This paper evaluates the security specification techniques that employ Role Based Access Control (RBAC) variants. RBAC offers a special kind of access control mechanism based on the use of roles to grant permissions. Its variants include role hierarchy and separation of duty (SoD) constraints. The overall management of a RBAC supported system is made through its administrative, review and supporting system functions. In this paper, a summary of semi-formal and formal techniques employing RBAC is provided along with their benefits and limitations. Here, semi-formal techniques refer to UML+OCL while formal ones are based on Alloy. This paper may guide through the process of selecting an appropriate technique to specify security rules. This is done by analyzing the degree of coverage of RBAC including some extensions like SoD and role hierarchy. We also investigate the use of validation and verification tools in these techniques. We find that formal techniques are more amenable to automated analysis as compared to semi-formal ones. Semi-formal techniques are rich in specifying RBAC variants but have prototypic tools. Session based dynamic aspects of RBAC have been partly covered in both techniques.
{"title":"Evaluating RBAC Supported Techniques and their Validation and Verification","authors":"Nafees Qamar, Y. Ledru, Akram Idani","doi":"10.1109/ARES.2011.112","DOIUrl":"https://doi.org/10.1109/ARES.2011.112","url":null,"abstract":"This paper evaluates the security specification techniques that employ Role Based Access Control (RBAC) variants. RBAC offers a special kind of access control mechanism based on the use of roles to grant permissions. Its variants include role hierarchy and separation of duty (SoD) constraints. The overall management of a RBAC supported system is made through its administrative, review and supporting system functions. In this paper, a summary of semi-formal and formal techniques employing RBAC is provided along with their benefits and limitations. Here, semi-formal techniques refer to UML+OCL while formal ones are based on Alloy. This paper may guide through the process of selecting an appropriate technique to specify security rules. This is done by analyzing the degree of coverage of RBAC including some extensions like SoD and role hierarchy. We also investigate the use of validation and verification tools in these techniques. We find that formal techniques are more amenable to automated analysis as compared to semi-formal ones. Semi-formal techniques are rich in specifying RBAC variants but have prototypic tools. Session based dynamic aspects of RBAC have been partly covered in both techniques.","PeriodicalId":254443,"journal":{"name":"2011 Sixth International Conference on Availability, Reliability and Security","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132552781","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Biometric Authentication as a Service is an innovative approach for strong authentication in web environments based on the Software as a Service model. However, both the adoption of SaaS systems and biometric technologies negatively correlate with perceived privacy and data protection risks. We specify a list of evaluation criteria for BioAaaS systems from a data protection point of view including elements specific to both biometrics and SaaS. We further apply these criteria on a prototypical implementation of a SaaS-compliant biometric authentication service based on keystroke dynamics for enterprise deployment. The assessment shows that for the most part the prototype conforms to technical data protection requirements. At the organizational level the selection and control of a trust-worthy provider and the conclusion of the service agreement remain.
{"title":"Biometric authentication as a service for enterprise identity management deployment: a data protection perspective","authors":"C. Senk, Florian Dotzler","doi":"10.1109/ARES.2011.14","DOIUrl":"https://doi.org/10.1109/ARES.2011.14","url":null,"abstract":"Biometric Authentication as a Service is an innovative approach for strong authentication in web environments based on the Software as a Service model. However, both the adoption of SaaS systems and biometric technologies negatively correlate with perceived privacy and data protection risks. We specify a list of evaluation criteria for BioAaaS systems from a data protection point of view including elements specific to both biometrics and SaaS. We further apply these criteria on a prototypical implementation of a SaaS-compliant biometric authentication service based on keystroke dynamics for enterprise deployment. The assessment shows that for the most part the prototype conforms to technical data protection requirements. At the organizational level the selection and control of a trust-worthy provider and the conclusion of the service agreement remain.","PeriodicalId":254443,"journal":{"name":"2011 Sixth International Conference on Availability, Reliability and Security","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132711062","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Process-aware information systems are used to execute business processes to reach the operational goals of an organization. In this context, access control policies are defined to govern the choice in behavior of such systems. In a role engineering process these access control policies can be defined and customized. This paper introduces a new automated approach to derive current state access control policies from event logs extracted from process-aware information systems. For this purpose, the two standard formats for event logs called MXML and XES are used. It is demonstrated how this derivation can ease certain steps in the scenario-driven role engineering process, that are otherwise time-consuming and can get tedious if conducted manually.
{"title":"Deriving Current State RBAC Models from Event Logs","authors":"Anne Baumgraß","doi":"10.1109/ARES.2011.104","DOIUrl":"https://doi.org/10.1109/ARES.2011.104","url":null,"abstract":"Process-aware information systems are used to execute business processes to reach the operational goals of an organization. In this context, access control policies are defined to govern the choice in behavior of such systems. In a role engineering process these access control policies can be defined and customized. This paper introduces a new automated approach to derive current state access control policies from event logs extracted from process-aware information systems. For this purpose, the two standard formats for event logs called MXML and XES are used. It is demonstrated how this derivation can ease certain steps in the scenario-driven role engineering process, that are otherwise time-consuming and can get tedious if conducted manually.","PeriodicalId":254443,"journal":{"name":"2011 Sixth International Conference on Availability, Reliability and Security","volume":"142 10","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114102538","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Anonymous communication has been a long recognized problem, and various solutions of different performance have been proposed over the last decades. Manifold differently strong security notions, being specific for the sender or receiver, are found in the literature. We consider protection of both, the sender's and receiver's identity from each other and a coalition of intermediate relay nodes. The Crowds-system is known to provide probabilistic sender anonymity, but receiver anonymity is only given for asymptotically large networks. Assuming that the adversary notices the communication as such, we prove that the strongest form of receiver anonymity (under this assumption) is efficiently achievable for finite-size (even small) networks. Our construction is secure in the sense that a passive threshold adversary cannot disclose the receiver's identity with a chance better than guessing this information.
{"title":"Crowds Based on Secret-Sharing","authors":"S. Rass, R. Wigoutschnigg, P. Schartner","doi":"10.1109/ARES.2011.60","DOIUrl":"https://doi.org/10.1109/ARES.2011.60","url":null,"abstract":"Anonymous communication has been a long recognized problem, and various solutions of different performance have been proposed over the last decades. Manifold differently strong security notions, being specific for the sender or receiver, are found in the literature. We consider protection of both, the sender's and receiver's identity from each other and a coalition of intermediate relay nodes. The Crowds-system is known to provide probabilistic sender anonymity, but receiver anonymity is only given for asymptotically large networks. Assuming that the adversary notices the communication as such, we prove that the strongest form of receiver anonymity (under this assumption) is efficiently achievable for finite-size (even small) networks. Our construction is secure in the sense that a passive threshold adversary cannot disclose the receiver's identity with a chance better than guessing this information.","PeriodicalId":254443,"journal":{"name":"2011 Sixth International Conference on Availability, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129769470","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
R. Sasaki, Kazushige Takakusaki, Masaru Ohkawara, H. Yajima, H. Masuda, Tetsurou Kobayashi
The problem of multiple risks is that a countermeasure taken to reduce one risk can increase other risks. To address this problem, a system to support social consensus formation is needed to mitigate the risks. When the number of people necessary for consensus formation is low, such as within an organization, the gMultiple Risk Communicatorh (MRC) developed previously by the authors offers a possible solution to this problem. However, the MRC cannot be applied to problems in which the number of stakeholders exceeds several thousand, and so an innovative solution was necessary. Accordingly, the authors modified and expanded the MRC and developed the concept of gSocial-MRCh to comprehensively support risk communication on two levels: communication among opinion leaders and communication with the participation of ordinary stakeholders. We created a prototype program for Social-MRC and ran a trial application on the information filtering issue for children. In this paper, we describe the refined concept of Social-MRC and evaluate the results of the trial application.
{"title":"Development and Trial Application of Prototype Program for \"Social-MRC\": Social Consensus Formation Support System Concerning IT Risk Countermeasures","authors":"R. Sasaki, Kazushige Takakusaki, Masaru Ohkawara, H. Yajima, H. Masuda, Tetsurou Kobayashi","doi":"10.1109/ARES.2011.76","DOIUrl":"https://doi.org/10.1109/ARES.2011.76","url":null,"abstract":"The problem of multiple risks is that a countermeasure taken to reduce one risk can increase other risks. To address this problem, a system to support social consensus formation is needed to mitigate the risks. When the number of people necessary for consensus formation is low, such as within an organization, the gMultiple Risk Communicatorh (MRC) developed previously by the authors offers a possible solution to this problem. However, the MRC cannot be applied to problems in which the number of stakeholders exceeds several thousand, and so an innovative solution was necessary. Accordingly, the authors modified and expanded the MRC and developed the concept of gSocial-MRCh to comprehensively support risk communication on two levels: communication among opinion leaders and communication with the participation of ordinary stakeholders. We created a prototype program for Social-MRC and ran a trial application on the information filtering issue for children. In this paper, we describe the refined concept of Social-MRC and evaluate the results of the trial application.","PeriodicalId":254443,"journal":{"name":"2011 Sixth International Conference on Availability, Reliability and Security","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128482777","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Modern smart phones have provided users countless opportunities to access, process and store data in various ways and formats. Inevitably, the user himself has started storing personal data too in the mobile phone. Drawing results from a study we realized, in a sample of 7172 students in 17 Universities of 10 Eastern and Southern Europe countries, we are initially providing useful insight into the practice of saving personal data in mobile phones. Furthermore, we are examining the effect it has to security awareness, feeling and practices of students discovering that there is indeed a statistically significant connection. These results can help both academia and industry focus their security awareness campaigns and efforts to specific subsets of users that mostly need them. Finally, as there are not available any already validated questionnaires in regards to this specific research topic, our research, apart from revealing the situation, aims at providing a basis for the formulation of similar questionnaires for future use.
{"title":"A Survey on Saving Personal Data in the Mobile Phone","authors":"I. Androulidakis, G. Kandus","doi":"10.1109/ARES.2011.98","DOIUrl":"https://doi.org/10.1109/ARES.2011.98","url":null,"abstract":"Modern smart phones have provided users countless opportunities to access, process and store data in various ways and formats. Inevitably, the user himself has started storing personal data too in the mobile phone. Drawing results from a study we realized, in a sample of 7172 students in 17 Universities of 10 Eastern and Southern Europe countries, we are initially providing useful insight into the practice of saving personal data in mobile phones. Furthermore, we are examining the effect it has to security awareness, feeling and practices of students discovering that there is indeed a statistically significant connection. These results can help both academia and industry focus their security awareness campaigns and efforts to specific subsets of users that mostly need them. Finally, as there are not available any already validated questionnaires in regards to this specific research topic, our research, apart from revealing the situation, aims at providing a basis for the formulation of similar questionnaires for future use.","PeriodicalId":254443,"journal":{"name":"2011 Sixth International Conference on Availability, Reliability and Security","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129892956","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Self-awareness is an important attribute for any system to have before it is capable of self-management. A system needs to have a continuous stream of real-time data to analyze to allow it be aware of its internal state. To this end, previous approaches have utilized system performance metrics and system log data to characterize system internal state. In using system logs to characterize system internal state, the computation of strongly correlated message types is necessary. In this work, we show that strongly correlated message types can be easily discovered without much computation. Our work explores a natural behaviour of system logs where system log data partitioned using source and time information contain correlated message types. We demonstrate how the groups of partitions, which contain correlated message types, can be found by clustering the partitions based on their entropy-based information content. We evaluate our method using cluster cohesion, cluster separation and cluster conceptual purity as metrics. The results show that our proposed method not only produces well-formed clusters but also clusters that can be mapped to different alert states with a high degree of confidence.
{"title":"System State Discovery Via Information Content Clustering of System Logs","authors":"A. Makanju, A. N. Zincir-Heywood, E. Milios","doi":"10.1109/ARES.2011.51","DOIUrl":"https://doi.org/10.1109/ARES.2011.51","url":null,"abstract":"Self-awareness is an important attribute for any system to have before it is capable of self-management. A system needs to have a continuous stream of real-time data to analyze to allow it be aware of its internal state. To this end, previous approaches have utilized system performance metrics and system log data to characterize system internal state. In using system logs to characterize system internal state, the computation of strongly correlated message types is necessary. In this work, we show that strongly correlated message types can be easily discovered without much computation. Our work explores a natural behaviour of system logs where system log data partitioned using source and time information contain correlated message types. We demonstrate how the groups of partitions, which contain correlated message types, can be found by clustering the partitions based on their entropy-based information content. We evaluate our method using cluster cohesion, cluster separation and cluster conceptual purity as metrics. The results show that our proposed method not only produces well-formed clusters but also clusters that can be mapped to different alert states with a high degree of confidence.","PeriodicalId":254443,"journal":{"name":"2011 Sixth International Conference on Availability, Reliability and Security","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116533147","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Since children cannot live in a safe cyberspace environment for ever, setting up filtering or using educational materials are commonly used. A more effective approach to helping children assess website risk is to provide an environment in which children can better understand a website's features and determine the risks of accessing the website for themselves. We have constructed a prototype visualization system for helping children understand website features and use them to identify high-risk websites. We applied a graphical search interface named 'Concentric Ring View' which we proposed to support flexible retrieval for multi-attribute metadata. It was tested using actual and dummy websites featuring five attributes: action, color, atmosphere, number of images, and number of links. The risk level of each actual website was estimated by the features of the portal sites through which it was accessed. A dummy website was used when the actual one was deemed to be too risky. The testing revealed several distinguishing characteristics of high-risk websites. Adding other search attributes such as structure and text appearance should make it possible to characterize risky websites more completely.
{"title":"A Visualization Method for Helping Children Assess the Risk of Websites","authors":"T. Kajiyama","doi":"10.1109/ARES.2011.102","DOIUrl":"https://doi.org/10.1109/ARES.2011.102","url":null,"abstract":"Since children cannot live in a safe cyberspace environment for ever, setting up filtering or using educational materials are commonly used. A more effective approach to helping children assess website risk is to provide an environment in which children can better understand a website's features and determine the risks of accessing the website for themselves. We have constructed a prototype visualization system for helping children understand website features and use them to identify high-risk websites. We applied a graphical search interface named 'Concentric Ring View' which we proposed to support flexible retrieval for multi-attribute metadata. It was tested using actual and dummy websites featuring five attributes: action, color, atmosphere, number of images, and number of links. The risk level of each actual website was estimated by the features of the portal sites through which it was accessed. A dummy website was used when the actual one was deemed to be too risky. The testing revealed several distinguishing characteristics of high-risk websites. Adding other search attributes such as structure and text appearance should make it possible to characterize risky websites more completely.","PeriodicalId":254443,"journal":{"name":"2011 Sixth International Conference on Availability, Reliability and Security","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126588981","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Security requirement engineering for services is in practice frequently performed by security non-experts. For them the security requirements and their dependencies are not directly known. To mitigate this, the paper suggests the usage of a business oriented security requirement profiles (e.g. VoIP, IP-TV...) containing information security, privacy, fraud/abuse, resilience and assurance requirements. The criteria and the creation process for such reusable and adaptable profiles are shown. Then the requirement profiles are set in context with a development process. We show how to stepwise adjust the profile to the actual service needs at development stages where the budget and knowledge are available. Finally, experiences from real projects are presented.
{"title":"Service Security Requirement Profiles for Telecom: How Software Engineers May Tackle Security","authors":"A. Zuccato, Nils Daniels, Cheevarat Jampathom","doi":"10.1109/ARES.2011.81","DOIUrl":"https://doi.org/10.1109/ARES.2011.81","url":null,"abstract":"Security requirement engineering for services is in practice frequently performed by security non-experts. For them the security requirements and their dependencies are not directly known. To mitigate this, the paper suggests the usage of a business oriented security requirement profiles (e.g. VoIP, IP-TV...) containing information security, privacy, fraud/abuse, resilience and assurance requirements. The criteria and the creation process for such reusable and adaptable profiles are shown. Then the requirement profiles are set in context with a development process. We show how to stepwise adjust the profile to the actual service needs at development stages where the budget and knowledge are available. Finally, experiences from real projects are presented.","PeriodicalId":254443,"journal":{"name":"2011 Sixth International Conference on Availability, Reliability and Security","volume":"180 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129170414","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
A. Gauthier, Clement Mazin, Julien Iguchi-Cartigny, Jean-Louis Lanet
Virtual machine monitor is a hot topic in the embedded community. Apart from high end system, current processors for embedded systems do not have any instructions helping to virtualize an operating system. Based on this fact, most of the current hyper visors for embedded devices use the Para virtualization technique. This is the case of the OKL4 kernel which is based on the L4 micro-kernel and implements among other the Linux kernel as guest OS. We introduce our ongoing work for testing the security of OKL4. We have chosen to focus on the most low level OKL4 interface usable from an external actor: the system call API. Because all operating system components use directly or indirectly these system calls, a minor flaw at this level can impact in chain the entire system including a virtualized kernel. We have developed a model describing the OKL4 system calls. This model also contains all constraints applicable to a system call. Based on these models, we are working on a tool using the constraints to compute a reduced set of system call input values which are highly likely to generate flaws in OKL4 if they are not fully checked by the hypervisor.
{"title":"Enhancing Fuzzing Technique for OKL4 Syscalls Testing","authors":"A. Gauthier, Clement Mazin, Julien Iguchi-Cartigny, Jean-Louis Lanet","doi":"10.1109/ARES.2011.116","DOIUrl":"https://doi.org/10.1109/ARES.2011.116","url":null,"abstract":"Virtual machine monitor is a hot topic in the embedded community. Apart from high end system, current processors for embedded systems do not have any instructions helping to virtualize an operating system. Based on this fact, most of the current hyper visors for embedded devices use the Para virtualization technique. This is the case of the OKL4 kernel which is based on the L4 micro-kernel and implements among other the Linux kernel as guest OS. We introduce our ongoing work for testing the security of OKL4. We have chosen to focus on the most low level OKL4 interface usable from an external actor: the system call API. Because all operating system components use directly or indirectly these system calls, a minor flaw at this level can impact in chain the entire system including a virtualized kernel. We have developed a model describing the OKL4 system calls. This model also contains all constraints applicable to a system call. Based on these models, we are working on a tool using the constraints to compute a reduced set of system call input values which are highly likely to generate flaws in OKL4 if they are not fully checked by the hypervisor.","PeriodicalId":254443,"journal":{"name":"2011 Sixth International Conference on Availability, Reliability and Security","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134112397","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: