A Multimedia-Based Threat Management and Information Security Framework

This chapter focuses on the key challenges in the design of multimedia-based scalable techniques for threat management and security of information infrastructures. It brings together several multimedia technologies and presents a conceptual architectural framework for an open, secure distributed multimedia application that is composed of multiple domains employing different security and privacy policies and various data analysis and mining tools for extracting sensitive information. The challenge is to integrate such disparate components to enable large-scale multimedia applications and provide a mechanism for threat management. The proposed framework provides a holistic solution for large-scale distributed multi-domain multimedia application environments.

Web Content Filtering

The need to filter online information in order to protect users from possible harmful content can be considered as one of the most compelling social issues derived from the transformation of the Web into a public information space. Despite that Web rating and filtering systems have been developed and made publicly available quite early, no effective approach has been established so far, due to the inadequacy of the proposed solutions. Web filtering is then a challenging research area, needing the definition and enforcement of new strategies, considering both the current limitations and the future developments of Web technologies—in particular, the upcoming Semantic Web. In this chapter, we provide an overview of how Web filtering issues have been addressed by the available systems, bringing in relief both their advantages and shortcomings, and outlining future trends. As an example of how a more accurate and flexible filtering can be enforced, we devote the second part of this chapter to describing a multi-strategy approach, of which the main characteristics are the integration of both list- and metadata-based techniques and the adoption of sophisticated metadata schemes (e.g., conceptual hierarchies and ontologies) for describing both users’ characteristics and Web pages content.

Policies for Web Security Services

This chapter analyzes the various types of policies implemented by the Web security services. According to X.800 definition, there are five basic Web security services categories: authentication, non-repudiation, access control, data integrity, and data confidentiality. In this chapter, we discuss access control and data privacy services. Access control services may adopt various models according to the needs of the protected environment. In order to guide the design of access control models, several policy-expressing languages have been standardized. Our contribution is to describe and compare the various models and languages. Data privacy policies are categorized according to their purpose, that is, whether they express promises and preferences, manage the dissemination of privacy preferences, or handle the fulfillment of the privacy promises. The chapter is enriched with a discussion on the future trends in access control and data privacy.

Integrating Access Policies into the Development Process of Hypermedia Web Systems

This chapter discusses the integration of access control in the development process of hypermedia applications. Two key ideas are proposed: the use of high level, abstract access control models and the inclusion of access control in the whole life cycle of hypermedia applications. Authors present an access control model for hypermedia that makes it possible to formalize access policies using elements of the hypermedia domain, those used to specify structure and navigation services. Abstract models are not enoughto assist developers in dealing with security in a systematic way. Thus, authors describe how high-level access rules can be specified following the Ariadne Development Method (ADM). The ARCE project is used as example of development.

Sanitization and Anonymization of Document Repositories

Information security and privacy in the context of the World Wide Web (WWW) are important issues that are still being investigated. However, most of the present research is dealing with access control and authentication-based trust. Especially with the popularity of WWW as one of the largest information sources, privacy of individuals is now as important as the security of information. In this chapter, our focus is text, which is probably the most frequently seen data type in the WWW. Our aim is to highlight the possible threats to privacy that exist due to the availability of document repositories and sophisticated tools to browseand analyze these documents. We first identify possible threats to privacy in document repositories. We then discuss a measure for privacy in documents with some possible solutions to avoid or, at least, alleviate these threats.

Chinese Wall Security Policy Model

In 1989, Brewer and Nash (BN) proposed the Chinese Wall Security Policy (CWSP). Intuitively speaking, they want to build a family of impenetrable walls, called Chinese walls, among the datasets of competing companies so that no datasets that are in conflict can be stored in the same side of Chinese walls. Technically, the idea is: (X, Y) Ï CIR (= the binary relation of conflict of interests) if and only if (X, Y) Ï CIF (= the binary relation of information flows). Unfortunately, BN’s original proof has a major flaw (Lin, 1989). In this chapter, we have established and generalized the idea using an emerging technology, granular computing.

Secure Semantic Grids

This chapter first describes the developments in semantic grids and then discusses the security aspects. Semantic grids integrate Semantic Web and grid technologies. They also integrate knowledge management with Semantic Web and the grids. There is much interest on applying the semantic grid for many applications in science and engineering. Therefore, it is critical that the semantic grids be secure. We will also discuss Semantic Web mining and privacy implications relevant to semantic grids.

Data Confidentiality on the Semantic Web

This chapter investigates the threat of unwanted Semantic Web inferences. We survey the current efforts to detect and remove unwanted inferences, identify research gaps, and recommend future research directions. We begin with a brief overview of Semantic Web technologies and reasoning methods, followed by a description of the inference problem in traditional databases. In the context of the Semantic Web, we study two types of inferences: (1) entailments defined by the formal semantics of the Resource Description Framework (RDF) and the RDF Schema (RDFS) and (2) inferences supported by semantic languages like the Web Ontology Language (OWL). We compare the Semantic Web inferences to the inferences studied in traditional databases. We show that the inference problem exists on the Semantic Web and that existing security methods do not fully prevent indirect data disclosure via inference channels.

Privacy-Preserving Data Mining on the Web

Privacy-preserving data mining (PPDM) is one of the newest trends in privacy and security research. It is driven by one of the major policy issues of the information era—the right to privacy. This chapter describes the foundations for further research in PPDM on the Web. In particular, we describe the problems we face in defining what information is private in data mining. We then describe the basis of PPDM including the historical roots, a discussion on how privacy can be violated in data mining, and the definition of privacy preservation in data mining based on users’ personal information and information concerning their collective activities. Subsequently, we introduce a taxonomy of the existing PPDM techniques and a discussion on how these techniques are applicable to Web-based applications. Finally, we suggest some privacy requirements that are related to industrial initiatives and point to some technical challenges as future research trends in PPDM on the Web.

Trustworthy Data Sharing in Collaborative Pervasive Computing Environments

Collaborative Pervasive Computing Applications (COPCAs) can greatly improve the investigative capabilities and productivity of scientists and engineers. Users of COPCAs usually form groups to collaboratively perform their tasks using various computing devices, including desktop computers, pocket PCs, and/or smart phones, over Mobile Ad hoc Networks (MANET), LAN, and the Internet. These users usually share various types of data, including research ideas (documents), experimental and statistical data (numerical data, graphics, stream audio/video). A very important issue for sharing data in Collaborative Pervasive Computing Environments (COPCEs) is trustworthiness. To support trustworthy data sharing among groups of users of COPCAs, secure group communication, trustworthyshared data discovery, flexible access control mechanisms, effective data replication, data quality assurance mechanisms, and intrusion detection mechanisms are needed. In this chapter, the challenges, current state-of-the-art, and future research directions for trustworthy data sharing in COPCEs are presented. In particular, discussions will be focused on research issues and future research directions for trustworthy shared data discovery and flexible access control in service-based COPCAs.