Hanan El Bakkali

A comparative study of PKI trust models

Public Key Infrastructure (PKI) is a security technology designed to ensure the security of electronic transactions and the exchange of sensitive information through cryptographic keys and certificates. Several PKI trust models are proposed in the literature to model trust relationship and trust propagation. In this paper, we present different PKI trust models architectures. We then analyze and compare some proposed PKI trust models for e-services applications.

CIOSOS: Combined Idiomatic-Ontology Based Sentiment Orientation System for Trust Reputation in E-commerce

Due to the abundant amount of Customer’s Reviews available in E-commerce platforms, Trust Reputation Systems remain reliable means to determine, circulate and restore the credibility and reputation of reviewers and their provided reviews. In fact before starting the process of Reputation score’s calculation, we need to develop an accurate Sentiment orientation System able to extract opinion expressions, analyze them and determine the sentiment orientation of the Review and then classify it into positive, negative and objective. In this paper, we propose a novel semi-supervised approach which is a Combined Idiomatic-Ontology based Sentiment Orientation System (CIOSOS) that realizes a domain-dependent sentiment analysis of reviews. The main contribution of the system is to expand the general opinion lexicon SentiWordNet to a custom-made opinion lexicon (SentiWordNet++) with domain-dependent “opinion indicators” as well as “idiomatic expressions”. The system relies also on a semi-supervised learning method that uses the general lexicon WordNet to identify synonyms or antonyms of the expanded terms and get their polarities from SentiWordNet and then store them in SentiWordNet++. The Sentiment polarity and the classification of the review provided by the CIOSOS is used as an input of our Reputation Algorithm proposed in previous papers in order to generate the Reputation score of the reviewer. We also provide an improvement in calculation method used to generate a “granular” reputation score of a feature or subfeature of the product.

Novel Access Control Approach for Inter-organizational Workflows

Inter-organizational workflows have become increasingly used by companies to improve their productivity by sharing resources and activities. These systems have proven their effectiveness in several areas. However, the sensitivity of the exchanged data, push participating organizations to set authorization rules in order to protect their data and processes. At this level, the cohabitation of different security policies arises as a problematic issue. In fact, how can we combine different or even conflicting policies with regard to privacy preserving and collaboration objectives? In this paper, we propose a new Inter-Organizational Workflow Based Access Control (IOW-BAC) approach. Besides, we present a new algorithm to resolve potential detected conflicts occurring during the composition of the global Access Control policy. This algorithm is based on a set of important parameters which are organization’s weight, object owner, task criticality and object sensitivity.

Toward Third-Party Immune Applications

Component reuse has become a trend in software engineering. However, third-party components have the potential to introduce vulnerabilities into software applications and become the weakest link in the security chain. In this paper, we discuss the limitations of traditional security practices and controls against vulnerable components. As a solution, we present a software design and development approach, combined with a collaborative, cloud-based vulnerability and threat management system. This combination aims at enabling applications to gain “artificial immunity” to third-party components by dynamically identifying and controlling related security risks. It also strives to promote the automatic discovery of, and near real-time information dissemination about emerging threats and zero-day vulnerabilities. At the heart of our solution, we use application-level API sandboxing, as well as adaptive signature-based and anomaly-based API intrusion detection and prevention. The need-to-know, cost-effectiveness, and user acceptance through separation of concerns have been our guiding security engineering principles.

A Comparative Study on Access Control Models and Security Requirements in Workflow Systems

Workflow systems handle data and ressources that often require integrity preserving and may also need a high-level of confidentiality. Thus, they should be protected against unauthorized access. Organizations, use workflow management systems to manage, control and automate their business processes. Likewise, they adopt access control models to express their security needs and establish thier access control policies. Therefore, organizations have to choose a flexible access control model that corresponds to their security requirements, without sacrificing the resiliency of their workflow system. The contribution of this paper is to provide a study on access control models and comparing them according to a set of criteria and requirements that we believe are necessary to ensure security and resiliency in workflow systems.

Weighted Access Control Policies Cohabitation in Distributed Systems

Collaboration between distributed domains has become an emerging demand that allows organization to share resources and services. In order to ensure secure collaboration between them, authorization specification is required. Thus, a global access control policy should be defined. However, the combination of the collaborator’s access control policies may create authorization conflicts. In this paper, we propose a new approach based on organization’s weight \(\alpha _i \) in order to resolve potential detected policy conflicts, also we define how to calculate \(\alpha _i\) accordingly and we propose a new algorithm to resolve the detected conflicts.

Privacy in Big Data Through Variable t-Closeness for MSN Attributes

With the raised and extensive use of online data, the notion of big data has been widely studied in the literature recently. In fact, a big quantity of sensitive personal information could be contained in high dimensional data bases. This data needs to be sanitized before publishing. In this context, many ways were proposed in order to ensure privacy in big data including pseudonymization, cryptographic and anonymization techniques. T-closeness has been studied and treated with great interest as an anonymization technique ensuring privacy in big data when dealing with sensitive attributes. Although, t-closeness could be applied when treating quasi identifier attributes, but it is more suitable for sensitive attributes. Despite the fact that many algorithms for t-closeness have been proposed, many of them admit that the threshold t of t-closeness is set to a fixed value. In this chapter, a method using t-closeness for multiple sensitive numerical (MSN) attributes is presented. The method could be applied on both single and multiple sensitive numerical attributes. In the case where the data set contains attributes with high correlation, then our method will be applied only on one numerical attribute. In addition, a new algorithm called variable t-closeness for multiple sensitive numerical attributes was implemented. Our algorithm gives good results in terms of data anonymization and was experimentally evaluated on a test table. Furthermore, we highlighted all the steps of our proposed algorithm with detailed comments.

An approach for evaluating trust in X.509 certificates

Today, X.509 certificates is largely adopted for the identity verification of an entity. Such organizations and people use it to confirm their identities in online transaction. Then, it is necessary to verify the certificate trustworthiness in order to accept or reject it for a particular transaction. Besides, certificates are issued by the certificate authority based on the procedures which are described in a certificate policy. Any deficiency in these procedures may influence a certificate authority trustworthiness, which creates a trust lack in the certificates signed by this authority. In this context, relying parties need an automated mechanism to evaluate a trust level of certificate which come into question. In this paper, we grant them this mechanism to have information about its trustworthiness. In fact, we propose a trust framework architecture which is composed from the several components involved in the trust level calculation. Then, we suggest a trust level calculation algorithm which is based on three parameters that are the calculated CA trust level, the quality of procedures indicated in the certificate policy and the rating assigned to certification fields content. Our proposed solution allows relying parties to make a decision about certificate trustworthiness.

Towards negotiable privacy policies in mobile healthcare

With the increased use of mobile technologies in the health sector, patients are more and more concerned about their privacy protection. Particularly, due to the diversity of actors (physicians, healthcare organizations, Cloud providers...) and the heterogeneity of privacy policies defined by each actor, conflicts among these policies may occur. We believe that negotiation is one of the best techniques for resolving the issue of conflicting privacy policies. From this perspective, we present an approach and algorithm to negotiate privacy policies based on an extension of the bargaining model. Besides, in order to show how our solution can be applied, we present an example of conflicting privacy policies expressed using S4P, a generic language for specifying privacy preferences and policies.