Trust-aware RBAC

Published version of a chapter in the book: Computer Network Security. Also available from the publisher at: http://dx.doi.org/10.1007/978-3-642-33704-8_9In this paper we propose a trust-aware enhancement of RBAC (TA-RBAC) that takes trustworthiness of users into consideration explicitly before granting access. We assume that each role in the framework is associated with an expression that describe trustworthiness of subjects required to be able to activate the role, and each subject (user) has assigned trustworthiness level in the system. By adding trustworthiness constraints to roles we enhance system, for example, with more flexible ability to delegate roles, to control reading/updating of objects by denying such operations to those subjects that violate trustworthiness requirements

Design Requirements for a Patient Administered Personal Electronic Health Record

Published version of a chapter in the book: Biomedical engineering, trends in electronics, communications and software. Intech, 2011 Open Acces

Secure interworking with P2PSIP and IMS

Paper presented at the 2010 International Symposium on Collaborative Technologies and Systems (CTS). (c) 2010 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting/ republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works. Paper also available from the publisher: http://dx.doi.org/10.1109/CTS.2010.5478476In this paper, we propose a secure system model for interconnection between P2PSIP and IMS domains. The interworking solution is based on P2P-IMS GateWay (PIGW), which acts as a normal peer in P2PSIP network and a 3. party IMS Application Server (AS) in IMS network. The security is achieved by implementing Chord Secure Proxy (CSP) and enhanced with subjective logic based trust model. We also implement this system model and analyze it in several aspects: number of hops and delay, trust improvement and protection against malicious or compromised intermediate peers. We conclude that the proposed architecture is feasible and improves security. As far as we know our research is the first study that proposes secure internetworking P2PSIPS and IMS

Automatic Evaluation of Information Provider Reliablity and Expertise

Q&A social media have gained a lot of attention during the recent years. People rely on these sites to obtain information due to a number of advantages they offer as compared to conventional sources of knowledge (e.g., asynchronous and convenient access). However, for the same question one may find highly contradicting answers, causing an ambiguity with respect to the correct information. This can be attributed to the presence of unreliable and/or non-expert users. These two attributes (reliability and expertise) significantly affect the quality of the answer/information provided. We present a novel approach for estimating these user's characteristics relying on human cognitive traits. In brief, we propose each user to monitor the activity of his peers (on the basis of responses to questions asked by him) and observe their compliance with predefined cognitive models. These observations lead to local assessments that can be further fused to obtain a reliability and expertise consensus for every other user in the social network (SN). For the aggregation part we use subjective logic. To the best of our knowledge this is the first study of this kind in the context of Q&A SNs. Our proposed approach is highly distributed; each user can individually estimate the expertise and the reliability of his peers using his direct interactions with them and our framework. The online SN (OSN), which can be considered as a distributed database, performs continuous data aggregation for users expertise and reliability assesment in order to reach a consensus. In our evaluations, we first emulate a Q&A SN to examine various performance aspects of our algorithm (e.g., convergence time, responsiveness etc.). Our evaluations indicate that it can accurately assess the reliability and the expertise of a user with a small number of samples and can successfully react to the latter's behavior change, provided that the cognitive traits hold in practice. Furthermore, the use of the consensus operator for the aggregation of multiple opinions on a specific user, reduces the uncertainty with regards to the final assessment. However, as real data obtained from Yahoo! Answers imply, the pairwise interactions between specific users are limited. Hence, we consider the aggregate set of questions as posted from the system itself and we assess the expertise and realibility of users based on their response behavior. We observe, that users have different behaviors depending on the level at which we are observing them. In particular, while their activity is focused on a few general categories, yielding them reliable, their microscopic (within general category) activity is highly scattered

Decision-cache based XACML authorisation and anonymisation for XML documents

Author's version of an article in the journal: Computer Standards and Interfaces. Also available from the publisher at: http://dx.doi.org/10.1016/j.csi.2011.10.007This paper describes a decision cache for the eXtensible Access Control Markup Language (XACML) that supports fine-grained authorisation and anonymisation of XML based messages and documents down to XML attribute and element level. The decision cache is implemented as an XACML obligation service, where a specification of the XML elements to be authorised and anonymised is sent to the Policy Enforcement Point (PEP) during initial authorisation. Further authorisation of individual XML elements according to the authorisation specification is then performed on all matching XML resources, and decisions are stored in the decision cache. This makes it possible to cache fine-grained XACML authorisation and anonymisation decisions, which reduces the authorisation load on the Policy Decision Point (PDP). The theoretical solution is related to a practical case study consisting of a privacy-enhanced intrusion detection system that needs to perform anonymisation of Intrusion Detection Message Exchange Format (IDMEF) XML messages before they are sent to a security operations centre that operates in privacy-preserving mode. The solution increases the scalability of XACML based authorisation significantly, and may be instrumental in implementing federated authorisation and anonymisation based on XACML in several areas, including intrusion detection systems, web services, content management systems and GRID based authentication and authorisation

Patenter som innovasjonsindikatorer : Komparativ analyse av 3 ulike bransjer i 4 nordiske land i perioden 1996 til 2005

Ved bruk av patentdatabasen USPTO (US Patent & Trademark Office) som inneholder samtlige amerikanske patenter og mønsterbeskyttelser, er det utført en analyse med formål å sammenligne patenteringsaktivitet i Norge, Danmark, Sverige og Finland for følgende tre bransjer: Kuldeteknikk, Offshoreteknikk, og Telekommunikasjon. Målet med denne undersøkelsen er en studie av: • Indikatorer for teknologisk utvikling og innovasjon. • Patenter benyttet som innovasjonsindikatorer. • Patenteringsaktivitet i tre ulike bransjer/patentklasser i fire forskjellige land. Fra analysen kan følgende oppsummeres: • Bruk av Patentstatistikk, ved å telle antall patenter, benyttes for å vurdere omfanget av patenteringen. Metoden gir imidlertid ikke det rette bildet av nyskapningsaktiviteten, da noen patenter aldri realiseres og andre benyttes kun for å blokkere for nye patenter. • Ved å normalisere antall registrerte patenter årlig med hensyn til de respektive lands innbyggere, viser resultatene at i land med større befolkningsgrunnlag patenteres mer. • Ved å se på dynamikken av denne prosessen globalt over tid, vil det gi et reelt bilde av de mekanismer som kan påvirke patenteringen (oppgang eller nedgang i bransjen). • Bruk av Patentstatistikk ved å telle antall siteringer: Både alder og antall patenter påvirker resultatene kraftig, og eldre patenter har normalt flere siteringer enn yngre patenter. • Ved å telle antall siteringer pr. patent fjernes koplingen (til en viss grad), men fortsatt er eldre patenter sitert oftere enn nyere patenter. • Ved å ”normalisere” antall siteringer pr. år antydes hvor viktige snittet av patentene er. Antallet siteringer avtar med tiden (som forventet). • Når antall nyere patenter øker vil det kompensere for redusert antall siteringer for disse patentene. Hvis WPC indikatoren synker, kan dette forklares med at antall nye patenter ikke øker så veldig. • RTCA – indikatoren benyttes for å få økt forståelse for landets spesialisering, og dette var meget fremtredende i denne analysen.• Lineær regresjonsanalyse benyttes for å vise snittet av antall siteringer av alle patenter, og kan gi svar på i hvilken grad det ene landets patenter siteres oftere enn patenter fra de øvrige land. Metoden gir også svar på om det ene landets patenter er ”bedre” enn det andre landets patenter. Videre trekkes følgende konklusjon: • Ved å knytte de analyserte bransjene mot de analyserte land ble følgende klart: I Norge er det olje- og gassbransjen med offshore utstyrsproduksjon som er størst, i Sverige og i Finland – telekommunikasjon og i Danmark - kuldeautomatikk