Joon S. Park

Access control mechanisms for inter-organizational workflow

As more businesses engage in globalization, inter-organizational collaborative computing grows in importance. Since we cannot expect homogeneous computing environments in participating organizations, heterogeneity and Internet-based technology are prevalent in inter-organizational collaborative computing environments. One technology that provides solutions for data sharing and work coordination at the global level is inter-organizational workflow. In this paper, we investigate the access control requirements for inter-organizational workflow. We then present access control solutions for inter-organizational workflow based on our implementation. Many of the requirements and solutions in this paper address the scalability of existing security solutions, the separation of inter-organizational workflow security from concrete organization level security enforcement, and the enforcement of fine-grained access control for inter-organizational workflow.

Injecting RBAC to secure a Web-based workflow system

Web-based workflow systems have recently received much attention because they can support dynamic business processes over heterogeneous computing systems. Most existing web-based workflow systems, however, provide minimal security services such as authentication of users and network security. In this paper we describes an experiment in injecting role-based access control (RBAC) into an existing web-based workflow system. Specifically, we ensure that each task can only be executed by users belonging to a specific role. In order to achieve this, we define a simplified RBAC model to meet our needs and describe the security architecture to be applied to an existing web-based workflow system. We describe our implementation using commercial off-the-shelf (COTS) technology to demonstrate the feasibility of this approach. Our implementation uses X.509v3 certificates with role attribute, and employs a user-pull style where the client requests a client certificate from the role-server and presents it to the workflow system. A major goal of our implementation is to have minimal changes to the existing web server and no changes to the browser. We also discuss alternative architecture such as server-pull with LDAP (Lightweight Directory Access Protocol).

A composite rbac approach for large, complex organizations

Secure and effective access control is critical to sensitive organizations, especially when multiple organizations are working together using diverse systems. To alleviate the confusion and challenges of redundancy in such a large, complex organization, in this paper we introduce a composite role-based access control (RBAC) approach, by separating the organizational and system role structures and by providing the mapping between them. This allows for the explicit identification and separation of organizational and target-system roles, role hierarchies, role assignments, constraints, and role activations, with an attempt to bridge the gap between the organizational and system role structures. The composite RBAC approach supports scalable and reusable RBAC mechanisms for large, complex organizations. Our research explores the newly created Department of Homeland Security (DHS) as a large, complex organization in which the Composite RBAC can be applied.

Composite Role-Based monitoring (CRBM) for countering insider threats

Through their misuse of authorized privileges, insiders have caused great damage and loss to corporate internal information assets, especially within the Intelligence Community (IC). Intelligence management has faced increasing complexities of delegation and granular protection as more corporate entities have worked together in a dynamic collaborative environment. We have been confronted by the issue of how to share and simultaneously guard information assets from one another. Although many existing security approaches help to counter insiders’ unlawful behavior, it is still found at a preliminary level. Efficiently limiting internal resources to privileged insiders remains a challenge today. In this paper we introduce the CRBM (Composite Role-Based Monitoring) approach by extending the current role-based access control (RBAC) model to overcome its limitations in countering insider threats. CRBM not only inherits the RBAC’s advantages, such as scalable administration, least privilege, and separation of duties, but also provides scalable and reusable mechanisms to monitor insiders’ behavior in organizations, applications, and operating systems based on insiders’ current tasks.

Static vs. dynamic recovery models for survivable distributed systems

The need for survivability is more pressing for mission-critical systems, especially when they are integrated with other COTS products or services. As information systems became more complex and the interdependence of these systems became higher, the survivability picture became more complicated. In this paper, we introduce two basic models with respect to static and dynamic models, where each model has restart and continue modes. We describe each approach and compare the trade-offs in terms of simplicity, resource efficiency, adaptation, service downtime, immunization, and robustness. Later, we introduce a hybrid model by combining these two basic models. Our approaches are transparent to the client side and can be applied to existing distributed systems by extending the server side with the components necessary for the schemes.

RBAC on the Web by Secure Cookies

Current approaches to access control on Web servers do not scale to enterprise-wide systems, since they are mostly based on individual users. Therefore, we were motivated by the need to manage and enforce the strong access control technology of RBAC in large-scale Web environments. Cookies can be used to support RBAC on the Web, holding users’ role information. However, it is insecure to store and transmit sensitive information in cookies. Cookies are stored and transmitted in clear text, which is readable and easily forged. In this paper, we describe an implementation of Role-Based Access Control with role hierarchies on the Web by secure cookies. Since a user’s role information is contained in a set of secure cookies and transmitted to the corresponding Web servers, these servers can trust the role information in the cookies after cookie-verification procedures and use it for role-based access control. In our implementation, we used CGI scripts and PGP (Pretty Good Privacy) to provide security services to secure cookies. The approach is transparent to users and applicable to existing Web servers and browsers.

Trusted P2P computing environments with role-based access control

A P2P computing environment can be an ideal platform for resource-sharing services in an organisation if it provides trust mechanisms. Current P2P technologies offer content-sharing services for non-sensitive public domains in the absence of trust mechanisms. The lack of sophis- ticated trust mechanisms in the current P2P environment has become a serious constraint for broader applications of the technology although it has great potential. Therefore in this work an approach for securing transactions in the P2P environment is introduced, and ways to incorporate an effective and scalable access control mechanism - role-based access control (RBAC) - into current P2P computing environments has been investigated, proposing two different architectures: requesting peer-pull (RPP) and ultrapeer-pull (UPP) architectures. To provide a mobile, session- based authentication and RBAC, especially in the RPP architecture, lightweight peer certificates (LWPCs) are developed. Finally, to prove the feasibility of the proposed ideas, the RPP and UPP RBAC architectures are implemented and their scalability and performance are evaluated.

Towards Secure Collaboration on the Semantic Web

Web technologies enable collaborative work to be done moreefficiently and effectively. A user can share resources with otherson the Web and perform his or her job based on a pre-defined policyfor collaboration. During the collaboration, the user may need tocreate new resources, merge, split, exchange, or update resourcescreated by other users. To support these services on the Web, weneed machine-understandable as well as machine-readable metadataabout the resources. The concept of a Semantic Web has beenintroduced to satisfy this requirement. Although the Semantic Webwill provide more accurate and efficient services on the Web, italso introduces new problems that were not considered before,especially, in regards to security, interoperability, andtransparency to users and organizations. In this paper, we discussthe requirements to support secure collaboration on the SemanticWeb. We mainly focus on identification and analysis of the securityproblems associated with the Semantic Web, while suggestingpossible solutions to each problem.

Game Theoretic Modeling of Security and Interdependency in a Public Cloud

As cloud computing thrives, many small organizations are joining a public cloud to take advantage of its multiple benefits. Cloud computing is cost efficient, i.e., cloud user can reduce spending on technology infrastructure and have easy access to their information without up-front or long-term commitment of resources. Moreover, a cloud user can dynamically grow and shrink the resources provisioned to an application on demand. Despite those benefits, cyber security concern is the main reason many large organizations with sensitive information such as the Department of Defense have been reluctant to join a public cloud. This is because different public cloud users share a common platform such as the hypervisor. A common platform intensifies the well-known problem of cyber security interdependency. In fact, an attacker can compromise a virtual machine (VM) to launch an attack on the hypervisor which if compromised can instantly yield the compromising of all the VMs running on top of that hypervisor. Therefore, a user that does not invest in cyber security imposes a negative externality on others. This research uses the mathematical framework of game theory to analyze the cause and effect of interdependency in a public cloud platform. This work shows that there are multiple possible Nash equilibria of the public cloud security game. However, the players use a specific Nash equilibrium profile depending on the probability that the hypervisor is compromised given a successful attack on a user and the total expense required to invest in security. Finally, there is no Nash equilibrium in which all the users in a public cloud will fully invest in security.

Near-Real-Time Cloud Auditing for Rapid Response

Due to the rapid emergence of Information Technology, cloud computing provides assorted advantages to service providers, developers, organizations, and customers with respect to scalability, flexibility, cost-effectiveness, and availability. However, it also introduces new challenges and concerns, especially in terms of security and privacy. One of the major security obstacles to widespread adoption of cloud computing is the lack of near-real-time audit ability. In particular, near-real-time cloud auditing, which provides timely evaluation results and rapid response, is the key to assuring the cloud. In this paper, we discuss security and privacy concerns in cloud computing and the current status of cloud auditing efforts. Next, we address the strategies for reliable cloud auditing and analyze the deficiencies of current approaches. We then discuss the summary of our case study with Amazon Cloud Watch, which is one of the most developed cloud-monitoring APIs.