Khalifa Toumi

Trust-orBAC: A Trust Access Control Model in Multi-Organization Environments

Access control in Multi-Organization Environment is a critical issue. Classical access control models like Role Based Access Control (RBAC) and Organization Based Access Control (orBAC) need some improvements to be used in such environment, where the collaboration is established between organizations and not directly with the clients. In particular, some characteristics of this scenario are that the users may be unknown in advance and/or the behaviors of the users and the organization may change during the collaboration. Hence, in this context the use of trust management with an access control model is recommended.

A vector based model approach for defining trust in Multi-Organization Environments

A Multi-Organization Environment is composed of several players that depend on each other for resources and services. In order to manage the security of the exchange process we introduce the concept of trust. We show how this aspect of the cooperative work allows us to increase some security aspects. In particular, we provide a framework where the concepts of trust requirement and trust evaluation play important roles for defining trust vectors. These vectors evaluate a set of requirements, under some conditions, and provide a degree of confidence. In our framework we consider two different types of vectors. On the one hand a vector that relates a user to an organization and on the other hand a vector that links two organizations. Finally we show how these vectors are evaluated and shared among the different organizations, and how we combine the provided trust information in order to enhance the security.

How to Evaluate Trust Using MMT

Trust evaluation is becoming a more and more active and critical area mainly for guaranteeing secure interoperation between communicating systems. One of the basic parameters used to evaluate the trust in a remote entity (user or system) is the previous experience, i.e. the interactions already performed between the truster and the trustee. However the monitoring of the trustee behavior and the analysis of the collected data and events are not an easy task. First of all, we need to define relevant patterns that describe the desired behaviors to be monitored and check them using a dedicated tool.

Usage Control Policy Enforcement in SDN-Based Clouds: A Dynamic Availability Service Use Case

With the growing interest in Software Defined Networking (SDN) and thanks to the programmability provided by SDN protocols like OpenFlow, network application developers have started implementing solutions to fit corporate needs, like firewalls, load balancers and security services. In this paper, we present a novel solution to answer those needs with usage control policies. We design a policy based management framework offering SDN network security policies. This approach is used to enforce performance requirements (e.g., to ensure a certain level of network connectivity). A top-down approach is proposed, in order to refine the policies into the appropriate network rules, via the OpenFlow protocol. Finally, we implement the solution with an availability service use case and we provide a set of experiments to evaluate its efficiency.

ProtectCall: Call Protection Based on User Reputation

Web calling services are exposed to numerous social security threats in which context of communication is manipulated. A attacker establishes a communication session to send numerous simultaneous pre-recorded advertisement calls (Robocalls), distribute malicious files or viruses and uses false identity to conduct phishing. User identification alone is not sufficient to provide a high level of trust between communicating participants. Therefore, we propose ’ProtectCall’ a trust model that allows web calling services to estimate the trustworthiness and reputation of their users based on the evaluation of three parameters: authenticity, credibility and popularity. The main objective of ProtectCall is to protect web communication services from social security threats. ProtectCall allows users to make decisions based on the trustworthiness of their communicating participants.

Formal framework for defining trust in multi-organisation environment

Multi-organisations environment MOE is composed of several players that depend on each other for resources and services. Having a good access control policy to these resources becomes necessary. Moreover, being able to define a dynamic policy, meaning that it adapts over time, provides us with a more versatile way when administering these systems. In this paper, we extend the classical framework: organisation-based access control OrBAC, adapted to MOE, adding trust information. Initially we present the theoretical framework to represent trust among organisations and users of the system, and then we present its inclusion in OrBAC as a new logical context for rule firing.

Trust Ontology Based on Access Control Parameters in Multi-organization Environments

One of the main security concerns related to a distributed system is the lack of trust. In this paper, we present a trust ontology methodology based on access control concepts for Multi-Organization Environments (MOE). This ontology will be used to share the trust beliefs between participants and to make equivalence between their trust objectives. How to define this trust relationship, how to understand the trust objective of a requester, and how to evaluate the recommendation value will be presented in detail. In order to make easy to understand this process, an implementation and a case study with two ontologies are presented and discussed.

Security Properties in Virtual Organizations

In this paper we present a modeling formal framework to specify nets of virtual organizations. In these nets are defined not only the employees that are working in each organization but also there are included some properties that allow to ensure the security. This framework makes it easier to write and understand the security properties behavior. In addition to the syntax and semantics we provide a running example of two organizations to understand this approach.