Figure 2 - uploaded by Adam Doupé
Content may be subject to copyright.
A federated access management framework: the local attribute a1 is transformed into the federated attributes labeled as a2, a3 and a4 by leveraging attribute derivation rules (AD-Rules) implemented by remote peers.
Source publication
With the advent of various collaborative sharing mechanisms such as Grids, P2P and Clouds, organizations including private and public sectors have recognized the benefits of being involved in inter-organizational, multidisciplinary , and col-laborative projects that may require diverse resources to be shared among participants. In particular, an en...
Context in source publication
Context 1
... access management purposes that is intended to support automated resource sharing and the establishment of collaborative projects among independent organizations, each possibly implementing their own secu- rity domain as well as their own dedicated federated ac- cess management infrastructure. A graphical depiction of our approach is shown in Fig. 2: a locally-defined attribute a1 belonging to a given user is transformed into a series of federation-recognized attributes (a2, a3, a4) that are in turn provided by other organizations engaged in a federation and may be used for access control decisions. In order to participate in our proposed federation, partici- pating organizations ...
Similar publications
The fast-changing market and the increasing demand for customised products have imposed manufacturers to improve the flexibility and robustness of their manufacturing execution systems. The ability to recover from exceptional events is fundamental to autonomous manufacturing systems in the era of smart manufacturing. Currently, the various types of...
Citations
... Unlike our method, role mapping is point-to-point and does not require trust management between organizations. A similar approach is proposed in [19] for managing federated access to collaborative network environments. This approach introduces the notion of federated attribute as a solution to the heterogeneity between the local attributes of domains. ...
Service-oriented architectures implemented by web services technologies provide standardized protocols for communicating and sharing information across organizational boundaries. The access control of shared services becomes an essential requirement for a secure federation of services. The identity federation provides part of the response by allowing users to authenticate once in an organization and to access the services of others with its authorization information or attributes. However, in a federation, the organizations may have different access control models and authorization attributes with different or even incompatible semantics. Interoperability between the access control models becomes crucial to the federation of services. Existing federated access control solutions are based on the single sign-on with common authorization attributes or the identity mapping that is not scalable in a service-oriented environment. In this paper, we propose a cross-organizational access control method for the federation of services protected by heterogeneous access control models. Our method is based on a new federation architecture that responds to the heterogeneity of authorization attributes via independent attributes introduced at the federation level.
... While this approach preserves domain autonomy in terms of security, it is difficult to adapt to the authorisations changes at service providers side. The mapping of attributes is also proposed in Rubio-Medrano, Zhao, Doupe, and Ahn [28]. It consists to transform the local attributes using derivation rules to federated attributes, which are attributes defined by the domains but recognised by the federation. ...
Service Oriented Architecture (SOA) provides standardised solutions to share services between various security domains. But acces control to services is defined for each domain, and therefore the federation of security domains brings some flexibility to users of the services. To facilitatethe authentication of users, a solution is a federated access control that relies on the identity federation, which allows an user to authenticate once in one domain and to access the services of others according to her authorisation attributes. Since the access control requirements of services are specified using domain-specific authorisation attributes, the secure sharing of services in the federation becomes a real challenge. On the one hand, domains cannot abandon their access control models in favour of a global one; on the other hand, the redefinition of the access control requirements of services compromises the existing service consumers. This article extends our paper at CARI2020; we propose the promotion of services as a method that consists in publishing the services of domains at the federation level by redefining their access control requirements with the federation’s authorisation attributes. Our promotion method relies on mappings between federation’s authorisation attributes and those of domains to preserve existing service consumers and to support domain autonomy.We formally describe interaction and access to promoted services using operational semantics. The promotion method has been implemented with web services technologies.
L’architecture orientée services (SOA) fournit des solutions standards pour partager des services entre divers domaines de sécurité. Cependant, le contrôle d’accès aux services est défini au niveau de chaque domaine de sécurité, et par conséquent la fédération des domaines apporte une certaine souplesse aux usagers des services des domaines. Pour faciliter l’authentification des utilisateurs, une solution est le contrôle d’accès fédéré, basé sur la fédération d’identités et qui permet à un utilisateur de s’authentifier une fois dans un domaine et d’accéder aux services des autres en fonction de ses droits et attributs. Malheureusement les exigences de contrôle d’accès des services sont spécifiées à l’aide d’attributs d’autorisation spécifiques au domaine, le partage sécurisé des services dans la fédération devient un véritable défi. Les domaines doivent à la fois être autonomes et interopérables vis-à-vis de la fédération. Cet article étend la version proposée pour CARI2020, nous proposons la promotion des services comme solution consistant à publier les services des domaines au niveau de la fédération en redéfinissant leurs exigences de contrôle d’accès avec les attributs d’autorisation de la fédération. Notre méthode de promotion repose sur des correspondances entre les attributs d’autorisation de la fédération et ceux des domaines pour préserver les clients hors fédération. Nous décrivons formellement l’interaction et l’accès aux services promus en utilisant des règles de sémantique opérationnelle. Une mise en oeuvre de la méthode est proposée par des services Web.
... -Authentication and authorization: Basically, authentication and authorization are widely used to verify the user's identity, prove their privileges before gaining access to the target resources, and then their permissions are granted accordingly. For example, role-based access control [124], attribute-based access control [240], or federated access control [202], can be candidate mechanisms. -End-to-end Encryption: To protect data confidentiality and integrity, encryption mechanism is always applied to the data that are outsourced to the untrusted network. ...
This thesis is intended to explore security issues in the virtualized and software-defined world, and starts with two important hypotheses: (1) SDN and NFV offer plenty of opportunities for us to rethink security management in the new networking paradigms; (2) both legacy and new security threats and vulnerabilities in NFV/SDN enabled environments need to be sufficiently addressed in order to pave the way for their further development and deployment. To validate the hypotheses, we carry out an in-depth study on NFV/SDN from security perspective, including its architecture, management and orchestration (MANO) framework, and use cases, leading to two major contributions, (1) a security management and orchestration framework (called SecMANO) based on NFV MANO, which has the potential to manage a set of policy-driven security mechanisms, such as access control, IDS/IPS, network isolation, data protection; (2) a comprehensive threat analysis on five NFV use cases and the state-of-the-art security countermeasures, resulting in a NFV layer-specific threat taxonomy and a set of security recommendations on securing NFV based services.We believe that both of the two contributions lay down a foundation for security research in NFV/SDN domain. In particular, based on the two contributions, we further develop a security orchestrator as an extension of available NFV orchestrator, with an objective to enabling the basic security functions to be effectively orchestrated and provided as on-demand services to the customers, meanwhile allowing high-level security policies to be specified and enforced in a dynamic and flexible way. Specifically, a software-defined access control paradigm is implemented and prototyped with OpenStack and Tacker (a NFV orchestrator using TOSCA model), which allows the security administrators to dynamically customize the access control models and policies for different tenant domains, eventually achieving flexible and scalable protection across different layers and multiple cloud data centers. Both prototype of concept and real-life experiments on testbed have been carried out, clearly demonstrating the feasibility and effectiveness of our security orchestrator.In addition, as our NFV cross-layer threat taxonomy indicates, a large set of novel threats will be introduced, among which VNF (Virtualized Network Function) is a unique and important asset that deserves careful protection. The fourth contribution of this thesis is therefore devoted to achieving secure and dependable SFC (Service Function Chaining) in NFV and SDN environment. Specifically, an identity-based ordered multisignature scheme called SecSFC is designed and applied to ensure that, (1) each service function involved in a particular service chain is authenticated and legitimate; (2) all the service functions are chained in a consistent, optimal, and reliable way, meeting with the pre-defined high-level specifications like VNF Forwarding Graph. Both theoretical security analysis and experimental results demonstrate that our scheme can effectively defend against a large set of destructive attacks like rule modification and topology tempering, moving an important step towards secure and dependable SFC. Importantly, the signature construction and validation process is lightweight, generating compact and constant-size keys and signatures, thereby only incurring minimal computational overhead and latency
... Cross-organizational tracking of assets also is in need of access-control in order to avoid unintended confidentiality leaks [23]. Access-control for the provisioning of attributes and policies in collaborative network environments is developed in [44]. Work that uses domain knowledge and semantic relations between data and data usage, see e.g. ...
We are living in an age in which digitization will connect more and more physical assets with IT systems and where IoT endpoints will generate a wealth of valuable data. Companies, individual users, and organizations alike therefore have the need to control their own physical or non-physical assets and data sources. At the same time, they recognize the need for, and opportunity to, share access to such data and digitized physical assets. This paper sets out our technology vision for such sharing ecosystems, reports initial work in that direction, identifies challenges for realizing this vision, and seeks feedback and collaboration from the academic access-control community in that R\&D space.
... Crossorganizational tracking of assets also is in need of access-control in order to avoid unintended confidentiality leaks [23]. Access-control for the provisioning of attributes and policies in collaborative network environments is developed in [44]. Work that uses domain knowledge and semantic relations between data and data usage, see e.g. ...
We are living in an age in which digitization will connect more and more physical assets with IT systems and where IoT endpoints will generate a wealth of valuable data. Companies, individual users, and organizations alike therefore have the need to control their own physical or non-physical assets and data sources. At the same time, they recognize the need for, and opportunity to, share access to such data and digitized physical assets. This paper sets out our technology vision for such sharing ecosystems, reports initial work in that direction, identifies challenges for realizing this vision, and seeks feedback and collaboration from the academic access-control community in that R&D space.
... -Authentication and authorization: Basically, authentication and authorization are widely used to verify the user's identity, prove their privileges before gaining access to the target resources, and then their permissions are granted accordingly. For example, role-based access control [151], attribute-based access control [131], or federated access control [152], can be candidate mechanisms. -End-to-end Encryption: To protect data confidentiality and integrity, encryption mechanism is always applied to the data that are outsourced to the untrusted network. ...
... Recently, attribute-based access control (ABAC) [1], has attracted the interest of both academia and industry as a convenient means of protecting computer systems from security-related incidents. As ABAC evolves into a mature paradigm and various implementations are successfully deployed in practice, attributes originating from different sources may be leveraged for expressing rich policies that better meet the specific needs of customized environments [4]. Such a paradigm, while allowing for enhanced flexibility and convenience, may also introduce non-trivial security vulnerabilities. ...
In recent years, attribute-based access control has been recognized as a convenient way to specify access mediation policies that leverage attributes originating from different security domains, e.g., independently-run organizations or supporting platforms. However, this new paradigm, while allowing for enhanced flexibility and convenience, may also open the door to new kinds of attacks based on forging or impersonating attributes, thus potentially allowing for attackers to gain unintended access to protected resources. In order to alleviate this problem, we present an ongoing effort based on moving target defense, an emerging technique for proactively providing security measurements.
In our approach, we aim to analyze attribute-based data obtained at runtime in order to dynamically change policy configurations over time. We present our approach by leveraging a case study based in electronic health records, another trending methodology widely used in practice for mediating access to sensitive healthcare information in mission-critical applications.
