Catálogo de publicaciones - libros

Current operating systems enforce access control policies based on completely static rules, a method originating from a time where computers were expensive and had to serve several users simultaneously. Today, as computers are cheap, a trend to mobile workstations can be realized, where a single device is used to perform a task under unpredictable, . However, the static access rules still remain, while their use in mobile environments is limited, because in changing environments, access rights must constantly be adjusted to guarantee data integrity in all situations. With dynamically adjusting rules, in turn, it is not sufficient anymore to check access to data only once; instead, access rights must be revalidated every time data is actually accessed, even if part of that data is cached by an application. In this paper, we present a method to dynamically and retrospectively enforce access control policies based on the context a device is operating in, while tracing data beyond disk accesses.

Protecting the privacy of individuals demands that special care be taken with the handling of an individual’s personal information. Either the system should store as little or no user data at all, or it should protect access to the data in cases where it is necessary that data has to be stored. A common approach to the protection of PII (in a privacy aware system) is to associate a set of purposes with the PII which indicates the enterprise’s use of the data.

Purposes placed in a hierarchical structure (such as a lattice) can subsume each other, which can provide flexibility in the customisation of a privacy agreement. In this article the customisation of privacy agreements using purposes placed in a lattice is considered. In particular minimal acceptance levels, maximal acceptance levels, validation and invalidation of agreements with respect to purpose lattices are introduced.

In this paper we describe a framework that supports the dynamic configuration, adaptation and monitoring of systems that need to guarantee specific security and dependability (S&D) properties whilst operating in distributed settings. The framework is based on providing abstract specifications of implementation solutions that can be used by systems in order to achieve specific S&D properties. The focus herein will be on the monitoring aspects of the framework which allow it to adapt to violations of the S&D requirements and changes to the current context.

Software can be found in a lot of different infrastructures in our daily life e.g. mobile phones, cars, or ticket machines. Due to always increasing requirements or failures in programs, updates are needed at all times and mean a great cost and time advantage. Not always can the technical possibility to download software components be realized right away because various security issues or legal restraints have to be taken into account. This paper introduces a security architecture for regulated software download that is performed in the area of measuring instruments but can also be applied for other infrastructures. Therefore at first the legal requirements in which the software download is performed – here the liberalized energy market - is introduced. Furthermore different security requirements that are necessary to connect the technical and legal needs are presented. The analysis of the legal situation, the participants, resources, and threads draws a total picture of the system. Starting from these conclusions an infrastructure that supports the different security aspects will be presented.

This paper uses the perspective of power in the study of IS security management. We explore the role of power in the implementation of an information systems security policy, using the Circuits of Power as a Framework for the analysis. A case study research was conducted in a public sector organization that introduced a security policy in order to comply with the law. The authors interviewed members of the organization to explore the different aspects of power relations which were intertwined with the implementation of the policy and used the Circuits of Power to analyze the data gathered. The conclusions derived from the analysis illustrate the role of power in the policy implementation process and indicate that a power perspective provides useful insight in the study of factors affecting the implementation of security policies.

Today, the Internet provides an alternative platform where service consumers and service providers can exchange goods and services at electronic marketplaces (e-Markets). In second generation e-Markets consumers and providers have the opportunity to use autonomous agents to act on their behalf to discover, select, and negotiate with potential business partners. Agents can close contracts, make payments, monitor and review contract compliance. Information about the trustworthiness, reputation and the credibility of services, service providers, retailers, and entire business domains is crucial for the assessment of business partners during the service selection process in marketplaces. Agent owners expect their agents to follow social principles and values found in traditional marketplaces. In this paper we discuss the framework which enables autonomous agents to evaluate social information which is then used for service selection. Furthermore, agents will are able to review ongoing or completed business interactions for the benefit of peers and their own future decisions. We simulate how the service selection process progresses through new information drawn from reviews of past business interactions.

Most of industrial or public domains involve a trusted and distributed infrastructure which provides individuals digital credentials and certificates. These latter allow their owner to authenticate herself, prove her rights and gain access inside trusted organizations. The certificate usability scope is extended to contain more and more information, where someones can be considered as sensitive. Contrary to existing certificate standards, we aim to provide a flexible format of certificate enabling to disclose, to blind and to cipher any authorized part of a certificate according to the user context, environment and willing. In this paper, we define and describe a new certificate model called: ”X316” and we supply a security toolbox (i.e. X316 Signature, X316 Encryption and X316 Context) allowing its owner for managing her certificate freely according to contextual situation.

Web based applications often have vulnerabilities that can be exploited to launch SQL-based attacks. In fact, web application developers are normally concerned with the application functionalities and can easily neglect security aspects. The increasing number of web attacks reported every day corroborates that this attack-prone scenario represents a real danger and is not likely to change favorably in the future. However, the main problem resides in the fact that most of the SQL-based attacks cannot be detected by typical intrusion detection systems (IDS) at network or operating system level. In this paper we propose a database level IDS to concurrently detect malicious database operations. The proposed IDS is based on a comprehensive anomaly detection scheme that checks SQL commands to detect SQL injection and analyses transactions to detect more elaborate data-centric attacks, including insider attacks.

Some important problems in information security such as software protection, watermarking and obfuscation have been proved to be impossible to solve with software-based solutions. By protecting certain actions in order to guarantee that they are executed as desired, trivial solutions to those problems can be implemented. For tamperproof hardware devices such as smart cards to serve this purpose they must provide the capability to execute code on-the-fly. This paper presents mechanism to allow dynamic code execution in Java Card in order for these cards to be used in software protection problems. However, the solution can be used in other applications.

The forthcoming ISO/IEC 24727 series of standards defines application programming interfaces for smart cards and is expected to provide a major contribution to the global interoperability of smart cards and card-applications. However it assumes in part 2 [8] that certain information concerning the capabilities of the card and its (cryptographic) applications is stored itself. As already issued smart cards do not provide the required structures, the significance of ISO/IEC 24727 for billions (see [5]) of “legacy cards” seems to be questionable. In order to overcome this problem, the present paper introduces an alternative approach, which does but provides the information which is necessary to map generic requests to card-specific APDUs to the middleware in form of XML-based -files.