Gansen Zhao

Obligations for Role Based Access Control

Role based access control has been widely researched in security critical systems. Conventional role based access control is a passive model, which makes authorization decisions on requests, and the authorization decisions contain only information about whether the corresponding requests are authorised or denied. One of the potential improvements for role based access control is the augmentation of obligations, where obligations are tasks and requirements to be fulfilled before, after or together with the enforcement of the authorization decisions. This paper conducts a literature review of role based access control and obligation related research, and proposes a design for the augmentation of obligations in the context of the RBAC standard. The design is then validated by implementation in the PERMIS RBAC authorization infrastructure. The paper also discusses the possible nondeterminism caused by overlapping authorisations.

Distributed key management for secure role based messaging

Secure role based messaging (SRBM) augments messaging systems with role oriented communication in a secure manner. Role occupants can sign and decrypt messages on behalf of roles. This paper identifies the requirements of SRBM and recognises the need for: distributed key shares, fast membership revocation, mandatory security controls and detection of identity spoofing. A shared RSA scheme is constructed. RSA keys are shared and distributed to role occupants and role gate keepers. Role occupants and role gate keepers must cooperate together to use the key shares to sign and decrypt the messages. Role occupant signatures can be verified by an audit service. SRBM system architecture is developed to show the security related performance of the proposed scheme, which also demonstrates the implementation of fast membership revocation, mandatory security control and prevention of spoofing. It is shown that the proposed scheme has successfully coupled distributed security with mandatory security controls to realize secure role based messaging.

Secure Role Based Messaging

This paper describes a secure role based messaging system design based on the use of X.509 Attribute Certificates for holding user roles. Access to the messages is authorised by the PERMIS Privilege Management Infrastructure, a policy driven role based access control (RBAC) infrastructure, which allows the assignment of roles to be distributed between trusted issuing authorities, and allows a change of access control policy at runtime. Messages can be sent by roles and users, and can be sent to roles and users. Messages are secure in their exchange between senders and recipients. Details of the security and messaging design are presented.

On the Modeling of Bell-LaPadula Security Policies Using RBAC

The Bell-LaPadula security model is a hybrid model that combines mandatory access controls and discretionary access controls. The Bell-LaPadula security model has been widely accepted in military environments for its capability to specify military style confidentiality policies. The role based access control (RBAC) model has attracted extensive research effort and has been acknowledged as a flexible and policy natural model. This paper investigates a way of modeling Bell-LaPadula security policies using the RBAC model. The capability of modeling Bell-LaPadula security policies using RBAC model means that applications that are implemented using the RBAC model can then be deployed in military environments and will meet their requirements for information confidentiality.

Public Key Infrastructure

This book contains the proceedings of the 2nd EuroPKI Workshop EuroPKI 2005, held at the University of Kent in the city of Canterbury, UK, 30 June1 July 2005. The workshop was informal and lively, and the university setting encouraged active exchanges between the speakers and the audience. The workshop program comprised a keynote speech from Dr. Carlisle Adams, followed by 18 refereed papers, with a workshop dinner in and guided tour around the historic Dover Castle. Dr. Adams is well known for his contributions to the CAST family of symmetric encryption algorithms, to international standards from the IETF, ISO, and OASIS, authorship of over 30 refereed journals and conference papers, and co-authorship of Understanding PKI: Concepts, Standards, and Deployment Considerations (Addison-Wesley). Dr. Adams keynote speech was entitled PKI: Views from the Dispassionate I, in which he presented his thoughts on why PKI has been available as an authentication technology for many years now, but has only enjoyed large-scale success in fairly limited contexts to date. He also presented his thoughts on the possible future(s) of this technology, with emphasis on the major factors hindering adoption and some potential directions for future research in these areas. In response to the Call for Papers, 43 workshop papers were submitted in total. All papers were blind reviewed by at least two members of the Program Committee, the majority having 3 reviewers, with a few borderline papers having 4 or more reviewers; 18 papers were accepted for presentation in 8 sessions. There were sessions on: authorization, risks/attacks to PKI systems, interoperability between systems, evaluating a CA, ID ring-based signatures, new protocols, practical implementations, and long-term archiving. I would like to thank the authors for their submitted papers, the Program Committee and external reviewers for their conscientious efforts during the review process, the Organizing Committee for their tireless efforts to ensure the smooth running of the conference, and finally all the workshop participants,

Evolving messaging systems for secure role based messaging

This paper articulates a system design for the secure role based messaging model built based on existing messaging systems, public key infrastructures, and a privilege management infrastructure, which enables role-oriented secure communication. Users can send and access messages on behalf of a role. Access to the messages is authorized dynamically according to the authorization policies conveyed by X.509 attribute certificates. The architecture design extends the current messaging systems without invalidating the systems compliance with existing standards, and enables easy integration with existing messaging systems. This paper also contributes to providing security features based on architecture design, and demonstrates the deliberative architecture design for information confidentiality and privacy.