Quantitative Evaluation and Reevaluation of Security in Services

Services are software components or systems designed to support interoperable machine or application-oriented interaction over a network. The popularity of services grows because they are easily accessible, very flexible, provide reach functionality, and can constitute more complex services. During the service selection, the user considers not only functional requirements to a service but also security requirements. The user would like to be aware that security of the service satisfies security requirements before starting the exploitation of the service, i.e., before the service is granted to access assets of the user. Moreover, the user wants to be sure that security of the service satisfies security requirements during the exploitation which may last for a long period. Pursuing these two goals require security of the service to be evaluated before the exploitation and continuously reevaluated during the exploitation. This thesis aims at a framework consisting of several quantitative methods for evaluation and continuous reevaluation of security in services. The methods should help a user to select a service and to control the service security level during the exploitation. The thesis starts with the formal model for general quantitative security metrics and for risk that may be used for the evaluation of security in services. Next, we adjust the computation of security metrics with a refined model of an attacker. Then, the thesis proposes a general method for the evaluation of security of a complex service composed from several simple services using different security metrics. The method helps to select the most secure design of the complex service. In addition, the thesis describes an approach based on the Usage Control (UCON) model for continuous reevaluation of security in services. Finally, the thesis discusses several strategies for a cost-effective decision making in the UCON unde

Cost-Effective Enforcement of Access and Usage Control Policies under Uncertainties

In Usage CONtrol (UCON) access decisions relyon mutable attributes. A reference monitor should re-evaluatesecurity policies each time attributes change their values. Identifyingall attribute changes in a timely manner is a challengingissue, especially if the attribute provider and the referencemonitor reside in different security domains. Some attributechanges might be missed, corrupted, and delayed. As a result,the reference monitor may erroneously grant access to malicioususers and forbid it for eligible ones.This paper proposes a set of policy enforcement modelswhich help to mitigate the uncertainties associated with mutableattributes. In our model the reference monitor, as usual, evaluateslogical predicates over attributes and, additionally, makes someestimates on how much observed attribute values differ from thereal state of the world. The final access decision takes into accountboth factors. We assign costs for granting and revoking access tolegitimate and malicious users and compare the proposed policyenforcement models in terms of cost-efficiency

La interfaz, espacio de interacción en la formación de la experiencia cognitiva de usuarios del arte digital

La investigación presenta una construcción del estudio de las interfaces, en tanto espacios de interacción donde los usuarios forman una experiencia cognitiva determinada a través de diversos procesos en relación al escenario híbrido que recrea el arte digital. Se sustenta en una conceptualización a partir del marco teórico de Carlos Scolari centrado en el modelo semio-cognitivo de las interacciones donde se estudia a detalle a la interfaz, al espacio de interacción, a los modelos mentales que construyen los diseñadores respecto de las interfaces y especialmente a los modelos mentales de los usuarios. Asimismo se presenta una conceptualización del arte digital y por tanto del arte contemporáneo actual. El estudio es de tipo cualitativo, se emplearon técnicas de observación y de entrevista semiestructurada aplicadas a diecinueve usuarios y a tres diseñadores en un festival de arte digital efectuado en la Ciudad de México en febrero de 2012

Formal Analysis of Security Metrics and Risk

Abstract. Security metrics are usually defined informally and, therefore, the rigourous analysis of these metrics is a hard task. This analysis is required to identify the existing relations between the security metrics, which try to quantify the same quality: security. Risk, computed as Annualised Loss Expectancy, is often used in order to give the overall assessment of security as a whole. Risk and security metrics are usually defined separately and the relation between these indicators have not been considered thoroughly. In this work we fill this gap by providing a formal definition of risk and formal analysis of relations between security metrics and risk

Usage Control, Risk and Trust

Abstract. In this paper we describe our general framework for usage control (UCON) enforcement on GRID systems. It allows both GRID services level enforcement of UCON as well as fine-grained one at the level of local GRID node resources. In addition, next to the classical checks for usage control: checks of conditions, authorizations, and obligations, the framework also includes trust and risk management functionalities. Indeed, we show how trust and risk issues naturally arise when considering usage control in GRID systems and services and how our architecture is flexible enough to accommodate both notions in a pretty uniform way

Parametric Attack Graph Construction and Analysis

We present the first steps towards an implementation of at- tack graph construction and analysis technique based on inference rules. In our model, XML credentials describe basic attacks to the system, then inference rules allow composition of new attacks. We aim at modifying previously developed algorithm for the analysis of transitive trust mod- els to the analysis of attack graphs. Important peculiarity of our model is exploitation of c-semirings for evaluation of system security level. C- semirings allow an application of the same algorithms for an analysis of attack graphs regardless of what metric is selected for the evaluation

Analysis of Social Engineering Threats with Attack Graphs

Abstract. Social engineering is the acquisition of information about computer systems by methods that deeply include non-technical means. While technical security of most critical systems is high, the systems remain vulnerable to attacks from social engineers. Social engineering is a technique that: (i) does not require any (advanced) technical tools, (ii) can be used by anyone, (iii) is cheap. While some research exists for classifying and analysing social engineering attacks, the integration of social engineering attackers with other attackers such as software or network ones is missing so far. In this paper, we propose to consider social engineering exploits together with technical vulnerabilities. We introduce a method for the integration of social engineering exploits into attack graphs and propose a simple quantitative analysis of the graphs that helps to develop a comprehensive defensive strategy

A General Method for Assessment of Security in Complex Services

We focus on the assessment of the security of business processes. We assume that a business process is composed of abstract services, each of which has several concrete instantiations. Essential peculiarity of our method is that we express security metrics used for the evaluation of security properties as semirings. First, we consider primitive decomposition of the business process into a weighted graph which describes possible implementations of the business process. Second, we evaluate the security using semiring-based methods for graph analysis. Finally, we exploit semirings to describe the mapping between security metrics which is useful when different metrics are used for the evaluation of security properties of services

Influence of Attribute Freshness on Decision Making in Usage Control

The usage control (UCON) model demands for continuous control over objects of a system. Access decisions are done several times within a usage session and are performed on the basis of mutable attributes. Values of attributes in modern highly-dynamic and distributed systems sometimes are not up-to-date, because attributes may be updated by several entities and reside outside the system domain. Thus, the access decisions about a usage session are made under uncertainties, while existing usage control approaches are based on the assumption that all attributes are up-to-date. In this paper we propose an approach which helps to make a rational access decision even if some uncertainty presents. The proposed approach uses the continuous-time Markov chains (CTMC) in order to compute the probability of unnoticed changes of attributes and risk analysis for making a decision