Anna Vaccarelli

Towards Continuous Usage Control on Grid Computational Services

Security in the grid environment is a challenging issue, because this environment instantiates interactions among a set of possibly unknown entities where no trust relationships may exist a priori, or when such relationships are not strong enough for specific applications. In this paper we propose to integrate a local monitor into the grid computational service architecture, to control the behavior of applications executed on behalf of grid users. Our approach is inspired to the concept of continuous usage control rather then simply access control to monitor the security relevant interactions of these applications with the requested services. We also describe the prototype of computational service monitor we have developed and its integration within the globus framework

Fine grained access control with trust and reputation management for globus

We propose an integrated architecture, extending a framework for fine grained access control of Grid computational services, with an inference engine managing reputation and trust management credentials. Also, we present the implementation of the proposed architecture, with preliminary performance figures.

Fine-grained and History-based Access Control with Trust Management for Autonomic Grid Services

Grid technology provides an Internet-wide environment where a very large set of entities share their resources. The main feature of a grid environment is that resource providers belong to distinct administrative domains each with its own security policies and enforcement mechanisms. Even more, service providers and entities, exploiting the grid infrastructure, typically have incomplete information about each other mainly because each administrative domain manages its policies and resources with high degree of autonomy. Thus, controlling access to grid resources has become a major security issue and a grid infrastructure has to provide a proper set of mechanisms and tools that allow for a fine-grained and history-based access control management. This paper proposes a comprehensive access control and enforcement framework for grid computational resources. The framework is based on a behavioral model that defines fine-grained and history-based monitoring and on a trust management model that provides access decisions and proper access rights management. The framework provides dynamic and context-aware access control enforcement by generating temporal credentials at run time while users applications are exploiting grids resources

Mobile Implementation and Formal Verification of an e-Voting System

We propose a mobile implementation of an e-voting protocol. We also provide a formal analysis to validate a security property of our system.

Improving grid services security with fine grain policies

Grid computing is a continuously growing research field that concerns the implementation of a large scale resource sharing among different kind of institutions over the Internet. The sharing of resources among untrusted entities poses non trivial security problems. This paper proposes an approach to improve the security of computational services in the grid environment. For each grid service, this approach defines a fine grain security policy, that details the operations that are allowed on this service. This policy determines the secure environment where the grid job is executed.

A fine-grained and x.509-based access control system for globus

The rapid advancement of technologies such as Grid computing, peer-to-peer networking, Web Services to name a few, offer for companies and organizations an open and decentralized environment for dynamic resource sharing and integration Globus toolkit emerged as the main resource sharing tool used in the Grid community. Access control and access rights management become one of the main bottleneck when using Globus because in such an environment there are potentially unbounded number of users and resource providers without a priori established trust relationships Thus, Grid computational resources could be executed by unknown applications running on behalf of distrusted users and therefore the integrity of those resources must be guaranteed. To address this problem, the paper proposes an access control system that enhances the Globus toolkit with a number of features: (i) fine-grained behavioral control; (ii) application-level management of users credentials for access control; (iii) full-fledged integration with X.509 certificate standard; (iv) access control feedback when users do not have enough permissions.

Formal Analysis of Some Timed Security Properties in Wireless Protocols

We show how a recent language for the description of cryptographic protocols in a real time setting may be suitable to formally verify security aspects of wireless protocols. We define also a compositional proof rule for establishing security properties of such protocols. The effectiveness of our approach is shown by defining and studying the timed integrity property for μTESLA, a well-known protocol for wireless sensor networks. We are able to deal with protocol specifications with an arbitrary number of agents (senders as well as receivers) running the protocol.

Automated Analysis of Some Security Mechanisms of SCEP

The paper analyzes SCEP, the Simple Certificate Enrollment Procedure, a two-way communication protocol to manage the secure emission of digital certificates to network devices. The protocol provides a consistent method of requesting and receiving certificates from different Certification Authorities by offering an open and scalable solution for deploying certificates which can be beneficial to all network devices and IPSEC software solutions.We formally analyze SCEP through a software tool for the automatic analysis of cryptographic protocols able to discover, at a conceptual level, attacks against security procedures. Our method of survey contributes towards a better understanding of the structure and aims of a protocol both for developers, analyzers and final users.

An asymmetric fingerprint matching algorithm for java card TM

A novel fingerprint matching algorithm is proposed in this paper. The algorithm is based on the minutiae local structures, that are invariant with respect to global transformations like translation and rotation. The match algorithm has been implemented inside a smartcard over the Java CardTM platform, meeting the individuals need for information privacy and the overall authentication procedure security. The main characteristic of the algorithm is to have an asymmetric behaviour, in respect to the execution time, between correct positive and negative matches. The performances in terms of authentication reliability and speed have been tested on some databases from the Fingerprint Verification Competition 2002 (FVC2002). Moreover, our procedure has shown better reliability results when compared with related Java CardTM algorithms.

Compositional verification of integrity for digital stream signature protocols

We investigate the application of concurrency theory notions as simulation relations and compositional proof rules for verifying digital stream signature protocols. In particular, we formally prove the integrity of the Gennaro-Rohatgi protocols in (R. Gennaro et al., 2001). As a peculiarity, our technique is able to check a protocol with an unbounded number of parallel processes. We argue also that our approach may be applied to a wider class of stream signature protocols.