179 research outputs found
ATLANTIDES: An Architecture for Alert Verification in Network Intrusion Detection Systems
We present an architecture designed for alert verification (i.e., to reduce false positives) in network intrusion-detection systems. Our technique is based on a systematic (and automatic) anomaly-based analysis of the system output, which provides useful context information regarding the network services. The false positives raised by the NIDS analyzing the incoming traffic (which can be either signature- or anomaly-based) are reduced by correlating them with the output anomalies. We designed our architecture for TCP-based network services which have a client/server architecture (such as HTTP). Benchmarks show a substantial reduction of false positives between 50% and 100%
RelBAC: Relation Based Access Control
TheWeb 2.0, GRID applications and, more recently, semantic desktop applications are bringing the Web to a situation where more and more data and metadata are shared and made available to large user groups. In this context, metadata may be tags or complex graph structures such as file system or web directories, or (lightweight) ontologies. In turn, users can themselves be tagged by certain properties, and can be organized in complex directory structures, very much in the same way as data. Things are further complicated by the highly unpredictable and autonomous dynamics of data, users, permissions and access control rules. In this paper we propose a new access control model and a logic, called RelBAC (for Relation Based Access Control) which allows us to deal with this novel scenario. The key idea, which differentiates RelBAC from the state of the art, e.g., Role Based Access Control (RBAC), is that permissions are modeled as relations between users and data, while access control rules are their instantiations on specific sets of users and objects. As such, access control rules are assigned an arity which allows a fine tuning of which users can access which data, and can evolve independently, according to the desires of the policy manager(s). Furthermore, the formalization of the RelBAC model as an Entity-Relationship (ER) model allows for its direct translation into Description Logics (DL). In turn, this allows us to reason, possibly at run time, about access control policies
ESPOON: Enforcing Security Policies In Outsourced Environments
Data outsourcing is a growing business model offering services to individuals
and enterprises for processing and storing a huge amount of data. It is not
only economical but also promises higher availability, scalability, and more
effective quality of service than in-house solutions. Despite all its benefits,
data outsourcing raises serious security concerns for preserving data
confidentiality. There are solutions for preserving confidentiality of data
while supporting search on the data stored in outsourced environments. However,
such solutions do not support access policies to regulate access to a
particular subset of the stored data.
For complex user management, large enterprises employ Role-Based Access
Controls (RBAC) models for making access decisions based on the role in which a
user is active in. However, RBAC models cannot be deployed in outsourced
environments as they rely on trusted infrastructure in order to regulate access
to the data. The deployment of RBAC models may reveal private information about
sensitive data they aim to protect. In this paper, we aim at filling this gap
by proposing \textbf{} for enforcing RBAC policies in
outsourced environments. enforces RBAC policies in an
encrypted manner where a curious service provider may learn a very limited
information about RBAC policies. We have implemented
and provided its performance evaluation showing a limited overhead, thus
confirming viability of our approach.Comment: The final version of this paper has been accepted for publication in
Elsevier Computers & Security 2013. arXiv admin note: text overlap with
arXiv:1306.482
ESPOON: Enforcing Encrypted Security Policies in Outsourced Environments
The enforcement of security policies in outsourced environments is still an
open challenge for policy-based systems. On the one hand, taking the
appropriate security decision requires access to the policies. However, if such
access is allowed in an untrusted environment then confidential information
might be leaked by the policies. Current solutions are based on cryptographic
operations that embed security policies with the security mechanism. Therefore,
the enforcement of such policies is performed by allowing the authorised
parties to access the appropriate keys. We believe that such solutions are far
too rigid because they strictly intertwine authorisation policies with the
enforcing mechanism.
In this paper, we want to address the issue of enforcing security policies in
an untrusted environment while protecting the policy confidentiality. Our
solution ESPOON is aiming at providing a clear separation between security
policies and the enforcement mechanism. However, the enforcement mechanism
should learn as less as possible about both the policies and the requester
attributes.Comment: The final version of this paper has been published at ARES 201
The Nonce-nce of Web Security: an Investigation of CSP Nonces Reuse
Content Security Policy (CSP) is an effective security mechanism that
prevents the exploitation of Cross-Site Scripting (XSS) vulnerabilities on
websites by specifying the sources from which their web pages can load
resources, such as scripts and styles. CSP nonces enable websites to allow the
execution of specific inline scripts and styles without relying on a whitelist.
In this study, we measure and analyze the use of CSP nonces in the wild,
specifically looking for nonce reuse, short nonces, and invalid nonces. We find
that, of the 2271 sites that deploy a nonce-based policy, 598 of them reuse the
same nonce value in more than one response, potentially enabling attackers to
bypass protection offered by the CSP against XSS attacks. We analyze the causes
of the nonce reuses to identify whether they are introduced by the server-side
code or if the nonces are being cached by web caches. Moreover, we investigate
whether nonces are only reused within the same session or for different
sessions, as this impacts the effectiveness of CSP in preventing XSS attacks.
Finally, we discuss the possibilities for attackers to bypass the CSP and
achieve XSS in different nonce reuse scenarios.Comment: Accepted at the WASP workshop (ESORICS 2023
- …