Consistent policy enforcement in distributed systems using mobile policies

This paper briefly traces the evolution of information system architectures from mainframe-connected terminals to distributed multi-tier architectures. It presents the challenges facing developers of multi-tier information systems in providing effective consistent data policy enforcement, such as access control in these architectures. Finally, it introduces “Mobile Policy” (MoP) as a potential solution and presents a framework for using mobile policy in the business logic tier of multi-tier information systems.     

Modeling contextual security policies

As computer infrastructures become more complex, security models must provide means to handle more flexible and dynamic requirements. In the Organization Based Access Control (OrBAC) model, it is possible to express such requirements using the notion of context. In OrBAC, each security rule (permission, prohibition, obligation or dispensation) only applies in a given context. A context is viewed as an extra condition that must be satisfied to activate a given security rule. In this paper, we present a taxonomy of different types of context and investigate the data the information system must manage in order to deal with these different contexts. We then explain how to model and evaluate them in the OrBAC model.

A security policy language for wireless sensor networks

Authenticated computer system users are only authorized to access certain data within the system. In the future, wireless sensor networks (WSNs) will need to restrict access to data as well. To date, WSN security has largely been based on encryption and authentication schemes. The WSN Authorization Specification Language (WASL) is a mechanism-independent composable WSN policy language that can specify arbitrary and composable security policies that are able to span and integrate multiple WSN policies. Using WASL, a multi-level security policy for a 1000 node network requires only 60 bytes of memory per node.     

云系统中多域安全策略规范与验证方法

为了有效管理云系统间跨域互操作中安全策略的实施,提出一种适用于云计算环境的多域安全策略验证管理技术。首先,研究了安全互操作环境的访问控制规则和安全属性,通过角色层次关系区分域内管理和域间管理,形式化定义了基于多域的角色访问控制（domRBAC）模型和基于计算树逻辑（CTL）的安全属性规范;其次,给出了基于有向图的角色关联映射算法,以实现domRBAC角色层次推理,进而构造出了云安全策略验证算法。性能实验表明,多域互操作系统的属性验证时间开销会随着系统规模的扩大而增加。技术采用多进程并行检测方式可将属性验证时间减少70.1%～88.5%,其模型优化检测模式相比正常模式的时间折线波动更小,且在大规模系统中的时间开销要明显低于正常模式。该技术在规模较大的云系统安全互操作中具有稳定和高效率的属性验证性能。     

软件系统UML建模与其安全建模的集成

安全是现代软件系统不可缺少的一部分,但是,目前的软件系统建模一般都不涉及安全。系统安全策略和安全机制往往是开发人员在系统开发后期对系统的补充和措施的完善。这种不规范的处理为系统后期安全维护及系统之间的集成带来很大的隐患。该文通过学生成绩管理系统来讨论如何扩充UML图素、为系统安全访问控制策略建模,引入视图策略语言(VPL)描述角色与授权之间的关联,实现了软件系统UML建模与系统安全建模的集成。     

关于IP-VPN安全策略系统的探讨

本文笔者探讨了IP-VPN安全策略系统的设计原则、系统组成、安全策略的分发以及执行,具有重要的现实意义.     

授权与访问控制策略模型的研究

针对现有授权与访问控制系统大规模、跨地域、分布式、多应用的发展趋势,在分析系统中策略分类和策略管理的作用的基础上,从策略之间的约束关系和策略作用范围的角度出发,创建了适应分布式环境的策略层次、策略作用域模型。     

一种基于角色访问控制模型的约束规范描述

传统的访问控制主要有自主型的访问控制DAC(Discretionary Access Control)和强制型的访问控制MAC(Mandatory Access Control)。强制型访问控制是“强加”给访问主体的,即系统强制主体服从访问控制政策。自主型的访问控制是在确认主体身份以及它们所属的组的基础上,对访问进行限定的一种方法。随着企业规模的增大,企业的信息化管理变得越来越重要,企业级访问控制和安全管理设计将是最难解决的问题之一,DAC和MAC已不能满足需要。20世纪90年代     

探索Web网页安全策略的研究及其实现方案

如今,Web网页的种类繁多且复杂,因此网站容易被不法分子攻击,所以网站的安全问题是需要去重视的一个重要方面,本文详细讨论了几种web网页的安全策略,也同时也提出了防火墙这个安全防护技术。     

应用安全平台体系中安全策略模型的研究

在分布式系统中,安全策略的管理是很重要的,为了对分布式系统中的安全策略方便地进行管理,并且可以适应不同类型的分布式认证系统,该文通过对RBAC96模型的研究,给出了通过结构化的语言(XML)来描述应用安全平台体系中的安全策略模型和一个实例。     

策略化的安全策略集中管理模型研究

分析了现存安全策略集中管理模型,提出了一种更为灵活的策略化的安全集中管理模型,并就此模型实现的关键技术做论述。最后就本模型和既有模型作出对比。     

A distributable security management architecture for enterprise systems spanning multiple security domains

Administering security in modern enterprise systems may prove an extremely complex task. Their large scale and dynamic nature are the main factors that contribute to this fact. A robust and flexible model is needed in order to guarantee both the easy management of security information and the efficient implementation of security mechanisms. In this paper, we present the foundations and the prototypical implementation of a new access control framework. The framework is mainly targeted to highly dynamic, large enterprise systems (e.g., service provisioning platforms, enterprise portals etc.), which contain various independent functional entities. Significant advantages gained from the application of the designated framework in such systems are epitomized in the easiness of managing access to their hosted resources (e.g., services) and the possibility of applying distributable management schemes for achieving it. The proposed framework allows for multi-level access control through the support of both role-based and user-based access control schemes. Discussion is structured in three distinct areas: the formal model of the proposed framework, the data model for supporting its operation, and the presentation of a prototypical implementation. The development of the framework is based on open technologies like XML, java and Directory Services. At the last part of the paper the results of a performance assessment are presented, aiming to quantify the delay overhead, imposed by the application of the new framework in a real system. Ioannis Priggouris received his B.Sc. in Informatics from the Department of Informatics & Telecommunications of the University of Athens, Greece in 1997 and his M.Sc. in Communication Systems and Data Networks from the same Department in 2000. Over the last years he has been a PhD candidate in the department. Since 1999, he has been a member of the Communication Networks Laboratory (CNL) of the University of Athens. As a senior researcher of the CNL he has participated in several EU projects implemented in the context of IST, namely the EURO-CITI and the PoLoS projects. He has also been extensively involved in several National IT Research projects. His research interests are in the areas of mobile computing, QoS and mobility support for IP networks, and network security. He is the author of several papers and book chapters in the aforementioned areas. Stathes Hadjiefthymiades received his B.Sc. (honors) and M.Sc. in Informatics from the Dept. of Informatics, University of Athens, Greece, in 1993 and 1996 respectively. In 1999 he received his Ph.D. from the University of Athens (Dept. of Informatics and Telecommunications). In 2002 he received a joint engineering-economics M.Sc. from the National Technical University of Athens. In 1992 he joined the Greek consulting firm Advanced Services Group, Ltd., where he was involved in the analysis, design and implementation of telematic applications and other software systems. In 1995 he joined, as research engineer, the Communication Networks Laboratory (UoA-CNL) of the University of Athens. During the period September 2001-July 2002, he served as a visiting assistant professor at the University of Aegean, Dept. of Information and Communication Systems Engineering. On the summer of 2002 he joined the faculty of the Hellenic Open University (Dept. of Informatics), Patras, Greece, as an assistant professor. Since December 2003, he is in the faculty of the Dept. of Informatics and Telecommunications, University of Athens, where he is presently an assistant professor and coordinator of the Pervasive Computing Research Group. He has participated in numerous projects realized in the context of EU programs (ACTS, ORA, TAP, and IST), EURESCOM projects, as well as national initiatives. His research interests are in the areas of web engineering, wireless/mobile computing, and networked multimedia applications. He is the author of over 100 publications in the above areas.     

Web服务中基于XML的RBAC策略模型

访问控制系统由于分布式网络的发展而日趋复杂,并且已经延伸到了多个领域,由于没有统一的描述语言,为各系统之间带来了互操作性问题。简要介绍了可扩展访问控制标记语言XACML的原理,针对Web服务中的访问控制问题,将XACML与基于角色的访问控制模型相结合,提出了一种基于角色的访问控制策略模型。策略模型适应网络分布式发展,提供了一种解决不同系统之间访问控制的互操作问题的方法。     

FSP：一种基于风险的安全策略

针对基于角色的访问控制模型（RBAC）和职责分离（SoD）这一重要的安全原则,提出了一种基于风险的安全策略—Fuzzy Security Policy（FSP）,采用资质表达式限定执行敏感任务的用户数量和身份,采用风险度向量方法量化用户角色授权风险,运用模糊综合评估法分析满足资质约束的用户集执行多项任务的聚集风险;进一步讨论了给定系统配置和风险阈值的安全策略的可满足性,并给出了判定用户集是否满足安全策略的算法。这种安全策略可以为组织选择符合安全需求的用户集执行任务。     

DW-RBAC: A formal security model of delegation and revocation in workflow systems

One reason workflow systems have been criticized as being inflexible is that they lack support for delegation. This paper shows how delegation can be introduced in a workflow system by extending the role-based access control (RBAC) model. The current RBAC model is a security mechanism to implement access control in organizations by allowing users to be assigned to roles and privileges to be associated with the roles. Thus, users can perform tasks based on the privileges possessed by their own role or roles they inherit by virtue of their organizational position. However, there is no easy way to handle delegations within this model. This paper tries to treat the issues surrounding delegation in workflow systems in a comprehensive way. We show how delegations can be incorporated into the RBAC model in a simple and straightforward manner. The new extended model is called RBAC with delegation in a workflow context (DW-RBAC). It allows for delegations to be specified from a user to another user, and later revoked when the delegation is no longer required. The implications of such specifications and their subsequent revocations are examined. Several formal definitions for assertion, acceptance, execution and revocation are provided, and proofs are given for the important properties of our delegation framework.     

Roles in information security – A survey and classification of the research area

The concept of roles has been prevalent in the area of Information Security for more than 15 years already. It promises simplified and flexible user management, reduced administrative costs, improved security, as well as the integration of employees’ business functions into the IT administration. A comprehensive scientific literature collection revealed more than 1300 publications dealing with the application of sociological role theory in the context of Information Security up to now. Although there is an ANSI/NIST standard and an ISO standard proposal, a variety of competing models and interpretations of the role concept have developed. The major contribution of this survey is a categorization of the complete underlying set of publications into different classes. The main part of the work is investigating 32 identified research directions, evaluating their importance and analyzing research tendencies. An electronic bibliography including all surveyed publications together with the classification information is provided additionally. As a final contribution potential future developments in the area of role-research are considered.     

分布式校园网路由防火墙安全过滤检测系统研究

该文提出了在当今校园网环境下,从构建安全的分布式校园网边界路由防火墙系统角度出发,研究在边界路由器上采取针对校园网内部网络的报文过滤和针对路由系统本身的安全策略,并在淮阴师范学院校园网中进行了典型应用,实践证明可以达到事半功倍的网络安全目的。     

Specification and validation of a security policy model

The paper describes the development of a formal security policy model in Z for the NATO Air Command and Control System (ACCS): a large, distributed, multilevel-secure system. The model was subject to manual validation, and some of the issues and lessons in both writing and validating the model are discussed     

Specification and static enforcement of scheduler-independent noninterference in a middleweight Java

We introduce a new timing covert channel that arises from the interplay between multithreading and object orientation. This example motivates us to explore the root of the problem and to devise a mechanism for preventing such errors. In doing so, we first add multithreading constructs to Middleweight Java, a subset of the Java programming language with a fairly rich set of features. A noninterference property is then presented which basically demands program executions be equivalent in the view of whom observing final public values in environments using the so-called high-independent schedulers. It is scheduler-independent in the sense that no matter which scheduler is employed, the executions of the program satisfying the property do not lead to illegal information flows in the form of explicit, implicit, or timing channels. We also give a provably sound type-based static mechanism to enforce the proposed property.     

Information security policy noncompliance: An integrative social influence model

Despite the significant advancements made in understanding the factors that drive employees' compliance and noncompliance behaviours with information security policy (ISP), less is known about how different factors interact to impact such behaviours. Having been drawn on the social information processing theory, this research develops an integrative model that investigates how ethical work climate, beliefs, and neutralization interact to jointly explain ISP noncompliance. The model is tested via a survey of a broad cross section of employees. Neutralization, perceived cost of compliance, and perceived cost of noncompliance are found to significantly impact ISP noncompliance. Egoistic, benevolent, and principled climates are found to differentially influence neutralization and individuals' cognitive beliefs about the cost and benefit of ISP compliance versus noncompliance. Neutralization appears to be a more important moderator of the belief‐noncompliance relationship than the principled climate.