Catálogo de publicaciones - libros

This chapter reviews the most important security and privacy issues of the modern digital world, emphasizing the issues brought by the concept of ambient intelligence. Furthermore, the chapter explains the organization of the book, describing which issues and related technologies are addressed by which chapters of the book.

This chapter addresses privacy and legislation. It explains common categories of legal protection in most jurisdictions and surveys the internationally accepted privacy principles which form the basis of the law in most countries. Next, the most important interpretation rules by the courts are given and their applications to technology are discussed. Finally, the chapter gives an outlook on the future of privacy law.

This chapter reviews ethical aspects of computer and information security and privacy. After an introduction to ethical approaches to information technology, the focus is first on ethical aspects of computer security. These include the moral importance of computer security, the relation between computer security and national security, the morality of hacking and computer crime, the nature of cyberterrorism and information warfare, and the moral responsibilities of information security professionals. Privacy is discussed next. After a discussion of the moral importance of privacy and the impact of information technology on privacy, privacy issues in various information-processing practices are reviewed. A concluding section ties the two topics together.

Access control is the process of controlling every request to a system and determining, based on specified rules (), whether the request should be granted or denied. The definition of an access control system is typically based on three concepts: access control , access control , and access control . In this chapter, we focus on the traditional access control models and policies. In particular, we review two of the most important policies: the discretionary and mandatory access control policies. We therefore start the chapter with an overview of the basic concepts on which access control systems are based. We then illustrate different traditional discretionary and mandatory access control policies and models that have been proposed in the literature, also investigating their low-level implementation in terms of security mechanisms.

Role-based access control (RBAC) models have been introduced by several groups of researchers. We first introduce the basic components of the American National Standards Institute (ANSI) RBAC model and the role graph model; then we contrast some of the details of these two models. Some design guidelines for successful role hierarchy design are given. Finally, we discuss some issues in designing a role-based system when mandatory access control constraints must be satisfied.

The extensible markup language (XML) is a markup language promoted by the World Wide Web consortium (W3C). XML overcomes the limitations of hypertext markup language (HTML) and represents an important opportunity to solve the problem of protecting information distributed on the Web, with the definition of access restrictions directly on the structure and content of the document. This chapter summarizes the key XML security technologies and provides an overview of how they fit together and with XML. It should serve as a roadmap for future research and basis for further exploration of relevant scientific literature and standard specifications.

As organizations increase their reliance on information systems for daily business, they become more vulnerable to security breaches. Though a number of techniques, such as encryption and electronic signatures, are currently available to protect data when transmitted across sites, a truly comprehensive approach for data protection must also include mechanisms for enforcing access control policies based on data contents, subject qualifications and characteristics, and other relevant contextual information, such as time. It is well understood today that the semantics of data must also be taken into account in order to specify effective access control policies. Also, techniques for data integrity and availability specifically tailored to database systems must be adopted. In this respect, over the years the database security community has developed a number of different techniques and approaches to assure data confidentiality, integrity, and availability. However, despite such advances, the database security area faces several new challenges. Factors such as the evolution of security concerns, the ‘disintermediation’ of access to data, new computing paradigms and applications, such as grid-based computing and on-demand business, have introduced both new security requirements and new contexts in which to apply and possibly extend current approaches. In this chapter, we first survey the most relevant concepts underlying the notion of database security and summarize the most well-known techniques. We then discuss current challenges for database security and some preliminary approaches that address some of these challenges.

The amount of data available electronically to a multitude of users has been increasing dramatically over the last few years. The size and dynamics of the user community set requirements that cannot be easily solved by traditional access control solutions. A promising approach for supporting access control in open environments is .

This chapter provides an overview of the most significant approaches for managing and negotiating trust between parties. We start by introducing the basic concepts on which trust management systems are built, describing their relationships with access control. We then illustrate credential-based access control languages together with a description of different trust negotiation strategies. We conclude the chapter with a brief overview of reputation-based systems.

This chapter describes some of the basic mechanism of building trusted platforms, i.e., platforms that behave in a way they are expected to. The main focus is the low-level implementation of such mechanism using secure hardware, including the trusted computing standard, security mechanisms inside the central processor unit (CPU) and external secure coprocessors. After describing the advantages and limits of these approaches, the chapter describes some basic services set up on such hardware, such as secure boot, remote attestation, and secure I/O interfaces. Finally, we briefly discuss secure operating systems, and point out some future trends in secure hardware and trusted platform.

Physical unclonable functions (PUFs) can be used as a cost-effective means to store cryptographic key material in an unclonable way. They can be employed for strong authentication of objects, e.g., tokens, and of persons possessing such tokens, but also for other purposes. We give a short overview of security applications where PUFs are useful, and discuss physical realisations, noisy measurements and information content of PUFs. Then we describe an integrated authentication token containing an optical PUF, a challenging mechanism and a detector. Finally, we discuss authentication protocols for controlled and uncontrolled PUFs.