A trusted subject architecture for multilevel secureobject-oriented databases

We address security in object-oriented database systems for multilevel secure environments. Such an environment consists of users cleared to various security levels, accessing information labeled with varying classifications. Our purpose is three-fold. First, we show how security can be naturally incorporated into the object model of computing so as to form a foundation for building multilevel secure object-oriented database management systems. Next, we show how such an abstract security model can be realized under a cost-effective, viable, and popular security architecture. Finally, we give security arguments based on trusted subjects and a formal proof to demonstrate the confidentiality of our architecture and approach. A notable feature of our solution is the support for secure synchronous write-up operations. This is useful when low level users want to send information to higher level users. In the object-oriented context, this is naturally modeled and efficiently accomplished through write-up messages sent by low level subjects. However, such write-up messages can pose confidentiality leaks (through timing and signaling channels) if the timing of the receipt and processing of the messages is observable to lower level senders. Such covert channels are a formidable obstacle in building high-assurance secure systems. Further, solutions to problems such as these have been known to involve various tradeoffs between confidentiality, integrity, and performance. We present a concurrent computation model that closes such channels while preserving the conflicting goals of confidentiality, integrity, and performance. Finally, we give a confidentiality proof for a trusted subject architecture and implementation and demonstrate that the trusted subject (process) cannot leak information in violation of multilevel security     

Trust-based security in pervasive computing environments

Traditionally, stand-alone computers and small networks rely on user authentication and access control to provide security. These physical methods use system-based controls to verify the identity of a person or process, explicitly enabling or restricting the ability to use, change, or view a computer resource. However, these strategies are inadequate for the increased flexibility that distributed networks such as the Internet and pervasive computing environments require because such systems lack central control and their users are not all predetermined. Mobile users expect to access locally hosted resources and services anytime and anywhere, leading to serious security risks and access control problems. We propose a solution based on trust management that involves developing a security policy, assigning credentials to entities, verifying that the credentials fulfill the policy, delegating trust to third parties, and reasoning about users' access rights. This architecture is generally applicable to distributed systems but geared toward pervasive computing environments     

A graph-theoretical model of computer security

We describe a model of computer security that applies results from the statistical properties of graphs to human-computer systems. The model attempts to determine a safe threshold of interconnectivity in a human-computer system by ad hoc network analyses. The results can be applied to physical networks, social networks and networks of clues in a forensic analysis. Access control, intrusions and social engineering can also be discussed as graph- and information-theoretical relationships. Groups of users and shared objects, such as files or conversations, provide communication channels for the spread of both authorized and unauthorized information. We present numerical criteria for measuring the security of such systems and algorithms for finding the vulnerable points.     

Database intrusion detection using sequence alignment

Information is considered to be the most valuable asset of any organization and hence, it should be securely maintained. However, rapid proliferation of the Internet and Web applications has increased the threat of information security breaches. Traditional database security mechanisms are often not sufficient to protect sensitive information against novel attacks. Intrusion detection systems (IDS) are used to detect any such intrusion, once traditional security mechanisms have been compromised. User-level profile is effective for database intrusion detection, but maintaining such profiles is not practical for an organization with a large number of users. Thus, an IDS needs to be flexible enough to choose a profile granularity according to the type of the organization. Further, only intra-transactional pattern matching for intrusion detection is not quite effective for detecting intrusion in a database. We propose an IDS that uses inter-transactional as well as intra-transactional features for intrusion detection. It supports selection of profile and transactional feature granularity as well. We use sequence alignment as a tool for comparing database access patterns of genuine users and intruders.     

Knowledge discovery and system-user partnership: On a production “adversarial partnership” approach

We examine the relationship between systems and their users from the knowledge discovery perspective. Recently knowledge discovery in databases has made important progress, but it may also bring some potential problems to database design, such as issues related to database security, because an unauthorised user may derive highly sensitive knowledge from unclassified data. In this paper we point out that there is a need for a comprehensive study on knowledge discovery in human-computer symbiosis. Borrowing terms from algorithm design and artificial intelligence literature, we propose a notion called database-user adversarial partnership. We point out that this notion is general enough to cover various knowledge discovery and security of issues related to databases and their users. Furthermore, we point out the notion of database-user adversarial partnership can be further generalised into system-user adversarial partnership. Opportunities provided by knowledge discovery techniques and potential social implications are also discussed.     

Attacks and Remedies in Collaborative Recommendation

Collaborative-filtering recommender systems are an electronic extension of everyday social recommendation behavior: people share opinions and decide whether or not to act on the basis of what they hear. Collaborative filtering lets you scale such interactions to groups of thousands or even millions. Publicly accessible user-adaptive systems such as collaborative recommender systems introduce security issues that must be solved if users are to perceive these systems as objective, unbiased, and accurate.     

Secure Encrypted Steganography Graphical Password scheme for Near Field Communication smartphone access control system

The revolutionary development of smartphone which offers compelling computing and storage capabilities has radically changed the digital lifestyles of users. The integration of Near Field Communication (NFC) into smartphone has further opened up opportunities for new applications and business models such as in industry for payment, electronic ticketing and access control systems. NFC and graphical password scheme are two imperative technologies that can be used to achieve secure and convenient access control system. One of the potential uses of such technologies is the integration of steganography graphical password scheme into NFC-enabled smartphone to transcend conventional digital key/tokens access control systems into a more secure and convenient environment. Smartphone users would have more freedom in customizing the security level and how they interact with the access control system. As such, this paper presents a secure two-factor authentication NFC smartphone access control system using digital key and the proposed Encrypted Steganography Graphical Password (ESGP). This paper also validates the user perception and behavioral intention to use NFC ESGP smartphone access control system through an experiment and user evaluation survey. Results indicated that users weigh security as a dominant attribute for their behavioral intention to use NFC ESGP smartphone access control system. Our findings offer a new insight for security scholars, mobile device service providers and expert systems to leverage on the two-factor authentication with the use of NFC-enabled smartphone.     

Security Usability

In the security community, we’ve always recognized that our security proposals come with certain costs in terms of usability. Traditionally, that’s the compromise we make to get security. But the market has ruled against us. Time and time again, our fielded secure systems are ignored, bypassed, turned off, or constrained to such a small part of the process that the security result is practically nonexistent. Even worse for our mental self-satisfaction, those systems that claim to deliver security to users simply don’t pass muster--they’re not what we’d like to think of as secure systems.     

Design and implementation of a database inference controller

The Inference Problem compromises database systems which are usually considered to be secure. here, users pose sets of queries and infer unauthorized information from the responses that they obtain. An Inference Controller is a device that prevents and/or detects security violations via inference. We are particularly interested in the inference problem which occurs in a multilevel operating environment. In such an environment, the users are cleared at different security levels and they access a multilevel database where the data is classified at different sensitivity levels. A multilevel secure database management system (MLS/DBMS) manages a multilevel database where its users cannot access data to which they are not authorized. However, providing a solution to the inference problem, where users issue multiple requests and consequently infer unauthorized knowledge is beyond the capability of currently available MLS/DBMSs. This paper describes the design and prototype development of an Inference Controller for a MLS/DBMS that functions during query processing. To our knowledge this is the first such inference controller prototype to be developed. We also describe some extensions to the inference controller so that an integrated solution can be provided to the problem.     

A group‐oriented secure multiagent platform

Security is becoming a major concern in multiagent systems, since an agent's incorrect or inappropriate behaviour may cause non‐desired effects, such as money and data loss. Some multiagent platforms (MAP) are now providing baseline security features, such as authentication, authorization, integrity and confidentiality. However, they fail to support other features related to the sociability skills of agents such as agent groups. What is more, none of the listed MAPs provide a mechanism for preserving the privacy of the users (regarding their identities) that run their agents on such MAPs. In this paper, we present the security infrastructure (SI) of the Magentix MAP, which supports agent groups and preserves user identity privacy. The SI is based on identities that are assigned to all the different entities found in Magentix (users, agents and agent groups). We also provide an evaluation of the SI describing an example application built on top of Magentix and a performance evaluation of it. Copyright © 2010 John Wiley & Sons, Ltd.     

构建安全的局域网策略

网络安全是一门涉及计算机科学、网络技术、密码技术、信息安全技术、应用数学、数论、信论等多种学科的综合性学科,它涉及的因素主要包括物理安全、系统安全、信息安全和文化安全等范围。局域网络中人为的、非人为的,有意的、无意的;非法用户入侵、计算机病毒、黑客的不断侵袭等随时威胁局域网的安全。随着计算机网络技术迅速发展,网络安全问题也日渐突出。该文分析了威胁局域网安全的主要因素,探讨了从物理环境、网络层、应用层以及管理制度方面,运用VPN、NAT、VLAN、IDS、身份验证等技术构建安全局域网的策略。     

Securing systems against external programs

Internet users routinely and often unknowingly download and run programs, such as Java applets; and some Web servers let users upload external programs and run them on the server. Although the practice of executing these external programs has the sanction of widespread use, its security implications haven't yet been systematically addressed. In the brief, dynamic history of the Internet, such a situation is not unusual. New communication mechanisms and computing paradigms are often implemented before the security issues they engender have been rigorously analyzed. Our goal is to address this problem in the subdomain of external programs by systematically outlining security issues and classifying current solutions. Our focus is solely on protecting a host from external programs. We do not address the problem of protecting the communication medium or protecting an external program from runtime systems. Furthermore, we do not address the problem of correctly identifying the source of an external program (authentication). We start our inquiry by reviewing the relevant models of computation, followed by an overview of the security problems associated with them. We then classify both the problems and the existing solutions using a resource-centric model that distinguishes problems associated with resource access from those associated with resource consumption. Finally, we classify solutions to each problem according to how and when they are applied     

How users perceive and respond to security messages: a NeuroIS research agenda and empirical study

Users are vital to the information security of organizations. In spite of technical safeguards, users make many critical security decisions. An example is users’ responses to security messages – discrete communication designed to persuade users to either impair or improve their security status. Research shows that although users are highly susceptible to malicious messages (e.g., phishing attacks), they are highly resistant to protective messages such as security warnings. Research is therefore needed to better understand how users perceive and respond to security messages. In this article, we argue for the potential of NeuroIS – cognitive neuroscience applied to Information Systems – to shed new light on users’ reception of security messages in the areas of (1) habituation, (2) stress, (3) fear, and (4) dual-task interference. We present an illustrative study that shows the value of using NeuroIS to investigate one of our research questions. This example uses eye tracking to gain unique insight into how habituation occurs when people repeatedly view security messages, allowing us to design more effective security messages. Our results indicate that the eye movement-based memory (EMM) effect is a cause of habituation to security messages – a phenomenon in which people unconsciously scrutinize stimuli that they have previously seen less than other stimuli. We show that after only a few exposures to a warning, this neural aspect of habituation sets in rapidly, and continues with further repetitions. We also created a polymorphic warning that continually updates its appearance and found that it is effective in substantially reducing the rate of habituation as measured by the EMM effect. Our research agenda and empirical example demonstrate the promise of using NeuroIS to gain novel insight into users’ responses to security messages that will encourage more secure user behaviors and facilitate more effective security message designs.     

Embedded security in a pervasive world

Embedded systems have become an integral part of our everyday life. Devices like vehicles, household appliances, and cell phones are already equipped with embedded microcontrollers. The networking of the myriads of embedded devices gives rise to the brave new world of pervasive computing. Pervasive computing offers enormous advantages and opportunities for users and businesses through new applications, increased comfort, and cost reduction. One often overlooked aspect of pervasive computing, however, are new security threats.This article describes security issues in current and future pervasive security scenarios, ranging from privacy threats and unreliable products to loss of revenue. We also highlight the opportunities, such as new business models, which are enabled through strong embedded security solutions. Current research issues are also summarized. As case studies, we introduce security aspects in future automotive systems and in ad-hoc networks.     

信息系统安全通过程序设计多方位控制策略的探讨

信息系统安全需要从多方面予以保障。可是,人们当前在很多情况下是分开考虑的,比如有些主要从数据库方面关注,考虑数据库自身的数据安全、访问控制和数据一致性;而有些着眼于从程序结构、设计方法等来满足系统安全。实际中,用户使用数据库中的数据不是直接从中得到的,而是经过展现在他们面前的程序界面实现的,从用户看到的
的程序界面到数据库本身的数据,中间可能经过了多个程序控制的环节,而将数据库和程序设计一起考虑,如何提高系统的安全性并不多见。本文探讨了如何通过程序设计对数据库进行多方位控制来保证信息系统所使用的数据的安全。     

A user friendly authentication scheme with anonymity for wireless communications

Secure user authentication is an important issue for wireless environment such as GSM, CDPD, and 3G and 4G wireless systems. Especially, anonymity of the mobile users should be guaranteed to protect the privacy of the mobile users. This paper proposes a user friendly authentication scheme with anonymity for wireless communications that not only can overcome the weaknesses of the previous related schemes, but also can provide efficiency and security to suitable for battery-powered mobile devices in wireless communication systems.     

The security service rating design for IT convergence services

There has been damage to users due to security problems such as personal information leaks and spam etc. by IT convergence in various information communication industries. Since where the responsibility for this damage lies, compensation systems and damage estimation criteria have not been prepared yet, its compensation is solved by civil litigation between service providers and users. In addition, for security services provided, the standardized clauses of a contract with consumers are provider-oriented articles to be disadvantageous to service users, and detailed compensation criteria have not been prepared in reality. Therefore, it is time to need to prepare a damage compensation system and an estimation criterion for protecting users against technical and legal troubles that could arise when providing security services. In order to solve these problems, this paper developed a damage compensation index for sustainable security service. In detail, by analyzing damage compensation criteria and cases for general information communication services, a damage compensation index on security services was developed for a goal of VoIP services. It could offer voluntary improvement of service quality for service providers, and simplicity of damage compensation for users. Additionally, it could socially give benefits of increasing the number of companies to apply the security SLA and mitigating legal disputes.     

ProgramID

Although systems engineers have developed powerful tools for measuring, modeling, and optimizing system performance, system security is much less well understood. This paper discusses the issue of system security in the context of Internet security and introduces a simple idea called ProgramID. ProgramID is an example of a strategy based on a principle we call think globally, act locally (TGAL), a general principle for distributed, decentralized management of networks. Under the TGAL principle, a combination of simple security strategies acting at a local level can produce measurable increases in global security. ProgramID can be implemented via a simple service that users can add to their operating system to force programs to identify themselves before they can execute. This gives individual computer users an extra layer of protection against malicious programs such as the increasingly prevalent email viruses. Using epidemic-like models, we analyze how global security is impacted when some fraction of Internet users have ProgramID protection.     

Open source security: opportunity or oxymoron?

As the computer industry focuses on system and network security, a growing number of users are taking a closer look at open source software in order to gauge whether its potential advantages outweigh its possible disadvantages. Although open source security has been around for years, it has never been as widely used as open source products like the Linux OS or Apache Web server have been. John Pescatore, Internet security research director at market-research firm Gartner Inc., said open source security tools now represent 3 to 5 percent of security-software usage but could comprise 10 to 15 percent by 2007. A key factor in this potential growth is the quality of numerous open source security packages. Open source software products include free tools that users can download from the Internet, packages that come with commercial vendor support, and tools bundled with closed source products. The most popular tools include Netfilter and iptables; intrusion-detection systems such as Snort, Snare, and Tripwire; vulnerability scanners like Nessus and Saint; authentication servers such as Kerberos; and firewalls like T.Rex. Some companies are even beginning to use open source security to protect mission-critical applications