Distributed Access Control for Web and Business Processes

Middleware influenced the research community in developing a number of systems for controlling access to distributed resources. Nowadays a new paradigm for the lightweight integration of business resources from different partners is starting to take hold – Web Services and Business Processes for Web Services. Security and access control policies for Web Services protocols and distributed systems are well studied and almost standardized, but there is not yet a comprehensive proposal for an access control architecture for business processes. So, it is worth looking at the available approaches to distributed authorization as a starting point for a better understanding of what they already have and what they still need to address the security challenges for business processes

The Twenty Year Test: Principles for an Enduring Counterterrorism Legal Architecture

The United States faces three enduring terrorism-related threats. First, there is the realistic prospect of additional attacks in the United States including attacks using weapons of mass destruction (“WMD”). Second, in responding to this threat, we may undermine the freedoms that enrich our lives, the tolerance that marks our society, and the democratic values that define our government. Third, if we are too focused on terrorism, we risk losing sight of this century’s other certain threats as well as the capacity to respond to them, including the state proliferation of nuclear weapons, nation-state rivalry, pandemic disease, oil dependency, and environmental degradation. The United States should respond to these threats using all available and appropriate security tools, on offense and in defense. Law is one of the essential security tools. Law provides substantive authority to act. Law can also provide and embed an effective process of preview and review to test proposals and validate actions, ensuring that they are both lawful and effective. However, the United States has been slow, or perhaps unwilling, to adopt a legal architecture that maximizes each of these legal benefits. Instead, the political branches have generally adopted an incremental approach, or relied on the President’s authority as Commander in Chief to define the law. This paper describes four principles that should inform the design of a lasting legal architecture to counterterrorism: First, the architecture should reflect an understanding of the strategic value of law in substance, process, and policy. Second, the architecture should reflect the threats it is intended to address, including the potential catastrophic nature of the physical threat, which distinguishes this form of terrorism from that of the past. Third, with limited exception, the law should avoid absolutes—in the authority asserted; in the authority prohibited; or, in bureaucratic design. Finally, the architecture should be lasting, which means among other things that it should be “constitutionally inclusive” in design. A lasting and inclusive architecture will improve security—by maximizing the Executive’s authority to act, sustaining support for tools and policies, and improving the opportunity and efficacy to appraise U.S. actions

Towards a new European Global Security Strategy: challenges and Opportunities

This report briefly examines the interplay between the European security strategic vision and capabilities, its institutional architecture and policy implementation practices, with a particular focus on the EU consular affairs, EU democracy promotion and EU engagement in frozen conflicts under the Neighbourhood Policy (Appendices 1-3). This report contends that in order for the EU to develop an effective and sustainable global security strategy, it first, has to reconcile the vision of its strategic priorities within its inter- and intra-institutional settings. Second, a serious effort is required to develop an integrated view on European security, which does not only focus on the internal dimensions of the EU Security strategy (capabilities), but also equally draws on its external aspects - a genuinely inclusive approach that would blur internal and external dimensions of security. For this to succeed a deeper understanding of a partnership-building process (especially of strategic partnership) is needed. Finally, while legitimation of the new security vision is essential within the EU, a greater emphasis should be placed on its external environment, which must not only include a cross-cutting approach to multiple policy instruments as suggested by the EEAs, but more essentially, their connection with the interests and needs of third parties. Case-studies in appendices elaborate further on some specific aspects of the EU security within the eastern neighbourhood context

Digital Architecture as Crime Control

This paper explains how theories of realspace architecture inform the prevention of computer crime. Despite the prevalence of the metaphor, architects in realspace and cyberspace have not talked to one another. There is a dearth of literature about digital architecture and crime altogether, and the realspace architectural literature on crime prevention is often far too soft for many software engineers. This paper will suggest the broad brushstrokes of potential design solutions to cybercrime, and in the course of so doing, will pose severe criticisms of the White House\u27s recent proposals on cybersecurity. The paper begins by introducing four concepts of realspace crime prevention through architecture. Design should: (1) create opportunities for natural surveillance, meaning its visibility and susceptibility to monitoring by residents, neighbors, and bystanders; (2) instill a sense of territoriality so that residents develop proprietary attitudes and outsiders feel deterred from entering a private space; (3) build communities and avoid social isolation; and (4) protect targets of crime. There are digital analogues to each goal. Natural-surveillance principles suggest new virtues of open-source platforms, such as Linux, and territoriality outlines a strong case for moving away from digital anonymity towards psuedonymity. The goal of building communities will similarly expose some new advantages for the original, and now eroding, end-to-end design of the Internet. An understanding of architecture and target prevention will illuminate why firewalls at end points will more effectively guarantee security than will attempts to bundle security into the architecture of the Net. And, in total, these architectural lessons will help us chart an alternative course to the federal government\u27s tepid approach to computer crime. By leaving the bulk of crime prevention to market forces, the government will encourage private barricades to develop - the equivalent of digital gated communities - with terrible consequences for the Net in general and interconnectivity in particular

Understanding O-RAN: Architecture, Interfaces, Algorithms, Security, and Research Challenges

The Open Radio Access Network (RAN) and its embodiment through the O-RAN Alliance specifications are poised to revolutionize the telecom ecosystem. O-RAN promotes virtualized RANs where disaggregated components are connected via open interfaces and optimized by intelligent controllers. The result is a new paradigm for the RAN design, deployment, and operations: O-RAN networks can be built with multi-vendor, interoperable components, and can be programmatically optimized through a centralized abstraction layer and data-driven closed-loop control. Therefore, understanding O-RAN, its architecture, its interfaces, and workflows is key for researchers and practitioners in the wireless community. In this article, we present the first detailed tutorial on O-RAN. We also discuss the main research challenges and review early research results. We provide a deep dive of the O-RAN specifications, describing its architecture, design principles, and the O-RAN interfaces. We then describe how the O-RAN RAN Intelligent Controllers (RICs) can be used to effectively control and manage 3GPP-defined RANs. Based on this, we discuss innovations and challenges of O-RAN networks, including the Artificial Intelligence (AI) and Machine Learning (ML) workflows that the architecture and interfaces enable, security and standardization issues. Finally, we review experimental research platforms that can be used to design and test O-RAN networks, along with recent research results, and we outline future directions for O-RAN development.Comment: 33 pages, 16 figures, 3 tables. Submitted for publication to the IEE

Towards a Layered Architectural View for Security Analysis in SCADA Systems

Supervisory Control and Data Acquisition (SCADA) systems support and control the operation of many critical infrastructures that our society depend on, such as power grids. Since SCADA systems become a target for cyber attacks and the potential impact of a successful attack could lead to disastrous consequences in the physical world, ensuring the security of these systems is of vital importance. A fundamental prerequisite to securing a SCADA system is a clear understanding and a consistent view of its architecture. However, because of the complexity and scale of SCADA systems, this is challenging to acquire. In this paper, we propose a layered architectural view for SCADA systems, which aims at building a common ground among stakeholders and supporting the implementation of security analysis. In order to manage the complexity and scale, we define four interrelated architectural layers, and uses the concept of viewpoints to focus on a subset of the system. We indicate the applicability of our approach in the context of SCADA system security analysis.Comment: 7 pages, 4 figure