The Experts below are selected from a list of 105 Experts worldwide ranked by ideXlab platform
Karen W. Brannon - One of the best experts on this subject based on the ideXlab platform.
-
Secure information caching on the Web
Lecture Notes in Computer Science, 2004Co-Authors: Hui-i Hsiao, Karen W. BrannonAbstract:Web has become the key information source over the last few years and caching has been exploited and applied to reduce web server and network congestion as well as to improve response time. There are three types of web caching techniques: forward proxy, reverse proxy, and transparent proxy. Forward proxy server caches data close to users and is targeted to improve the user/browser response time. On the contrary, reverse proxy server normally locates next to a back-end server and is mainly targeted to reduce back-end server workload. As the web moving from primarily for information sharing to also becoming a key platform for business operations, a new generation of caching mechanism is needed to enforce the security of business content and to preserve the confidentiality of personal information. In this paper, we describe a web caching system that enhances the caching function by optionally enforcing fine grain Access Control Rules, set by the back-end servers, on the cached content. Our system takes advantage of edge (proxy) server technology for delivering data/information from locations adjacent to users while enforcing Access Control Rule set for each piece of cached content or page fragment.
-
APWeb - Secure Information Caching on the Web
Advanced Web Technologies and Applications, 2004Co-Authors: Hui-i Hsiao, Karen W. BrannonAbstract:Web has become the key information source over the last few years and caching has been exploited and applied to reduce web server and network congestion as well as to improve response time. There are three types of web caching techniques: forward proxy, reverse proxy, and transparent proxy. Forward proxy server caches data close to users and is targeted to improve the user/browser response time. On the contrary, reverse proxy server normally locates next to a back-end server and is mainly targeted to reduce back-end server workload. As the web moving from primarily for information sharing to also becoming a key platform for business operations, a new generation of caching mechanism is needed to enforce the security of business content and to preserve the confidentiality of personal information. In this paper, we describe a web caching system that enhances the caching function by optionally enforcing fine grain Access Control Rules, set by the back-end servers, on the cached content. Our system takes advantage of edge (proxy) server technology for delivering data/information from locations adjacent to users while enforcing Access Control Rule set for each piece of cached content or page fragment.
Matthias Beckerle - One of the best experts on this subject based on the ideXlab platform.
-
Usable Access Control
2014Co-Authors: Matthias BeckerleAbstract:The research described in this work can significantly simplify and facilitate the creation and configuration of secure Access Control Rule sets. Access Control is used to provide confidential data or information only to authorized entities and deny Access otherwise. Access Control mechanisms can be configured with Access Control Rule sets that need to be created and maintained by the users or administrators. The research commences by answering the first research question: 1. How can Access Control be integrated into future products? Basic concepts are presented and integrated into a holistic design. The latter is embedded into a general framework, which was developed by an academia-industry consortium, and in which the author participated. Questions arise regarding usability aspects of Access Control mechanisms. An analysis of security services in the beginning of this dissertation shows that, especially for Access Control mechanisms that are managed by casual users, a high level of usability is required because individual preferences of the data owner have to be taken into account. Analysis of how the core security objectives (see Section [sec:Core-Security-Principles]) can be achieved identifies a usability gap regarding the generation and configuration of Access Control Rule sets. Automation is not fully possible because individual preferences of users need to be considered. Related research questions are: 2. What are the requirements for usable Access Control Rule sets? 3. What are formally founded quantifiable measurements for those requirements, and how can these measurements be used to support users in generating of usable Access Control Rule sets? To answer these questions, a systematic analysis of expert opinions and related work was performed. The results of that analysis were grouped into categories and further refined into six informal requirements. The six informal requirements were mathematically formalized and six associated sets with respective linear metrics were derived. These formal tools are used to automatically calculate additional information about the actual Access Control Rule set to support users in generating and optimizing the Rule set properly. Two user studies were carried out to validate and evaluate the research and the findings presented in this work. They demonstrate that our metrics help users generate statistically significant better Rule sets. The dissertation concludes with an outlook and a vision for further research in usable Access Control Rule set configuration.
-
formal definitions for usable Access Control Rule sets from goals to metrics
Symposium On Usable Privacy and Security, 2013Co-Authors: Matthias Beckerle, Leonardo A. MartucciAbstract:Access Control policies describe high level requirements for Access Control systems. Access Control Rule sets ideally translate these policies into a coherent and manageable collection of Allow/Deny Rules. Designing Rule sets that reflect desired policies is a difficult and time-consuming task. The result is that Rule sets are difficult to understand and manage. The goal of this paper is to provide means for obtaining usable Access Control Rule sets, which we define as Rule sets that (i) reflect the Access Control policy and (ii) are easy to understand and manage. In this paper, we formally define the challenges that users face when generating usable Access Control Rule sets and provide formal tools to handle them more easily. We started our research with a pilot study in which specialists were interviewed. The objective was to list usability challenges regarding the management of Access Control Rule sets and verify how those challenges were handled by specialists. The results of the pilot study were compared and combined with results from related work and refined into six novel, formally defined metrics that are used to measure the security and usability aspects of Access Control Rule sets. We validated our findings with two user studies, which demonstrate that our metrics help users generate statistically significant better Rule sets.
-
SOUPS - Formal definitions for usable Access Control Rule sets from goals to metrics
Proceedings of the Ninth Symposium on Usable Privacy and Security - SOUPS '13, 2013Co-Authors: Matthias Beckerle, Leonardo A. MartucciAbstract:Access Control policies describe high level requirements for Access Control systems. Access Control Rule sets ideally translate these policies into a coherent and manageable collection of Allow/Deny Rules. Designing Rule sets that reflect desired policies is a difficult and time-consuming task. The result is that Rule sets are difficult to understand and manage. The goal of this paper is to provide means for obtaining usable Access Control Rule sets, which we define as Rule sets that (i) reflect the Access Control policy and (ii) are easy to understand and manage. In this paper, we formally define the challenges that users face when generating usable Access Control Rule sets and provide formal tools to handle them more easily. We started our research with a pilot study in which specialists were interviewed. The objective was to list usability challenges regarding the management of Access Control Rule sets and verify how those challenges were handled by specialists. The results of the pilot study were compared and combined with results from related work and refined into six novel, formally defined metrics that are used to measure the security and usability aspects of Access Control Rule sets. We validated our findings with two user studies, which demonstrate that our metrics help users generate statistically significant better Rule sets.
-
Interactive Rule Learning for Access Control : Concepts and Design
International journal on advances in intelligent systems, 2011Co-Authors: Matthias Beckerle, Leonardo A. Martucci, Max Mühlhäuser, Sebastian RiesAbstract:Nowadays the majority of users are unable to properly configure security mechanisms mostly because they are not usable for them. To reach the goal of having usable security mechanisms, the best solution is to minimize the amount of user interactions and simplify configuration tasks. Automation is a proper solution for minimizing the amount of user interaction. Fully automated security systems are possible for most security objectives, with the exception of the Access Control policy generation. Fully automated Access Control policy generation is currently not possible because individual preferences must be taken into account and, thus, requires user interaction. To address this problem we propose a mechanism that assists users to generate proper Access Control Rule sets that reflect their individual preferences. We name this mechanism Interactive Rule Learning for Access Control (IRL). IRL is designed to generate concise Rule sets for Attribute-Based Access Control (ABAC). The resulting approach leads to adaptive Access Control Rule sets that can be used for so called smart products. Therefore, we first describe the requirements and metrics for usable Access Control Rule sets for smart products. Moreover, we present the design of a security component which implements, among other security functionalities, our proposed IRL on ABAC. This design is currently being implemented as part of the ICT 7th Framework Programme SmartProducts of the European Commission.
-
Interactive Access Rule learning : Generating adapted Access Rule sets
2010Co-Authors: Matthias Beckerle, Leonardo A. Martucci, Sebastian RiesAbstract:This paper tackles the problem of usability and security in Access Control mechanisms. A theoretical solution for this problem is presented using the combination of automatic Rule learning and user interaction. The result is the interactive Rule learning approach. Interactive Rule learning is designed to complete attribute-based Access Control to generate concise Rule sets even by non-expert end-users. The resulting approach leads to adaptive Access Control Rule sets that can be used for smart products. Keywords-adaptivity; usability; Access Control; Rule learning. I. INTRODUCTION Smart products are a new class of devices that bridge the gap between the real and the virtual world. They pro- vide a natural and purposeful product-to-human interaction and context-aware adaptivity. Smart products need to have knowledge about the application and environment that they are immersed to fulfill their tasks. Thus, they also need Access to private / confidential information, such as users' preferences. Moreover, smart products can exchange pri- vate / confidential information among each other to complete collaborative tasks that require information from multiple sources, such as the booking of flight tickets and hotels. Smart products can be part of highly dynamic environments, where devices can appear and disappear in non-predictable ways. behavior is very common nowadays, especially regarding login passwords, browser cookies, virus scanners, and file Access Controls. The administration of secure features in computational systems by non-expert end-users is already a challenge. Such a fact can be easily shown by the massive number of computers that are part of bot nets (3), which is, in most of cases, caused by inability of such users to keep their systems up-to-date or to change default settings. Smart products add more complexity to such scenarios by increasing the administrative burden to the end-users. In this paper, the usability aspects of security solutions are analyzed and a mechanism that allows more user-friendly Access Control Rules generation is proposed. The initial analysis is used to identify usability gaps in basic security mechanisms that can be applied for smart products. Such an analysis shows that there are already sufficient solutions that can applied for confidentiality, integrity, and authentication services, but no appropriate Access Control solutions exist nowadays.
Karen A Scarfone - One of the best experts on this subject based on the ideXlab platform.
-
real time Access Control Rule fault detection using a simulated logic circuit
International Conference on Social Computing, 2013Co-Authors: Karen A ScarfoneAbstract:Access Control (AC) policies can be implemented based on different AC models, which are fundamentally composed by semantically independent AC Rules in expressions of privilege assignments described by attributes of subjects/attributes, actions, objects/attributes, and environment variables of the protected systems. Incorrect implementations of AC policies result in faults that not only leak but also disable Access of information, and faults in AC policies are difficult to detect without support of verification or automatic fault detection mechanisms. This research proposes an automatic method through the construction of a simulated logic circuit that simulates AC Rules in AC policies or models. The simulated logic circuit allows real-time detection of policy faults including conflicts of privilege assignments, leaks of information, and conflicts of interest assignments. Such detection is traditionally done by tools that perform verification or testing after all the Rules of the policy/model are completed, and it provides no information about the source of verification errors. The real-time fault detecting capability proposed by this research allows a Rule fault to be detected and fixed immediately before the next Rule is added to the policy/model, thus requiring no later verification and saving a significant amount of fault fixing time.
-
SocialCom - Real-Time Access Control Rule Fault Detection Using a Simulated Logic Circuit
2013 International Conference on Social Computing, 2013Co-Authors: Karen A ScarfoneAbstract:Access Control (AC) policies can be implemented based on different AC models, which are fundamentally composed by semantically independent AC Rules in expressions of privilege assignments described by attributes of subjects/attributes, actions, objects/attributes, and environment variables of the protected systems. Incorrect implementations of AC policies result in faults that not only leak but also disable Access of information, and faults in AC policies are difficult to detect without support of verification or automatic fault detection mechanisms. This research proposes an automatic method through the construction of a simulated logic circuit that simulates AC Rules in AC policies or models. The simulated logic circuit allows real-time detection of policy faults including conflicts of privilege assignments, leaks of information, and conflicts of interest assignments. Such detection is traditionally done by tools that perform verification or testing after all the Rules of the policy/model are completed, and it provides no information about the source of verification errors. The real-time fault detecting capability proposed by this research allows a Rule fault to be detected and fixed immediately before the next Rule is added to the policy/model, thus requiring no later verification and saving a significant amount of fault fixing time.
Hui-i Hsiao - One of the best experts on this subject based on the ideXlab platform.
-
Secure information caching on the Web
Lecture Notes in Computer Science, 2004Co-Authors: Hui-i Hsiao, Karen W. BrannonAbstract:Web has become the key information source over the last few years and caching has been exploited and applied to reduce web server and network congestion as well as to improve response time. There are three types of web caching techniques: forward proxy, reverse proxy, and transparent proxy. Forward proxy server caches data close to users and is targeted to improve the user/browser response time. On the contrary, reverse proxy server normally locates next to a back-end server and is mainly targeted to reduce back-end server workload. As the web moving from primarily for information sharing to also becoming a key platform for business operations, a new generation of caching mechanism is needed to enforce the security of business content and to preserve the confidentiality of personal information. In this paper, we describe a web caching system that enhances the caching function by optionally enforcing fine grain Access Control Rules, set by the back-end servers, on the cached content. Our system takes advantage of edge (proxy) server technology for delivering data/information from locations adjacent to users while enforcing Access Control Rule set for each piece of cached content or page fragment.
-
APWeb - Secure Information Caching on the Web
Advanced Web Technologies and Applications, 2004Co-Authors: Hui-i Hsiao, Karen W. BrannonAbstract:Web has become the key information source over the last few years and caching has been exploited and applied to reduce web server and network congestion as well as to improve response time. There are three types of web caching techniques: forward proxy, reverse proxy, and transparent proxy. Forward proxy server caches data close to users and is targeted to improve the user/browser response time. On the contrary, reverse proxy server normally locates next to a back-end server and is mainly targeted to reduce back-end server workload. As the web moving from primarily for information sharing to also becoming a key platform for business operations, a new generation of caching mechanism is needed to enforce the security of business content and to preserve the confidentiality of personal information. In this paper, we describe a web caching system that enhances the caching function by optionally enforcing fine grain Access Control Rules, set by the back-end servers, on the cached content. Our system takes advantage of edge (proxy) server technology for delivering data/information from locations adjacent to users while enforcing Access Control Rule set for each piece of cached content or page fragment.
Li Lei - One of the best experts on this subject based on the ideXlab platform.
-
Access Control Rule Description Based on Logic Unify
Computer Science, 2011Co-Authors: Li LeiAbstract:Traditional methods are hard to describe the subsume relationship of subjects and objects among some Access Control Rules.In this paper,we built an algorithm based on logic unify to resolve which problem.Firstly,we converted Access Control request to logic question,obtained the Access Control result by means of logic answer.Next,we utilized the facts to describe the each component of Access Control,and we realized the flexible Access Control by using the dynamic instantiation of variables in non-ground facts during the system running period.Finally,our experiment results show that our algorithm is effective.
