Christoph Fritsch

A Semantic Security Architecture for Web Services The Access-eGov Solution

The shift from mere service-oriented architectures (SOA) to semantically enriched approaches is especially being forced in multi-domain environments that the public sector in the European Union is an example for. The security aspect is lagging behind its possibilities, and new access control approaches native to the semantic environment need to be applied. Based on architectural research work conducted within the EU-funded research project Access-eGov, we outline our implementation of a semantic security architecture for web services by using industry-standard technologies and combining them with semantic enhancements.

Attacking Image Recognition Captchas

The landscape of the World Wide Web today consists of a vast amount of services. While most of them are offered for free, the service providers prohibit their malicious usage by automated scripts. To enforce this policy, CAPTCHAS have emerged as a reliable method to setup a Turing test to distinguish between human and computers. Image recognition CAPTCHAS as one type of CAPTCHAS promise high human success rates. In this paper however, we develop an successful approach to attack this type of Captcha. To evaluate our attack we implemented a publicly available tool, which delivers promising results for the HumanAuth Captcha and others. Based upon our findings we propose several techniques for improving future versions of image recognition CAPTCHAS.

Analysing Requirements for Virtual Business Alliances – The Case of SPIKE

More and more companies are realising that business is best carried out in project-based virtual alliances and are intensively networking and collaborating with partner companies. This requires convergent, adaptive, and interoperable IT environments ready to support flexible, loosely coupled networked enterprises, anywhere, anytime - regardless of heterogeneous systems and applications in use. In this paper, a methodology for gathering and analysing user requirements is applied which is specifically tailored for incorporating multi-party views such as necessary for the development of collaboration platforms to support virtual alliances and to prove its significance in a real-world case study. The work presented is performed within the SPIKE project, focusing on the technical, methodological and organisational support of short-term and project-based business alliances between organisations of all types and sizes.

DS3I - A Dynamic Semantically Enhanced Service Selection Infrastructure

Service-oriented computing (SOC), lately often in combination with business process modeling (BPM), is becoming reality in current enterprise systems. At the same time, process models do no longer only span different departments but more and more frequently multiple organizations. Current BPM approaches focus on syntactic specification of work flow structures and necessitate static service allocation during modeling time. Dynamic service allocation at runtime based on the semantics of service descriptions, however, allows for much more flexibility. This paper presents DS3I as a concept and implementation for semantically enhanced dynamic service selection. DS3I and its semantic middleware components are based upon an ESB and semantic annotations of services and allows for one-step service selection at runtime of a process.

Towards Information Security Management in Collaborative Networks

Collaborative networks represent a promising paradigm for companies to counter actual challenges in a globalized world. However, such networks bring along additional risks regarding information security and privacy which may lead to compliance violations. In this paper stakeholders and respective information security management requirements regarding collaborative networks are identified and analyzed. The work presented is performed within the SPIKE project, developing a collaboration platform for short-term and project-based business alliances.

User-Controlled Dynamic Access Credential Enrichment for Run-time Service Selection

Dynamic run-time selection and sourcing of service components provide considerable potential in todays changing business world. They provide means to counter agility, flexibility and the ability to integrate applications originating from systems of different security domains. While the advantages are obvious strong implications to security in general and authorization and access control in particular do exist. In this paper we present an infrastructure-based approach for en-route dynamic credential enrichment. It enables dynamic replacement of access-restricted service instances by implementing runtime supplementation of security tokens. If authorized, a security intermediary accesses user profiles and retrieves security tokens supplied by identity providers and needed for access control at dynamically selected access-restricted service instances.