Secure data sharing and processing in heterogeneous clouds

The extensive cloud adoption among the European Public Sector Players empowered them to own and operate a range of cloud infrastructures. These deployments vary both in the size and capabilities, as well as in the range of employed technologies and processes. The public sector, however, lacks the necessary technology to enable effective, interoperable and secure integration of a multitude of its computing clouds and services. In this work we focus on the federation of private clouds and the approaches that enable secure data sharing and processing among the collaborating infrastructures and services of public entities. We investigate the aspects of access control, data and security policy languages, as well as cryptographic approaches that enable fine-grained security and data processing in semi-trusted environments. We identify the main challenges and frame the future work that serve as an enabler of interoperability among heterogeneous infrastructures and services. Our goal is to enable both security and legal conformance as well as to facilitate transparency, privacy and effectivity of private cloud federations for the public sector needs. © 2015 The Authors

Privacy, security, and trust issues in smart environments

Recent advances in networking, handheld computing and sensor technologies have driven forward research towards the realisation of Mark Weiser's dream of calm and ubiquitous computing (variously called pervasive computing, ambient computing, active spaces, the disappearing computer or context-aware computing). In turn, this has led to the emergence of smart environments as one significant facet of research in this domain. A smart environment, or space, is a region of the real world that is extensively equipped with sensors, actuators and computing components [1]. In effect the smart space becomes a part of a larger information system: with all actions within the space potentially affecting the underlying computer applications, which may themselves affect the space through the actuators. Such smart environments have tremendous potential within many application areas to improve the utility of a space. Consider the potential offered by a smart environment that prolongs the time an elderly or infirm person can live an independent life or the potential offered by a smart environment that supports vicarious learning

Dynamic User Role Assignment in Remote Access Control

The Role-Based Access Control (RBAC) model has been widely applied to a single domain in which users are known to the administrative unit of that domain, beforehand. However, the application of the conventional RBAC model for remote access control scenarios is not straightforward. In such scenarios, the access requestor is outside of the provider domain and thus, the user population is heterogeneous and dynamic. Here, the main challenge is to automatically assign users to appropriate roles of the provider domain. Trust management has been proposed as a supporting technique to solve the problem of remote access control. The key idea is to establish a mutual trust between the requestor and provider based on credentials they exchange. However, a credential doesn't convey any information about the behavior of its holder during the time it is being used. Furthermore, in terms of privileges granted to the requestor, existing trust management systems are either too restrictive or not restrictive enough. In this paper, we propose a new dynamic user-role assignment approach for remote access control, where a stranger requests for access from a provider domain. Our approach has two advantages compared to the existing dynamic user-role assignment techniques. Firstly, it addresses the principle of least privilege without degrading the efficiency of the access control system. Secondly, it takes into account both credentials and the past behavior of the requestor in such a way that he cannot compensate for the lack of necessary credentials by having a good past behavior

TRAAC: Trust and Risk Aware Access Control

Postprin

Obligations of trust for privacy and confidentiality in distributed transactions

Purpose – This paper aims to describe a bilateral symmetric approach to authorization, privacy protection and obligation enforcement in distributed transactions. The authors introduce the concept of the obligation of trust (OoT) protocol as a privacy assurance and authorization mechanism that is built upon the XACML standard. The OoT allows two communicating parties to dynamically exchange their privacy and authorization requirements and capabilities, which the authors term a notification of obligation (NoB), as well as their commitments to fulfilling each other's requirements, which the authors term signed acceptance of obligations (SAO). The authors seek to describe some applicability of these concepts and to show how they can be integrated into distributed authorization systems for stricter privacy and confidentiality control. Design/methodology/approach – Existing access control and privacy protection systems are typically unilateral and provider-centric, in that the enterprise service provider assigns the access rights, makes the access control decisions, and determines the privacy policy. There is no negotiation between the client and the service provider about which access control or privacy policy to use. The authors adopt a symmetric, more user-centric approach to privacy protection and authorization, which treats the client and service provider as peers, in which both can stipulate their requirements and capabilities, and hence negotiate terms which are equally acceptable to both parties. Findings – The authors demonstrate how the obligation of trust protocol can be used in a number of different scenarios to improve upon the mechanisms that are currently available today. Practical implications – This approach will serve to increase trust in distributed transactions since each communicating party receives a difficult to repudiate digitally signed acceptance of obligations, in a standard language (XACML), which can be automatically enforced by their respective computing machinery. Originality/value – The paper adds to current research in trust negotiation, privacy protection and authorization by combining all three together into one set of standardized protocols. Furthermore, by providing hard to repudiate signed acceptance of obligations messages, this strengthens the legal case of the injured party should a dispute arise

Trust realisation in multi-domain collaborative environments

In the Internet-age, the geographical boundaries that have previously impinged upon inter-organisational collaborations have become decreasingly important. Of more importance for such collaborations is the notion and subsequent nature of trust - this is especially so in Grid-like environments where resources are both made available and subsequently accessed and used by remote users from a multitude of institutions with a variety of different privileges spanning across the collaborating resources. In this context, the ability to dynamically negotiate and subsequently enforce security policies driven by various levels of inter-organisational trust is essential. In this paper we present a dynamic trust negotiation (DTN) model and associated prototype implementation showing the benefits and limitations DTN incurs in supporting n-tier delegation hops needed for trust realisation in multi-domain collaborative environments

Security in Pervasive Computing: Current Status and Open Issues

Million of wireless device users are ever on the move, becoming more dependent on their PDAs, smart phones, and other handheld devices. With the advancement of pervasive computing, new and unique capabilities are available to aid mobile societies. The wireless nature of these devices has fostered a new era of mobility. Thousands of pervasive devices are able to arbitrarily join and leave a network, creating a nomadic environment known as a pervasive ad hoc network. However, mobile devices have vulnerabilities, and some are proving to be challenging. Security in pervasive computing is the most critical challenge. Security is needed to ensure exact and accurate confidentiality, integrity, authentication, and access control, to name a few. Security for mobile devices, though still in its infancy, has drawn the attention of various researchers. As pervasive devices become incorporated in our day-to-day lives, security will increasingly becoming a common concern for all users - - though for most it will be an afterthought, like many other computing functions. The usability and expansion of pervasive computing applications depends greatly on the security and reliability provided by the applications. At this critical juncture, security research is growing. This paper examines the recent trends and forward thinking investigation in several fields of security, along with a brief history of previous accomplishments in the corresponding areas. Some open issues have been discussed for further investigation