Weili Han,Zheran Fang,Weifeng Chen,Wenyuan Xu,Chang Lei

DOI: https://doi.org/10.1145/2046707.2093491

2011-01-01

Abstract:Policy driven management is widely used to manage networked resources and protect sensitive resources. Existing policy-driven management strategies rely heavily on policy administrators to specify and validate policies, which not only require in depth understanding of policy languages and domain knowledge, but also are error-prone.To simplify the tasks of policy administration, this paper proposes a novel policy administration framework, named collaborative policy administration (CPA). Essentially, the idea is that applications with similar functionalities shall have similar policies. Thus, to specify or validate policies, CPA will examine policies already specified by other applications in the same category and perform collaborative recommendation. In this paper, we consider the Android systems as a case study and show that CPA can strengthen Android security.

Marius Schlegel

DOI: https://doi.org/10.48550/arXiv.2105.01970

2021-05-05

Abstract:While there have been approaches for integrating security policies into operating systems (OSs) for more than two decades, applications often use objects of higher abstraction requiring individual security policies with application-specific semantics. Due to insufficient OS support, current approaches for enforcing application-level policies typically lead to large and complex trusted computing bases rendering tamperproofness and correctness difficult to achieve. To mitigate this problem, we propose the application-level policy enforcement architecture AppSPEAR and a C++ framework for its implementation. The configurable framework enables developers to balance enforcement rigor and costs imposed by different implementation alternatives and thus to easily tailor an AppSPEAR implementation to individual application requirements. We especially argue that hardware-based trusted execution environments offer an optimal balance between effectiveness and efficiency of policy protection and enforcement. This claim is substantiated by a practical evaluation based on an electronic medical record system.

Cryptography and Security

Sandra Payette,Carl Lagoze

DOI: https://doi.org/10.48550/arXiv.1312.1258

2013-12-04

Digital Libraries

Abstract:We describe a digital object and respository architecture for storing and disseminating digital library content. The key features of the architecture are: (1) support for heterogeneous data types; (2) accommodation of new types as they emerge; (3) aggregation of mixed, possibly distributed, data into complex objects; (4) the ability to specify multiple content disseminations of these objects; and (5) the ability to associate rights management schemes with these disseminations. This architecture is being implemented in the context of a broader research project to develop next-generation service modules for a layered digital library architecture.

Yawei Zhang,Xiaojun Ye

DOI: https://doi.org/10.1109/ISPA.2008.28

2008-01-01

Abstract:Inspired by rule-based access control models, this paper proposes a universal policy model and an access protection framework to secure dataspace. The key components and processes for this framework, policy organization, policy indexing and two resource searching strategies with access decision-making, are illustrated and experimented to harmonize the contradiction between security and efficiency.

ZJ He,T Phan,TD Nguyen

DOI: https://doi.org/10.1109/reldis.2005.17

2006-01-01

Journal of Computers

Abstract:We propose and evaluate a novel framework for enforcing global coordination and control policies over interacting software components in enterprise computing environments. This framework combines a per-node reference monitor with two existing coordination and control systems to enforce policies that, among other properties, are stateful and communal. Each reference monitor filters messages exchanged between the interacting software components similar to a firewall, passing only messages that are allowed by the policies in effect. This filtering approach decouples coordination and control from application implementation, allowing the coordination and control mechanism and application implementations to evolve independently of each other. We demonstrate the power of our framework by using it to specify and enforce an RBAC policy with delegation, revocation, and separation-of-duty over accesses to a cluster of NFS and SMB file servers without changing any client or server implementations. Measurements show that our framework imposes acceptable overheads when enforcing this policy.

Alex Baird,Abhinandan Panda,Hammond Pearce,Srinivas Pinisetty,Partha Roop

DOI: https://doi.org/10.1109/access.2024.3357714

IF: 3.9

2024-02-03

IEEE Access

Abstract:The security of Cyber-Physical Systems (CPSs) is increasingly important as more and more of these systems are added to the Internet of Things (IoT). As we increase the complexity and connectivity of our smart systems, we likewise broaden their digital attack surface. Recorded attacks on CPSs have caused significant physical impacts making methods for mitigation of attacks of paramount importance. The use of runtime enforcement (RE) can prevent violation of security policies. Here, runtime enforcers intervene before the CPS is compromised. Two key challenges are presented: (1) for complex systems, methods for automatically composing multiple policies are lacking; and (2) runtime enforcers are themselves executed digitally—meaning they too could have potential security vulnerabilities. We present the first comprehensive runtime enforcement framework which addresses both challenges. It can compose a lot of security policies in parallel and synthesize these policies into the more trustworthy hardware layers of a system. This removes reliance on potentially vulnerable firmware and software layers. We demonstrate our approach with policies to mitigate a set of attacks on a Fused Filament Fabrication (FFF) 3D printer. The experimental results show linear growth in logic element and register usage as the number of policies increase. This compares favourably to the exponential state space explosion that occurs with the conventional approach of monolithic composition. Additionally, we find higher enforcer clock frequencies are possible with the proposed parallel approach compared to existing serial approaches.

computer science, information systems,telecommunications,engineering, electrical & electronic

Tobias Dam,Andreas Krimbacher,Sebastian Neumaier

2023-09-20

Abstract:Data-driven technologies have the potential to initiate a transportation related revolution in the way we travel, commute and navigate within cities. As a major effort of this transformation relies on Mobility Data Spaces for the exchange of mobility data, the necessity to protect valuable data and formulate conditions for data exchange arises. This paper presents key contributions to the development of automated contract negotiation and data usage policies in the Mobility Data Space. A comprehensive listing of policy patterns for usage control is provided, addressing common requirements and scenarios in data sharing and governance. The use of the Open Digital Rights Language (ODRL) is proposed to formalize the collected policies, along with an extension of the ODRL vocabulary for data space-specific properties.

Cryptography and Security

Fenghua Li,Zifu Li,Weili Han,Ting Wu,Lihua Chen,Yunchuan Guo

DOI: https://doi.org/10.1109/dsc.2017.100

2017-01-01

Abstract:With the rapid development of information technologies, our daily life has become deeply dependent on cyberspace. The new technologies provide more facilities and enhancements to the existing Internet services as it allows users more flexibility in terms of exploring webpages, sending messages or publishing tweets via cell phones or laptops. However, there are many security issues such as security policy definition and security policy enforcement of current cyberspace. In this paper, we study information access problems in cyberspace where users leverage devices via the Internet to access sensitive objects with temporal and spatial limitations. We propose a Cyberspace-oriented Access Control model (CoAC) to ensure the security of the mentioned accesses in cyberspace. The proposed model consists of seven atomic operations, such as Read, Write, Store, Execute, Publish, Forward and Select, which can denote all operations by the combination of several atomic operations in cyberspace. For each atomic operation, we assemble a suite of security policies and demonstrate its flexibility. By that, a series of security policies are denfined for CoAC.

Andrea Margheri,Massimiliano Masi,Rosario Pugliese,Francesco Tiezzi

DOI: https://doi.org/10.48550/arXiv.1612.09339

2016-12-30

Abstract:Access control systems are widely used means for the protection of computing systems. They are defined in terms of access control policies regulating the accesses to system resources. In this paper, we introduce a formally-defined, fully-implemented framework for specification, analysis and enforcement of attribute-based access control policies. The framework rests on FACPL, a language with a compact, yet expressive, syntax for specification of real-world access control policies and with a rigorously defined denotational semantics. The framework enables the automatic verification of properties regarding both the authorisations enforced by single policies and the relationships among multiple policies. Effectiveness and performance of the analysis rely on a semantic-preserving representation of FACPL policies in terms of SMT formulae and on the use of efficient SMT solvers. Our analysis approach explicitly addresses some crucial aspects of policy evaluation, as e.g. missing attributes, erroneous values and obligations, which are instead overlooked in other proposals. The framework is supported by Java-based tools, among which an Eclipse- based IDE offering a tailored development and analysis environment for FACPL policies and a Java library for policy enforcement. We illustrate the framework and its formal ingredients by means of an e-Health case study, while its effectiveness is assessed by means of performance stress tests and experiments on a well-established benchmark.

Software Engineering

Frederik De Keukelaere,X Wang,Chris Barlas,Thomas DeMartini,Saar De Zutter,Rik Van de Walle

2006-01-01

Abstract:Nowadays, many types of digital content exist and even more ways in which the content can be consumed. Together with these new ways to express digital content came new business models for trading digital content. Digital Rights Management systems were built to govern transactions. This paper discusses a design methodology for creating a Digital Policy Management system, being a part of Digital Rights Management systems. The introduced Digital Policy Management system uses a standards-based approach combining parts of the MPEG-21 Multimedia Framework. For implementing a Digital Policy Management system an architecture of a Governed Execution Environment is defined. It contains a Rights Analysis Tool, which derives the required rights for sets of execution steps using a three-step process of tracking, filtering, and analysis. Finally, this paper shortly discusses two application scenarios: Digital Item Processing and AJAX, in which the introduced design methodology can be applied.

Cornelius Diekmann,Lars Hupel,Georg Carle

DOI: https://doi.org/10.4204/EPTCS.150.3

2014-05-06

Abstract:Large systems are commonly internetworked. A security policy describes the communication relationship between the networked entities. The security policy defines rules, for example that A can connect to B, which results in a directed graph. However, this policy is often implemented in the network, for example by firewalls, such that A can establish a connection to B and all packets belonging to established connections are allowed. This stateful implementation is usually required for the network's functionality, but it introduces the backflow from B to A, which might contradict the security policy. We derive compliance criteria for a policy and its stateful implementation. In particular, we provide a criterion to verify the lack of side effects in linear time. Algorithms to automatically construct a stateful implementation of security policy rules are presented, which narrows the gap between formalization and real-world implementation. The solution scales to large networks, which is confirmed by a large real-world case study. Its correctness is guaranteed by the Isabelle/HOL theorem prover.

Cryptography and Security,Logic in Computer Science

YB Peng,J Gao,J Hu,BS Liao

DOI: https://doi.org/10.1109/icmlc.2005.1526970

2005-01-01

Abstract:Policy-driven system is a new research point. The system can gain autonomous ability through policy. In this paper, we present a system of policy-driven agent social, called PDAS4, which emphases on impose the policy-driven mechanism into multi-agents system, provides a platform to autonomous control the whole process of agent social activities. The main point of this paper is to propose an approach of policy-driven mechanism to control the cooperation and service execution of agents. In addition, an implementation of this system was developed and a simulated test was conducted successfully.

Michele Barletta,Silvio Ranise,Luca Viganò

DOI: https://doi.org/10.48550/arXiv.1206.3180

2012-06-14

Logic in Computer Science

Abstract:The advance of web services technologies promises to have far-reaching effects on the Internet and enterprise networks allowing for greater accessibility of data. The security challenges presented by the web services approach are formidable. In particular, access control solutions should be revised to address new challenges, such as the need of using certificates for the identification of users and their attributes, human intervention in the creation or selection of the certificates, and (chains of) certificates for trust management. With all these features, it is not surprising that analyzing policies to guarantee that a sensitive resource can be accessed only by authorized users becomes very difficult. In this paper, we present an automated technique to analyze scenario-based specifications of access control policies in open and distributed systems. We illustrate our ideas on a case study arising in the e-government area.

Stephen S. Yau,Yisheng Yao

2006-01-01

Abstract:A major advantage of the emerging service-oriented computing technology is its ability to enable rapid formation of large-scale distributed systems by composing massively available services to achieve the system goals, regardless of the programming languages and platforms used to develop and run these services. For these systems which often involve interactions among multiple organizations over various networks, how to manage and enforce security policies is the prime concern in assuring that only authorized users or systems have the access to massively available services. However, with the increasing scalability and flexibility required by the dynamic service-oriented computing environments, manage and enforce security policies in such systems is a very challenging task. Existing research efforts have not sufficiently addressed this challenging task for enabling systematic security policy management and enforcement in service-oriented systems. In this dissertation research, a framework based on formal foundations is developed for dynamically, yet systematically, managing and enforcing security policies in service-oriented systems. This framework includes a security policy meta-model and a runtime security policy execution model for security decision making and enforcement. The security policy meta-model will be used to provide unambiguous security policy specifications and to facilitate sound and complete security policy reasoning, such as consistency checking, redundancy analysis, security policy specification composition, and automated security service synthesis from declarative security policy specifications. Analysis of expressiveness of this security policy meta-model is also provided in this dissertation. The runtime security policy execution model is developed for enforcing the security policies with provable correctness. This framework will also include tools for generating and deploying security services to compute and enforce security decisions based on security policies, credentials and situational information. With this framework, various parties of large-scale service-oriented systems can easily manage and enforce security policies to meet their security requirements under various situations. Examples are provided to show the effectiveness of the framework.

Zhiqiang Lin,Chao Wang,Bing Mao,Li Xie

DOI: https://doi.org/10.1145/1075395.1075397

2005-01-01

Abstract:As the fundamental software to guarantee information security, operating system is desired to support various security policies flexibly and to control the propagation and revocation of access rights efficiently. This paper presents a design and implementation of Policy Flexible Architecture (PFA) for secure operating system to achieve the coordination, extensibility, consistency and dynamic configuration of security policies. Through a thorough analysis of all related facilities, PFA classifies policy constructions into several levels according to their effects on security status; PFA emphasizes on centralized management of security policy as well as on centralized maintainability of security attributes; for the first time PFA gives revocation rules to specify how and when to revoke permissions. PFA has been applied to our Secure Enhanced Linux Operating System, and the experiment shows that the system holds at least three advantages. First, it helps users to choose intended security policies flexibly. Besides it supports users to add new security policies according to specific security requirements easily. Finally it sets permission revocations immediately and gets no significant performance penalty.

Ziyi Su,Frederique Biennier

DOI: https://doi.org/10.48550/arXiv.1305.1727

2013-05-08

Cryptography and Security

Abstract:In an open information systems paradigm, real-time context-awareness is vital for the success of cooperation, therefore dynamic security attributes of partners should considered in coalition for avoiding security conflicts. Furthermore, the cross-boundary asset sharing activities and risks associated to loss of governance call for a continuous regulation of partners' behavior, paying attention to the resource sharing and consuming activities. This paper describes an attribute-based usage control policy shceme compline to this needs. A concise syntax with EBNF is used to summarize the base policy model. The semantics of negotiation process is disambiguated with abductive constraint logic programming (ACLP) and Event Calculus (EC). Then we propose a policy ratification method based on a policy aggregation algebra that elaborate the request space and policy rule relation. This method ensures that, when policies are aggregated due to resource sharing and merging activities, the resulting policy correctly interprets the original security goals of the providers' policies.

Fahad Siddiqui,Matthew Hagan,Sakir Sezer

DOI: https://doi.org/10.48550/arXiv.2004.10672

2020-04-17

Cryptography and Security

Abstract:The emergence of intelligent, connected vehicles, containing complex functionality has potential to greatly benefit society by improving safety, security and efficiency of vehicular transportation. Much of this has been enabled by technological advancements in embedded system architectures, which provided opportunities for vehicle manufacturers to implement intelligent vehicle services and consolidate them within a small number of flexible and integrable domain controllers. Thus allowing for increasingly centralised operations consisting of both new and legacy functionalities. While this era of digital-physical convergence of critical and non-critical vehicle services presents advantages in terms of reducing the cost and electronic footprint of vehicular electronics, it has produced significant security and safety challenges. One approach to this research problem is to introduce fail-over mechanisms that can detect unexpected or malicious behaviours, caused by attack or malfunction, and pro-actively respond to control and minimise physical damage or safety hazards. This paper presents a novel embedded policing and policy enforcement platform architecture and the accompanied security modelling approach for next-generation in-vehicle domain controllers. To demonstrate the proposed approach, a connected vehicle case study is conducted. A realistic attack scenarios have been considered to derive security policies and enforced by the proposed security platform to provide security and safety to domain-specific features.

Morris Sloman

DOI: https://doi.org/10.1007/bf02283186

1994-12-01

Journal of Network and Systems Management

Abstract:Separating management policy from the automated managers which interpret the policy facilitates the dynamic change of behavior of a distributed management system. This permits it to adapt to evolutionary changes in the system being managed and to new application requirements. Changing the behavior of automated managers can be achieved by changing the policy without having to reimplement them—this permits the reuse of the managers in different environments. It is also useful to have a clear specification of the policy applying to human managers in an enterprise. This paper describes the work on policy which has come out of two related ESPRIT funded projects, SysMan and IDSM. Two classes of policy are elaborated—authorization policies define what a manager is permitted to do and obligation policies define what a manager must do. Policies are specified as objects which define a relationship between subjects (managers) and targets (managed objects). Domains are used to group the objects to which a policy applies. Policy objects also have attributes specifying the action to be performed and constraints limiting the applicability of the policy. We show how a number of example policies can be modeled using these objects and briefly mention issues relating to policy hierarchy and conflicts between overlapping policies.

computer science, information systems,telecommunications

Ines Akaichi

DOI: https://doi.org/10.48550/arXiv.2206.04947

2022-06-10

Cryptography and Security

Abstract:The sharing of data and digital assets in a decentralized settling is associated with various legislative challenges, including, but not limited to, the need to adhere to legal requirements with respect to privacy (e.g. data protection legislation) and copyright (e.g. copyright legislation). In order to enable software platform providers to manage data and digital assets appropriately and to provide more control to data and digital asset owners, usage control technologies could be used to make sure that consumers handle data according to privacy preferences, licenses, regulatory requirements, among others. In this research proposal, we explore the application of usage control in decentralized environments. In particular, we address the challenges related to the specification of usage control policies, the enforcement of the respective policies, and the usability of the tools that are used to administer them.

Lun Wang,Joseph P. Near,Neel Somani,Peng Gao,Andrew Low,David Dao,Dawn Song

DOI: https://doi.org/10.48550/arXiv.1909.00077

2019-08-31

Abstract:The increasing pace of data collection has led to increasing awareness of privacy risks, resulting in new data privacy regulations like General data Protection Regulation (GDPR). Such regulations are an important step, but automatic compliance checking is challenging. In this work, we present a new paradigm, Data Capsule, for automatic compliance checking of data privacy regulations in heterogeneous data processing infrastructures. Our key insight is to pair up a data subject's data with a policy governing how the data is processed. Specified in our formal policy language: PrivPolicy, the policy is created and provided by the data subject alongside the data, and is associated with the data throughout the life-cycle of data processing (e.g., data transformation by data processing systems, data aggregation of multiple data subjects' data). We introduce a solution for static enforcement of privacy policies based on the concept of residual policies, and present a novel algorithm based on abstract interpretation for deriving residual policies in PrivPolicy. Our solution ensures compliance automatically, and is designed for deployment alongside existing infrastructure. We also design and develop PrivGuard, a reference data capsule manager that implements all the functionalities of Data Capsule paradigm.

Computers and Society