D’Agents: Security in a Multiple-Language, Mobile-Agent System

Abstract. Mobile-agent systems must address three security issues: protecting an individual machine, protecting a group of machines, and protecting an agent. In this chapter, we discuss these three issues in the context of D’Agents, a mobile-agent system whose agents can be written in Tcl, Java and Scheme. (D’Agents was formerly known as Agent Tcl.) First we discuss mechanisms existing in D’Agents for protecting an individual machine: (1) cryptographic authentication of the agent’s owner, (2) resource managers that make policy decisions based on the owner’s identity, and (3) secure execution environments for each language that enforce the decisions of the resource managers. Then we discuss our planned market-based approach for protecting machine groups. Finally we consider several (partial) solutions for protecting an agent from a malicious machine.

Secure Mobile Support of Independent Sales Agencies

Sales agents depend on mobile support systems for their daily work. Independent sales agencies, however, are not able to facilitate this kind of mobile support on their own due to their small size and lack of the necessary funds. Since their processes correlate with confidential information and include the initiation and alteration of legally binding transactions they have a high need for security. In this contribution we first propose an IT-artifact consisting of a service platform that supports multi-vendor sales processes based on previous work. We then analyze use cases of sales representatives of independent sales agencies using this system and derive their security requirements. We then propose a security extension to the IT-artifact and evaluate this extension by comparing it to existing solutions. Our results show that the proposed artifact extension provides a more convenient and secure solution than already existing approaches

Policies to Regulate Distributed Data Exchange

This research is partially sponsored by the EPSRC grant EP/P011829/1, funded under the UK Engineering and Physical Sciences Council Human Dimensions of Cyber Security call (2016).Postprin

Dimension-specific search for multimedia retrieval.

Observing that current Global Similarity Measures (GSM) which average the effect of few significant differences on all dimensions may cause possible performance limitation, we propose the first Dimension-specific Similarity Measure (DSM) to take local dimensionspecific constraints into consideration. The rationale for DSM is that significant differences on some individual dimensions may lead to different semantics. An efficient search algorithm is proposed to achieve fast Dimension-specific KNN (DKNN) retrieval. Experiment results show that our methods outperform traditional methods by large gaps

A Multi-privacy Policy Enforcement System

With the increase in the number of electronic services and the number of users, concerns about the privacy protection of electronic data are growing day by day. Organisations are facing a huge pressure to assure their users about the privacy protection of their personal data. Organisations need to include the privacy policies of their users when deciding who should access their personal data. The user’s privacy policy will need to be combined with the organisation’s own policy, as well as policies from different authorities such as the issuer of the data, and the law. The authorisation system will need to ensure the enforcement of all these policies. We have designed a system that will ensure the enforcement of multiple privacy policies within an organisation and throughout a distributed system

Extracting Access Control and Conflict Resolution Policies from European Data Protection Law

This paper presents the extraction of a legal access control policy and a conflict resolution policy from the EU Data Protection Directive [1]. These policies are installed in a multi-policy authorization infrastructure described in [2, 3]. A Legal Policy Decision Point (PDP) is constructed with a legal access control policy to provide automated decisions based on the relevant legal provisions. The legal conflict resolution policy is configured into a Master PDP to make sure that the legal access control policy gets priority over access control policies provided by other authorities i.e. the data subject, the data issuer and the data controller. We describe how clauses of the Directive are converted into access control rules based on attributes of the subject, action, resource and environment. There are currently some limitations in the conversion process, since the majority of provisions requires additional interpretation by humans. These provisions cannot be converted into deterministic rules for the PDP. Other provisions do allow for the extraction of PDP rules but need to be tailored to the application environment before they are configured into the Legal PDP