Security Policies in Web Services

2010 ◽  
pp. 134-151
Author(s):  
Deepti Parachuri ◽  
Sudeep Mallick
Keyword(s):  
Web Services ◽  
Security Policy ◽  
Security Requirements ◽  
Security Policies ◽  
Future Trends ◽  
Security Measures ◽  
Computing Systems ◽  
Policy Specification ◽  
Basic Concepts

Security is of fundamental concern in computing systems. This chapter covers the role of security policies in Web services. First, it examines the importance of policies in web services and explains the WS-Policy standard. It also highlights the relation of WS-Policy with other WS-* specifications. Next, it covers different facets of security requirements in SOA implementations. Later, it examines the importance of security policies in web services. It also presents the basic concepts of WS-Security policy language. WS-Security policy specification specifies a standard way to define and publish security requirements in an extensible and interoperable way. A service provider makes use of security policy to publish the security measures implemented to protect the service. Security policies can also be made customizable to meet the security preferences of different consumers. Towards the end, it discusses about the governance of security polices and also future trends in security policies for web services.

scholarly journals Security Personalization for Internet and Web Services

2011 ◽  
pp. 205-229
Author(s):  
George Yee ◽  
Larry Korba
Keyword(s):  
Web Services ◽  
Web Service ◽  
Service Provider ◽  
Security Policy ◽  
Service Providers ◽  
Security Requirements ◽  
The Internet ◽  
Internet Services ◽  
Security Measures ◽  
Web Service Security

The growth of the Internet has been accompanied by the growth of Internet services (e.g., e-commerce, e-health). This proliferation of services and the increasing attacks on them by malicious individuals have highlighted the need for service security. The security requirements of an Internet or Web service may be specified in a security policy. The provider of the service is then responsible for implementing the security measures contained in the policy. However, a service customer or consumer may have security preferences that are not reflected in the provider’s security policy. In order for service providers to attract and retain customers, as well as reach a wider market, a way of personalizing a security policy to a particular customer is needed. We derive the content of an Internet or Web service security policy and propose a flexible security personalization approach that will allow an Internet or Web service provider and customer to negotiate to an agreed-upon personalized security policy. In addition, we present two application examples of security policy personalization, and overview the design of our security personalization prototype.

Impact of Deterrence and Inertia on Information Security Policy Changes

2019 ◽  
Vol 34 (1) ◽  
pp. 123-134
Author(s):  
Kalana Malimage ◽  
Nirmalee Raddatz ◽  
Brad S. Trinkle ◽  
Robert E. Crossler ◽  
Rebecca Baaske
Keyword(s):  
Information Security ◽  
Security Policy ◽  
Online Survey ◽  
Security Policies ◽  
Security Measures ◽  
Policy Changes ◽  
Information Security Policy ◽  
Improve Compliance ◽  
The Impact

ABSTRACT This study examines the impact of deterrence and inertia on information security policy changes. Corporations recognize the need to prioritize information security, which sometimes involves designing and implementing new security measures or policies. Using an online survey, we investigate the effect of deterrent sanctions and inertia on respondents' intentions to comply with modifications to company information security policies. We find that certainty and celerity associated with deterrent sanctions increase compliance intentions, while inertia decreases respondents' compliance intentions related to modified information security policies. Therefore, organizations must work to overcome employees' reluctance to change in order to improve compliance with security policy modifications. They may also consider implementing certain and timely sanctions for noncompliance.

scholarly journals Industrial control systems: The biggest cyber threat

2020 ◽  
Vol 4 (1) ◽  
pp. 044-046
Author(s):  
Beretas Christos P
Keyword(s):  
Control Systems ◽  
Cyber Security ◽  
Security Policy ◽  
Security Requirements ◽  
Security Policies ◽  
Western World ◽  
Control Analysis ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Cyber Threats

Industrial control systems (ICS) are critical, as in these systems, cyber threats have the potential to affect, disorganize, change their mode of operation, act as an information extraction vehicle, and ultimately turn against itself. Creating risks to the system itself, infrastructure, downtime, leakage of sensitive data, and even loss of human life. Industrial control systems (ICS) are vital to the operation of all the modern automated infrastructure in the western world, such as power plant and power stations. Industrial control systems (ICS) differ from the traditional information systems and infrastructures of organizations and companies, a standard cyber security strategy cannot be implemented but part of it adapting to the real facts and needs of each country, legislation and infrastructure. These systems require continuous operation, reliability and rapid recovery when attacked electronically with automated control, isolation and attack management processes. Incorrect settings and lack of strategic planning can lead to unprotected operation of critical installations, as they do not meet the cyber security requirements. Industrial control systems (ICS) require special protection in their networks, as they should be considered vulnerable in all their areas, they need protection from cyber attacks against ICS, SCADA servers, workstations, PLC automations, etc. Security policies to be implemented should provide protection against cyber threats, and systems recovery without affecting the operation and reliability of operating processes. Security policies such as security assessment, smart reporting, vulnerability and threat simulation, integrity control analysis, apply security policy to shared systems, intrusion detection and prevention, and finally firewall with integrated antivirus and sandbox services should be considered essential entities.

scholarly journals The Role of Great Britain in Forming of EU’s Foreign and Security Policy in the Context of Leading Theories of Eurointegration

2015 ◽  
pp. 18-28
Author(s):  
A. V. Groubinko
Keyword(s):  
European Union ◽  
Great Britain ◽  
Security Policy ◽  
Security Policies ◽  
Conceptual System ◽  
The European Union ◽  
Realistic Approach ◽  
Foreign And Security Policy ◽  
Flexible Integration

In the article on the basis of the original chart of the theoretical conceptual system of Eurointegration's development offered by an author base principles of Great Britain's participation in common foreign and security policy (CFSP) of the European Union are examined. The country’s role in the processes of forming EU's CFSP is determined in the context of leading theories of Eurointegration. The evolution of British government's policy participation in the system of political co-operation in the European Union, character of its influence on the processes of Eurointegration in the sphere of foreign and security policies are analysed. CFSP as a specific sphere of co-operation of the EU's states fully represents conceptual dichotomy of European Union essence at level «intergovernmental - supranational». CFSP is the segment of the EU's legal reality which is historically based on intergovernmental co-operation, and in modern terms characterized by the expressed elements of funcional supranational institucialisation and insignificant strengthening of federalism. Great Britain conceptual approaches to forming EU's CFSP lie traditions of pragmatical and functional realistic approach with the elements of federalist co-operation, externalism and minimum of institucialism. For activity of British governments is inherent pistorical heredity of participating in political integration within the framework of Common Europe. It's mean a successive policy of inhibition federalist supranational tendencies, propagandas of the evolutional going to development of integration processes and it distribution on new spheres. Such approaches are correspond to the model of selective-sectoral integration or «Europe a la carte» ofThatcherist standards, which in the process of realization under influence of objective (mainly external) factors evolved to practical embodiment of such more soft models of flexible integration, as «multi-speed integration» and «Europe of variable geometries». The noted approaches to CFSP allow government on the different historical stages to have retentive or stimulant influence on the integrational processes.

E-Health Project Implementation

2010 ◽  
pp. 281-286
Author(s):  
Konstantinos Siassiakos ◽  
Athina Lazakidou
Keyword(s):  
Security Requirements ◽  
Security Policies ◽  
Enterprise Management ◽  
Security Measures ◽  
Ethical Challenges ◽  
Privacy And Security ◽  
Health Project ◽  
Enterprise Level ◽  
The Right ◽  
And Control

Privacy includes the right of individuals and organizations to determine for themselves when, how and to what extent information about them is communicated to others. The growing need of managing large amounts of medical data raises important legal and ethical challenges. E-Health systems must be capable of adhering to clearly defined security policies based upon legal requirements, regulations and standards while catering for dynamic healthcare and professional needs. Such security policies, incorporating enterprise level principles of privacy, integrity and availability, coupled with appropriate audit and control processes, must be able to be clearly defined by enterprise management with the understanding that such policy will be reliably and continuously enforced. This chapter addresses the issue of identifying and fulfilling security requirements for critical applications in the e-health domain. In this chapter the authors describe the main privacy and security measures that may be taken by the implementation of e-health projects.

Formal and Automatic Security Policy Enforcement on Android Applications by Rewriting1

2021 ◽  
Author(s):  
Marwa Ziadia ◽  
Mohamed Mejri ◽  
Jaouhar Fattahi
Keyword(s):  
Formal Methods ◽  
Security Policy ◽  
Security Policies ◽  
Policy Enforcement ◽  
Android Application ◽  
System Specification ◽  
Policy Specification ◽  
Android Applications

With the wide variety of applications offered by Android, this system has been able to dominate the smartphone market. These applications provide all kinds of features and services that have become highly requested and welcomed by users. Besides, these applications represent risky vehicles for malware on Android devices. In this paper, we propose a novel formal technique to enforce the security of Android applications. We start off with an untrusted Android application and a security policy, and we end up in a new version of the application that behaves according to the policy. To ensure the correctness of results, we use formal methods in each step of the process, either in the system and the security policy specification or in the enforcement technique itself. The target application is reverse-engineered to its assembly-like code, Smali. An executable semantics called k-Smali was defined for this code using a language definitional framework, called k Framework. Security policies are specified in LTL-logic. The enforcement step consists of integrating the LTL formula in the k-Smali program using rewriting. It aims to rewrite the system specification automatically so that it satisfies the requested formula.

scholarly journals Turkey’s Border Security Policy Against Non-State Actors (2016-2019)

2020 ◽  
Vol 4 (2) ◽  
pp. 179
Author(s):  
Luerdi Luerdi ◽  
Amri Hakim
Keyword(s):  
Security Policy ◽  
Qualitative Method ◽  
Border Security ◽  
Security Policies ◽  
Causality Analysis ◽  
Military Operations ◽  
Vulnerability Factors ◽  
Syrian Crisis ◽  
State Actors

This paper aims to explain Turkey's border security policy in dealing with non-state actors in Northern Syria. Turkey's policy was carried out after five years of involvement in the Syrian crisis and one month after a failed coup attempt. This study uses the theory of securitization by Buzan that explains the existence of threat and vulnerability factors faced by the state in anarchic international structures. The research method used in this study is a qualitative method with the type of causality analysis. This paper found that threats and vulnerabilities pushed Turkey to launch a series of military operations as border security policies to rid North Syria of ISIS and PKK/PYD/YPG militias to control the adverse effects caused by the presence of non-state actors such as civilian and military casualties, property damage, as well as instability and disintegration. The border security policy confirms the increasingly important role of Turkey in the region while demonstrating Turkey's consistency in pursuing national security interests even outside its territory

scholarly journals V3SPA: A visual analysis, exploration, and diffing tool for SELinux and SEAndroid security policies

2021 ◽  
Author(s):  
Robert Gove
Keyword(s):  
Policy Analysis ◽  
System Design ◽  
Security Policy ◽  
Visual Analysis ◽  
Scale Up ◽  
Security Requirements ◽  
Security Policies ◽  
Design Considerations ◽  
Large Complex ◽  
Big Picture

SELinux policies have enormous potential to enforce granular security requirements, but the size and complexity of SELinux security policies make them challenging for security policy administrators to determine whether the implemented policy meets an organization's security requirements. To address the challenges in developing and maintaining SELinux security policies, this paper presents V3SPA (Verification, Validation and Visualization of Security Policy Abstractions). V3SPA is a tool that can import SELinux and Security Enhancements (SE) for Android source or binary policies and visualize them using two views: A policy explorer, and a policy differ. The policy explorer supports users in exploring a policy and understanding the relationships defined by the policy. The diffing view is designed to support differential policy analysis, showing the changes between two versions of a policy.The main contributions of this paper are 1) the design of the policy explorer, and the design and novel usecase for the policy differ, 2) a report on system design considerations to enable the graph visualizations to scale up to visualizing policies with tens of thou- sands of nodes and edges, and 3) a survey of five SELinux and SE for Android policy developers and analysts. The results of the survey indicate a need for tools such as V3SPA to help policy workers understand the big picture of large, complex security policies.

Preparing for Cyber Threats with Information Security Policies

2013 ◽  
Vol 3 (4) ◽  
pp. 22-31
Author(s):  
Ilona Ilvonen ◽  
Pasi Virtanen
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Literature Review ◽  
Scenario Analysis ◽  
Security Policy ◽  
Potential Effect ◽  
Security Policies ◽  
The Internet ◽  
Cyber Threats

Contemporary organisations in any industry are increasingly dependent on information systems. Today most organisations are online all the time, and their internal systems are used in environments that are already or easily connected to the internet. The paper analyses cyber threats and their potential effect on the operations of different organisations with the use of scenario analysis. The scenarios are built based on a literature review. One outcome of the analysis is that to an organisation it is irrelevant where a cyber threat originates from and who it is targeted for. If the threat is specifically targeted to the organisation or if the threat is collateral in nature is not important; preparing for the threat is important in both cases. The paper discusses the pressures that the cyber threats pose to information security policies, and what the role of the information security policy could be in preparing for the threats.

Security in Service-Oriented Architecture

2005 ◽  
pp. 292-316 ◽  
Author(s):  
Srinivas Padmanabhuni ◽  
Hemant Adarkar
Keyword(s):  
Web Services ◽  
Service Oriented Architecture ◽  
Security Requirements ◽  
Online Systems ◽  
Pragmatic Analysis ◽  
Service Oriented ◽  
Web Services Security ◽  
Soa Security ◽  
Security Standards

This chapter covers the different facets of security as applicable to Service-Oriented Architecture (SOA) implementations. First, it examines the security requirements in SOA implementations, highlighting the differences as compared to the requirements of generic online systems. Later, it discusses the different solution mechanisms to address these requirements in SOA implementations. In the context of Web services, the predominant SOA implementation standards have a crucial role to play. This chapter critically examines the crucial Web services security standards in different stages of adoption and standardization. Later, this chapter examines the present-day common nonstandard security mechanisms of SOA implementations. Towards the end, it discusses the future trends in security for SOA implementations with special bearing on the role of standards. The authors believe that the pragmatic analysis of the multiple facets of security in SOA implementations provided here will serve as a guide for SOA security practitioners.

Sign in / Sign up

Export Citation Format

Share Document