Derivation of trust federation for collaborative business processes

Service Oriented Architecture (SOA) is considered to be an important enabler of Internet of Services. By adopting SOA in development, business services can be offered, mediated, and traded as web services, so as to support agile and dynamic business collaborations on the Internet. Business collaboration is often implemented as cross-enterprise processes and involves more than one business entity which agrees to join the collaboration. To enable trustworthy and secure provision of services and service composition across enterprise boundaries, trust between business participants must be established, that is, user identities and access rights must be federated, to support business functions defined in the business processes. This paper proposes an approach which derives trust federation from formally described business process models, such as BPMN and WS-CDL processes, to automate security configuration of business collaborations. The result of the derivation is trust policies which identify trust relationships between business participants and can be enforced in enterprises’ service runtimes with support of a policy deployment infrastructure.     

EXAM: a comprehensive environment for the analysis of access control policies

Policy integration and inter-operation is often a crucial requirement when parties with different access control policies need to participate in collaborative applications and coalitions. Such requirement is even more difficult to address for dynamic large-scale collaborations, in which the number of access control policies to analyze and compare can be quite large. An important step in policy integration and inter-operation is to analyze the similarity of policies. Policy similarity can sometimes also be a pre-condition for establishing a collaboration, in that a party may enter a collaboration with another party only if the policies enforced by the other party match or are very close to its own policies. Existing approaches to the problem of analyzing and comparing access control policies are very limited, in that they only deal with some special cases. By recognizing that a suitable approach to the policy analysis and comparison requires combining different approaches, we propose in this paper a comprehensive environment—EXAM. The environment supports various types of analysis query, which we categorize in the paper. A key component of such environment, on which we focus in the paper, is the policy analyzer able to perform several types of analysis. Specifically, our policy analyzer combines the advantages of existing MTBDD-based and SAT-solver-based techniques. Our experimental results, also reported in the paper, demonstrate the efficiency of our analyzer.     

Minimal privacy authorization in web services collaboration

With the popularity of Internet technology, web services are becoming the most promising paradigm for distributed computing. This increased use of web services has meant that more and more personal information of consumers is being shared with web service providers, leading to the need to guarantee that the private data of consumers are not illegitimate collected, used and disclosed in services collaboration. This paper studies how to realize the minimal privacy authorization while achieving the functional goals. Initially, this paper uses authorization policies to specify the privacy privileges of the services collaboration, and utilizes the trust relationships among services to make authorization decision. Next, it models the interface behaviors of services by extending the interface automata to support privacy semantics. Furthermore, it quantitatively analyzes the minimum set of privacy privileges which are required by the services to achieve the functional goals, and presents the minimal authorization algorithm, which helps us to automatically derive optimal authorization policies for a services collaboration. Finally, it verifies the correctness and efficiency of the approach proposed by this paper through a case study.     

Specification and enforcement of flexible security policy for active cooperation

Interoperation and services sharing among different systems are becoming new paradigms for enterprise collaboration. To keep ahead in strong competition environments, an enterprise should provide flexible and comprehensive services to partners and support active collaborations with partners and customers. Achieving such goals requires enterprises to specify and enforce flexible security policies for their information systems. Although the area of access control has been widely investigated, current approaches still do not support flexible security policies able to account for different weighs that typically characterize the various attributes of the requesting parties and transactions and reflect the access control criteria that are relevant for the enterprise. In this paper we propose a novel approach that addresses such flexibility requirements while at the same time reducing the complexity of security management. To support flexible policy specification, we define the notion of restraint rules for authorization management processes and introduce the concept of impact weight for the conditions in these restraint rules. We also introduce a new data structure for the encoding of the condition tree as well as the corresponding algorithm for efficiently evaluating conditions. Furthermore, we present a system architecture that implements above approach and supports interoperation among heterogeneous platforms.     

An innovative simulation environment for cross-domain policy enforcement

With the development of policy management systems, policy-based management has been introduced in cross-domain organization collaborations and system integrations. Theoretically, cross-domain policy enforcement is possible, but in reality different systems from different organizations or domains have very different high-level policy representations and low-level enforcement mechanisms, such as security policies and privacy configurations. To ensure the compatibility and enforceability of one policy set in another domain, a simulation environment is needed prior to actual policy deployment and enforcement code development. In most cases, we have to manually write enforcement codes for all organizations or domains involved in every collaboration activity, which is a huge task. The goal of this paper is to propose an enforcement architecture and develop a simulation framework for cross-domain policy enforcement. The entire environment is used to simulate the problem of enforcing policies across domain boundaries when permanent or temporary collaborations have to span multiple domains. The middleware derived from this simulation environment can also be used to generate policy enforcement components directly for permanent integration or temporary interaction. This middleware provides various functions to enforce policies automatically or semi-automatically across domains, such as collecting policies of each participant domain in a new collaboration, generating policy models for each domain, and mapping specific policy rules following these models to different enforcement mechanisms of participant domains.     

一种基于元模型的访问控制策略描述语言

为了保护云资源的安全,防止数据泄露和非授权访问,必须对云平台的资源访问实施访问控制.然而,目前主流云平台通常采用自己的安全策略语言和访问控制机制,从而造成两个问题：（1）云用户若要使用多个云平台,则需要学习不同的策略语言,分别编写安全策略;（2）云服务提供商需要自行设计符合自己平台的安全策略语言及访问控制机制,开发成本较高.对此,提出一种基于元模型的访问控制策略描述语言PML及其实施机制PML-EM.PML支持表达BLP、RBAC、ABAC等访问控制模型.PML-EM实现了3个性质：策略语言无关性、访问控制模型无关性和程序设计语言无关性,从而降低了用户编写策略的成本与云服务提供商开发访问控制机制的成本.在OpenStack云平台上实现了PML-EM机制.实验结果表明,PML策略支持从其他策略进行自动转换,在表达云中多租户场景时具有优势.性能方面,与OpenStack原有策略相比,PML策略的评估开销为4.8%.PML-EM机制的侵入性较小,与云平台原有代码相比增加约0.42%.     

多自治域协同环境中群组通信的安全访问控制

支持多自治域协作的安全通信环境是大规模分布式应用的基础,群通信由于高效、可伸缩等特点,成为这种协作环境的一种基本通信方式．然而,由于没有集中的控制中心,实体分别隶属于异构的自治域且动态变化,引发了大量新的安全访问控制问题．针对多域协作的异构性和动态性特点,提出一套基于角色的分布式信任管理的解决方案,重点解决了动态联合授权以及基于属性的委托授权．在此基础上建立了一套较完整的安全通信体系,包括安全策略的协商、信任证的颁发、信任证与安全策略的一致性验证以及用户访问权限论证等．它为多域协作环境的群通信提供了更加灵活、可靠、安全的访问控制模式．     

Enforcing security in semantics driven policy based networks

Security is an important requirement in scenarios such as mobile computing that allow users to make meaningful ad hoc collaborations. Traditional security solutions are not feasible for these scenarios due to the varying nature of the collaborations. We propose an extensible framework that takes the semantics of the collaboration into account and uses semantics driven policies for enforcing security. Our policies are rooted in semantic web languages which make them amenable to interoperability and high level reasoning. We describe our policy based network that exploits packet content semantics to secure enterprise networks and the BGP routing process.     

基于属性和主体、操作和客体分层描述的逻辑授权语言

安全策略是访问控制的核心,安全策略的描述、验证和执行离不开授权语言。在实际应用中,安全需求具有复杂性和动态性的特.奴,而现有的授权语言不能很好地适应这一特点,并不能对多种访问控制策略提供足够的支持。提出了一种基于属性和主体、操作和客体分层描述的逻辑授权语言((SOOSAL) 。SOOSAL以一阶逻辑为基础,通过谓词对主体、客体和操作进行刻画,并以分层的方式通过规则对主体、操作和客体之间的关系进行描述。此外,SOOSAI从逻辑语义世界假设的角度对现实世界中的策略进行了分类:封闭性世界策略和开放性世界策略,并对这两种策略的安全性进行了讨论,给出安全性问题的简单解决方案。实例结果表明,SOOSAI、具有较强的策略描述能力,能更好地实现策略的动态变化,并对不同的安全需求和授权原则提供良好的支持。     

A framework for collaboration moderator services to support knowledge based collaboration

Knowledge sharing is a major challenge for collaborative networks and is essential to improve the productivity and quality of decisions taken by both collaborative networks and their member organisations. A critical aspect of effective knowledge sharing within virtual organizations (VOs) is the identification of the most appropriate knowledge for reuse or exploitation in a particular context, as this requires efficient tools and mechanisms for its identification, sharing or transfer. Additionally, partners need to be aware of when knowledge needs to be shared, the implications of doing so and when their decisions are likely to affect other partners within the collaboration. Therefore, tools and methods are needed for identification, acquisition, maintenance and evolution of knowledge and to support effective knowledge sharing which includes awareness of possible consequences of actions and increased awareness of other partner’s needs during the collaboration. The Collaboration Moderator Services (CMS) are designed to address these issues relating to knowledge based collaboration by providing a set of functionalities to raise users’ awareness of opportunities, problem areas and lessons learnt from and during collaborations. This paper presents the system architecture and specifications of the CMS within the context of the SYNERGY system, whose purpose is to offer interoperable service utilities to help enterprises plan, setup and run complex knowledge collaborations. The CMS are designed to support both individual organizations and collaborations as a whole throughout the VO lifecycle and the different functionalities provided by CMS to achieve this are discussed in this paper.     

授权与访问控制策略模型的研究

针对现有授权与访问控制系统大规模、跨地域、分布式、多应用的发展趋势,在分析系统中策略分类和策略管理的作用的基础上,从策略之间的约束关系和策略作用范围的角度出发,创建了适应分布式环境的策略层次、策略作用域模型。     

Enhancing grid security by fine-grained behavioral control and negotiation-based authorization

Nowadays, Grid has become a leading technology in distributed computing. Grid poses a seamless sharing of heterogeneous computational resources belonging to different domains and conducts efficient collaborations between Grid users. The core Grid functionality defines computational services which allocate computational resources and execute applications submitted by Grid users. The vast models of collaborations and openness of Grid system require a secure, scalable, flexible and expressive authorization model to protect these computational services and Grid resources. Most of the existing authorization models for Grid have granularity to manage access to service invocations while behavioral monitoring of applications executed by these services remains a responsibility of a resource provider. The resource provider executes an application under a local account, and acknowledges all permissions granted to this account to the application. Such approach poses serious security threats to breach system functionality since applications submitted by users could be malicious. We propose a flexible and expressive policy-driven credential-based authorization system to protect Grid computational services against a malicious behavior of applications submitted for the execution. We split an authorization process into two levels: a coarse-grained level that manages access to a computational service; and a fine-grained level that monitors the behavior of applications executed by the computational service. Our framework guarantees that users authorized on a coarse-grained level behave as expected on the fine-grained level. Credentials obtained on the coarse-grained level reflect on fine-grained access decisions. The framework defines trust negotiations on coarse-grained level to overcome scalability problem, and preserves privacy of credentials and security policies of, both, Grid users and providers. Our authorization system was implemented to control access to the Globus Computational GRAM service. A comprehensive performance evaluation shows the practical scope of the proposed system.

基于任务的授权控制及其实现

随着数据库、网络和分布式计算的发展，组织任务进一步自动化，与服务相关的信息进一步计算机化，这促使我们将安全问题方面的注意力,从静态的主体和客体保护转移到随着任务执行而进行动态授权保护。为适应需要，本文提出一种新的访问控制模型－基于任务的授权控制，文章最后给出了部分实现思路。     

A secure collaboration service for dynamic virtual organizations

Nowadays, various promising paradigms of distributed computing over the Internet, such as Grids, P2P and Clouds, have emerged for resource sharing and collaboration. To enable resources sharing and collaboration across different domains in an open computing environment, virtual organizations (VOs) often need to be established dynamically. However, the dynamic and autonomous characteristics of participating domains pose great challenges to the security of virtual organizations. In this paper, we propose a secure collaboration service, called PEACE-VO, for dynamic virtual organizations management. The federation approach based on role mapping has extensively been used to build virtual organizations over multiple domains. However, there is a serious issue of potential policy conflicts with this approach, which brings a security threat to the participating domains. To address this issue, we first depict concepts of implicit conflicts and explicit conflicts that may exist in virtual organization collaboration policies. Then, we propose a fully distributed algorithm to detect potential policy conflicts. With this algorithm participating domains do not have to disclose their full local privacy policies, and is able to withhold malicious internal attacks. Finally, we present the system architecture of PEACE-VO and design two protocols for VO management and authorization. PEACE-VO services and protocols have successfully been implemented in the CROWN test bed. Comprehensive experimental study demonstrates that our approach is scalable and efficient.     

B2B collaboration through web services-based multi-agent system

Web services open a door for better B2B collaboration in large distributed environment such as Internet. Process-oriented systems like workflow management systems have been taking the main role for web service-based B2B collaboration in such an environment. However, conventional workflow management systems don’t offer complete solutions for B2B collaborations considering many unsolved issues such as security, trust and complex and flexible interaction handling. In this paper, we propose a web service-based multi-agent platform, which can be used as a complementary solution for B2B collaborations. It fits naturally into the B2B interaction model and provides a very loosely coupled open system architecture.     

Flexible secure inter-domain interoperability through attribute conversion

The access control policy of an application that is composed of interoperating components/services is defined in terms of the access control policies enforced by the respective services. These individual access control policies are heterogenous in the sense that the services may be independently developed and managed and it is not practical to assume that all policies are defined with respect to some uniform domain vocabulary of policy attributes. A framework is described that provides a domain mapping for heterogenous policies. A fuzzy-based conversion mechanism determines the degree to which an access control attribute of one (service) policy may safely interoperate with an access control attribute of another (service) policy. The approach is scalable in the sense that it is not necessary to a priori specify every pairwise policy interoperation relationship, rather, where obvious interpretations exist then policy relationships are specified, while other relationships are inferred using the fuzzy mechanism.     

A graph theoretic approach to authorization delegation and conflict resolution in decentralised systems

The problem of resolving conflicts in delegated authorizations has not been systematically addressed by researchers. In (Ruan and Varadharajan in Proceedings of the 7th Australasian Conference on Information Security and Privacy, pp. 271–285, 2002) we proposed a graph based framework that supports authorization delegation and conflict resolution. In this paper, we have extended the model to allow grantors of delegations to express degrees of certainties about their delegations and grants of authorizations. This expression of certainty gives the subjects (e.g. users) more flexibility to control their delegations of access rights. We propose a new conflict resolution policy based on weighted lengths of authorization paths. This policy provides a greater degree of flexibility in that it enables to specify and analyse the effect of predecessor-successor relationship as well as the weights of authorizations on the conflicts. We present a detailed algorithm to evaluate authorization delegations and conflict resolutions. The correctness proof and time complexity of the algorithm are also provided. Since in a dynamic environment, the authorization state is not static, we have considered how authorization state changes occur and have developed an algorithm to analyse authorization state transformations and given correctness proofs. Finally, we discuss how to achieve a global decision policy from local authorization policies in a distributed environment. Three integration models based on the degrees of node autonomy are proposed, and different strategies of integrating the local policies into the global policies in each model are systematically discussed.