As recent experiments have shown, current Grid infrastructures are highly vulnerable against root exploits. In these attacks legitimate Grid user credentials were used to compromise vulnerable Grid head and worker nod...
详细信息
As recent experiments have shown, current Grid infrastructures are highly vulnerable against root exploits. In these attacks legitimate Grid user credentials were used to compromise vulnerable Grid head and worker nodes. Any such attack against a distributed working environment is critical. However, in the Grid it is particularly devastating, attacks against the head node affect unencrypted Grid proxy certificates. Using these, an attacker can act with the permissions of the original owner, undermining the Grid security concept. Even after the original attack has been detected and the affected systems have been sanitized, the attacker is still in possession of the stolen proxy. In previous work we introduced an auditing infrastructure that gives Grid users a way to reconstruct usage of their delegated credentials and detect their possibly abuse . We achieve this by including an X.509 certificate extension in a proxy credential signed by the Grid user – making the users request to track credential usage tamper-proof. In this paper, we extend the auditing infrastructure by a novel encryption aware watchdog, which can detect proxy certificate misuse even in the face of complete root compromise of all accessible Grid resources. It correlates network communication in the Grid with the auditing infrastructure and can thus detect proxy certificate misuse and tampering with the auditing framework.
In any systems or environments within a ubiquitous computing context that promotes the concept of users interaction or inter-organization communication, more specifically data sharing and takes users within such conte...
详细信息
In any systems or environments within a ubiquitous computing context that promotes the concept of users interaction or inter-organization communication, more specifically data sharing and takes users within such context as relevant contextual information, there is the potential for interactions between systems to occur that may affect the security of the overall system. We present a scenario that aims to highlight such potential problems, in particular the problem of security at sharing information and protecting profile building from such shared information. This scenario considers cooperation and interactions between individuals and systems that might occur in the context of a public event, such as a conference, crisis situation or entertainment event. Based on this we present a modelling tool able to highlight potential information sharing and profile building issues as well as access violations that might occur through the transfer of data between multiple individuals and suggest ways of defining policies dynamically and filtering only relevant contextual information for the user, to mitigate such a problem.
This paper presents a novel security infrastructure for deploying and using service-oriented Cloud applications securely without having to face the complexity associated with certificate management. The proposal is ba...
详细信息
This paper presents a novel security infrastructure for deploying and using service-oriented Cloud applications securely without having to face the complexity associated with certificate management. The proposal is based on an identity-based cryptographic approach that offers an independent setup of security domains and does not require a trust hierarchy compared to other identity-based cryptographic systems. The service URLs can be used as public keys, such that creating a secure connection to a service is very simple. A comparison between traditional approaches and identity-based cryptography with respect to data transfer requirements is presented.
Web based services and applications have increased the availability and accessibility of information. XML (eXtensible Markup Language) has recently emerged as an important standard in the area of information represent...
详细信息
There is a growing interest in the development of broadband sec-vices and networks for commercial use in both local area and wide area networks. In particular, connectionless Switched Multimegabit Data Service (SMDS) ...
详细信息
There is a growing interest in the development of broadband sec-vices and networks for commercial use in both local area and wide area networks. In particular, connectionless Switched Multimegabit Data Service (SMDS) and connection-oriented Frame Relay-based broadband services are beginning to be offered by a number of major operators in the US and Europe. This paper considers the issues that need to be addressed in the design of security services for such high-speed networks. First the relevant characteristics of broadband network interfaces are discussed, some of the existing security protocols for TCP/IP and OSI networks are reviewed, and their suitability for providing security in broadband networks assessed. Then the developed arguments are applied to design security services for the connectionless LAN and SMDS networks and connection-oriented Frame Relay networks. The paper concludes with a discussion on the establishment of secure Switched Virtual Connections (SVCs). (C) 1997 Elsevier Science B.V.
Authorization policy requirements in commercial applications are often richer compared to military applications in terms of the types of privileges required, and more complex in terms of both the nature and degree of ...
详细信息
ISBN:
(纸本)3540619917
Authorization policy requirements in commercial applications are often richer compared to military applications in terms of the types of privileges required, and more complex in terms of both the nature and degree of interactions between participating objects. Delegation and joint action mechanisms allow a more flexible and dynamic form of access control, thereby enabling the representation of sophisticated authorization policies. This paper explores some issues that need to be addressed when designing joint actions based authorization policies, and their ramifications for trust of various components in the architecture. We consider an example from the medical field, *** define attributes relevant to the design of joint action schemes and present three schemes for supporting joint action based authorization policies.
This book constitutes the thoroughly refereed post-conference proceedings of the workshop on Usable security, USEC 2013, and the third Workshop on Applied Homomorphic Cryptography, WAHC 2013, held in conjunction with ...
详细信息
ISBN:
(数字)9783642413209
ISBN:
(纸本)9783642413193
This book constitutes the thoroughly refereed post-conference proceedings of the workshop on Usable security, USEC 2013, and the third Workshop on Applied Homomorphic Cryptography, WAHC 2013, held in conjunction with the 17th International Conference on Financial Cryptology and Data security, FC 2013, in Okinawa, Japan. The 16 revised full papers presented were carefully selected from numerous submissions and cover all aspects of data security. The goal of the USEC workshop was to engage on all aspects of human factors and usability in the context of security. The goal of the WAHC workshop was to bring together professionals, researchers and practitioners in the area of computer security and applied cryptography with an interest in practical applications of homomorphic encryption, secure function evaluation, private information retrieval or searchable encryption to present, discuss, and share the latest findings in the field, and to exchange ideas that address real-world problems with practical solutions using homomorphic cryptography.
暂无评论