Catálogo de publicaciones - libros

Internet provides unprecedented opportunities for the collection and sharing of privacy-sensitive information from and about users. Information about users is collected every day, as they join associations or groups, shop for groceries, or execute most of their common daily activities. Such information is subsequently processed, exchanged and shared between different parties; with users often having little control over their personal information once it has been disclosed to third parties. Privacy is then becoming an increasing concern. In this paper we discuss some problems to be addressed in the protection of information in our electronic society, surveying ongoing work and open issues to be investigated.

When consumers build value-added services on top of data resources they do not control, they need to manage their information supply chains to ensure that their data suppliers produce and supply required data as needed. Producers also need to manage their information supply chains to ensure that their data is disseminated and protected appropriately. In this paper, we present a framework for data sharing agreements (DSA) that supports a wide variety of data sharing policies. A DSA is modeled as a set of obligation constraints expressed over a dataflow graph whose nodes are principals with local stores and whose edges are (typed) channels along which data flows. We present a specification language for DSAs in which obligations are expressed as distributed temporal logic (DTL) predicates over data resources, dataflow events, and datastore events. We illustrate the use of our framework via a case study based on a real-world data sharing agreement and discuss issues related to the analysis and compliance of agreements.

Passwords are currently the dominant authentication mechanism in computing systems. However, users are unwilling or unable to retain passwords with a large amount of entropy. This reality is exacerbated by the increasing ability of systems to mount offline attacks. In this paper, we evaluate the degree to which the previous statements are true and attempt to ascertain the point at which passwords are no longer sufficient to securely mediate authentication. In order to demonstrate this, we develop an analytical model for computation to understand the time required to recover random passwords. Further, an empirical study suggests the situation is much worse. In fact, we found that past systems vulnerable to offline attacks will be obsolete in 5-15 years, and our study suggests that a large number of these systems are already obsolete. We conclude that we must discard or fundamentally change these systems, and to that effect, we suggest a number of ways to prevent offline attacks.

Networked environment has grown hostile over the years. In order to guarantee the security of networks and the resources attached to networks it is necessary to constantly monitor and analyze network traffic. Increasing network bandwidth, however, prohibits the recording and analysis of raw network traffic. In this paper we discuss some challenges facing network monitoring and present monitoring strategies to alleviate the challenges.

The conventional concurrency control protocols cannot be directly used in the multilevel secure database management systems (MLS/DBMS), because they may be exploited to establish covert channels. The stringent non-interference requirements imposed by multilevel security dictate modification of the conventional concurrency control. A number of multilevel secure concurrency control protocols have been proposed in the literature, which address the problem of covert channels. To prevent covert channels, most of these concurrency control protocols give high priority to the operations of low security level transaction when it conflicts with the operations of a high security level transaction. This may lead to the abortion or re-execution of high security level transactions over and over again and making the concurrency control protocols unfair towards high security level transactions. Motivated by fairness concerns, we present a fairness strategy for multilevel secure concurrency control protocol to achieve fair performance across different security levels while guaranteeing Orange security. Our simulation results show that fairness strategy can achieve a significant performance improvement, in terms of fairness.

Electronic business applications are often structured by workflow declarations that span potentially numerous generic activities in different organizations. Such declarations are used to assign activities to specific entities, and to dynamically grant and revoke access to the resources according to the execution state of the workflow instance. If competing organizations cooperate in common workflow instances for achieving a joint purpose, they might want to let entities participate anonymously. Anonymous participation demands a restricted flow of identifying information, whereas state dependent access control requires the flow of specific control information. In this paper we introduce the ‘Anonymous SDSD’ approach (State-Dependent Security Decisions) balancing the conflicting requirements by combining techniques like onion routing, logging, bulletin boards, pseudonyms and proxies.

Nowadays, the interaction between systems is absolutely essential to achieve business continuity. There is a need to exchange and share services and resources. Unfortunately, this does not come without security problems. The organizations (companies, enterprizes, etc.) have to manage accesses to their services and resources by external opponents. O2O is a formal approach we suggest in this paper to deal with access control in an interoperability context. It is based on two main concepts: (VPO) and Role Single-Sign On (RSSO). A VPO enables any organization undertaking an inter-operation with other organizations to keep control over the ressources accessed during the interoperability phases. The RSSO principle allows a given subject to keep the same role when accessing to another organization but with privileges defined in the VPO. Thus, using O2O, each organization can define and enforce its own secure interoperability policy. O2O is integrated in the OrBAC model (Organization based access control).

Recent web-based applications offer users free service in exchange for access to personal communication, such as on-line email services and instant messaging. The inspection and retention of user communication is generally intended to enable targeted marketing. However, unless specifically stated otherwise by the collecting service’s privacy policy, such records have an indefinite lifetime and may be later used or sold without restriction. In this paper, we show that it is possible to protect a user’s privacy from these risks by exploiting mutually oblivious, competing communication channels. We create virtual channels over online services (e.g., Google’s Gmail, Microsoft’s Hotmail) through which messages and cryptographic keys are delivered. The message recipient uses a shared secret to identify the shares and ultimately recover the original plaintext. In so doing, we create a wired “spread-spectrum” mechanism for protecting the privacy of web-based communication. We discuss the design and implementation of our open-source Java applet, Aquinas, and consider ways that the myriad of communication channels present on the Internet can be exploited to preserve privacy.

High heterogeneity and dynamicity of pervasive computing environments introduces requirement of more flexible and functional access control policies. The notion of provisional actions has been defined previously to overcome the insufficient grant/denial response to an access request and has been incorporated in the provision-based access control model (PBAC). Based on PBAC, we propose a context-aware provision-based access control model, capable of dynamic adaptation of access control policy according to the changing context. In particular, the model facilitates the definition of context-aware policies and enriches the access control by enforcing provisional actions in addition to common permissions.

With the growing use of wireless networks and mobile devices, we are moving towards an era where location information will be necessary for access control. The use of location information can be used for enhancing the security of an application, and it can also be exploited to launch attacks. For critical applications, a formal model for location-based access control is needed that increases the security of the application and ensures that the location information cannot be exploited to cause harm. In this paper, we show how the Role-Based Access Control (RBAC) model can be extended to incorporate the notion of location. We show how the different components in the RBAC model are related with location and how this location information can be used to determine whether a subject has access to a given object. This model is suitable for applications consisting of static and dynamic objects, where location of the subject and object must be considered before granting access.