Gail Joon Ahn

Security and Privacy Challenges in Cloud Computing Environments

Cloud computing is an evolving paradigm with tremendous momentum, but its unique aspects exacerbate security and privacy challenges. This article explores the roadblocks and solutions to providing a trustworthy cloud computing environment.

Role-based authorization constraints specification

Constraints are an important aspect of role-based access control (RBAC) and are often regarded as one of the principal motivations behind RBAC. Although the importance of contraints in RBAC has been recogni zed for a long time, they have not recieved much attention. In this article, we introduce an intuitive formal language for specifying role-based authorization constraints named RCL 2000 including its basic elements, syntax, and semantics. We give soundness and completeness proofs for RCL 2000 relative to a restricted form of first-order predicate logic. Also, we show how previously identified role-based authorization constraints such as separtation of duty (SOD) can be expressed in our language. Moreover, we show there are other significant SOD properties that have not been previously identified in the literature. Our work shows that there are many alternate formulations of even the simplest SOD properties, with varying degree of flexibility and assurance. Our language provides us a rigorous foundation for systematic study of role-based authorization constraints.

Access control in collaborative systems

Balancing the competing goals of collaboration and security is a difficult, multidimensional problem. Collaborative systems often focus on building useful connections among people, tools, and information while security seeks to ensure the availability, confidentiality, and integrity of these same elements. In this article, we focus on one important dimension of this problem---access control. The article examines existing access control models as applied to collaboration, highlighting not only the benefits, but also the weaknesses of these models.

Role-based access control on the web

Current approaches to access control on the Web servers do not scale to enterprise-wide systems because they are mostly based on individual user identities. Hence we were motivated by the need to manage and enforce the strong and efficient RBAC access control technology in large-scale Web environments. To satisfy this requirement, we identify two different architectures for RBAC on the Web, called user-pull and server-pull. To demonstrate feasibility, we implement each architecture by integrating and extending well-known technologies such as cookies, X.509, SSL, and LDAP, providing compatibility with current web technologies. We describe the technologies we use to implement RBAC on the Web in different architectures. Based on our experience, we also compare the tradeoffs of the different approaches.

Dynamic audit services for integrity verification of outsourced storages in clouds

In this paper, we propose a dynamic audit service for verifying the integrity of an untrusted and outsourced storage. Our audit service is constructed based on the techniques, fragment structure, random sampling and index-hash table, supporting provable updates to outsourced data, and timely abnormal detection. In addition, we propose a probabilistic query and periodic verification for improving the performance of audit services. Our experimental results not only validate the effectiveness of our approaches, but also show our audit system verifies the integrity with lower computation overhead, requiring less extra storage for audit metadata.

Dynamic Audit Services for Outsourced Storages in Clouds

In this paper, we propose a dynamic audit service for verifying the integrity of an untrusted and outsourced storage. Our audit service is constructed based on the techniques, fragment structure, random sampling, and index-hash table, supporting provable updates to outsourced data and timely anomaly detection. In addition, we propose a method based on probabilistic query and periodic verification for improving the performance of audit services. Our experimental results not only validate the effectiveness of our approaches, but also show our audit system verifies the integrity with lower computation overhead and requiring less extra storage for audit metadata.

Multiparty Access Control for Online Social Networks: Model and Mechanisms

Online social networks (OSNs) have experienced tremendous growth in recent years and become a de facto portal for hundreds of millions of Internet users. These OSNs offer attractive means for digital social interactions and information sharing, but also raise a number of security and privacy issues. While OSNs allow users to restrict access to shared data, they currently do not provide any mechanism to enforce privacy concerns over data associated with multiple users. To this end, we propose an approach to enable the protection of shared data associated with multiple users in OSNs. We formulate an access control model to capture the essence of multiparty authorization requirements, along with a multiparty policy specification scheme and a policy enforcement mechanism. Besides, we present a logical representation of our access control model that allows us to leverage the features of existing logic solvers to perform various analysis tasks on our model. We also discuss a proof-of-concept prototype of our approach as part of an application in Facebook and provide usability study and system evaluation of our method.

The RSL99 language for role-based separation of duty constraints

Separation of duty (SOD) is a fundamental technique for prevention of fraud and errors, known and practiced long before the existence of computers. It is discussed at several places in the literature, but there has been Iittle work on specifying SOD policies in a systematic way. This paper describes a framework for specifying separation of duty and conflict of interest policies in role-based systems. To specify these policies, we need an appropriate language. We propose an intuitive formal language which uses system functions and sets as its basic elements. The semantics for this language is defined by its translation to a restricted form of first order predicate logic. We show how previously identified SOD properties can be expressed in our language. Moreover, we show there are other significant SOD properties which have not been previously identified in the literature. Unlike much of the previous work, this paper deals with SOD in the presence of role hierarchies. Our work shows that there are many alternate formulations of even the simplest SOD properties, with varying degree of flexibility and assurance. Our language provides us a rigorous foundation for systematic study of SOD properties. *This work is partially supported by grants from the National Science Foundation and the National Security Agency at the Laboratory for Information Security Technology at George Mason University. All correspondence should be addressed to Ravi Sandhu, ISE Department, Mail Stop 4A4, George Mason University, Fairfax, VA 22030, saudhuQisse.gmu.edu, wwv.list.gmu.edu. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise. to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. RBAC ‘99 10199 Fairfax, VA, USA

A rule-based framework for role based delegation

In current role-based systems, security officers handle assignments of users to roles. However, fully depending on this functionality may increase management efforts in a distributed environment because of the continuous involvement from security officers. The emerging technology of role-based delegation provides a means for implementing RBAC in a distributed environment with empowerment of individual users. The basic idea behind a role-based delegation is that users themselves may delegate role authorities to other users to carry out some functions on behalf of the former. This paper presents a role-based delegation model called RDM2000 (role-based delegation model 2000), which is an extension of RBDM0 by supporting hierarchical roles and multi-step delegation. The paper explores different approaches for delegation and revocation. Also, a rule-based language for specifying and enforcing the policies based on RDM2000 is introduced.

A role-based delegation framework for healthcare information systems

As organizations implement information strategies that call for sharing access to resources in the networked environment, mechanisms must be provided to protect the resources from adversaries. The proposed delegation framework addresses the issue of how to advocate selective information sharing in role-based systems while minimizing the risks of unauthorized access. We introduce a systematic approach to specify delegation and revocation policies using a set of rules. We demonstrate the feasibility of our framework through policy specification, enforcement, and a proof-of-concept implementation on specific domains, e.g. the healthcare environment. We believe that our work can be applied to organizations that rely heavily on collaborative tasks.