Threat Modelling for Active Directory

This paper analyses the security threats that can arise against an Active Directory server when it is included in a Web application. The approach is based on the STRIDE classification methodology. The paper also provides outline descriptions of countermeasures that can be deployed to protect against the different threats and vulnerabilities identified here

A Security-aware Approach to JXTA-Overlay Primitives

The JXTA-Overlay project is an effort to use JXTA technology to provide a generic set of functionalities that can be used by developers to deploy P2P applications. Since its design mainly focuses on issues such as scalability or overall performance, it does not take security into account. However, as P2P applications have evolved to fulfill more complex scenarios, security has become a very important aspect to take into account when evaluating a P2P framework. This work proposes a security extension specifically suited to JXTA-Overlay¿s idiosyncrasies, providing an acceptable solution to some of its current shortcomings.El proyecto JXTA-Overlay es un esfuerzo por utilizar la tecnología JXTA para proporcionar un conjunto genérico de funciones que pueden ser utilizadas por los desarrolladores para desplegar aplicaciones P2P. Aunque su diseño se centra principalmente en cuestiones como la escalabilidad y el rendimiento general, no tiene en cuenta la seguridad. Sin embargo, como las aplicaciones P2P se han desarrollado para cumplir con escenarios más complejos, la seguridad se ha convertido en un aspecto muy importante a tener en cuenta a la hora de evaluar un marco P2P. Este artículo propone una extensión de seguridad específicamente adaptada a la idiosincrasia de JXTA-Overlay, proporcionando una solución aceptable para algunas de sus deficiencias actuales.El projecte JXTA-Overlay és un esforç per utilitzar la tecnologia JXTA per proporcionar un conjunt genèric de funcions que poden ser utilitzades pels desenvolupadors per desplegar aplicacions P2P. Tot i que el seu disseny se centra principalment en qüestions com ara la escalabilitat i el rendiment general, no té en compte la seguretat. No obstant això, com que les aplicacions P2P s'han desenvolupat per complir amb escenaris més complexos, la seguretat s'ha convertit en un aspecte molt important a tenir en compte a l'hora d'avaluar un marc P2P. Aquest article proposa una extensió de seguretat específicament adaptada a la idiosincràsia de JXTA-Overlay, proporcionant una solució acceptable per a algunes de les seves deficiències actuals

Detection of the Security Vulnerabilities in Web Applications

The contemporary organizations develop business processes in a very complex environment. The IT&C technologies are used by organizations to improve their competitive advantages. But, the IT&C technologies are not perfect. They are developed in an iterative process and their quality is the result of the lifecycle activities. The audit and evaluation processes are required by the increased complexity of the business processes supported by IT&C technologies. In order to organize and develop a high-quality audit process, the evaluation team must analyze the risks, threats and vulnerabilities of the information system. The paper highlights the security vulnerabilities in web applications and the processes of their detection. The web applications are used as IT&C tools to support the distributed information processes. They are a major component of the distributed information systems. The audit and evaluation processes are carried out in accordance with the international standards developed for information system security assurance.security, vulnerability, web application, audit

Managing Dynamic User Communities in a Grid of Autonomous Resources

One of the fundamental concepts in Grid computing is the creation of Virtual Organizations (VO's): a set of resource consumers and providers that join forces to solve a common problem. Typical examples of Virtual Organizations include collaborations formed around the Large Hadron Collider (LHC) experiments. To date, Grid computing has been applied on a relatively small scale, linking dozens of users to a dozen resources, and management of these VO's was a largely manual operation. With the advance of large collaboration, linking more than 10000 users with a 1000 sites in 150 counties, a comprehensive, automated management system is required. It should be simple enough not to deter users, while at the same time ensuring local site autonomy. The VO Management Service (VOMS), developed by the EU DataGrid and DataTAG projects[1, 2], is a secured system for managing authorization for users and resources in virtual organizations. It extends the existing Grid Security Infrastructure[3] architecture with embedded VO affiliation assertions that can be independently verified by all VO members and resource providers. Within the EU DataGrid project, Grid services for job submission, file- and database access are being equipped with fine- grained authorization systems that take VO membership into account. These also give resource owners the ability to ensure site security and enforce local access policies. This paper will describe the EU DataGrid security architecture, the VO membership service and the local site enforcement mechanisms Local Centre Authorization Service (LCAS), Local Credential Mapping Service(LCMAPS) and the Java Trust and Authorization Manager.Comment: Talk from the 2003 Computing in High Energy and Nuclear Physics (CHEP03), La Jolla, Ca, USA, March 2003, 7 pages, LaTeX, 5 eps figures. PSN TUBT00

Optimizing Anti-Phishing Solutions Based on User Awareness, Education and the Use of the Latest Web Security Solutions

Phishing has grown significantly in volume over the time, becoming the most usual web threat today. The present economic crisis is an added argument for the great increase in number of attempts to cheat internet users, both businesses and private ones. The present research is aimed at helping the IT environment get a more precise view over the phishing attacks in Romania; in order to achieve this goal we have designed an application able to retrieve and interpret phishing related data from five other trusted web sources and compile them into a meaningful and more targeted report. As a conclusion, besides making available regular reports, we underline the need for a higher degree of awareness related to this issue.Security, Phishing, Ev-SSL, Security Solutions

Systematic Literature Review on the LDAP Protocol As a Centralized Mechanism for the Authentication of Users in Multiple Systems

The protocol LDAP (Lightweight Directory Access Protocol) allows centralized identity authentication, where the information of the directory is faster and easier to read. This article carries out a systematic literature review (SLR) according to what is proposed in the article by Bárbara Kitchenham [1], aimed to identify different methods for users’ authentication in multiple systems using LDAP protocol, an analysis of criteria is carried out about different studies published in five digital libraries (Scopus, IEEEXplorer, Scientific.net, Google Scholar, DBLP), and two academic magazines (Revista Energía of UNL, Revista Científica of UTB), making relevant conclusions of the use of four mechanisms for the authentication of users of multiple systems such as: Languaje PHP, SSO (Single sign-on), IAM (Identity and Access Management), and T-RBAC (Access control based on roles and tasks), predominantly the use of the PHP language for its administrative tools for managing LDAP servers.     Keywords: LDAP, authentication, user management, systematic literature review, securit

My private cloud--granting federated access to cloud resources

We describe the research undertaken in the six month JISC/EPSRC funded My Private Cloud project, in which we built a demonstration cloud file storage service that allows users to login to it, by using their existing credentials from a configured trusted identity provider. Once authenticated, users are shown a set of accounts that they are the owners of, based on their identity attributes. Once users open one of their accounts, they can upload and download files to it. Not only that, but they can then grant access to their file resources to anyone else in the federated system, regardless of whether their chosen delegate has used the cloud service before or not. The system uses standard identity management protocols, attribute based access controls, and a delegation service. A set of APIs have been defined for the authentication, authorisation and delegation processes, and the software has been released as open source to the community. A public demonstration of the system is available online

Cloud Computing Security Framework - Privacy Security

Cloud computing is an emerging style of IT delivery that intends to make the Internet the ultimate home of all computing resources- storage, computations, and accessibility. It has an important aspect for the companies and organization to build and deploy their infrastructure and application. It changed the IT roadmap essential from service seeking infrastructure to infrastructure seeking services. It holds the promise of helping organizations because of its performance, high availability, least cost and many others. But the promise of the cloud cannot be fulfilled until IT professionals have more confidence in the security and safety of the cloud. Data Storage service in the cloud computing is easy as compare to the other data storage services. At the same time, cloud security in the cloud environment is challenging task. Security issues such as service availability, massive traffic handling, application security and authentication, ranging from missing system configuration, lack of proper updates, or unwise user actions from remote data storage. It can expose user’s private data and information to unwanted access. It consider to be biggest problem in a cloud computing. The focus of this research consist on the secure cloud framework and to define a methodology for cloud that will protect user’s data and highly important information from malicious insider as well as outsider attacks by using Kerberos, and LDAP identification