Andreas Kasten

A Framework for Iterative Signing of Graph Data on the Web

Existing algorithms for signing graph data typically do not cover the whole signing process. In addition, they lack distinctive features such as signing graph data at different levels of granularity, iterative signing of graph data, and signing multiple graphs. In this paper, we introduce a novel framework for signing arbitrary graph data provided, e g., as RDF(S), Named Graphs, or OWL. We conduct an extensive theoretical and empirical analysis of the runtime and space complexity of different framework configurations. The experiments are performed on synthetic and real-world graph data of different size and different number of blank nodes. We investigate security issues, present a trust model, and discuss practical considerations for using our signing framework.

Referenzmodell für ein Vorgehen bei der IT-Sicherheitsanalyse

ZusammenfassungEs wird ein Referenzmodell ontologisch sinnvoll organisierter Begriffe der IT-Sicherheit vorgestellt und gezeigt, wie dieses eine Begründung zur systematischen Durchführung von IT-Sicherheitsanalysen liefert. Das Referenzmodell besteht aus vier Ebenen: erstens die vorhandene Welt aus Gütern und Interessenkonflikten mit den bestehenden Systemen und ihren Schwachstellen; zweitens das Potenzial aus Bedrohungen und Sicherheitsanforderungen; drittens das planvolle Vorgehen mit Sicherheitsmaßnahmen zum Schutz von Geschäftszielen; und viertens die aktuellen Ereignisse aus Angriffen, Unfällen und Abwehroperationen. Das Referenzmodell wird in bestehende Verfahren der Sicherheitsanalyse eingeordnet und anhand des Beispiels Online-Banking erläutert.

Ontology-Based Information Flow Control of Network-Level Internet Communication

Information flow control on the Internet is a desirable feature when it comes to content such as neo-Nazi propaganda, child pornography, or material showing extreme violence or crimes. In order to provide for a flexible control of information flow on the Internet, we present the pattern system InFO (short for: Information Flow Ontology). InFO provides a common support for different enforcing systems such as routers, proxies, or name servers by abstracting from existing as well as possible future regulation types. Thus, unlike existing solutions, InFO provides information flow control on the Internet-layer, transport-layer, as well as application-layer. In addition, InFO allows for linking the technical implementation of a flow control policy with a human-readable representation including its legal background (law) and organizational motivation (code of conduct). Besides a detailed description of the pattern system, we also provide various examples demonstrating the practical applicability of InFO. InFO has been implemented for name servers, routers, as well as application-level proxy servers. Its source code is available to the public.

Towards a framework for iteratively signing graph data

When publishing graph data on the web such as vocabularies using RDF(S) or OWL, one has only limited means to verify the authenticity and integrity of the graph data. Todays approaches require a high signature overhead and do not support iterative signing of graph data. This paper describes a first step towards a framework for signing arbitrary graph data provided in RDF(S), Named Graphs, or OWL. Our framework supports signing graph data at different levels of granularity: minimum self-contained graphs (MSG), sets of MSGs, and entire graphs. It supports iteratively signing graph data, e. g., when different parties provide different parts of a common graph, and allows for signing multiple graphs. Both can be done with a constant, low overhead for the resulting signature statements, even when iteratively signing.