Securing the External Interfaces of a Federated Infrastructure Cloud

This chapter describes an open source solution for securing the Claudia service manager and the OpenNebula virtual execution environment manager when combined in a federated RESERVOIR architecture. The security services provide confidentiality, authentication, and integrity by securing the external API. The chapter describes how to integrate the security solution in an open source cloud computing system, how to install it, and provides an illustrative case study showing its potential for the community. The aim of the chapter is to help those who want to build their own secure infrastructure clouds. The open source security code provides mutual authentication between clients and the Claudia service manager, and secures the SMI interface with role based access control. The same security services can also secure the VMI with role based access control and X509 certificates. Finally the federation can be secured by combining an LDAP server to manage the federation and XACML security policies, and using policy matching to guarantee the respect of security policies within the federation.

Privacy-Aware Organisation-Based Access Control Model (PrivOrBAC)

In this chapter, the authors propose the expression and the modelling of the most important principles of privacy. They deduce the relevant privacy requirements that should be integrated in existing security policy models, such as RBAC models. They suggest the application of a unique model for both access control and privacy requirements. Thus, an access control model is to be enriched with new access constraints and parameters, namely the privacy contexts, which should implement the consent and the notification concepts. For this purpose, the authors introduce the Privacy-aware Organisation role Based Access Control (PrivOrBAC) model.

Digital Convergence and Horizontal Integration Strategies

Digital technology is unique in that it enables convergence of access devices and content as well as convergence of industry participant operations and strategy. This digital convergence creates opportunities, and threats, for developing new business models and unique growth strategies for digital product companies. The purpose of this chapter is to discuss examples where digital product companies have taken advantage of digital convergence through horizontal integration strategies that enable them to create unique mixes of products/services and reach larger markets. Actual horizontal integration strategy examples are discussed for several industries where products are in a digital form. In addition, potential cross-industry integration strategies and online intermediary (cybermediary) strategies are identified along with tactical level strategies for mass customization and use of interactivity tools and social networking. Strategic alternatives for introduction, growth, and maturity lifecycle stages are also discussed. The rationale for these strategies and implications for managers of digital product companies are discussed along with directions for future research.

Security and Trust in a Global Research Infrastructure

Modern science increasingly depends on international collaborations. Large instruments are expensive and have to be funded by several countries, and they generate very large volumes of data that must be archived and analysed. Scientific research infrastructures, e-Infrastructures, or cyber infrastructures support these collaborations and many others. In this chapter we look at the issue of trust for such infrastructures, particularly when scaling up from a small one. This growth can be “natural,” as more researchers are added, but can also be dramatic if whole new communities are added, possibly with different requirements. Our focus is on authentication, since for most realistic infrastructures, authentication is the foundation upon which further security is built. Our aim has been to focus on real-life experiences and examples, distilling them into practical advice.

End-Users’ Acceptance of Biometrics Authentication to Secure E-Commerce within the Context of Saudi Culture

This book study presents recent findings from an ongoing cross-cultural study exploring the acceptance of a new security method based on biometrics authentication systems to be applied to an e-commerce application within the context of Saudi culture. The aim of the study was to explore factors affecting users’ acceptance of biometrics authentication system. The authors conducted a large scale experiment of 306 Saudis using a login fingerprint system and examined a proposed conceptual framework based on the Unified Theory of Acceptance and Use of Technology (UTAUT) with moderating variables. The findings from Structural Equation Modeling (SEM) analysis indicate that education levels are significant moderating factors, while gender and age do not record as significant. The findings of this study propose the need to take cultural background and disposition into consideration when applying biometrics technology.

Caught in the Web

The social consequences of the internet are profound. Evidence of this can easily be found in the enormous body of literature discussing its impact on democracy, globalization, social networking, and education. The implications of the internet for medicine have likewise received a great deal of attention from policy makers, clinicians and technology theorists. Medical privacy, in particular, has garnered the lion’s share of attention. Nevertheless, research in this area has been lacking because it either fails to unpack the conceptual and ethical complexities of privacy or overestimates the power of technology and policy to protect our medical privacy. The aims of this chapter are twofold. The first is to provide a nuanced explication of the concept of privacy, and, second, to argue that e-medicine and the policies supposedly designed to protect the privacy and confidentiality of personal health information fail to do so and in some instances make their violations easier to commit.

RBAC with Generic Rights, Delegation, Revocation, and Constraints

This chapter presents R+DRC, an extension of the Role-based Access Control (RBAC) model. R+DRC allow for defining constraints, for example to enforce different forms of separation of duties, and the right of overriding a constraint. The model also defines delegations, and two forms of revocations. The model is discussed within the framework of modeling the access control of an hospital. Algorithms are provided for the more complex actions.

Investigating the Performance of the TSS Scheme in Noisy MANETs

A Mobile Ad Hoc Network (MANET) suffers from high packet-loss due to various transmission impairments, such as: wireless signal attenuation, free space loss, thermal noise, atmospheric absorption, multipath effect, and refraction. All of these impairments are represented by a generic name, noise, and therefore such a network is referred to as a noisy network. For modeling and simulation purposes, the noisy environment is described by introducing a probability function, namely, the probability of reception (pc), which is defined as the probability that transmitted data is successfully delivered to its destination despite the presence of noise. This chapter describes the implementation and investigates the performance of the Threshold Secret Sharing (TSS) node authentication scheme in noisy MANETs. A number of simulations are performed using the MANET Simulator (MANSim) to estimate the authentication success ratio for various threshold secret shares, number of nodes, node speeds, and noise-levels. Simulation results demonstrate that, for a certain threshold secret share, the presence of noise inflicts a significant reduction in the authentication success ratio, while node mobility inflicts no or an insignificant effect. The outcomes of these simulations are important to facilitate efficient network management.

The Integration of Social Networking in Creating Collaborative Partnerships in Education

Technological communication advancements in recent years, including, but not limited to, the Internet, cell phones, PDAs and texting, have changed communication, accessing information, and doing business. Unfortunately, education has often lagged behind in the effective implementation of these technological advances. This chapter examines one technological development that has the potential to change the higher educational landscape. The use of online social networking tools can be used to help establish connections student to student, student to faculty, faculty to student and faculty to faculty. These tools can be used to encourage scholarly collaboration in a constructivist manner that builds upon the social learning theories of Albert Bandura and Lev Vygotski.

Policy Management in Cloud

Cloud computing paradigm is still an evolving paradigm but has recently gained tremendous momentum due to its potential for significant cost reduction and increased operating efficiencies in computing. However, its unique aspects exacerbate security and privacy challenges that pose as the key roadblock to its fast adoption. Cloud computing has already become very popular, and practitioners need to provide security mechanisms to ensure its secure adoption. In this chapter, the authors discuss access control systems and policy management in cloud computing environments. The cloud computing environments may not allow use of a single access control system, single policy language, or single management tool for the various cloud services that it offers. Currently, users must use diverse access control solutions available for each cloud service provider to secure data. Access control policies may be composed in incompatible ways because of diverse policy languages that are maintained separately at every cloud provider. Heterogeneity and distribution of these policies pose problems in managing access policy rules for a cloud environment. In this chapter, the authors discuss challenges of policy management and introduce a cloud based policy management framework that is designed to give users a unified control point for managing access policies to control access to their resources no matter where they are stored.