Information Sharing Solutions for Nato Headquarters

NATO is an Alliance of 26 nations that operates on a consensus basis, not a majority basis. Thorough and timely information exchange between nations is fundamental to the Business Process. Current technology and practices at NATO HQ are inadequate to meet modern-day requirements despite the availability of demonstrated and accredited Cross-Domain technology solutions. This lack of integration between networks is getting more complicated with time, as nations continue to invest in IT and ignore the requirements for inter-networked gateways. This contributes to inefficiencies, fostering an atmosphere where shortcuts are taken in order to get the job done. The author recommends that NATO HQ should improve its presence on the Internet, building on the desired tenets of availability and security

Using Semantics for Automatic Enforcement of Access Control Policies among Dynamic Coalitions ∗ ABSTRACT

In a dynamic coalition environment, organizations should be able to exercise their own local fine-grained access control policies while sharing resources with external entities. In this paper, we propose an approach that exploits the semantics associated with subject and object attributes to facilitate automatic enforcement of organizational access control policies while sharing of resources occurs among coalition members. Our approach relies on identifying the necessary attributes required by external users to gain access to a specific organizational object (or service). Specifically, it consists of discovering user attribute sets that semantically match with the attributes of the objects for which a role has permissions. These attributes sets are pruned based on their significance in characterizing a role. These attributes can then be checked against those submitted by an external user to decide whether to allow or deny access to the specific object. While our goal in this paper is to support coalition based access control, the proposed approach can also aid in automating the process of role engineering. 1

Towards an information security framework for government to government transactions : a perspective from East Africa

The need for a regional framework for information security in e-Government for the East African Community (EAC) has become more urgent with the signing in 2009 of the EAC Common Market Protocol. This protocol will entail more electronic interactions amongst government agencies in the EAC partner states which are Burundi, Kenya, Rwanda, Tanzania, and Uganda. Government to Government (G2G) transactions are the backbone of e-Government transactions. If a government wants to provide comprehensive services that are easy to use by citizens, employees or businesses, it needs to be able to combine information or services that are provided by different government agencies or departments. Furthermore, the governments must ensure that the services provided are secure so that citizens trust that an electronic transaction is as good as or better than a manual one. Thus governments in the EAC must address information security in ways that take into consideration that these governments have limited resources and skills to use for e-Government initiatives. The novel contribution of this study is an information security framework dubbed the TOG framework, comprising of technical, operational, governance, process and maturity models to address information security requirements for G2G transactions in the EAC. The framework makes reference to standards that can be adopted by the EAC while taking into consideration contextual factors which are resource, legislative and cultural constraints. The process model uses what is termed a ‘Plug and Play’ approach which provides the resource poor countries with a means of addressing information security that can be implemented as and when resources allow but eventually leading to a comprehensive framework. Thus government agencies can start implementation based on the operational and technical guidelines while waiting for governance structures to be put in place, or can specifically address governance requirements where they already exist. Conversely, governments using the same framework can take into consideration existing technologies and operations while putting governance structures in place. As a proof of concept, the proposed framework is applied to a case study of a G2G transaction in Tanzania. The framework is evaluated against critical success factors.ComputingD. Phil. (Computer Science

Tätigkeitsbasierter Softwareentwurf für interaktive Bildschirmtische mit exemplarischer Anwendung für Krisenstäbe im Katastrophenschutz

Die Forschung hat interaktive Bildschirmtische als vielversprechende Plattform zur Unterstützung der Zusammenarbeit am gleichen Ort identifiziert – eine Vielzahl von Studien belegt ihren Nutzen für die Visualisierung von komplexen Daten und ihre positiven Effekte auf Koordination, Arbeit an gemeinsamen Artefakten und Partizipation aller beteiligten Nutzer. Der Entwurf von Software für die Nutzung der Geräte in konkreten Anwendungsfällen birgt jedoch signifikante Komplexität – die Anforderungen der Anwendungsdomäne, die Erfordernisse effizienter Zusammenarbeit und die spezifischen Fähigkeiten und Grenzen der Geräte müssen in einen kohärenten Gesamtentwurf integriert werden, um Nutzern die bestmögliche Unterstützung zu bieten. Zur Adressierung dieses Problem wird in dieser Arbeit ein Softwareentwurfsprozess entwickelt, der das theoretische Fundament der Tätigkeitstheorie mit der iterativen Methodik der benutzerorientierten Gestaltung kombiniert. Der Ansatz geht über bestehende Arbeiten hinaus, indem er, basierend auf Engeströms Methode der Widerspruchsanalyse, ein Verfahren zur systematischen Ableitung von Anforderungen aus Widersprüchen definiert, welches über ein erweitertes Tätigkeitsmodell die drei Faktoren Zusammenarbeit, Bedienung und Anwendungsdomäne integriert. Der Ansatz kann auch für komplexere Szenarien mit unterschiedlichen Tätigkeiten, die miteinander wechselwirken, eingesetzt werden. Die praktische Anwendbarkeit des Ansatzes wird durch den Entwurf einer Software für interaktive Bildschirmtische gezeigt, welche die gemeinsame Lageanalyse und Planung in Krisenstäben des Katastrophenschutzes unterstützt. Der Katastrophenschutz bietet sich in diesem Kontext als Anwendungsdomäne an, da hier alle zuvor genannten Faktoren im Entwurf der Software zum Tragen kommen: in einem Krisenstab kommen Mitarbeiter unterschiedlicher Organisationen zusammen, um ein gemeinsames Verständnis der Situation zu erreichen und kooperativ Pläne zur Bekämpfung zu entwickeln (Zusammenarbeit); dabei nehmen diese Mitarbeiter unterschiedliche Rollen und Verantwortungen ein, die auch unterschiedliche Informationsbedürfnisse und Planungsmöglichkeiten mit sich bringen (Anwendungsdomäne). Zentrales Artefakt dieser Zusammenarbeit ist eine große Papierkarte, deren digitales Gegenstück auf dem Bildschirmtisch den etablierten Praktiken zur Abbildung der Situation auf dieser Karte Rechnung tragen muss (Bedienung). Im Rahmen des Entwurfs zeigen sich dabei eine Reihe von Interaktionsproblemen, für die neue, leichtgewichtige Lösungen entwickelt werden, die ohne Modifikation der Hardware, d. h. auch mit kommerziell verfügbaren Bildschirmtischen, zum Einsatz kommen können. Dabei handelt es sich u. a. um Techniken zum Einsatz digitaler Anoto-Stifte auf Bildschirmtischen mit optischer Sensorik, zur Benutzererkennung von einzelnen Interaktionen – sowohl für Berührungssteuerung als auch Bedienung mit einem digitalen Stift – und um ein System zur dynamischen Sitzungs- und Zugriffskontrolle. Die Arbeit schließt mit einer umfassenden Benutzerstudie, in welcher 30 Teilnehmer in einem fiktiven Krisenszenario Aufgaben bearbeiten, die entsprechende Arbeitsschritte echter Krisenstäbe des Katastrophenschutzes bei der Behandlung einer solchen Situation widerspiegeln. Verglichen werden dabei die neu entwickelte Software für interaktive Bildschirmtische, ein handelsübliches Geoinformationssystem für Desktop-Computer, und klassische Papierkarten. Die Auswertung zeigt, dass mit der neu entwickelten Software und den in sie integrierten Interaktionstechniken die höchste Effizienz und die beste Benutzererfahrung erreicht werden; die Software bietet zudem eine ebenso hohe Teamarbeitsqualität wie die klassischen Papierkarten. Diese Ergebnisse zeigen, dass der im Rahmen dieser Arbeit entwickelte Entwurfsprozess in der Lage ist, die Entwicklung von Software für interaktive Bildschirmtische so zu steuern, dass diese eine gemeinsame Bearbeitung von Aufgaben auch in komplexen Anwendungsbereichen effizient unterstützt

DACA: arquitetura para implementação de mecanismos dinâmicos de controlo de acesso em camadas de negócio

Doutoramento em Ciências da ComputaçãoAccess control is a software engineering challenge in database applications. Currently, there is no satisfactory solution to dynamically implement evolving fine-grained access control mechanisms (FGACM) on business tiers of relational database applications. To tackle this access control gap, we propose an architecture, herein referred to as Dynamic Access Control Architecture (DACA). DACA allows FGACM to be dynamically built and updated at runtime in accordance with the established fine-grained access control policies (FGACP). DACA explores and makes use of Call Level Interfaces (CLI) features to implement FGACM on business tiers. Among the features, we emphasize their performance and their multiple access modes to data residing on relational databases. The different access modes of CLI are wrapped by typed objects driven by FGACM, which are built and updated at runtime. Programmers prescind of traditional access modes of CLI and start using the ones dynamically implemented and updated. DACA comprises three main components: Policy Server (repository of metadata for FGACM), Dynamic Access Control Component (DACC) (business tier component responsible for implementing FGACM) and Policy Manager (broker between DACC and Policy Server). Unlike current approaches, DACA is not dependent on any particular access control model or on any access control policy, this way promoting its applicability to a wide range of different situations. In order to validate DACA, a solution based on Java, Java Database Connectivity (JDBC) and SQL Server was devised and implemented. Two evaluations were carried out. The first one evaluates DACA capability to implement and update FGACM dynamically, at runtime, and, the second one assesses DACA performance against a standard use of JDBC without any FGACM. The collected results show that DACA is an effective approach for implementing evolving FGACM on business tiers based on Call Level Interfaces, in this case JDBC.Controlo de acesso é um desafio para a engenharia de software nas aplicações de bases de dados. Atualmente, não há uma solução satisfatória para a implementação dinâmica de mecanismos finos e evolutivos de controlo de acesso (FGACM) ao nível das camadas de negócio de aplicações de bases de dados relacionais. Para solucionar esta lacuna, propomos uma arquitetura, aqui referida como Arquitetura Dinâmica de Controlo de Acesso (DACA). DACA permite que FGACM sejam dinamicamente construídos e atualizados em tempo de execução de acordo com as políticas finas de controlo de acesso (FGACP) estabelecidas. DACA explora e utiliza as características das Call Level Interfaces (CLI) para implementar FGACM ao nível das camadas de negócio. De entre as características das CLI, destacamos o seu desempenho e os diversos modos para acesso a dados armazenados em bases de dados relacionais. Na DACA, os diversos modos de acesso das CLI são envolvidos por objetos tipados derivados de FGACM, que são construídos e atualizados em tempo de execução. Os programadores prescindem dos modos tradicionais de acesso das CLI e passam a utilizar os dinamicamente construídos e atualizados. DACA compreende três componentes principais: Policy Server (repositório de meta-data dos FGACM), Dynamic Access Control Component (componente da camada de negócio que é responsável pela implementação dos FGACM) e Policy Manager (broker entre DACC e Policy Server). Ao contrário das soluções atuais, DACA não é dependente de qualquer modelo de controlo de acesso ou de qualquer política de controlo de acesso, promovendo assim a sua aplicabilidade a muitas e diversificadas situações. Com o intuito de validar DACA, foi concebida e desenvolvida uma solução baseada em Java, Java Database Connectivity (JDBC) e SQL Server. Foram efetuadas duas avaliações. A primeira avalia DACA quanto à sua capacidade para dinamicamente, em tempo de execução, implementar e atualizar FGACM e, a segunda, avalia o desempenho de DACA contra uma solução sem FGACM que utiliza o JDBC normalizado. Os resultados recolhidos mostram que DACA é uma solução válida para implementar FGACM evolutivos em camadas de negócio baseadas em CLI

Semantic role-based access control

In this thesis we propose two semantic ontological role-based access control (RBAC) reasoning processes. These processes infer user authorisations according to a set of role permission and denial assignments, together with user role assignments. The first process, SO-RBAC (Semantic Ontological Role-Based Access Control) uses OWL-DL to store the ontology, and SWRL to perform reasoning. It is based mainly on RBAC models previously described using Prolog. This demonstrates the feasibility of writing an RBAC model in OWL and performing reasoning inside it, but is still tied closely to descriptive logic concepts, and does not effectively exploit OWL features such as the class hierarchy. To fully exploit the capabilities of OWL, it was necessary to enhance the SO-RBAC model by programming it in OWL-Full. The resulting OWL-Full model, ESO-RBAC (Enhanced Semantic Ontological Role-Based Access Control), uses Jena for performing reasoning, and allows an object-oriented definition of roles and of data items. The definitions of roles as classes, and users as members of classes representing roles, allows user-role assignments to be defined in a way that is natural to OWL. All information relevant to determining authorisations is stored in the ontology. The resulting RBAC model is more flexible than models based on predicate logic and relational database systems. There are three motivations for this research. First, we found that relational database systems do not implement all of the features of RBAC that we modelled in Prolog. Furthermore, implementations of RBAC in database management systems is always vendor-specific, so the user is dependent on a particular vendor's procedures when granting permissions and denials. Second, Prolog and relational database systems cannot naturally represent hierarchical data, which is the backbone of any semantic representation of RBAC models. An RBAC model should be able to infer user authorisations from a hierarchy of both roles and data types, that is, determine permission or denial from not just the type of role (which may include sub-roles), but also the type of data (which may include sub-types). Third, OWL reasoner-enabled ontologies allow us to describe and manipulate the semantics of RBAC differently, and consequently to address the previous two problems efficiently. The contribution of this thesis is twofold. First, we propose semantic ontological reasoning processes, which are domain and implementation independent, and can be run from any distributed computing environment. This can be developed through integrated development environments such as NetBeans and using OWL APIs. Second, we have pioneered a way of exploiting OWL and its reasoners for the purpose of defining and manipulating the semantics of RBAC. Therefore, we automatically infer OWL concepts according to a specific stage that we define in our proposed reasoning processes. OWL ontologies are not static vocabularies of terms and constraints that define the semantics of RBAC. They are repositories of concepts that allow ad-hoc inference, with the ultimate goal in RBAC of granting permissions and denials