The Experts below are selected from a list of 369 Experts worldwide ranked by ideXlab platform
Huei Lee - One of the best experts on this subject based on the ideXlab platform.
-
Simulation of a Two-Category Secured Access Database
Communications of the IIMA, 2009Co-Authors: Marn-ling Shing, Kuo Lane Chen, Chen-chi Shing, Huei LeeAbstract:INTRODUCTION In a typical e-commerce database, data is accessed by the public, twenty four hours per day, and seven days per week (Smith, 2006; Halle & Kikinis, 2004). While the Internet is especially vulnerable to exposing confidential information from e-commerce databases through wire or wireless communications, most of the literature discusses how to protect the data integrity of databases. Confidentiality is often ensured using data encryption, but using encryption often degrades database access speed. Additionally, databases are too frequently used to be securely managed, and data privacy is actually never fully monitored (Becker, Amab, & Serra, 2008). Hence, this presents a major problem for databases in ensuring both confidentiality and performance. The Bell-Lapadula Model is a confidentiality Model for system security and has been used by the United States military for years (Bell & Lapadula, 1973, 1975). Chen, Lee, and Yang (2006) and Chen, Shing, lee, and Shing (2007) use the Bell-LaPadual Model to classify suppliers and purchasing companies into different security groups in a supply chain network. Shing, Shing, Chen, and Lee (2006) further suggested Modeling the security state transitions by using Markov Chain Model in which states were created by use of all the combinations of (Security Clearance, Classification) pairs in the Bell-Lapadula Model. Later Shing, Shing, Chen, and Lee (2008, 2009) has extended the Model and provided a simulation experiment to prove the effectiveness of their Model. This study is to continue Shing and Chen's previous work by providing more explanations of the Markov chain Model and to use another simulation set to prove the Model's effectiveness. The next section discusses what categories (Security Clearance, Classification) are in the Bell-Lapadula Model. Then, it attempts to Model a secured database network using a privileged group who may take four different actions in a sequence and a public group who has only two different "read" privileges. Finally, the results from the simulations, as well as several properties, are examined and analyzed. Secured Database Access in a Web Environment In a web environment, a user has to use a simple authentication method (i.e. user id and password) to enter his account or the network. When the user enters sensitive data into a database through a web form, the database normally will use another authentication technique to make sure that the user has the right to access the database (See Figure 1). On December 2006, the retail giant TJX company detected a "suspicious software" on its computer system and later it was confirmed an intrusion and data loss. In this case, database break-in was the result of inappropriate data access control and cost the TJX more than 40 millions (Panko, 2009). [FIGURE 1 OMITTED] [FIGURE OMITTED] [FIGURE OMITTED] There are many methods used to control the confidentiality of data. One of them is the Bell-Lapadula Model which has been used in the military (Bishop, 2003). Assuming in a simplified secured database network, there are only two groups involved: the privileged group and the public group. These privileged groups are called security clearances. In the Model, the privileged group can act on two objects. The actions are either to access system files or to use special software tools. For the public group security clearance, users are to read announcements or advertisements on Web pages. However, users in the public group are not allowed to access system files nor to use special software tools. Furthermore, the privileged group members are allowed access to all of the permissions that the public group enjoys. In the next section, we will discuss another method, the semi-Markov chain Model, to control the security. Semi-Markov Chain Model for Secured Database Access in a Web Environment Like nature disasters, security threats cannot be completely stopped. …
-
A Simulation Study of Confidentiality Modeling in a Secured Supply Chain Network
2008 International Workshop on Education Technology and Training & 2008 International Workshop on Geoscience and Remote Sensing, 2008Co-Authors: Marn-ling Shing, Kuo Lane Chen, Chen-chi Shing, Huei LeeAbstract:In a supply chain network, suppliers normally offer price and service quotes for bidding while the purchasing company usually needs to evaluate suppliers before making buying decision. Due to competition, purchasing company doesnpsilat want suppliers to know anything about purchasing sensitive information except providing itemspsila retail prices and bidding notices. The confidentiality Modeling has been proposed to use the Bell-Lapadula Model and Markov Chain to dynamically monitor the state transitions in a secured supply chain network. This paper explains how to create a secured Model in a simplified supply chain network. The properties of the Model are examined based on two different protocols. We conclude by showing how to simulate the proposed Model to solidify the effectiveness of the proposed Model.
-
Modeling in Confidentiality and Integrity for a Supply Chain Network
Communications of the IIMA, 2007Co-Authors: Kuo Lane Chen, Marn-ling Shing, Huei Lee, Chen-chi ShingAbstract:ABSTRACT Bell-Lapadula Model and Markov Chain Model are used for supply chain networks in the previous literature. However, Bell-Lapadula Model only considers the confidentiality aspect of security. Markov Chain Model is used to simulate the dynamics of the security states. In a typical supply chain network, the integrity of business transactions should be as important as confidentiality of those transactions. The purpose of this paper is to apply Clark-Wilson Model to the supply chain network integrity. The major concepts of the Clark-Wilson Model such as separation of duty, constrained data items, well-formed transactions, and transform procedures are applied to different situations of a supply chain network. INTRODUCTION A supply chain is a sequence of processes that take place between customers, manufacturers/distributors and suppliers (Chopra & Meindl, 2006). Narrow definition of supply chain network, or suppliers relationship management (SRM) is limited to the management of relationship between suppliers and manufacturers (or retail-chain distributors). The broader definition of a supply chain network includes all the parties from customers to suppliers. Therefore, it further includes customer relationship management (CRM), warehousing, production, and product design. Most textbooks use the broader definition for supply chain management. Today most large manufacturers such as General Motor or retail-chain distributors such as Wal-Mart are in the form of supply chain networks. One of the major goals of supply chain management is to minimize the total system costs from customers to suppliers so it can attract and retain customers in a competitive environment. Another major goal of supply chain management is to achieve the efficiency of supply chain network so it can meet the philosophy of just-in-time manufacturing/delivery. The efficiency of a supply chain network is relied on the success of the supply information network software system and IT infrastructure. A broader supply chain network system includes Enterprise Resources Planning (ERP) and Customer Relationship Management (CRM) systems. The Intranet or extranet are examples for IT infrastructure for the supply chain network. Another important issue of a supply chain network is the security of the information system. In a supply chain network, most suppliers may have conflict of interests so the integrity and confidentially of the information is important in a supply chain network. Chen et. al. (2006) proposed the application of Bell-Lapadula Model in the design of a supply chain network. In the Bell-Lapadula Model a subject has a security clearance and an object has a security classification. The goal of the Bell-Lapadula security Model is to prevent "read" access to objects at a security classification higher than the subject's clearance (Bishop, 2003). However, the Bell-Lapadula Model only considers the confidentiality aspect of security. In a typical supply chain network, the integrity of business transactions should be as important as confidentiality of those transactions. The Clark-Wilson Model is one of the security Models for information integrity for a business environment. This paper attempts to Model the security on a supply chain network using the Clark-Wilson Model by applying the major concepts such as separation of duty and transformation procedures (TP) in different supply chain situations. LITERATURE REVIEW Information Security The word "information" is defined as "Knowledge obtained from investigation, study, or instruction; Intelligence, News; Facts, Data" (Merriam-Webster Online, 2006). And the word "security" is defined as "measures taken to guard against espionage or sabotage, crime, attack, or escape". Therefore, after combine these two definitions, information security can be defined as "measures, for which knowledge obtained from investigation, study, or instruction; intelligence, news taken to guard against espionage or sabotage, crime, attack, or escape". …
-
Security Modeling on the Supply Chain Networks
International Institute of Informatics and Cybernetics, 2007Co-Authors: Marn-ling Shing, Kuo Lane Chen, Chen-chi Shing, Huei LeeAbstract:In order to keep the price down, a purchaser sends out the request for quotation to a group of suppliers in a supply chain network. The purchaser will then choose a supplier with the best combination of price and quality. A potential supplier will try to collect the related information about other suppliers so he/she can offer the best bid to the purchaser. Therefore, confidentiality becomes an important consideration for the design of a supply chain network. Chen et al. have proposed the application of the Bell-Lapadula Model in the design of a secured supply chain network. In the Bell-Lapadula Model, a subject can be in one of different security clearances and an object can be in one of various security classifications. All the possible combinations of (Security Clearance, Classification) pair in the Bell-Lapadula Model can be thought as different states in the Markov Chain Model. This paper extends the work done by Chen et al., provides more details on the Markov Chain Model and illustrates how to use it to monitor the security state transition in the supply chain network
-
Modeling in Confidentiality and Integrity for a Supply Chain Network
2007Co-Authors: Kuo Lane Chen, Marn-ling Shing, Huei Lee, Chen-chi ShingAbstract:Bell-Lapadula Model and Markov Chain Model are used for supply chain networks in the previous literature. However, Bell-Lapadula Model only considers the confidentiality aspect of security. Markov Chain Model is used to simulate the dynamics of the security states. In a typical supply chain network, the integrity of business transactions should be as important as confidentiality of those transactions. The purpose of this paper is to apply Clark-Wilson Model to the supply chain network integrity. The major concepts of the Clark-Wilson Model such as separation of duty, constrained data items, well-formed transactions, and transform procedures are applied to different situations of a supply chain network
Kuo Lane Chen - One of the best experts on this subject based on the ideXlab platform.
-
Simulation of a Two-Category Secured Access Database
Communications of the IIMA, 2009Co-Authors: Marn-ling Shing, Kuo Lane Chen, Chen-chi Shing, Huei LeeAbstract:INTRODUCTION In a typical e-commerce database, data is accessed by the public, twenty four hours per day, and seven days per week (Smith, 2006; Halle & Kikinis, 2004). While the Internet is especially vulnerable to exposing confidential information from e-commerce databases through wire or wireless communications, most of the literature discusses how to protect the data integrity of databases. Confidentiality is often ensured using data encryption, but using encryption often degrades database access speed. Additionally, databases are too frequently used to be securely managed, and data privacy is actually never fully monitored (Becker, Amab, & Serra, 2008). Hence, this presents a major problem for databases in ensuring both confidentiality and performance. The Bell-Lapadula Model is a confidentiality Model for system security and has been used by the United States military for years (Bell & Lapadula, 1973, 1975). Chen, Lee, and Yang (2006) and Chen, Shing, lee, and Shing (2007) use the Bell-LaPadual Model to classify suppliers and purchasing companies into different security groups in a supply chain network. Shing, Shing, Chen, and Lee (2006) further suggested Modeling the security state transitions by using Markov Chain Model in which states were created by use of all the combinations of (Security Clearance, Classification) pairs in the Bell-Lapadula Model. Later Shing, Shing, Chen, and Lee (2008, 2009) has extended the Model and provided a simulation experiment to prove the effectiveness of their Model. This study is to continue Shing and Chen's previous work by providing more explanations of the Markov chain Model and to use another simulation set to prove the Model's effectiveness. The next section discusses what categories (Security Clearance, Classification) are in the Bell-Lapadula Model. Then, it attempts to Model a secured database network using a privileged group who may take four different actions in a sequence and a public group who has only two different "read" privileges. Finally, the results from the simulations, as well as several properties, are examined and analyzed. Secured Database Access in a Web Environment In a web environment, a user has to use a simple authentication method (i.e. user id and password) to enter his account or the network. When the user enters sensitive data into a database through a web form, the database normally will use another authentication technique to make sure that the user has the right to access the database (See Figure 1). On December 2006, the retail giant TJX company detected a "suspicious software" on its computer system and later it was confirmed an intrusion and data loss. In this case, database break-in was the result of inappropriate data access control and cost the TJX more than 40 millions (Panko, 2009). [FIGURE 1 OMITTED] [FIGURE OMITTED] [FIGURE OMITTED] There are many methods used to control the confidentiality of data. One of them is the Bell-Lapadula Model which has been used in the military (Bishop, 2003). Assuming in a simplified secured database network, there are only two groups involved: the privileged group and the public group. These privileged groups are called security clearances. In the Model, the privileged group can act on two objects. The actions are either to access system files or to use special software tools. For the public group security clearance, users are to read announcements or advertisements on Web pages. However, users in the public group are not allowed to access system files nor to use special software tools. Furthermore, the privileged group members are allowed access to all of the permissions that the public group enjoys. In the next section, we will discuss another method, the semi-Markov chain Model, to control the security. Semi-Markov Chain Model for Secured Database Access in a Web Environment Like nature disasters, security threats cannot be completely stopped. …
-
A Simulation Study of Confidentiality Modeling in a Secured Supply Chain Network
2008 International Workshop on Education Technology and Training & 2008 International Workshop on Geoscience and Remote Sensing, 2008Co-Authors: Marn-ling Shing, Kuo Lane Chen, Chen-chi Shing, Huei LeeAbstract:In a supply chain network, suppliers normally offer price and service quotes for bidding while the purchasing company usually needs to evaluate suppliers before making buying decision. Due to competition, purchasing company doesnpsilat want suppliers to know anything about purchasing sensitive information except providing itemspsila retail prices and bidding notices. The confidentiality Modeling has been proposed to use the Bell-Lapadula Model and Markov Chain to dynamically monitor the state transitions in a secured supply chain network. This paper explains how to create a secured Model in a simplified supply chain network. The properties of the Model are examined based on two different protocols. We conclude by showing how to simulate the proposed Model to solidify the effectiveness of the proposed Model.
-
Modeling in Confidentiality and Integrity for a Supply Chain Network
Communications of the IIMA, 2007Co-Authors: Kuo Lane Chen, Marn-ling Shing, Huei Lee, Chen-chi ShingAbstract:ABSTRACT Bell-Lapadula Model and Markov Chain Model are used for supply chain networks in the previous literature. However, Bell-Lapadula Model only considers the confidentiality aspect of security. Markov Chain Model is used to simulate the dynamics of the security states. In a typical supply chain network, the integrity of business transactions should be as important as confidentiality of those transactions. The purpose of this paper is to apply Clark-Wilson Model to the supply chain network integrity. The major concepts of the Clark-Wilson Model such as separation of duty, constrained data items, well-formed transactions, and transform procedures are applied to different situations of a supply chain network. INTRODUCTION A supply chain is a sequence of processes that take place between customers, manufacturers/distributors and suppliers (Chopra & Meindl, 2006). Narrow definition of supply chain network, or suppliers relationship management (SRM) is limited to the management of relationship between suppliers and manufacturers (or retail-chain distributors). The broader definition of a supply chain network includes all the parties from customers to suppliers. Therefore, it further includes customer relationship management (CRM), warehousing, production, and product design. Most textbooks use the broader definition for supply chain management. Today most large manufacturers such as General Motor or retail-chain distributors such as Wal-Mart are in the form of supply chain networks. One of the major goals of supply chain management is to minimize the total system costs from customers to suppliers so it can attract and retain customers in a competitive environment. Another major goal of supply chain management is to achieve the efficiency of supply chain network so it can meet the philosophy of just-in-time manufacturing/delivery. The efficiency of a supply chain network is relied on the success of the supply information network software system and IT infrastructure. A broader supply chain network system includes Enterprise Resources Planning (ERP) and Customer Relationship Management (CRM) systems. The Intranet or extranet are examples for IT infrastructure for the supply chain network. Another important issue of a supply chain network is the security of the information system. In a supply chain network, most suppliers may have conflict of interests so the integrity and confidentially of the information is important in a supply chain network. Chen et. al. (2006) proposed the application of Bell-Lapadula Model in the design of a supply chain network. In the Bell-Lapadula Model a subject has a security clearance and an object has a security classification. The goal of the Bell-Lapadula security Model is to prevent "read" access to objects at a security classification higher than the subject's clearance (Bishop, 2003). However, the Bell-Lapadula Model only considers the confidentiality aspect of security. In a typical supply chain network, the integrity of business transactions should be as important as confidentiality of those transactions. The Clark-Wilson Model is one of the security Models for information integrity for a business environment. This paper attempts to Model the security on a supply chain network using the Clark-Wilson Model by applying the major concepts such as separation of duty and transformation procedures (TP) in different supply chain situations. LITERATURE REVIEW Information Security The word "information" is defined as "Knowledge obtained from investigation, study, or instruction; Intelligence, News; Facts, Data" (Merriam-Webster Online, 2006). And the word "security" is defined as "measures taken to guard against espionage or sabotage, crime, attack, or escape". Therefore, after combine these two definitions, information security can be defined as "measures, for which knowledge obtained from investigation, study, or instruction; intelligence, news taken to guard against espionage or sabotage, crime, attack, or escape". …
-
Security Modeling on the Supply Chain Networks
International Institute of Informatics and Cybernetics, 2007Co-Authors: Marn-ling Shing, Kuo Lane Chen, Chen-chi Shing, Huei LeeAbstract:In order to keep the price down, a purchaser sends out the request for quotation to a group of suppliers in a supply chain network. The purchaser will then choose a supplier with the best combination of price and quality. A potential supplier will try to collect the related information about other suppliers so he/she can offer the best bid to the purchaser. Therefore, confidentiality becomes an important consideration for the design of a supply chain network. Chen et al. have proposed the application of the Bell-Lapadula Model in the design of a secured supply chain network. In the Bell-Lapadula Model, a subject can be in one of different security clearances and an object can be in one of various security classifications. All the possible combinations of (Security Clearance, Classification) pair in the Bell-Lapadula Model can be thought as different states in the Markov Chain Model. This paper extends the work done by Chen et al., provides more details on the Markov Chain Model and illustrates how to use it to monitor the security state transition in the supply chain network
-
Modeling in Confidentiality and Integrity for a Supply Chain Network
2007Co-Authors: Kuo Lane Chen, Marn-ling Shing, Huei Lee, Chen-chi ShingAbstract:Bell-Lapadula Model and Markov Chain Model are used for supply chain networks in the previous literature. However, Bell-Lapadula Model only considers the confidentiality aspect of security. Markov Chain Model is used to simulate the dynamics of the security states. In a typical supply chain network, the integrity of business transactions should be as important as confidentiality of those transactions. The purpose of this paper is to apply Clark-Wilson Model to the supply chain network integrity. The major concepts of the Clark-Wilson Model such as separation of duty, constrained data items, well-formed transactions, and transform procedures are applied to different situations of a supply chain network
Chen-chi Shing - One of the best experts on this subject based on the ideXlab platform.
-
Simulation of a Two-Category Secured Access Database
Communications of the IIMA, 2009Co-Authors: Marn-ling Shing, Kuo Lane Chen, Chen-chi Shing, Huei LeeAbstract:INTRODUCTION In a typical e-commerce database, data is accessed by the public, twenty four hours per day, and seven days per week (Smith, 2006; Halle & Kikinis, 2004). While the Internet is especially vulnerable to exposing confidential information from e-commerce databases through wire or wireless communications, most of the literature discusses how to protect the data integrity of databases. Confidentiality is often ensured using data encryption, but using encryption often degrades database access speed. Additionally, databases are too frequently used to be securely managed, and data privacy is actually never fully monitored (Becker, Amab, & Serra, 2008). Hence, this presents a major problem for databases in ensuring both confidentiality and performance. The Bell-Lapadula Model is a confidentiality Model for system security and has been used by the United States military for years (Bell & Lapadula, 1973, 1975). Chen, Lee, and Yang (2006) and Chen, Shing, lee, and Shing (2007) use the Bell-LaPadual Model to classify suppliers and purchasing companies into different security groups in a supply chain network. Shing, Shing, Chen, and Lee (2006) further suggested Modeling the security state transitions by using Markov Chain Model in which states were created by use of all the combinations of (Security Clearance, Classification) pairs in the Bell-Lapadula Model. Later Shing, Shing, Chen, and Lee (2008, 2009) has extended the Model and provided a simulation experiment to prove the effectiveness of their Model. This study is to continue Shing and Chen's previous work by providing more explanations of the Markov chain Model and to use another simulation set to prove the Model's effectiveness. The next section discusses what categories (Security Clearance, Classification) are in the Bell-Lapadula Model. Then, it attempts to Model a secured database network using a privileged group who may take four different actions in a sequence and a public group who has only two different "read" privileges. Finally, the results from the simulations, as well as several properties, are examined and analyzed. Secured Database Access in a Web Environment In a web environment, a user has to use a simple authentication method (i.e. user id and password) to enter his account or the network. When the user enters sensitive data into a database through a web form, the database normally will use another authentication technique to make sure that the user has the right to access the database (See Figure 1). On December 2006, the retail giant TJX company detected a "suspicious software" on its computer system and later it was confirmed an intrusion and data loss. In this case, database break-in was the result of inappropriate data access control and cost the TJX more than 40 millions (Panko, 2009). [FIGURE 1 OMITTED] [FIGURE OMITTED] [FIGURE OMITTED] There are many methods used to control the confidentiality of data. One of them is the Bell-Lapadula Model which has been used in the military (Bishop, 2003). Assuming in a simplified secured database network, there are only two groups involved: the privileged group and the public group. These privileged groups are called security clearances. In the Model, the privileged group can act on two objects. The actions are either to access system files or to use special software tools. For the public group security clearance, users are to read announcements or advertisements on Web pages. However, users in the public group are not allowed to access system files nor to use special software tools. Furthermore, the privileged group members are allowed access to all of the permissions that the public group enjoys. In the next section, we will discuss another method, the semi-Markov chain Model, to control the security. Semi-Markov Chain Model for Secured Database Access in a Web Environment Like nature disasters, security threats cannot be completely stopped. …
-
A Simulation Study of Confidentiality Modeling in a Secured Supply Chain Network
2008 International Workshop on Education Technology and Training & 2008 International Workshop on Geoscience and Remote Sensing, 2008Co-Authors: Marn-ling Shing, Kuo Lane Chen, Chen-chi Shing, Huei LeeAbstract:In a supply chain network, suppliers normally offer price and service quotes for bidding while the purchasing company usually needs to evaluate suppliers before making buying decision. Due to competition, purchasing company doesnpsilat want suppliers to know anything about purchasing sensitive information except providing itemspsila retail prices and bidding notices. The confidentiality Modeling has been proposed to use the Bell-Lapadula Model and Markov Chain to dynamically monitor the state transitions in a secured supply chain network. This paper explains how to create a secured Model in a simplified supply chain network. The properties of the Model are examined based on two different protocols. We conclude by showing how to simulate the proposed Model to solidify the effectiveness of the proposed Model.
-
Modeling in Confidentiality and Integrity for a Supply Chain Network
Communications of the IIMA, 2007Co-Authors: Kuo Lane Chen, Marn-ling Shing, Huei Lee, Chen-chi ShingAbstract:ABSTRACT Bell-Lapadula Model and Markov Chain Model are used for supply chain networks in the previous literature. However, Bell-Lapadula Model only considers the confidentiality aspect of security. Markov Chain Model is used to simulate the dynamics of the security states. In a typical supply chain network, the integrity of business transactions should be as important as confidentiality of those transactions. The purpose of this paper is to apply Clark-Wilson Model to the supply chain network integrity. The major concepts of the Clark-Wilson Model such as separation of duty, constrained data items, well-formed transactions, and transform procedures are applied to different situations of a supply chain network. INTRODUCTION A supply chain is a sequence of processes that take place between customers, manufacturers/distributors and suppliers (Chopra & Meindl, 2006). Narrow definition of supply chain network, or suppliers relationship management (SRM) is limited to the management of relationship between suppliers and manufacturers (or retail-chain distributors). The broader definition of a supply chain network includes all the parties from customers to suppliers. Therefore, it further includes customer relationship management (CRM), warehousing, production, and product design. Most textbooks use the broader definition for supply chain management. Today most large manufacturers such as General Motor or retail-chain distributors such as Wal-Mart are in the form of supply chain networks. One of the major goals of supply chain management is to minimize the total system costs from customers to suppliers so it can attract and retain customers in a competitive environment. Another major goal of supply chain management is to achieve the efficiency of supply chain network so it can meet the philosophy of just-in-time manufacturing/delivery. The efficiency of a supply chain network is relied on the success of the supply information network software system and IT infrastructure. A broader supply chain network system includes Enterprise Resources Planning (ERP) and Customer Relationship Management (CRM) systems. The Intranet or extranet are examples for IT infrastructure for the supply chain network. Another important issue of a supply chain network is the security of the information system. In a supply chain network, most suppliers may have conflict of interests so the integrity and confidentially of the information is important in a supply chain network. Chen et. al. (2006) proposed the application of Bell-Lapadula Model in the design of a supply chain network. In the Bell-Lapadula Model a subject has a security clearance and an object has a security classification. The goal of the Bell-Lapadula security Model is to prevent "read" access to objects at a security classification higher than the subject's clearance (Bishop, 2003). However, the Bell-Lapadula Model only considers the confidentiality aspect of security. In a typical supply chain network, the integrity of business transactions should be as important as confidentiality of those transactions. The Clark-Wilson Model is one of the security Models for information integrity for a business environment. This paper attempts to Model the security on a supply chain network using the Clark-Wilson Model by applying the major concepts such as separation of duty and transformation procedures (TP) in different supply chain situations. LITERATURE REVIEW Information Security The word "information" is defined as "Knowledge obtained from investigation, study, or instruction; Intelligence, News; Facts, Data" (Merriam-Webster Online, 2006). And the word "security" is defined as "measures taken to guard against espionage or sabotage, crime, attack, or escape". Therefore, after combine these two definitions, information security can be defined as "measures, for which knowledge obtained from investigation, study, or instruction; intelligence, news taken to guard against espionage or sabotage, crime, attack, or escape". …
-
Security Modeling on the Supply Chain Networks
International Institute of Informatics and Cybernetics, 2007Co-Authors: Marn-ling Shing, Kuo Lane Chen, Chen-chi Shing, Huei LeeAbstract:In order to keep the price down, a purchaser sends out the request for quotation to a group of suppliers in a supply chain network. The purchaser will then choose a supplier with the best combination of price and quality. A potential supplier will try to collect the related information about other suppliers so he/she can offer the best bid to the purchaser. Therefore, confidentiality becomes an important consideration for the design of a supply chain network. Chen et al. have proposed the application of the Bell-Lapadula Model in the design of a secured supply chain network. In the Bell-Lapadula Model, a subject can be in one of different security clearances and an object can be in one of various security classifications. All the possible combinations of (Security Clearance, Classification) pair in the Bell-Lapadula Model can be thought as different states in the Markov Chain Model. This paper extends the work done by Chen et al., provides more details on the Markov Chain Model and illustrates how to use it to monitor the security state transition in the supply chain network
-
Modeling in Confidentiality and Integrity for a Supply Chain Network
2007Co-Authors: Kuo Lane Chen, Marn-ling Shing, Huei Lee, Chen-chi ShingAbstract:Bell-Lapadula Model and Markov Chain Model are used for supply chain networks in the previous literature. However, Bell-Lapadula Model only considers the confidentiality aspect of security. Markov Chain Model is used to simulate the dynamics of the security states. In a typical supply chain network, the integrity of business transactions should be as important as confidentiality of those transactions. The purpose of this paper is to apply Clark-Wilson Model to the supply chain network integrity. The major concepts of the Clark-Wilson Model such as separation of duty, constrained data items, well-formed transactions, and transform procedures are applied to different situations of a supply chain network
Marn-ling Shing - One of the best experts on this subject based on the ideXlab platform.
-
Simulation of a Two-Category Secured Access Database
Communications of the IIMA, 2009Co-Authors: Marn-ling Shing, Kuo Lane Chen, Chen-chi Shing, Huei LeeAbstract:INTRODUCTION In a typical e-commerce database, data is accessed by the public, twenty four hours per day, and seven days per week (Smith, 2006; Halle & Kikinis, 2004). While the Internet is especially vulnerable to exposing confidential information from e-commerce databases through wire or wireless communications, most of the literature discusses how to protect the data integrity of databases. Confidentiality is often ensured using data encryption, but using encryption often degrades database access speed. Additionally, databases are too frequently used to be securely managed, and data privacy is actually never fully monitored (Becker, Amab, & Serra, 2008). Hence, this presents a major problem for databases in ensuring both confidentiality and performance. The Bell-Lapadula Model is a confidentiality Model for system security and has been used by the United States military for years (Bell & Lapadula, 1973, 1975). Chen, Lee, and Yang (2006) and Chen, Shing, lee, and Shing (2007) use the Bell-LaPadual Model to classify suppliers and purchasing companies into different security groups in a supply chain network. Shing, Shing, Chen, and Lee (2006) further suggested Modeling the security state transitions by using Markov Chain Model in which states were created by use of all the combinations of (Security Clearance, Classification) pairs in the Bell-Lapadula Model. Later Shing, Shing, Chen, and Lee (2008, 2009) has extended the Model and provided a simulation experiment to prove the effectiveness of their Model. This study is to continue Shing and Chen's previous work by providing more explanations of the Markov chain Model and to use another simulation set to prove the Model's effectiveness. The next section discusses what categories (Security Clearance, Classification) are in the Bell-Lapadula Model. Then, it attempts to Model a secured database network using a privileged group who may take four different actions in a sequence and a public group who has only two different "read" privileges. Finally, the results from the simulations, as well as several properties, are examined and analyzed. Secured Database Access in a Web Environment In a web environment, a user has to use a simple authentication method (i.e. user id and password) to enter his account or the network. When the user enters sensitive data into a database through a web form, the database normally will use another authentication technique to make sure that the user has the right to access the database (See Figure 1). On December 2006, the retail giant TJX company detected a "suspicious software" on its computer system and later it was confirmed an intrusion and data loss. In this case, database break-in was the result of inappropriate data access control and cost the TJX more than 40 millions (Panko, 2009). [FIGURE 1 OMITTED] [FIGURE OMITTED] [FIGURE OMITTED] There are many methods used to control the confidentiality of data. One of them is the Bell-Lapadula Model which has been used in the military (Bishop, 2003). Assuming in a simplified secured database network, there are only two groups involved: the privileged group and the public group. These privileged groups are called security clearances. In the Model, the privileged group can act on two objects. The actions are either to access system files or to use special software tools. For the public group security clearance, users are to read announcements or advertisements on Web pages. However, users in the public group are not allowed to access system files nor to use special software tools. Furthermore, the privileged group members are allowed access to all of the permissions that the public group enjoys. In the next section, we will discuss another method, the semi-Markov chain Model, to control the security. Semi-Markov Chain Model for Secured Database Access in a Web Environment Like nature disasters, security threats cannot be completely stopped. …
-
A Simulation Study of Confidentiality Modeling in a Secured Supply Chain Network
2008 International Workshop on Education Technology and Training & 2008 International Workshop on Geoscience and Remote Sensing, 2008Co-Authors: Marn-ling Shing, Kuo Lane Chen, Chen-chi Shing, Huei LeeAbstract:In a supply chain network, suppliers normally offer price and service quotes for bidding while the purchasing company usually needs to evaluate suppliers before making buying decision. Due to competition, purchasing company doesnpsilat want suppliers to know anything about purchasing sensitive information except providing itemspsila retail prices and bidding notices. The confidentiality Modeling has been proposed to use the Bell-Lapadula Model and Markov Chain to dynamically monitor the state transitions in a secured supply chain network. This paper explains how to create a secured Model in a simplified supply chain network. The properties of the Model are examined based on two different protocols. We conclude by showing how to simulate the proposed Model to solidify the effectiveness of the proposed Model.
-
Modeling in Confidentiality and Integrity for a Supply Chain Network
Communications of the IIMA, 2007Co-Authors: Kuo Lane Chen, Marn-ling Shing, Huei Lee, Chen-chi ShingAbstract:ABSTRACT Bell-Lapadula Model and Markov Chain Model are used for supply chain networks in the previous literature. However, Bell-Lapadula Model only considers the confidentiality aspect of security. Markov Chain Model is used to simulate the dynamics of the security states. In a typical supply chain network, the integrity of business transactions should be as important as confidentiality of those transactions. The purpose of this paper is to apply Clark-Wilson Model to the supply chain network integrity. The major concepts of the Clark-Wilson Model such as separation of duty, constrained data items, well-formed transactions, and transform procedures are applied to different situations of a supply chain network. INTRODUCTION A supply chain is a sequence of processes that take place between customers, manufacturers/distributors and suppliers (Chopra & Meindl, 2006). Narrow definition of supply chain network, or suppliers relationship management (SRM) is limited to the management of relationship between suppliers and manufacturers (or retail-chain distributors). The broader definition of a supply chain network includes all the parties from customers to suppliers. Therefore, it further includes customer relationship management (CRM), warehousing, production, and product design. Most textbooks use the broader definition for supply chain management. Today most large manufacturers such as General Motor or retail-chain distributors such as Wal-Mart are in the form of supply chain networks. One of the major goals of supply chain management is to minimize the total system costs from customers to suppliers so it can attract and retain customers in a competitive environment. Another major goal of supply chain management is to achieve the efficiency of supply chain network so it can meet the philosophy of just-in-time manufacturing/delivery. The efficiency of a supply chain network is relied on the success of the supply information network software system and IT infrastructure. A broader supply chain network system includes Enterprise Resources Planning (ERP) and Customer Relationship Management (CRM) systems. The Intranet or extranet are examples for IT infrastructure for the supply chain network. Another important issue of a supply chain network is the security of the information system. In a supply chain network, most suppliers may have conflict of interests so the integrity and confidentially of the information is important in a supply chain network. Chen et. al. (2006) proposed the application of Bell-Lapadula Model in the design of a supply chain network. In the Bell-Lapadula Model a subject has a security clearance and an object has a security classification. The goal of the Bell-Lapadula security Model is to prevent "read" access to objects at a security classification higher than the subject's clearance (Bishop, 2003). However, the Bell-Lapadula Model only considers the confidentiality aspect of security. In a typical supply chain network, the integrity of business transactions should be as important as confidentiality of those transactions. The Clark-Wilson Model is one of the security Models for information integrity for a business environment. This paper attempts to Model the security on a supply chain network using the Clark-Wilson Model by applying the major concepts such as separation of duty and transformation procedures (TP) in different supply chain situations. LITERATURE REVIEW Information Security The word "information" is defined as "Knowledge obtained from investigation, study, or instruction; Intelligence, News; Facts, Data" (Merriam-Webster Online, 2006). And the word "security" is defined as "measures taken to guard against espionage or sabotage, crime, attack, or escape". Therefore, after combine these two definitions, information security can be defined as "measures, for which knowledge obtained from investigation, study, or instruction; intelligence, news taken to guard against espionage or sabotage, crime, attack, or escape". …
-
Security Modeling on the Supply Chain Networks
International Institute of Informatics and Cybernetics, 2007Co-Authors: Marn-ling Shing, Kuo Lane Chen, Chen-chi Shing, Huei LeeAbstract:In order to keep the price down, a purchaser sends out the request for quotation to a group of suppliers in a supply chain network. The purchaser will then choose a supplier with the best combination of price and quality. A potential supplier will try to collect the related information about other suppliers so he/she can offer the best bid to the purchaser. Therefore, confidentiality becomes an important consideration for the design of a supply chain network. Chen et al. have proposed the application of the Bell-Lapadula Model in the design of a secured supply chain network. In the Bell-Lapadula Model, a subject can be in one of different security clearances and an object can be in one of various security classifications. All the possible combinations of (Security Clearance, Classification) pair in the Bell-Lapadula Model can be thought as different states in the Markov Chain Model. This paper extends the work done by Chen et al., provides more details on the Markov Chain Model and illustrates how to use it to monitor the security state transition in the supply chain network
-
Modeling in Confidentiality and Integrity for a Supply Chain Network
2007Co-Authors: Kuo Lane Chen, Marn-ling Shing, Huei Lee, Chen-chi ShingAbstract:Bell-Lapadula Model and Markov Chain Model are used for supply chain networks in the previous literature. However, Bell-Lapadula Model only considers the confidentiality aspect of security. Markov Chain Model is used to simulate the dynamics of the security states. In a typical supply chain network, the integrity of business transactions should be as important as confidentiality of those transactions. The purpose of this paper is to apply Clark-Wilson Model to the supply chain network integrity. The major concepts of the Clark-Wilson Model such as separation of duty, constrained data items, well-formed transactions, and transform procedures are applied to different situations of a supply chain network
Zhangxi Tan - One of the best experts on this subject based on the ideXlab platform.
-
security analysis of mandatory access control Model
Systems Man and Cybernetics, 2004Co-Authors: Yixin Jiang, Chuang Lin, Hao Yin, Zhangxi TanAbstract:Mandatory access control (MAC) Model is an important security Model. Based on the lattice Model of security level and Bell-Lapadula Model the definition of MAC security Model is formally described in detail. The equivalent MAC security Model described by colored Petri nets (CPN) is proposed. According to the state reachability graph, four security properties of MAC security Model, i.e. the access temporal relations, the reachability of objects when subject accesses them, hidden security holes due to the dynamic security level, the indirect reasoning of confidential information flow between different objects, are explored at length. In addition, an example of the security Model is illustrated and the conclusions show that the security Model based on Petri nets is not only a concise graphic analysis method, but also suited to be formally verified. This Model can efficiently improve the whole security policies during the system security design and implementation.
-
SMC (6) - Security analysis of mandatory access control Model
2004 IEEE International Conference on Systems Man and Cybernetics (IEEE Cat. No.04CH37583), 1Co-Authors: Yixin Jiang, Chuang Lin, Hao Yin, Zhangxi TanAbstract:Mandatory access control (MAC) Model is an important security Model. Based on the lattice Model of security level and Bell-Lapadula Model the definition of MAC security Model is formally described in detail. The equivalent MAC security Model described by colored Petri nets (CPN) is proposed. According to the state reachability graph, four security properties of MAC security Model, i.e. the access temporal relations, the reachability of objects when subject accesses them, hidden security holes due to the dynamic security level, the indirect reasoning of confidential information flow between different objects, are explored at length. In addition, an example of the security Model is illustrated and the conclusions show that the security Model based on Petri nets is not only a concise graphic analysis method, but also suited to be formally verified. This Model can efficiently improve the whole security policies during the system security design and implementation.
