, due to the process of interaction and sharing among SaaS services, user privacy data tends to be illegally disclosed to the service participants. In this paper, we propose a privacy data decomposition and discretization method for SaaS services. First, according to logic between the data, we classify the privacy data into discrete privacy data and continuous privacy data. Next, in order to protect the user privacy information, continuous data chains are decomposed into discrete data chain, and discrete data chains are prevented from being synthesized into continuous data chains. Finally, we propose a protection framework for privacy data and demonstrate its correctness and feasibility with experiments

Trust negotiation policy management for service-oriented applications

Service-oriented architectures (SOA), and in particular Web services, have quickly become a popular technology to connect applications both within and across enterprise boundaries. However, as services are increasingly used to implement critical functionality, security has become an important concern impeding the widespread adoption of SOA. Trust negotiation is an approach to access control that may be applied in scenarios where service requesters are often unknown in advance, such as for services available via the public Internet. Rather than relying on requesters' identities, trust negotiation makes access decisions based on the level of trust established between the requester and the provider in a negotiation, during which the parties exchange credentials, which are signed assertions that describe some attributes of the owner. However, managing the evolution of trust negotiation policies is a difficult problem that has not been sufficiently addressed to date. Access control policies have a lifecycle, and they are revised based on applicable business policies. Additionally, because a trust relationship established in a trust negotiation may be long lasting, their evolution must also be managed. Simply allowing a negotiation to continue according to an old policy may be undesirable, especially if new important constraints have been added. In this thesis, we introduce a model-driven trust negotiation framework for service-oriented applications. The framework employs a model for trust negotiation, based on state machines, that allows automated generation of the control structures necessary to enforce trust negotiation policies from the visual model of the policy. Our policy model also supports lifecycle management. We provide sets of operations to modify policies and to manage ongoing negotiations, and operators for identifying and managing impacts of changes to trust negotiation policies on ongoing trust negotiations. The framework presented in the thesis has been implemented in the Trust-Serv prototype, which leverages industry specifications such as WS-Security and WS-Trust to offer a container-centric mechanism for deploying trust negotiation that is transparent to the services being protected

Research Article Novel Security Conscious Evaluation Criteria for Web Service Composition

Abstract: This study aims to present a new mathematical based evaluation method for service composition with respects to security aspects. Web service composition as complex problem solver in service computing has become one of the recent challenging issues in today's web environment. It makes a new added value service through combination of available basic services to address the problem requirements. Despite the importance of service composition in service computing, security issues have not been addressed in this area. Considering the dazzling growth of number of service based transactions, making a secure composite service from candidate services with different security concerns is a demanding task. To deal with this challenge, different techniques have been employed which have direct impacts on secure service composition efficiency. Nonetheless, little work has been dedicated to deeply investigate those impacts on service composition outperformance. Therefore, the focus of this study is to evaluate the existing approaches based on their applied techniques and QoS aspects. A mathematicalbased security-aware evaluation framework is proposed wherein Analytic Hierarchy Process (AHP), a multiple criteria decision making technique, is adopted. The proposed framework is tested on state-of-the-art approaches and the statistical analysis of the results presents the efficiency and correctness of the proposed work

Spatiotemporal readiness is key to preparing regenerative medicine for the clinic

Copyright © 2021 The Author(s). Successful translation of regenerative medicine projects to the clinic requires attention to the complex interaction of spatial and timing issues from manufacturing to clinical use.Wellcome Trust (WT218807/Z/19/Z, WT208198/Z/17/Z and WT219875/Z/19/Z); UK Economic and Social Research Council (ES/P002943/1); Leverhulme Trust (RPG-2017-330)

A multi-layer framework for personalized social tag-based applications

Recent years have seen an increasing diffusion of online communities giving their members the ability of specifying and sharing metadata concerning online resources. Such practice, also known as social or collaborative tagging, has the purpose of collecting and sharing opinions about Web resources and simplifying their retrieval. In this paper, we go one step further and show how tags can have more enhanced applications to be exploited for customizing Web content fruition. More precisely, we propose a multi-layer framework where data collected by social tagging communities are complemented with additional services. Such services provide users the ability of expressing their dis/agreement with existing tags, denoting the members they trust based on their characteristics and relationships, or specifying policies on which "quality" assessment of resources should be returned. Besides providing the formal specification of the proposed framework, we illustrate two case studies we have implemented and the experiments we have carried out in order to verify the feasibility of our approach

Trust-Based Service Selection

Service Oriented Architecture (SOA) is an architectural style that builds enterprise solutions based on services. In SOA, the lack of trust between different parties affects the adoption of such architecture. Trust is as significant a factor for successful online interactions as it is in real life communities, and consequently, it is an important factor that is used as a criterion for service selection. In the context of online services and SOA, the literature shows that the field of trust is not mature. Trust definition and the consideration of the essentials of trust aspects do not reflect the true nature of trust online. This thesis proposes a trust-based service selection solution, which requires establishing trust for services and supporting service selection based on trust. This work considers building trust for service providers besides rating services, an area that is neglected in the literature. This work follows progressive steps to arrive at a solution. First, this work develops a trust definition and identifies trust principles, which cover different aspects of trust. Next, SOA is extended to build a trust-based SOA that supports trust-based service selection. In particular, a new component, the trust mediator, which is responsible for trust establishment is added to the architecture. Accordingly, a trust mediator framework is built according to the trust definition and principles to identify its main components. Subsequently, this work identifies the trust information, or metrics, for services and service providers. Accordingly, trust models are built to evaluate trust rates for the applicable metrics, services, and service providers. Moreover, this work addresses the trust bootstrapping challenge. The proposed trust bootstrapping approach addresses different challenges in the literature such as whitewashing and cold start. This approach is implemented through experiments, evaluations, and scenarios

An adaptive approach for QoS-aware Web service composition

Web service composition is the process of integrating existing web services. It is a prospective method to build an application system. Current approaches, however, only take service function aspect into consideration. With the rapid growth of web service applications and the abundance of service providers, the consumer is facing the inevitability of selecting the maximum satisfied service providers due to the dynamic nature of web services. This requirement brings us some research challenges including a web service quality model, to design a web service framework able to monitor the service\u27s real time quality. A further challenge is to find an algorithm that can handle extensible service quality parameters and has good performance to solve NP-hard web services global selection problem. In this thesis, we propose a web service framework, using an extensible service quality model. A Cultural Algorithm is adopted to accelerate service global selection. We also provide experimental results comparing between Cultural Algorithm with Genetic Algorithm and Random service selection

Hierarchical Group and Attribute-Based Access Control: Incorporating Hierarchical Groups and Delegation into Attribute-Based Access Control

Attribute-Based Access Control (ABAC) is a promising alternative to traditional models of access control (i.e. Discretionary Access Control (DAC), Mandatory Access Control (MAC) and Role-Based Access control (RBAC)) that has drawn attention in both recent academic literature and industry application. However, formalization of a foundational model of ABAC and large-scale adoption is still in its infancy. The relatively recent popularity of ABAC still leaves a number of problems unexplored. Issues like delegation, administration, auditability, scalability, hierarchical representations, etc. have been largely ignored or left to future work. This thesis seeks to aid in the adoption of ABAC by filling in several of these gaps. The core contribution of this work is the Hierarchical Group and Attribute-Based Access Control (HGABAC) model, a novel formal model of ABAC which introduces the concept of hierarchical user and object attribute groups to ABAC. It is shown that HGABAC is capable of representing the traditional models of access control (MAC, DAC and RBAC) using this group hierarchy and that in many cases it’s use simplifies both attribute and policy administration. HGABAC serves as the basis upon which extensions are built to incorporate delegation into ABAC. Several potential strategies for introducing delegation into ABAC are proposed, categorized into families and the trade-offs of each are examined. One such strategy is formalized into a new User-to-User Attribute Delegation model, built as an extension to the HGABAC model. Attribute Delegation enables users to delegate a subset of their attributes to other users in an off-line manner (not requiring connecting to a third party). Finally, a supporting architecture for HGABAC is detailed including descriptions of services, high-level communication protocols and a new low-level attribute certificate format for exchanging user and connection attributes between independent services. Particular emphasis is placed on ensuring support for federated and distributed systems. Critical components of the architecture are implemented and evaluated with promising preliminary results. It is hoped that the contributions in this research will further the acceptance of ABAC in both academia and industry by solving the problem of delegation as well as simplifying administration and policy authoring through the introduction of hierarchical user groups

A Trust-by-Design Framework for the Internet of Things

The Internet of Things (IoT) is an environment where interconnected entities can interact and can be identifiable, usable, and controllable via the Internet. However, in order to interact among them, such IoT entities must trust each other. Trust is difficult to define because it concerns different aspects and is strongly dependent on the context. For this reason, a holistic approach allowing developers to consider and implement trust in the IoT is highly desirable. Nevertheless, trust is usually considered among different IoT entities only when they have to interact among them. In fact, without considering it during the whole System Developmente Life Cycle (SDLC) there is the possibility that security issues will be raised. In fact, without a clear conception of the possible threats during the development of the IoT entity, the lack of planning can be insufficient in order to protect the IoT entity. For this reason, we believe that it is fundamental to consider trust during the whole SDLC in order to carefully plan how an IoT entity will perform trust decisions and interact with the other IoT entities. To fulfill this goal, in this thesis work, we propose a trust-by-design framework for the IoT that is composed of a K-Model and several transversal activities. On the one hand, the K-Model covers the SDLC from the need phase to the utilization phase. On the other hand, the transversal activities will be implemented differently depending on the phases. A fundamental aspect that we implement in this framework is the relationship that trust has with other related domains such as security and privacy. Thus we will also consider such domains and their characteristics in order to develop a trusted IoT entity