Li Jiang,Lingdi Ping,Xuezeng Pan

DOI: https://doi.org/10.1007/978-3-540-76788-6_6

2007-01-01

Abstract:Information flow and in particular noninterference ensure that sensitive information does not affect public information. But noninterference is too restrictive: real computing systems sometimes need to dynamically release certain amount of sensitive information. In this paper, we propose a new security property that requires the decision to perform information release have high integrity, and permits low integrity data which comes from untrusted sources to dynamically affect information release by upgrading (or endorsing) its integrity. To control such integrity upgrading, we introduce an endorsement mechanism that takes the form of a local integrity endorsing policy declaration. So the programmer can express more precise ways of endorsing, by specifying the integrity levels from which information may be endorsed. In addition, we show a new type system to enforce the security property.

Peter C. Chapin,Sean Wang

2006-01-01

Abstract:Trust management systems are frameworks for authorization in modern distributed systems, allowing remotely accessible resources to be protected by providers. By allowing providers to specify policy, and access requesters to possess certain access rights, trust management automates the process of determining whether access should be allowed on the basis of policy, rights, and an authorization semantics. In this paper we survey modern stateof-the-art in trust management, focusing on features of policy and rights languages that provide the necessary expressiveness for modern practice. We characterize systems in light of a generic structure that takes into account components of practical implementations. We emphasize systems that have a formal foundation, since security properties of them can be rigorously guaranteed. Underlying formalisms are reviewed to provide necessary background.

Zhi-Yu Peng,Shan-Ping Li

DOI: https://doi.org/10.1109/icmlc.2008.4620616

2008-01-01

Abstract:As pervasive computing leading to an increased collection of information in the computational world as well as the real world, privacy leaking becomes a serious issue. Although privacy protection has drawn great attention in recent years, the privacy-preserving trust management has not been brought forward. Credential chain discovery problem is the key issue in trust management, and traditionally credentials are full open in the whole system. This could expose users' access control policies as well as other private information, and leads to a great risk of being cheated by malicious users. This paper advocates a privacy-preserving credential chain discovery mechanism, in which credentials are no longer available to everyone. By merely learning credentials of one's logic neighbors, this mechanism still achieves good results. The simulations show that this mechanism is practical.

Xuezeng Pan

DOI: https://doi.org/10.3785/j.issn.1008-973x.2009.08.005

2009-01-01

Abstract:To resolve the problem that the simple combination of BLP and Biba models will lead to poor availability,a confidentiality and integrity dynamic union model based on multi-level security(MLS) policy was presented.The two dimensions of secure model are composed of confidentiality and integrity,on which the security label is separated into write privilege range and read privilege range respectively,whereupon subject's access range is adjusted dynamically according to the security label of related objects and the history situation of the subject's access,improving the agility and practicability of the model.The formal definition of this model was given,and the security was also analyzed with proof.Finally,examples were illuminated to show the effectiveness and usability of this model.

彭志宇,李善平,杨朝晖,林欣

DOI: https://doi.org/10.3785/j.issn.1008-973X.2010.05.011

2010-01-01

Abstract:An anonymous authorization mechanism was proposed to protect the user's privacy in the process of authorization in trust management. User requested for services using their real identification in most of the classic trust-management language system, which potentially leaded to the privacy leaking. Through dynamically searching for the delegation roles which take over the request, the anonymous authorization mechanism retained the right behavior of credential chain discovery and achieved a quantitative way of anonymity against the resource provider. Results showed that the anonymous mechanism shared the same worst-case time complexity with the traditional forward credential-chain-searching method. A method of caching all the members in the nodes was proposed to improve the performance in time spending. Simulation results showed that the performance in time spending greatly improved in the relative stable systems, in which the credentials change slowly.

Hu Wen-tao,Jiang Da-wei,Wu Sai,Chen Ke,Chen Gang

DOI: https://doi.org/10.1631/jzus.a2200156

2022-01-01

Journal of Zhejiang University SCIENCE A

Abstract:1 Introduction Data are at the heart of intelligent rail systems in the high-speed transportation sector (Zhou et al., 2020;Ho et al., 2021;Hu et al., 2021;Chen et al., 2022). The core of modern intelligent railroad systems typically includes rail transportation and equipment monitoring models learned from large datasets, which are often optimized for specific data and workloads (Zhu et al., 2019;Tan et al., 2020). While these intelligent railroad systems have been widely adopted and successful, their reliability and proper function will change as the data used changes. If the data used (on which the system operates) deviates from the fundamental constraints of the initial data (on which the system is trained) then, in that case, the system performance degrades, and the results inferred by the system model become unreli-able, so the system model must be retrained and rede-ployed to re-store reliable inference results (Sharma and Chandel, 2013). The mechanism for assessing the trustworthiness of intelligent rail system inferences is of paramount importance, especially for rail systems performing safety-critical or high-impact operations.

Wentao Hu,Dongxiang Zhang,Dawei Jiang,Sai Wu,Ke Chen,Kian-Lee Tan,Gang Chen

DOI: https://doi.org/10.1145/3318464.3384683

2020-01-01

Abstract:In this demonstration, we present a new definition of integrity constraint that is more powerful for anomalous data discovery. In our definition, a constraint is functioned on both categorical and numerical attributes in relational tables, as well as their derivative attributes, leading to a huge search space. Furthermore, we are the first to take into account attribute value distribution as part of a constraint. Based on the proposed integrity constraint, we build AUDITOR on top of relational tables from the industry of healthcare auditing and demonstrate its effectiveness and ease-of-use for domain experts to discover anomalous data.

Debra Box,Dalenca Pottas

Abstract:Trust is an important component in the security of an information system. The advent of the electronic health record (EHR) and the health information system (HIS) have raised it to greater prominence. These systems and their intended benefits are rendered less effective through a low level of trust between the stakeholders. The potential reciprocal relationship between accountability and trust is investigated. A literature study examines both concepts and their interrelationship. The accountability and audit controls provided by the NIST SP 800-53 security guide and the ISO 27799 security standard are extracted, collated and expanded to strengthen the accountability mechanisms within an HIS security program. A dedicated set of accountability controls (NIM) which is specific to the healthcare environment is produced. It is proposed that through the strengthening of the accountability function of the HIS, its level of trustworthiness may be improved.

YE Ling-jian,SONG Zhi-huan

DOI: https://doi.org/10.3969/j.issn.1671-7848.2013.01.008

2013-01-01

Abstract:This paper solves integrity problem for decentralized control system and proposes a branch and bound algorithm to evaluate integrity and screen appropriate decentralized control structure.Integrity is a necessary property required by decentralized control structure,which reflects the system's fault tolerance capacity.Evaluating integrity is proved to be a NP-hard problem and designing such a system is even more challenging.By introducing the concept of the subsystem of decentralized control system,a recursive relationship for integrity between different dimensional systems is derived,and the input-output pairing relationships are determined via branch and bound method.Random matrices tests demonstrate that proposed algorithm can reduce the computing burden significantly and quickly screen decentralized control structure with integrity.

Orhio Mark Creado,Bala Srinivasan,Phu Dung Le,Jefferson Tan

DOI: https://doi.org/10.5121/csit.2014.4212

2014-03-03

Abstract:Trust is an absolute necessity for digital communications; but is often viewed as an implicit singular entity. The use of the internet as the primary vehicle for information exchange has made accountability and verifiability of system code almost obsolete. This paper proposes a novel approach towards enforcing system security by requiring the explicit definition of trust for all operating code. By identifying the various classes and levels of trust required within a computing system; trust is defined as a combination of individual characteristics. Trust is then represented as a calculable metric obtained through the collective enforcement of each of these characteristics to varying degrees. System Security is achieved by facilitating trust to be a constantly evolving aspect for each operating code segment capable of getting stronger or weaker over time.

Cryptography and Security

Ran Yang,Chuang Lin,Yixin Jiang,Xiaowen Chu

DOI: https://doi.org/10.1109/icc.2011.5963329

2011-01-01

Communications

Abstract:The rapid development of applications running on global information infrastructure poses the problem of securing information sharing among domain collaborations. Existing access control models are defective in dynamic authorization based on user's trustworthiness and do not take full advantages of the infrastructure in implementing access control system. In this work, we propose a trust and role based access control model and the corresponding framework in infrastructure-centric environment. With the extension to RBAC model, trust level requirements, which dictate that the roles in the privilege context must be activated by the trustworthy user, can be specified. The comprehensive trust model, which calculates the user's trust level in multiple trust contexts based on behavior histories, is proposed. Moreover, by taking advantages of the infrastructure services, our scheme is flexible and scalable in that system administrators are free to choose custom scoring functions while the infrastructure trust evaluation services are relieved of the heavy burdens of history record maintenance and trust level update.

Adam Hess,Jason Holt,Jared Jacobson,Kent E. Seamons

DOI: https://doi.org/10.1145/1015040.1015044

2004-08-01

ACM Transactions on Information and System Security

Abstract:The focus of access control in client/server environments is on protecting sensitive server resources by determining whether or not a client is authorized to access those resources. The set of resources is usually static, and an access control policy associated with each resource specifies who is authorized to access the resource. In this article, we turn the traditional client/server access control model on its head and address how to protect the sensitive content that clients disclose to and receive from servers. Since client content is often dynamically generated at run-time, the usual approach of associating a policy with the resource (content) a priori does not work. We propose a general-purpose access control model designed to detect whenever sensitive information is being transmitted, and determine whether the sender or receiver is authorized. The model identifies sensitive content, maps the sensitive content to an access control policy, and establishes the trustworthiness of the sender or receiver before the sensitive content is disclosed or received. We have implemented the model within TrustBuilder, an architecture for negotiating trust between strangers based on properties other than identity. The implementation targets open systems, where clients and servers do not have preexisting trust relationships. The implementation is the first example of content-triggered trust negotiation. It currently supports access control for sensitive content disclosed by web and email clients.

Aslan Askarov,Andrew Myers

DOI: https://doi.org/10.2168/LMCS-7%283%3A17%292011

2011-09-23

Abstract:Language-based information flow methods offer a principled way to enforce strong security properties, but enforcing noninterference is too inflexible for realistic applications. Security-typed languages have therefore introduced declassification mechanisms for relaxing confidentiality policies, and endorsement mechanisms for relaxing integrity policies. However, a continuing challenge has been to define what security is guaranteed when such mechanisms are used. This paper presents a new semantic framework for expressing security policies for declassification and endorsement in a language-based setting. The key insight is that security can be characterized in terms of the influence that declassification and endorsement allow to the attacker. The new framework introduces two notions of security to describe the influence of the attacker. Attacker control defines what the attacker is able to learn from observable effects of this code; attacker impact captures the attacker's influence on trusted locations. This approach yields novel security conditions for checked endorsements and robust integrity. The framework is flexible enough to recover and to improve on the previously introduced notions of robustness and qualified robustness. Further, the new security conditions can be soundly enforced by a security type system. The applicability and enforcement of the new policies is illustrated through various examples, including data sanitization and authentication.

Programming Languages,Cryptography and Security

Yuan Wang,Feng Xu,Ye Tao,Chun Cao,Jian Lü

DOI: https://doi.org/10.1007/11839569_23

2006-01-01

Abstract:Trust management is an efficient approach to ensure the security and reliability in the autonomic and coordination systems. Various trust management systems are proposed from different viewpoints. However, evaluating different trust management approaches is usually more intuitive than formal. This paper presents a role-based formal framework to specify trust management systems. By quantifying two types of trust commonly occurring in the existing trust management systems, the framework proposes a set of elements to express the assertions and recommendation relationships in trust management. Furthermore, some facilities are provided to specify the semantics of trust engines. The framework makes it more convenient to understand, compare, analyze and design trust management systems.

Xiangyu Guo,Ajay Bansal

2024-08-30

Abstract:We integrate integrity constraints to stableKanren to enable a new problem-solving paradigm in combinatorial search problems. stableKanren extends miniKanren to reasoning about contradictions under stable model semantics. However, writing programs to solve combinatorial search problems in stableKanren did not fully utilize the contradiction reasoning. This is mainly due to the lack of control over the predicate (goal function) outcome during resolution. Integrity constraints defined by answer set programming (ASP) provide the ability to constrain the predicate outcome. However, integrity constraints are headless normal clauses, and stableKanren cannot create a goal function without a valid head. There are two approaches to handling integrity constraints, but they do not fit stableKanren. Therefore, we design a new approach to integrate integrity constraints into stableKanren. We show a uniform framework to solve combinatorial search problems using integrity constraints in extended stableKanren.

Programming Languages

Anbang Ruan,Qingni Shen,Liang Gu,Li Wang,Lei Shi,Yahui Yang,Zhong Chen

DOI: https://doi.org/10.1007/978-3-642-11145-7_18

2009-01-01

Abstract:The Trusted Computing Group (TCG) proposed remote attestation as a solution for establishing trust among distributed applications. However, current TCG attestation architecture requires challengers to attest to every program loaded on the target platform, which will increase the attestation overhead and bring privacy leakage and other security risks. In this paper, we define a conceptual model called the Trusted Isolation Environment (TIE) to facilitate remote attestation. We then present the implementation of TIE with our tailored Usage CONtrol model (UCONRA) and a set of system-defined policies. With its continuous and mutable feature and obligation support, we construct the TIE with flexibility. Lastly, we propose our attestation architecture with UCONRA gaining the benefits of scalable and lightweight.

Xie Jun,Xu Feng,Huang Hao

2004-01-01

Ruan Jian Xue Bao/Journal of Software

Abstract:MLS (multilevel security) is being widely applied in many security critical systems, but it can't implement many important security policies such as channel-control. In this paper, the concept of trust degree is introduced into the MLS to implement policies like channel-control conveniently. An access control state machine model which enforces the trust degree based multilevel security policy is established, and is proved to be secure for this policy. It is also proved that this model can enforce all static information flow policies. An extension of the model is also offered to support the dynamic change of storage objects' security labels. The model avoids the disadvantage of MLS' not being able to resolve the problem of secure downgrading and not taking integrity into consideration, and at the same time it retains the advantage of easy understanding and use enjoyed by the traditional classified policy models.

Luís Cruz-Filipe,Isabel Nunes,Peter Schneider-Kamp

DOI: https://doi.org/10.1007/978-3-319-30024-5_13

2016-01-20

Abstract:Integrity constraints in databases have been studied extensively since the 1980s, and they are considered essential to guarantee database integrity. In recent years, several authors have studied how the same notion can be adapted to reasoning frameworks, in such a way that they achieve the purpose of guaranteeing a system's consistency, but are kept separate from the reasoning mechanisms. In this paper we focus on multi-context systems, a general-purpose framework for combining heterogeneous reasoning systems, enhancing them with a notion of integrity constraints that generalizes the corresponding concept in the database world.

Databases

Paul R. Smart,Wendy Hall,Michael Boniface

DOI: https://doi.org/10.1017/dap.2022.13

2022-07-01

Abstract:Trustworthiness is typically regarded as a desirable feature of national identification systems (NISs); but the variegated nature of the trustor communities associated with such systems makes it difficult to see how a single system could be equally trustworthy to all actual and potential trustors. This worry is accentuated by common theoretical accounts of trustworthiness. According to such accounts, trustworthiness is relativized to particular individuals and particular areas of activity, such that one can be trustworthy with regard to some individuals in respect of certain matters, but not trustworthy with regard to all trustors in respect of every matter. The present article challenges this relativistic approach to trustworthiness by outlining a new account of trustworthiness, dubbed the expectation-oriented account. This account allows for the possibility of an absolutist (or one-place) approach to trustworthiness. Such an account, we suggest, is the approach that best supports the effort to develop NISs. To be trustworthy, we suggest, is to minimize the error associated with trustor expectations in situations of social dependency (commonly referred to as trust situations), and to be trustworthy in an absolute sense is to assign equal value to all expectation-related errors in all trust situations. In addition to outlining the features of the expectation-oriented account, we describe some of the implications of this account for the design, development, and management of trustworthy NISs.

English Else

Vincenzo De Florio,Giuseppe Primiero

DOI: https://doi.org/10.48550/arXiv.1502.01899

2015-03-10

Abstract:We introduce a method for the assessment of trust for n-open systems based on a measurement of fidelity and present a prototypic implementation of a complaint architecture. We construct a MAPE loop which monitors the compliance between corresponding figures of interest in cyber- and physical domains; derive measures of the system's trustworthiness; and use them to plan and execute actions aiming at guaranteeing system safety and resilience. We conclude with a view on our future work.

Cryptography and Security