Adrian Baldwin

Towards a more complete model of role

In order to manage the use of roles for the purpose of access control, it is important to look at attributes beyond the consideration of capability assignment. Fundamentally, a generic attribute description using a constraint-based approach will allow many of the important aspects of role, such as scope, activation and deactivation, to be included. Furthermore, the commonly accepted concept of role hierarchy is challenged from the point of view of subsidiarity in real organisations, with the suggestion that role hierarchy has limited usefulness that does not seem to apply widely.

POWER prototype: towards integrated policy-based management

A policy-based management system is only really useful if it allows not only high level description of abstract policy, but also enables such policy to be refined and eventually mapped into an appropriate configuration for controlling devices in the managed system. Such a full integration has only been discussed in the literature but not realised so far. Our approach, implemented as the POWER prototype, demonstrates a way towards making it a reality in practice.

On identity assurance in the presence of federated identity management systems

In this paper we address the appropriate management of risk in federated identity management systems by presenting an identity assurance framework and supporting technologies. We start by discussing the risk mitigation framework that should be part of any identity assurance solution. We then demonstrate how our model based assurance technologies can be used to report success of an identity assurance programme. We discuss how this approach can be used to gain trust within a federated identity management solution both by communicating the nature of the assurance framework and that risks are successfully being mitigated. Finally, we show the importance of automation of controls in easing operational costs (and we describe related approaches developed at HP Labs and PRIME project); providing improved audit information and changing the risk mitigation landscape.

Towards accountability for Electronic Patient Records

The electronic patient record (EPR) is a fundamental part of health information technology and its use is growing quickly. There is an urgent need to record and trust events related with healthcare procedures. Accountability is, therefore, essential but still very difficult to achieve in terms of information security. This paper suggests an accountability model suitable for healthcare environments and describes how the model can be efficiently realized using secure hardware. This approach can be applied across heterogeneous infrastructures providing a separation of duties between people, processes and organizations whilst ensuring the confidentiality and integrity of information.

Hardware security appliances for trust

This paper looks at the trust relationships that exist within an outsourcing scenario finding that whilst some of the trust relationships are clear other implicit trust relationships need exposing. These implicit trust relationships are often a result of information supplied for the main explicit task for which an entity is being trusted. The use of hardware security appliance based services is proposed allowing trust to be dissipated over multiple parties whilst retaining efficient execution. Such an approach helps mitigate these implicit trust relationships by increasing the control and transparency given to the trustor.

Providing secure services for a virtual infrastructure

Virtualization brings exibility to the data center and enables separations allowing for better security properties. For these security properties to be fully utilized, virtual machines need to be able to connect to secure services such as networking and storage. This paper addresses the problems associated with managing the cryptographic keys upon which such services rely by ensuring that keys remain within the trusted computing base. Here we describe a general architecture for managing keys tied to the underlying virtualized systems, with a specific example given for secure storage.

Enabling shared audit data

Audit is an important aspect of good security and business practice; however, current solutions are not supportive of electronic data and processes. This paper describes an audit service that both acts as a central place for logging from heterogeneous IT systems and a place to search and check the audit data. Notarisation structures enabling a user to check the integrity of audit records and subsets of the audit chain relating to their transactions have been developed. The audit system uses a secure hardware device to create an alternative trust domain in which to run processes, maintaining the integrity of the audit trail whilst allowing it to be tightly integration and co-located with the overall IT infrastructure.

Trust services: a framework for service-based solutions

It is well understood that using a software component methodology can simplify the development and maintenance of systems. Web services allow this vision to be extended allowing components to be made available on the Internet. This paper proposes the use of trust services as third party Web services that allow trust operations to be extracted from solutions and packaged as components. This has obvious advantages in simplifying the task of engendering trust in solutions-both during their creation and in simplifying the maintenance. The paper further argues that using a web service model supports reusability of not only the software but also the operational environment where the software runs. This operational environment is considered particularly critical in providing security and trust operations.

Assurance for federated identity management

Federated identity management is an emerging paradigm that is rightly getting a lot of standardization and research attention. One aspect that is not receiving enough attention is assurance. Given the challenges enterprises faced trying to demonstrate appropriate control of their internal and monolithic identity management systems, the problem of how to provide assurance to multiple stakeholders that controls, operations and technologies that cut across organisational boundaries, are appropriately mitigating risk, looks daunting. The paper provides an exposition of the assurance process, how it applies to identity management and particularly to federated identity management. Our contribution is to show technology can be used to overcome many of trust, transparency and information reconciliation problems. Specifically we show how declarative assurance models can orchestrate and automate much of the assurance work, how certain enforcement technologies can radically improve identity assurance, and how an assurance framework can provide a basis for judging the assurance value of security technologies.

Using assurance models to aid the risk and governance life cycle

In this paper we describe an enterprise assurance model allowing many layers of the enterprise architecture, from the business processes, supporting applications and the IT infrastructure and operational processes, to be represented and related from a control and risk perspective. This provides a consistent way of capturing and relating the risk views for the various stakeholders within the organisation. At the lower level we use assurance models to provide automated testing of controls and policies, and at the higher level these results are related across the enterprise architecture. This enables a repository for manual and automated test results that can be used to derive different (but consistent) views for the various stakeholders.