A Dynamic Security Policies Generation Model for Access Control in Smart Card Based Applications

This chapter describes an open source solution for securing the Claudia service manager and the OpenNebula virtual execution environment manager when combined in a federated RESERVOIR architecture. The security services provide confidentiality, authentication, and integrity by securing the external API. The chapter describes how to integrate the security solution in an open source cloud computing system, how to install it, and provides an illustrative case study showing its potential for the community. The aim of the chapter is to help those who want to build their own secure infrastructure clouds. The open source security code provides mutual authentication between clients and the Claudia service manager, and secures the SMI interface with role based access control. The same security services can also secure the VMI with role based access control and X509 certificates. Finally the federation can be secured by combining an LDAP server to manage the federation and XACML security policies, and using policy matching to guarantee the respect of security policies within the federation.

Download Full-text

Securing XML with Role-Based Access Control

Architectures and Protocols for Secure Information Technology Infrastructures - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-4666-4514-1.ch013 ◽

2014 ◽

pp. 334-365 ◽

Cited By ~ 5

Author(s):

Alberto De la Rosa Algarín ◽

Steven A. Demurjian ◽

Timoteus B. Ziminski ◽

Yaira K. Rivera Sánchez ◽

Robert Kuykendall

Keyword(s):

Access Control ◽

Electronic Health Record ◽

Information Exchange ◽

Security Policies ◽

Health Record ◽

Role Based Access Control ◽

Future Trends ◽

Security Framework ◽

Electronic Health ◽

Role Based

Today’s applications are often constructed by bringing together functionality from multiple systems that utilize varied technologies (e.g. application programming interfaces, Web services, cloud computing, data mining) and alternative standards (e.g. XML, RDF, OWL, JSON, etc.) for communication. Most such applications achieve interoperability via the eXtensible Markup Language (XML), the de facto document standard for information exchange in domains such as library repositories, collaborative software development, health informatics, etc. The use of a common data format facilitates exchange and interoperability across heterogeneous systems, but challenges in the aspect of security arise (e.g. sharing policies, ownership, permissions, etc.). In such situations, one key security challenge is to integrate the local security (existing systems) into a global solution for the application being constructed and deployed. In this chapter, the authors present a Role-Based Access Control (RBAC) security framework for XML, which utilizes extensions to the Unified Modeling Language (UML) to generate eXtensible Access Control Markup Language (XACML) policies that target XML schemas and instances for any application, and provides both the separation and reconciliation of local and global security policies across systems. To demonstrate the framework, they provide a case study in health care, using the XML standards Health Level Seven’s (HL7) Clinical Document Architecture (CDA) and the Continuity of Care Record (CCR). These standards are utilized for the transportation of private and identifiable information between stakeholders (e.g. a hospital with an electronic health record, a clinic’s electronic health record, a pharmacy system, etc.), requiring not only a high level of security but also compliance to legal entities. For this reason, it is not only necessary to secure private information, but for its application to be flexible enough so that updating security policies that affect millions of documents does not incur a large monetary or computational cost; such privacy could similarly involve large banks and credit card companies that have similar information to protect to deter identity theft. The authors demonstrate the security framework with two in-house developed applications: a mobile medication management application and a medication reconciliation application. They also detail future trends that present even more challenges in providing security at global and local levels for platforms such as Microsoft HealthVault, Harvard SMART, Open mHealth, and open electronic health record systems. These platforms utilize XML, equivalent information exchange document standards (e.g., JSON), or semantically augmented structures (e.g., RDF and OWL). Even though the primary use of these platforms is in healthcare, they present a clear picture of how diverse the information exchange process can be. As a result, they represent challenges that are domain independent, thus becoming concrete examples of future trends and issues that require a robust approach towards security.

Download Full-text

Towards a Scalable Role and Organization Based Access Control Model with Decentralized Security Administration

Handbook of Research on Social and Organizational Liabilities in Information Security ◽

10.4018/978-1-60566-132-2.ch006 ◽

2009 ◽

pp. 94-117

Author(s):

Zhixiong Zhang ◽

Xinwen Zhang ◽

Ravi Sandhu

Keyword(s):

Access Control ◽

Scale Up ◽

Control Model ◽

Security Policies ◽

Traditional Role ◽

Access Control Model ◽

Role Hierarchy ◽

Role Based ◽

Organization Based Access Control ◽

Administrative Tasks

This chapter addresses the problem that traditional role-base access control (RBAC) models do not scale up well for modeling security policies spanning multiple organizations. After reviewing recently proposed Role and Organization Based Access Control (ROBAC) models, an administrative ROBAC model called AROBAC07 is presented and formalized in this chapter. Two examples are used to motivate and demonstrate the usefulness of ROBAC. Comparison between AROBAC07 and other administrative RBAC models are given. We show that ROBAC/AROBAC07 can significantly reduce administration complexity for applications involving a large number of organizational units. Finally, an application compartment-based delegation model is introduced, which provides a method to construct administrative role hierarchy in AROBAC07. We show that the AROBAC07 model provides convenient ways to decentralize administrative tasks for ROBAC systems and scales up well for role-based systems involving a large number of organizational units.

Download Full-text

Usage-Based Access Control for Cloud Applications

Innovative Solutions for Access Control Management - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-5225-0448-1.ch007 ◽

2016 ◽

pp. 197-223 ◽

Cited By ~ 2

Author(s):

Yumna Ghazi ◽

Rahat Masood ◽

Muhammad Awais Shibli ◽

Sara Khurshid

Keyword(s):

Access Control ◽

Service Oriented Architecture ◽

Digital Rights Management ◽

International Standards ◽

Generation Model ◽

Critical Data ◽

Policy Languages ◽

Service Oriented ◽

Effective Development ◽

Cloud Applications

The Cloud technology takes Service Oriented Architecture to the next level, where applications and infrastructure can be outsourced over the internet. It affords flexibility to businesses in terms of the on-demand scalability of services as well as the corresponding payment model. However, these advantages do not make up for the inherent security weaknesses in the Cloud. Among various concerns, Cloud providers struggle to provide adequate authorization mechanisms that would protect customer's critical data. In this regard, Usage Control (UCON) is considered to be the next generation model for digital rights management for all the service models of Cloud. Limited literature work exists on the UCON model; however, new tracks need to be laid out to make this model comply with international standards and policy languages. This chapter provides standardized UCON policy specifications, which will help in the effective development of access control for the Cloud environment.

Download Full-text

Program Transformations under Dynamic Security Policies

Electronic Notes in Theoretical Computer Science ◽

10.1016/j.entcs.2004.02.003 ◽

2004 ◽

Vol 99 ◽

pp. 49-86 ◽

Cited By ~ 1

Author(s):

Massimo Bartoletti ◽

Pierpaolo Degano ◽

Gian Luigi Ferrari

Keyword(s):

Security Policies ◽

Program Transformations ◽

Dynamic Security

Download Full-text

Secure, Dynamic and Distributed Access Control Stack for Database Applications

International Journal of Software Engineering and Knowledge Engineering ◽

10.1142/s0218194015710035 ◽

2015 ◽

Vol 25 (09n10) ◽

pp. 1703-1708 ◽

Cited By ~ 2

Author(s):

Óscar Mortágua Pereira ◽

Diogo Domingues Regateiro ◽

Rui L. Aguiar

Keyword(s):

Access Control ◽

State Of The Art ◽

Security Policies ◽

Management Systems ◽

Business Logic ◽

Database Applications ◽

New Approach ◽

Client Side ◽

Database Servers ◽

Security Gap

In database applications, access control security layers are mostly developed from tools provided by vendors of database management systems and deployed in the same servers containing the data to be protected. This solution conveys several drawbacks. Among them we emphasize: (1) if policies are complex, their enforcement can lead to performance decay of database servers; (2) when modifications in the established policies implies modifications in the business logic (usually deployed at the client-side), there is no other possibility than modify the business logic in advance and, finally, 3) malicious users can issue CRUD expressions systematically against the DBMS expecting to identify any security gap. In order to overcome these drawbacks, in this paper we propose an access control stack characterized by: most of the mechanisms are deployed at the client-side; whenever security policies evolve, the security mechanisms are automatically updated at runtime and, finally, client-side applications do not handle CRUD expressions directly. We also present an implementation of the proposed stack to prove its feasibility. This paper presents a new approach to enforce access control in database applications, this way expecting to contribute positively to the state of the art in the field.

Download Full-text

A Game-Theoretical Approach to Multimedia Social Networks Security

The Scientific World JOURNAL ◽

10.1155/2014/791690 ◽

2014 ◽

Vol 2014 ◽

pp. 1-9 ◽

Cited By ~ 1

Author(s):

Enqiang Liu ◽

Zengliang Liu ◽

Fei Shao ◽

Zhiyong Zhang

Keyword(s):

Social Networks ◽

Nash Equilibrium ◽

Access Control ◽

Control Model ◽

Security Policies ◽

Access Control Models ◽

Multimedia Social Networks ◽

Game Theoretical Approach ◽

Game Theoretic ◽

Stable Combination

The contents access and sharing in multimedia social networks (MSNs) mainly rely on access control models and mechanisms. Simple adoptions of security policies in the traditional access control model cannot effectively establish a trust relationship among parties. This paper proposed a novel two-party trust architecture (TPTA) to apply in a generic MSN scenario. According to the architecture, security policies are adopted through game-theoretic analyses and decisions. Based on formalized utilities of security policies and security rules, the choice of security policies in content access is described as a game between the content provider and the content requester. By the game method for the combination of security policies utility and its influences on each party’s benefits, the Nash equilibrium is achieved, that is, an optimal and stable combination of security policies, to establish and enhance trust among stakeholders.

Download Full-text

Security Workflow with Schematic Protection Model

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.198-199.824 ◽

2012 ◽

Vol 198-199 ◽

pp. 824-827

Author(s):

Guo Qian Wang

Keyword(s):

Access Control ◽

Security Policies ◽

Fine Grained

Application of Schematic Protection Model (SPM) on workflow access control is studied. Fine grained access control properties of SPM made it feasible to express workflow security policies. SPM link predicate semantics is extended in the workflow context. Link predicate between workflow activities is applied to constrain the take grant enforcement. License access control in the workflow is also modeled by SPM Inner control ticket.

Download Full-text