Formal Verification of Authorization Policies for Enterprise Social Networks using PlusCal-2

International audienceInformation security research has been a highly active and widely studied research direction. In the domain of of Enterprise Social Networks (ESNs), the security challenges are amplified as they aim to incorporate the social technologies in an enterprise setup and thus asserting greater control on information security. Further, the security challenges may not be limited to the boundaries of a single enterprise and need to be catered for a federated environment where users from different ESNs can collaborate. In this paper, we address the problem of federated authorization for the ESNs and present an approach for combining user level policies with the enterprise policies. We present the formal verification technique for ESNs and how it can be used to identify the conflicts in the policies. It allows us to bridge the gap between user-centric or enterprise-centric approaches as required by the domain of ESN. We apply our specification of ESNs on a scenario and discuss the model checking results

G2G interaction among local agencies in developing countries based on diffusion of innovations theory

Technological advancement has allowed governments to meet the demands of its citizens electronically. Electronic government (e-Government) facilitates accurate and fast transactions and delivery of services and information to businesses, citizens, and government agencies.Moreover, e-Government helps enhance democracy.Agencies interact with one another electronically through the e-Government, which enhances efficiency.e-Government utilizes information and communication technology to provide the public access to various services. Leaders and information technology executives in the public sector have recognized the importance of sharing inter-organizational information to improve the efficiency of government agencies. Therefore, this study takes the diffusion of innovations theory as context to identify the most important factor affecting the electronic interaction between local agencies in developing countries

A Formal Approach for the Verification of AWS IAM Access Control Policies

Part 3: SecurityInternational audienceCloud computing offers elastic, scalable and on-demand network access to a shared pool of computing resources, such as storage, computation and others. Resources can be rapidly and elastically provisioned and the users pay for what they use. One of the major challenges in Cloud computing adoption is security and in this paper we address one important security aspect, the Cloud authorization. We have provided a formal Attribute Based Access Control (ABAC) model, that is based on Event-Calculus and is able to model and verify Amazon Web Services (AWS) Identity and Access Management (IAM) policies. The proposed approach is expressive and extensible. We have provided generic Event-Calculus modes and provided tool support to automatically convert JSON based IAM policies in Event-Calculus. We have also presented performance evaluation results on actual IAM policies to justify the scalability and practicality of the approach

DICOMFlow Access: controle de acesso para compartilhamento de imagens médicas em ambiente aberto e distribuído

The need for associations between entities from the most diverse areas for information sharing becomes increasingly common. Thus also it happens with the teleradiology, a telemedicine component that uses information technology to issue remote diagnostics through the sharing of medical images. However, the infrastructure (PACS / DICOM) in radiology departments is well consolidated in a local network environment, requiring adaptations to act in a global communication context that uses the Internet as an interconnection infrastructure between entities. One of these adaptations is the performance of access control to information shared between associated entities. Limitations were observed in current access control proposals to manage the authentication and authorization of shared information in a globallyopen and distributed network, limiting themto operate in a networkwiththesecharacteristics. The objective of this work was to elaborate the DICOMFlowAccess, an access control model for na open and distributed collaborative network for the practice of teleradiology. Forthispurpose, theDigitalCertificateofAttributesspecifiedbyICP-Brazilandother technologies already consolidated in the Internet was used, as digital certificate of identity, email infrastructure and content transmission protocols. Experiments in a virtual environment simulating a collaborative network between distinct entities, attest to its technical and operational feasibility. It was concluded that DICOMFlowAccess was successful in providing access control to shared medical image exams in an open and distributed collaborative networkin a global context of communication formed by distinct entities that use the Internet as a means of interconnection.NenhumaA necessidade de associações entre entidades das mais diversas áreas de atuação para o compartilhamento de informações torna-se cada vez mais comum. Assim também acontece com a telerradiologia, vertente da telemedicina que utiliza a tecnologia da informação para emissão de diagnóstico a distância através do compartilhamento de imagens médicas. Entretanto, a infraestrutura (PACS/DICOM) existente nos departamentos de radiologia é bem consolidada em um ambiente de rede local, necessitando de adaptações para atuar em um contexto global de comunicação que utiliza a Internet como infraestrutura de interconexão entre entidades. Uma dessas adaptações é a atuação do controle de acesso às informações compartilhadas entre as entidades associadas. Observou-se limitações nas atuais propostas decontroledeacessoparageriraautenticaçãoeautorizaçãodeinformaçõescompartilhadas em uma rede globalmente aberta e distribuída, limitando-as para atuarem numa rede com essas características. O objetivo desse trabalho foi elaborar o DICOMFlowAccess, um modelo de controle de acesso para uma rede colaborativa aberta e distribuída para a prática da telerradiologia. Para tanto, foi utilizado o Certificado Digital de Atributos especificado pela ICP-Brasil e outras tecnologias já consolidadas na Internet, como o certificado digital de identidade, a infraestrutura de e-mail e protocolos de transmissão de conteúdo. Experimentos em ambiente virtual simulando uma rede colaborativa entre entidades distintas, atestaram a sua viabilidade técnica e operacional. Concluiu-se, que o DICOMFlowAccess obteve sucesso em prover controle de acesso aos exames de imagens médicas compartilhados numa rede colaborativa aberta e distribuída, em um contexto global de comunicação, formada por entidades distintas e que utilizam a Internet como meio de interconexão

G2G interaction model of information sharing among local agencies based on phenomenology approach: Dhi-qar province employees’ viewpoints

The exchange of information electronically has help local agencies to increase their productivity and performance. At the same time, it improves the process of policy-making by providing better public services to citizens. However, only a few studies that examine the factors influencing the electronic interaction among local agencies in developing countries, including in Iraq. In fact, government agencies usually rely on information provided by other government agencies, making the electronic interactions crucial for effective inter-organizational operations management in the government. This study aims to determine the factors affecting the interaction among local agencies in Dhi-Qar, Iraq. Thus, it proposes a government-to-government (G2G) interaction model among local agencies from the environmental, organizational, and technological contexts, using phenomenological approach based on the Diffusion of Innovation and Social Exchange theories. Data were collected in two phases. First, a series of interviews with local egovernment employees were carried out to discover the factors that influence the G2G interaction in Dhi-Qar, Iraq. Later, another series of semi-structured interviews focusing on extracting the main issues that influence G2G interaction was followed. The collected data were validated through triangulation and member checking. A case study was used to confirm the findings. The study has discovered the factors that influence the electronic interaction among local agencies in Dhi-Qar. The factors are benefits, compatibility, complexity, costs, information security, inter-agency trust, internal resistance to change, information technology (IT) capability, legislation, physical security, and top management support. Based on these factors, the government-to-government interaction model (G2GIM) is proposed. This model can be applied to different local agencies in implementing e-government projects