Catálogo de publicaciones - libros

Service-oriented architectures (SOAs) are increasingly gaining popularity due to their considerable flexibility and scalability in open IT-environments. Along with their rising acceptance comes the need for well suited security components. In this respect, access control and privacy emerged to crucial factors.

Targeting the demands of a SOA, many promising authorization models have been developed, most notably the attribute-based access control (ABAC) model. In this paper we take up concepts from the OASIS XACML and WS-XACML specifications and introduce a dynamic ABAC system that incorporates privacy preferences of the service requestor in the access control process. Separating the Policy Decision Point from the service provider’s premises, our infrastructure enables the deployment of alternative PDPs the service requestor can choose from. We employ a PKI to reflect the sufficient trust relation between the service provider and a potential PDP. Our work is carried out within the European research project Access-eGov that aims at a European-wide e-Government service platform.

In this paper we present the design of a scalable and secure cryptographic service that can be adopted to support large-scale networked systems, which may require strong authentication from a large population of users. Since the users may not be able to adequately protect their cryptographic credentials, our service leverages some better protected servers to help fulfill such authentication needs. Compared with previous proposals, our service has the following features: (1) it incorporates a 3-factor authentication mechanism, which facilitates compromise detection; (2) it supports immediate revocation of a cryptographic functionality in question; (3) the damage due to the compromise of a server is contained; (4) it is scalable and highly available.

In this paper, we present the design of gVault, a cryptographic network file system that utilizes the data storage provided by Gmail’s web-based email service. Such a file system effectively provides users with an easily accessible free network drive on the Internet. gVault provides numerous benefits to the users, including: a) Secure remote access: Users can access their data securely from any machine connected to the Internet; b) Availability: The data is available 24/7; and c) Storage capacity: Gmail provides a large amount of storage space to each user. In this paper, we address the challenges in design and implementation of gVault. gVault is fundamentally designed keeping an average user in mind. We introduce a novel encrypted storage model and key management techniques that ensure data confidentiality and integrity. An initial prototype of gVault is implemented to evaluate the feasibility of such a system. Our experiments indicate that the additional cost of security is negligible in comparison to the cost of data transfer.

Security and privacy concerns as well as legal considerations force many companies to encrypt the sensitive data in databases. However, storing the data in an encrypted format entails non-negligible performance penalties while processing queries. In this paper, we address several design issues related to querying encrypted data in relational databases. Based on our experiments, we propose new and efficient techniques to reduce the cost of cryptographic operations while processing different types of queries. Our techniques enable us not only to overlap the cryptographic operations with the IO latencies but also to reduce the number of block cipher operations with the help of selective decryption capabilities.

Despite the widespread adoption of Role-based Access Control (RBAC) models, new access control models are required for new applications for which RBAC may not be especially well suited and for which implementations of RBAC do not enable properties of access control policies to be adequately defined and proven. To address these issues, we propose a form of access control model that is based upon the key notion of an event. The access control model that we propose is intended to permit the representation of access control requirements in a distributed and changing computing environment, the proving of properties of access control policies defined in terms of our model, and direct implementations for access control checking.

With the growing advancement of pervasive computing technologies, we are moving towards an era where spatio-temporal information will be necessary for access control. The use of such information can be used for enhancing the security of an application, and it can also be exploited to launch attacks. For critical applications, a formal model for spatio-temporal-based access control is needed that increases the security of the application and ensures that the location information cannot be exploited to cause harm. In this paper, we propose a spatio-temporal access control model, based on the Role-Based Access Control (RBAC) model, that is suitable for pervasive computing applications. We show the association of each component of RBAC with spatio-temporal information. We formalize the model by enumerating the constraints. This model can be used for applications where spatial and temporal information of a subject and an object must be taken into account before granting or denying access.

Modern information systems require temporal and privilege-consuming usage of digital objects. To meet these requirements, we present a new access control model–Times-based Usage Control (TUCON). TUCON extends traditional and temporal access control models with times-based usage control by defining the maximum times that a privilege can be exercised. When the usage times of a privilege is consumed to zero or the time interval of the usage is expired, the privilege exercised on the object is automatically revoked by the system. Formal definitions of TUCON actions and rules are presented in this paper, and the implementation of TUCON is discussed.

The database server is a crucial bottleneck in traditional inference control architecture, as it enforces highly computation-intensive auditing for all users who query the protected database. As a result, most auditing methods, though rigorously studied, can never be implemented in practice for protecting largescale real-world database systems. To shift this paradigm, we propose a new inference control architecture that will entrust inference control to each users platform, provided that the platform is equipped with trusted computing technology. The trusted computing technology is designed to attest the state of a users platform to the database server, so as to assure the server that inference control could be enforced as expected. A generic protocol is proposed to formalize the interactions between the users platform and database server. Any existing inference control technique can work with our protocol, for which the security properties are formally proven. Since each user’s platform enforces inference control for its own queries, our solution avoids the bottleneck.

Physical security has received increased attention after 9/11. However, access control to physical units has not been explored much. On the other hand, there is a rich literature on access control to information. These two areas appear converging as seen by recent products and studies. However, use of different notations and implementation details make this convergence harder. We need to try to take this convergence at a more abstract level first. Although introduced about 10 years ago, security patterns have recently become accepted by industry and two books on this topic have appeared recently. Security patterns for information access control have appeared but now we extend this concept to access for physical units. The unification of information and physical access control is just beginning but the strong requirements of infrastructure protection will make this convergence to happen rapidly. Examining existing systems, industry standards and government regulations, we describe, in the form of patterns, the core set of features a physical access control system should have. The paper illustrates the structure and use of these patterns.

The is the standard access control policy specification language of the World Wide Web. XACML does not provide exclusive accesses to globally resources. We do so by enhancing the policy execution framework with locks.