Towards Secure Cloud Data Management

This paper explores the security challenges posed by data-intensive applications deployed in cloud environments that span administrative and network domains. We propose a data-centric view of cloud security and discuss data management challenges in the areas of secure distributed data processing, end-to-end query result verification, and cross-user trust policy management. In addition, we describe our current and future efforts to investigate security challenges in cloud data management using the Declarative Secure Distributed Systems (DS2) platform, a declarative infrastructure for specifying, analyzing, and deploying secure information systems

Policy based roles for distributed systems security

Distributed systems are increasingly being used in commercial environments necessitating the development of trustworthy and reliable security mechanisms. There is often no clear informal or formal specification of enterprise authorisation policies and no tools to translate policy specifications to access control implementation mechanisms such as capabilities or Access Control Lists. It is thus difficult to analyse the policy to detect conflicts or flaws and it is difficult to verify that the implementation corresponds to the policy specification. We present in this paper a framework for the specification of management policies. We are concerned with two types of policies: obligations which specify what activities a manager or agent must or must not perform on a set of target objects and authorisations which specify what activities a subject (manager or agent) can or can not perform on the set of target objects. Management policies are then grouped into roles reflecting the organisation..

The PERMIS X.509 Based Privilege Management Infrastructure

This document describes the PERMIS X.509 Based Privilege Management Infrastructure, which is a trust management system as described in RFC 2704 [2]. The PERMIS Infrastructure is compared with the AAA Authorisation Framework described in RFC 2904 [4], and is shown to be compatible with it

Using Event Calculus to Formalise Policy Specification and Analysis

As the interest in using policy-based approaches for systems management grows, it is becoming increasingly important to develop methods for performing analysis and refinement of policy specifications. Although this is an area that researchers have devoted some attention to, none of the proposed solutions address the issues of analysing specifications that combine authorisation and management policies; analysing policy specifications that contain constraints on the applicability of the policies; and performing a priori analysis of the specification that will both detect the presence of inconsistencies and explain the situations in which the conflict will occur. We present a method for transforming both policy and system behaviour specifications into a formal notation that is based on event calculus. Additionally it describes how this formalism can be used in conjunction with abductive reasoning techniques to perform a priori analysis of policy specifications for the various conflict types identified in the literature. Finally, it presents some initial thoughts on how this notation and analysis technique could be used to perform policy refinement

Semantic-based policy engineering for autonomic systems

This paper presents some important directions in the use of ontology-based semantics in achieving the vision of Autonomic Communications. We examine the requirements of Autonomic Communication with a focus on the demanding needs of ubiquitous computing environments, with an emphasis on the requirements shared with Autonomic Computing. We observe that ontologies provide a strong mechanism for addressing the heterogeneity in user task requirements, managed resources, services and context. We then present two complimentary approaches that exploit ontology-based knowledge in support of autonomic communications: service-oriented models for policy engineering and dynamic semantic queries using content-based networks. The paper concludes with a discussion of the major research challenges such approaches raise

Action, actor, context, target, time (AACTT): a framework for specifying behaviour

BACKGROUND: Designing implementation interventions to change the behaviour of healthcare providers and other professionals in the health system requires detailed specification of the behaviour(s) targeted for change to ensure alignment between intervention components and measured outcomes. Detailed behaviour specification can help to clarify evidence-practice gaps, clarify who needs to do what differently, identify modifiable barriers and enablers, design interventions to address these and ultimately provides an indicator of what to measure to evaluate an intervention's effect on behaviour change. An existing behaviour specification framework proposes four domains (Target, Action, Context, Time; TACT), but insufficiently clarifies who is performing the behaviour (i.e. the Actor). Specifying the Actor is especially important in healthcare settings characterised by multiple behaviours performed by multiple different people. We propose and describe an extension and re-ordering of TACT to enhance its utility to implementation intervention designers, practitioners and trialists: the Action, Actor, Context, Target, Time (AACTT) framework. We aim to demonstrate its application across key steps of implementation research and to provide tools for its use in practice to clarify the behaviours of stakeholders across multiple levels of the healthcare system. METHODS AND RESULTS: We used French et al.'s four-step implementation process model to describe the potential applications of the AACTT framework for (a) clarifying who needs to do what differently, (b) identifying barriers and enablers, (c) selecting fit-for-purpose intervention strategies and components and (d) evaluating implementation interventions. CONCLUSIONS: Describing and detailing behaviour using the AACTT framework may help to enhance measurement of theoretical constructs, inform development of topic guides and questionnaires, enhance the design of implementation interventions and clarify outcome measurement for evaluating implementation interventions

Privacy in an Ambient World

Privacy is a prime concern in today's information society. To protect\ud the privacy of individuals, enterprises must follow certain privacy practices, while\ud collecting or processing personal data. In this chapter we look at the setting where an\ud enterprise collects private data on its website, processes it inside the enterprise and\ud shares it with partner enterprises. In particular, we analyse three different privacy\ud systems that can be used in the different stages of this lifecycle. One of them is the\ud Audit Logic, recently introduced, which can be used to keep data private when it\ud travels across enterprise boundaries. We conclude with an analysis of the features\ud and shortcomings of these systems