Process-Aware Information Systems (PAIS) enable the automated support of business processes that are executed by a combination of human actors and systems. As processes typically require access to sensitive data, security policies are of high importance. Typically security policies in PAIS range from access rules and authorization constraints to context policies (location, time) and are scattered over the multitude of heterogeneous PAIS components, i.e. process models, repositories, organizational structures, etc. Currently, different approaches for modeling and enforcing security policies exist that assume a set of explicitly defined security policies. Because of aforementioned heterogeneity, these approaches are suboptimal for PAIS. In order to improve upon existing approaches we present a security policy data model and design methodology, based on the concept of responsibilities, permissions and constraints. The goal is to not only unify diverse security policies in different PAIS subsystems, but also to make security policies independent of these subsystems to restrain complexity from process modeling and evolution, and to allow for comprehensive security policy development and maintenance.
{"title":"Responsibility-driven Design and Development of Process-aware Security Policies","authors":"Maria Leitner, S. Rinderle-Ma, Juergen Mangler","doi":"10.1109/ARES.2011.56","DOIUrl":"https://doi.org/10.1109/ARES.2011.56","url":null,"abstract":"Process-Aware Information Systems (PAIS) enable the automated support of business processes that are executed by a combination of human actors and systems. As processes typically require access to sensitive data, security policies are of high importance. Typically security policies in PAIS range from access rules and authorization constraints to context policies (location, time) and are scattered over the multitude of heterogeneous PAIS components, i.e. process models, repositories, organizational structures, etc. Currently, different approaches for modeling and enforcing security policies exist that assume a set of explicitly defined security policies. Because of aforementioned heterogeneity, these approaches are suboptimal for PAIS. In order to improve upon existing approaches we present a security policy data model and design methodology, based on the concept of responsibilities, permissions and constraints. The goal is to not only unify diverse security policies in different PAIS subsystems, but also to make security policies independent of these subsystems to restrain complexity from process modeling and evolution, and to allow for comprehensive security policy development and maintenance.","PeriodicalId":254443,"journal":{"name":"2011 Sixth International Conference on Availability, Reliability and Security","volume":"212 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121225049","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Enabling security is one of the key challenges in adaptive Process-Aware Information Systems (PAIS). Since automating business processes involves many participants, uses private and public data, and communicates with external services security becomes inevitable. In current systems, security is enforced by an access control model and supplementary constraints imposed on workflow activities. However, existing systems provide individual implementations for security policies (e.g. separation of duties) and leave out other constraints (e.g. inter-process constraints). What is missing is a systematic analysis of security policies in PAIS. Hence, in this paper, we display state of the art and provide a taxonomy of security policies in PAIS. Furthermore, a detailed analysis of research challenges and issues is presented. We will show that there are still shortcomings and identify important requirements for security in PAIS. We will also point out open questions related to specifying, modeling, and changing security policies which will provide a road map for future research.
{"title":"Security Policies in Adaptive Process-Aware Information Systems: Existing Approaches and Challenges","authors":"Maria Leitner","doi":"10.1109/ARES.2011.107","DOIUrl":"https://doi.org/10.1109/ARES.2011.107","url":null,"abstract":"Enabling security is one of the key challenges in adaptive Process-Aware Information Systems (PAIS). Since automating business processes involves many participants, uses private and public data, and communicates with external services security becomes inevitable. In current systems, security is enforced by an access control model and supplementary constraints imposed on workflow activities. However, existing systems provide individual implementations for security policies (e.g. separation of duties) and leave out other constraints (e.g. inter-process constraints). What is missing is a systematic analysis of security policies in PAIS. Hence, in this paper, we display state of the art and provide a taxonomy of security policies in PAIS. Furthermore, a detailed analysis of research challenges and issues is presented. We will show that there are still shortcomings and identify important requirements for security in PAIS. We will also point out open questions related to specifying, modeling, and changing security policies which will provide a road map for future research.","PeriodicalId":254443,"journal":{"name":"2011 Sixth International Conference on Availability, Reliability and Security","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121357626","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This research describes a study that looks at the feasibility of extracting remnant information about an instant message client from physical memory. The research goal was to gather information about the target application in order to assess the viability of creating methods to recover specific data about its use. The study consists of a formal experiment where the application is used and the physical memory collected at various points. The memory image was then interrogated to assess whether remnant data could be recovered. The study shows that it is feasible to recover data about the target application.
{"title":"Recovery of Pidgin Chat Communication Artefacts from Physical Memory: A Pilot Test to Determine Feasibility","authors":"Matthew Simon, J. Slay","doi":"10.1109/ARES.2011.33","DOIUrl":"https://doi.org/10.1109/ARES.2011.33","url":null,"abstract":"This research describes a study that looks at the feasibility of extracting remnant information about an instant message client from physical memory. The research goal was to gather information about the target application in order to assess the viability of creating methods to recover specific data about its use. The study consists of a formal experiment where the application is used and the physical memory collected at various points. The memory image was then interrogated to assess whether remnant data could be recovered. The study shows that it is feasible to recover data about the target application.","PeriodicalId":254443,"journal":{"name":"2011 Sixth International Conference on Availability, Reliability and Security","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121392295","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Weaving together information spread over several public and private organizations is crucial for managing catastrophic events and for realizing resilient social infrastructures. While beneficial in emergencies, an unlimited access to (sensitive) data is usually defined as the worst case in any privacy or IT security scenario. As a solution to this tradeoff, the transferability of successful methods and tools known from business process and workflow management to rescue processes is discussed. The resulting framework as well as the identified research questions do not aim at generating "pure" technical security but at reducing the probability of misuse and, thus, providing a sound technical basis for a social discussion on resilient infrastructures.
{"title":"Gaining Flexibility and Compliance in Rescue Processes with BPM","authors":"K. Kittel, Stefan Sackmann","doi":"10.1109/ARES.2011.99","DOIUrl":"https://doi.org/10.1109/ARES.2011.99","url":null,"abstract":"Weaving together information spread over several public and private organizations is crucial for managing catastrophic events and for realizing resilient social infrastructures. While beneficial in emergencies, an unlimited access to (sensitive) data is usually defined as the worst case in any privacy or IT security scenario. As a solution to this tradeoff, the transferability of successful methods and tools known from business process and workflow management to rescue processes is discussed. The resulting framework as well as the identified research questions do not aim at generating \"pure\" technical security but at reducing the probability of misuse and, thus, providing a sound technical basis for a social discussion on resilient infrastructures.","PeriodicalId":254443,"journal":{"name":"2011 Sixth International Conference on Availability, Reliability and Security","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129340768","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The use of Shibboleth as a mechanism for implementing federated authentication is commonplace in many countries. The ability of Shibboleth to transmit extra information about a user, including licenses, roles and other attributes, is not exploited for many reasons, mainly because institional Identity Providers (IdPs) are not maintainable sources of fine grained authorisation information. The JlSC-funded Shintau project has produced an extension to the Shibboleth profile which allows a user to link information from more than one IdP together utilising a custom Linking Service (LS). This paper describes both the application and independent evaluation of this software by the National e-Science Centre (NeSC) at the University of Glasgow within the context of the ESRC-funded Data Management through e-Social Science (DAMES) project.
{"title":"Federated Authentication and Authorisation in the Social Science Domain","authors":"J. Watt, R. Sinnott, G. Inman, D. Chadwick","doi":"10.1109/ARES.2011.83","DOIUrl":"https://doi.org/10.1109/ARES.2011.83","url":null,"abstract":"The use of Shibboleth as a mechanism for implementing federated authentication is commonplace in many countries. The ability of Shibboleth to transmit extra information about a user, including licenses, roles and other attributes, is not exploited for many reasons, mainly because institional Identity Providers (IdPs) are not maintainable sources of fine grained authorisation information. The JlSC-funded Shintau project has produced an extension to the Shibboleth profile which allows a user to link information from more than one IdP together utilising a custom Linking Service (LS). This paper describes both the application and independent evaluation of this software by the National e-Science Centre (NeSC) at the University of Glasgow within the context of the ESRC-funded Data Management through e-Social Science (DAMES) project.","PeriodicalId":254443,"journal":{"name":"2011 Sixth International Conference on Availability, Reliability and Security","volume":"39 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128807482","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Derived from attack models, attack graphs are providing an efficient way to model attack scenarios intended against computer networks. Such graphs are using CVE database in which all known vulnerabilities are gathered. The CVSS framework is aiming to give numeric scores to each vulnerability recorded in the CVE database, which represent its characteristics and quantify its security impacts. In this paper we adapt attack graphs definition in order to be able to use them in conjunction with CVSS framework. The aim of our work is to provide a way to give an assessment of the impact of attacks on the hosts of the target network. This assessment is made using a host damage score and a network damage score, which take into account the characteristics and consequences of each atomic attack constituting an attack scenario.
{"title":"Using CVSS in Attack Graphs","authors":"L. Gallon, J. Bascou","doi":"10.1109/ARES.2011.18","DOIUrl":"https://doi.org/10.1109/ARES.2011.18","url":null,"abstract":"Derived from attack models, attack graphs are providing an efficient way to model attack scenarios intended against computer networks. Such graphs are using CVE database in which all known vulnerabilities are gathered. The CVSS framework is aiming to give numeric scores to each vulnerability recorded in the CVE database, which represent its characteristics and quantify its security impacts. In this paper we adapt attack graphs definition in order to be able to use them in conjunction with CVSS framework. The aim of our work is to provide a way to give an assessment of the impact of attacks on the hosts of the target network. This assessment is made using a host damage score and a network damage score, which take into account the characteristics and consequences of each atomic attack constituting an attack scenario.","PeriodicalId":254443,"journal":{"name":"2011 Sixth International Conference on Availability, Reliability and Security","volume":"162 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116917340","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Businesses can improve their organizational resilience by ensuring the continued existence of critical data and systems after disastrous events. Cloud computing is frequently recommended as a solution for reliable and robust systems. Community based clouds could avoid the disadvantages associated with public cloud offerings, while ensuring sufficient geographic diversity to maintain IT services at an adequate level after disasters.
{"title":"Improving Resilience with Community Cloud Computing","authors":"G. Garlick","doi":"10.1109/ARES.2011.100","DOIUrl":"https://doi.org/10.1109/ARES.2011.100","url":null,"abstract":"Businesses can improve their organizational resilience by ensuring the continued existence of critical data and systems after disastrous events. Cloud computing is frequently recommended as a solution for reliable and robust systems. Community based clouds could avoid the disadvantages associated with public cloud offerings, while ensuring sufficient geographic diversity to maintain IT services at an adequate level after disasters.","PeriodicalId":254443,"journal":{"name":"2011 Sixth International Conference on Availability, Reliability and Security","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115317590","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
By managing the authority assigned to each application, rule-based application-oriented access controls can significantly mitigate the threats posed by malicious code due to software vulnerabilities or malware. However, these policies are typically complex and difficult to develop. Learning modes can ease specification, however, they still require high levels of expertise to utilise correctly, and are most suited to confining non-malicious software. This paper presents a novel approach to automating policy specification for rule-based application-oriented access controls. The functionality-based application confinement (FBAC) model provides reusable parameterised abstractions. A number of straightforward yet effective techniques are presented that use these functionality-based abstractions to create application policies a priori, that is, without running programs before policies are specified. These techniques automate the specification of policy details by analysing program dependencies, program management information, and file system contents.
{"title":"Techniques for Automating Policy Specification for Application-oriented Access Controls","authors":"Z. Schreuders, Christian N. Payne, T. McGill","doi":"10.1109/ARES.2011.47","DOIUrl":"https://doi.org/10.1109/ARES.2011.47","url":null,"abstract":"By managing the authority assigned to each application, rule-based application-oriented access controls can significantly mitigate the threats posed by malicious code due to software vulnerabilities or malware. However, these policies are typically complex and difficult to develop. Learning modes can ease specification, however, they still require high levels of expertise to utilise correctly, and are most suited to confining non-malicious software. This paper presents a novel approach to automating policy specification for rule-based application-oriented access controls. The functionality-based application confinement (FBAC) model provides reusable parameterised abstractions. A number of straightforward yet effective techniques are presented that use these functionality-based abstractions to create application policies a priori, that is, without running programs before policies are specified. These techniques automate the specification of policy details by analysing program dependencies, program management information, and file system contents.","PeriodicalId":254443,"journal":{"name":"2011 Sixth International Conference on Availability, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115483053","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Denial of Service (DoS) attacks aiming to exhaust the resources of a server by overwhelming it with bogus requests have become a serious threat. Especially protocols that rely on public key cryptography and perform expensive authentication handshakes may be an easy target. A well-known countermeasure against DoS attacks are client puzzles. The victimized server demands from the clients to commit computing resources before it processes their requests. To get service, a client must solve a cryptographic puzzle and submit the right solution. Existing client puzzle schemes have some drawbacks. They are either parallelizable, coarse-grained or can be used only interactively. In case of interactive client puzzles where the server poses the challenge an attacker might mount a counterattack on the clients by injecting fake packets containing bogus puzzle parameters. In this paper we introduce a novel scheme for client puzzles which relies on the computation of square roots modulo a prime. Modular square root puzzles are non-parallelizable, i.e., the solution cannot be obtained faster than scheduled by distributing the puzzle to multiple machines or CPU cores, and they can be employed both interactively and non-interactively. Our puzzles provide polynomial granularity and compact solution and verification functions. Benchmark results demonstrate the feasibility of our approach to mitigate DoS attacks on hosts in 1 or even 10 GBit networks. In addition, we show how to raise the efficiency of our puzzle scheme by introducing a bandwidth-based cost factor for the client.
{"title":"Non-Parallelizable and Non-Interactive Client Puzzles from Modular Square Roots","authors":"Yves Igor Jerschow, M. Mauve","doi":"10.1109/ARES.2011.27","DOIUrl":"https://doi.org/10.1109/ARES.2011.27","url":null,"abstract":"Denial of Service (DoS) attacks aiming to exhaust the resources of a server by overwhelming it with bogus requests have become a serious threat. Especially protocols that rely on public key cryptography and perform expensive authentication handshakes may be an easy target. A well-known countermeasure against DoS attacks are client puzzles. The victimized server demands from the clients to commit computing resources before it processes their requests. To get service, a client must solve a cryptographic puzzle and submit the right solution. Existing client puzzle schemes have some drawbacks. They are either parallelizable, coarse-grained or can be used only interactively. In case of interactive client puzzles where the server poses the challenge an attacker might mount a counterattack on the clients by injecting fake packets containing bogus puzzle parameters. In this paper we introduce a novel scheme for client puzzles which relies on the computation of square roots modulo a prime. Modular square root puzzles are non-parallelizable, i.e., the solution cannot be obtained faster than scheduled by distributing the puzzle to multiple machines or CPU cores, and they can be employed both interactively and non-interactively. Our puzzles provide polynomial granularity and compact solution and verification functions. Benchmark results demonstrate the feasibility of our approach to mitigate DoS attacks on hosts in 1 or even 10 GBit networks. In addition, we show how to raise the efficiency of our puzzle scheme by introducing a bandwidth-based cost factor for the client.","PeriodicalId":254443,"journal":{"name":"2011 Sixth International Conference on Availability, Reliability and Security","volume":"44 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114814700","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Nowadays critical IT infrastructures constitute the pillars of our economy. Being able to react quickly and in real time is a crucial challenge for the security officers in charge of maintaining those infrastructures operationally. Our state of the art in this field has highlighted that many architectures exist to dynamically support the reaction after the detection of an incident infrastructure. Those architectures are mostly elaborated based on a multi-agent system approach that offers the possibility to work in a decentralized and heterogeneous environment. However, in the meantime, we have observed that those architectures are based on a static assignment of functions to agents and that, as a consequence, isolating an agent or breaking the communication channel between two of them could create serious damage on the management of the crisis. In this paper, we propose an innovative approach for making the assignment of functions to agents in the critical architecture dynamic. Our approach exploits the concept of agent responsibility that we assign dynamically to those agents depending on the crisis type and severity. Simultaneously we explain the dynamic assignment of the access rights necessary to perform the obligation linked to these new responsibilities. This dynamic assignment of responsibilities is illustrated based on the architecture defined in the ReD project. permits to cover the entire conceptual layer from the incident detection at the very low technical layer up to the escalation of the incident to upper layer based on the decision mechanisms, our solution did not consider the normative specifications related to the responsibilities and accountability of the agents involved in it (including the technical and the human agents), and did not provide the possibility of adapting the agent responsibility during the occurrence of a crisis.
{"title":"Dynamic Responsibilities Assignment in Critical Electronic Institutions - A Context-Aware Solution for in Crisis Access Right Management","authors":"C. Bonhomme, C. Feltus, Michaël Petit","doi":"10.1109/ARES.2011.43","DOIUrl":"https://doi.org/10.1109/ARES.2011.43","url":null,"abstract":"Nowadays critical IT infrastructures constitute the pillars of our economy. Being able to react quickly and in real time is a crucial challenge for the security officers in charge of maintaining those infrastructures operationally. Our state of the art in this field has highlighted that many architectures exist to dynamically support the reaction after the detection of an incident infrastructure. Those architectures are mostly elaborated based on a multi-agent system approach that offers the possibility to work in a decentralized and heterogeneous environment. However, in the meantime, we have observed that those architectures are based on a static assignment of functions to agents and that, as a consequence, isolating an agent or breaking the communication channel between two of them could create serious damage on the management of the crisis. In this paper, we propose an innovative approach for making the assignment of functions to agents in the critical architecture dynamic. Our approach exploits the concept of agent responsibility that we assign dynamically to those agents depending on the crisis type and severity. Simultaneously we explain the dynamic assignment of the access rights necessary to perform the obligation linked to these new responsibilities. This dynamic assignment of responsibilities is illustrated based on the architecture defined in the ReD project. permits to cover the entire conceptual layer from the incident detection at the very low technical layer up to the escalation of the incident to upper layer based on the decision mechanisms, our solution did not consider the normative specifications related to the responsibilities and accountability of the agents involved in it (including the technical and the human agents), and did not provide the possibility of adapting the agent responsibility during the occurrence of a crisis.","PeriodicalId":254443,"journal":{"name":"2011 Sixth International Conference on Availability, Reliability and Security","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125216511","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: