Antonio Maña

Applying the semantic Web layers to access control

The Semantic Web, also known as the Web of meaning, is considered the new generation of the Web. Its objective is to enable computers and people to work in cooperation. A requisite for this is encoding data in forms that make web contents (meaning, semantics) more understandable by algorithmic means. In this paper, we present the application of semantic Web concepts and technologies to the access control area. The Semantic Access Control Model (SAC) uses different layers of metadata to take advantage of the semantics of the different components relevant for the access decision. We have developed a practical application of this access control model based on a specific language, denominated Semantic Policy Language (SPL), for the description of access criteria. This work demonstrates how the semantic web concepts and its layers infrastructure may play an important role in many relevant fields, such as the case of access control and authorization fields.

An Efficient Software Protection Scheme

Software piracy has been considered one of the biggest problems of this industry since computers became popular. Solutions for this problem based in tamperproof hardware tokens have been introduced in the literature. All these solutions depend on two premises: (a) the physical security of the tamperproof device and (b) the difficulty to analyze and modify the software in order to bypass the check of the presence of the token. The experience demonstrates that the first premise is reasonable (and inevitable). The second one, however, is not realistic because the analysis of the executable code is always possible. Moreover, the techniques used to obstruct the analysis are not helpful to discourage an attacker with usual resources. This paper presents a robust software protection scheme based in the use of smart cards and cryptographic techniques. The security of this new scheme is only dependent on the first premise because code analysis and modification are not useful to break this scheme.

A framework for secure execution of software

The protection of software applications is one of the most important problems to solve in information security because it has a crucial effect on other security issues. We can find in the literature many research initiatives that have tried to solve this problem, many of them based on the use of tamperproof hardware tokens. This type of solution depends on two basic premises: (i) increasing the physical security by using tamperproof devices and (ii) increasing the complexity of the analysis of the software. The first premise is reasonable. The second one is certainly related to the first one. In fact, its main goal is that the pirate user not be able to modify the software to bypass an operation that is crucial: checking the presence of the token. However, experience shows that the second premise is not realistic because analysis of the executable code is always possible. Moreover, the techniques used to obstruct the analysis process are not enough to discourage an attacker with average resources.In this paper, we review the most relevant works related to software protection, present a taxonomy of those works, and, most important, introduce a new and robust software protection scheme. This solution, called SmartProt, is based on the use of smart cards and cryptographic techniques, and its security relies only on the first of the premises given above; that is, SmartProt has been designed to avoid attacks based on code analysis and software modification. The entire system is described following a lifecycle approach, explaining in detail the card setup, production, authorization, and execution phases. We also present some interesting applications of SmartProt as well as the protocols developed to manage licences. Finally, we provide an analysis of its implementation details.

Semantic access control model: a formal specification

The Semantic Access Control Model (SAC), built on the basis of separation of the authorization and access control management responsibilities, provides adequate solutions to the problems of access control in distributed and dynamic systems with heterogeneous security requirements. SAC is characterized by its flexibility for accommodating dissimilar security policies, but also by the ease of management and control over a large number of distributed elements and the support for interoperability of authorization mechanisms. In this paper, we present the semantic validation algorithms developed in SAC to detect semantically incomplete or incorrect access control policies. Additionally, the formal model of SAC along with some proofs of its soundness is introduced. This formalization is the basis for additional model checking of the semantic validation algorithms developed.

A business process-driven approach to security engineering

A challenging task in security engineering concerns the specification and integration of security with other requirements at the top level of requirements engineering. Empirical studies show that it is common that end users are able to express their security needs at the business process level. Since many security requirements originate at this level, it is natural to try to capture and express them within the context of business models where end users feel most comfortable and where they conceptually belong. In this paper, we develop these views, present an ongoing work intended to create a UML-based and business process-driven framework for the development of security-critical systems and propose an approach to a rigorous treatment of security requirements supported by formal methods.

A Methodology for the Analysis and Modeling of Security Threats and Attacks for Systems of Embedded Components

The development of systems based on embedded components is a challenging task because of their distributed, reactive and real-time nature. From a security point of view, embedded devices are basically systems owned by a certain entity, used frequently as part of systems owned by other entities and operated in a potentially hostile environment. The development of security-enhanced systems of embedded components is a difficult task due to different types of threats that may affect such systems, and because the security in systems of embedded devices is currently added as an additional feature when the development is advanced, or avoided as a superfluous characteristic. We present in this paper a methodology for the analysis and modeling of threats and attacks for systems of embedded components. The Intruder Model allows us to describe possible actions a potential intruder can accomplish, depending on his/her capabilities, resources, etc. Using this information, we can define a Threat Model that will specify the threats and attacks that affect different security properties in specific domains.

A metadata‐based access control model for web services

One of the most relevant advantages of Web Services (WS) is their simplicity of access on the Internet. However, this feature also makes them vulnerable to a series of security threats. Additionally, the application of WS to many interesting problems is currently hindered by the lack of mechanisms that provide, among others, adequate access control functionalities for this scenario. In fact, access control and authorization are critical because of the specific characteristics of WS. When considering the requirements of this scenario we must highlight not only flexibility of the access control system for dissimilar security policies, but also the control over a large number of elements and the distributed nature of these ones. Other important issues are dynamism of the WS environment, and interoperability of authorization mechanisms for the integration of multiple WS from various sources. The present work introduces an access control model for WS that addresses all previous issues. The model is built on the basis of separation of the authorization and access control management responsibilities. We introduce mechanisms for the semantic integration of an external Privilege Management Infrastructure (PMI) and present the Semantic Policy Language (SPL) for the description of access criteria based on attribute certificates.

Towards secure agent computing for ubiquitous computing and ambient intelligence

After a first phase of great activity in the field of multi-agent systems, researchers seemed to lose interest in the paradigm, mainly due to the lack of scenarios where the highly distributed nature of these systems could be appropriate. However, recent computing models such as ubiquitous computing and ambient intelligence have introduced the need for this type of highly distributed, autonomous and asynchronous computing mechanisms. The agent paradigm can play an important role and can suit the needs of many applications in these scenarios. In this paper we argue that the main obstacle for the practical application of multi-agent systems is the lack of appropriate security mechanisms. Moreover, we show that as a result of recent advances in security technologies, it is now possible to solve the most important security problems of agent-based systems.

Security engineering for embedded systems: the SecFutur vision

Security is usually not in the main focus in the development of embedded systems. However, strongly interconnected embedded systems play vital roles in many everyday processes and also in industry and critical infrastructures. Therefore, security engineering for embedded systems is a discipline that currently attracts more interest. This paper presents the vision of security engineering for embedded systems formulated by the FP7 project SecFutur [1].

Towards Formal Specification of Abstract Security Properties

Formal methods, especially in the field of model checking, have been used traditionally to analyse security solutions in order to determine whether they fulfil certain properties. Practical results have proven the suitability and advantages of the use of formal approaches for this purpose. However, in these works the definition of the different security properties shows two main problems: (i) properties are frequently assumed to have a universal definition; and (ii) the definition of security properties is strongly dependent on the underlying verification model. In this paper we introduce a different approach to the formal specification of security properties. We argue that security properties should be defined in formal, intuitive and abstract terms, and that reasoning mechanisms must exist for these specifications in order to relate different properties. Our goal is to reason about properties in order to guarantee interoperability of these properties and consequently of the solutions complying with them.