Catálogo de publicaciones - libros

Security is a crucial concern for commercial and mission critical applications in Web-based environments. In our model, context information associated with management policies is defined according to basic operators that can be represented using the . Standard inference procedures of are being used to check the consistency of context information referred to by policy conditions and, more interestingly, to pre-process context information for grounding policy propagation and enabling conflict resolution. In this paper, we extend the model to encompass part-of relations between entities in context descriptions and, consequently, revise the policy propagation criteria being applied to the model to take into account the newly introduced relations. Finally, we exemplify modality conflicts arising from part-of relations, a category of conflicts (i.e., inconsistencies related to individuals) that cannot be foreseen by looking at the terminology underlying context information.

SACL is an access control language based on SPKI/SDSI PKI that has features like group certificates, delegation, threshold certificates etc. In this paper, we show how SACL can be effectively realized in a Security Automata framework. We establish the equivalence of the transformation with the SPKI/SDSI semantics as well as the set-theoretic semantics. The transformation gives an efficient way to enforce the policy being defined and allows inference of authorizations obtained from multiple certificates. Further, we describe algorithms for efficiently solving certificate-analysis problems, resource authentication problems etc. The transformation allows us to capture the authorization of tags while being delegated in an unambiguous way and, define the set of tags permissible under threshold certification. The framework succinctly captures the expressive power of SACL and enables heterogenous integration of SACL with state-based security mechanisms that are widely used for protection/security of classical OS, Databases etc. One of the distinct advantages of the framework is the amenability of using finite state model-checking algorithms for verifying access control. We shall show how very useful properties can be verified using our transformation.

In this work, we have identified a class of weakness named as attack in a number of existing protocols and propose a common design principle to avoid the weakness. Also, based on the design principles, we propose three key establishment schemes under two different scenarios. The proposed schemes are efficient in terms of number of nonce used and are based on one-way functions.

This paper examines a hash based hierarchical access control scheme proposed by Yang and Li. It is shown that the scheme suffers from the ex-member access problem. A new hash based scheme that avoids the ex-member problem is proposed. Our scheme has the following advantages: (i) it uses less private storage per node; (ii) addition or deletion of nodes and users does not require rekeying of all nodes; and (iii) the static version of the scheme carries a proof of security. A hash based scheme recently proposed by Atallah, Frikken and Blanton also has these properties. Compared to their scheme, our scheme requires less public storage space for tree hierarchies.

Network connectivity has undergone a significant change since the appearance and increasing deployment of IEEE 802.11 technology. Wireless links are inherently insecure and, in order to secure them, the IEEE 802.11i amendment has defined the security mechanisms to be used. The solution described in IEEE 802.11i is applicable, in theory, to both infrastructure and ad-hoc networks. Nevertheless, the great deployment of wireless access points and the potential economical benefits derived from it impelled the standardization bodies to provide a security solution for IEEE 802.11 access links. Therefore, IEEE 802.11i has been designed as an infrastructure-oriented solution, and some of the design decisions are not the most appropriate for its use in peer-to-peer communications, showing several limitations to secure ad-hoc networks. We have found the same drawbacks when trying to adapt the IEEE 802.1X model for providing end-to-end security at the link layer between Ethernet peers. We have identified the shortcomings of the standardized solution for its application in securing peer-to-peer communications, and we propose some modifications to the IEEE 802.1X model that help to overcome those limitations. These modifications have been implemented and functionally tested for establishing secure communications between end stations in Ethernet networks.

A wireless sensor network (WSN), an ad hoc network of resource constrained sensor nodes, has become an attractive option for monitoring applications. The wide use of sensor networks is due to the cheap hardware and detailed information they provide to the end user. As with every network of every computing device, security is one of the key issue of sensor networks. The resource constrained nature of sensor nodes make the security quite challenging. The sensor networks are prone to many kinds of security attack viz. report fabrication attack, denial of service attack, Sybil attack, traffic analysis attack, node replication attack, physical attack etc. The report fabrication attack is a security attack in which the adversary tries to generate bogus reports by compromising the sensor nodes. This paper proposes a security solution that makes cluster based sensor networks resilient to report fabrication attacks. The proposed solution relies on symmetric key mechanisms, appropriate for random deployment and also handles the node failures.

Threat analysis and mitigation, both essential for corporate security, are time consuming, complex and demand expert knowledge. We present an approach for simulating threats to corporate assets, taking the entire infrastructure into account. Using this approach effective countermeasures and their costs can be calculated quickly without expert knowledge and a subsequent security decisions will be based on objective criteria. The ontology used for the simulation is based on Landwehr’s [ALRL04] taxonomy of computer security and dependability.

A phenomenal growth in the number of credit card transactions, especially for on-line purchases, has also led to a substantial rise in fraudulent activities. Implementation of efficient fraud detection systems has thus become imperative for all credit card companies in order to minimize their losses. In real life, fraudulent transactions could be interspersed with genuine transactions and simple pattern matching techniques are not often sufficient to detect the fraudulent transactions efficiently. In this paper, we propose a hybrid approach in which anomaly detection and misuse detection models are combined. Sequence alignment is used to determine similarity of an incoming sequence of transactions to both a genuine card holder’s sequence as well as to sequences generated by a validated fraud model. The scores from these two stages are combined to determine if a transaction is genuine or not. We use stochastic models for studying the performance of the system.

Most of the commercial antivirus software fail to detect unknown and new malicious code. In order to handle this problem generic virus detection is a viable option. Generic virus detector needs features that are common to viruses. Recently Kolter et al. [16] propose an efficient generic virus detector using -grams as features. The fixed length -grams used there suffer from the drawback that they cannot capture meaningful sequences of different lengths. In this paper we propose a new method of variable-length -grams extraction based on the concept of episodes and demonstrate that they outperform fixed length -grams in malicious code detection. The proposed algorithm requires only two scans over the whole data set whereas most of the classical algorithms require scans proportional to the maximum length of -grams.

Even though self-healing techniques for transactional processes have attracted enough attention in recent years, several critical issues regarding the distributed systems have not been addressed. For example, if we do the recovery under sustained attacks, in which condition the recovery can terminate? Is a synchronized clock necessary for distributed recovery? In this paper, we proposed a dead-lock free algorithm for coordinated recovery and answered related questions. We also proved that under specific situations, we have to freeze the recovery scheme to guarantee that the recovery can make progress.