Myong H. Kang

Access control mechanisms for inter-organizational workflow

As more businesses engage in globalization, inter-organizational collaborative computing grows in importance. Since we cannot expect homogeneous computing environments in participating organizations, heterogeneity and Internet-based technology are prevalent in inter-organizational collaborative computing environments. One technology that provides solutions for data sharing and work coordination at the global level is inter-organizational workflow. In this paper, we investigate the access control requirements for inter-organizational workflow. We then present access control solutions for inter-organizational workflow based on our implementation. Many of the requirements and solutions in this paper address the scalability of existing security solutions, the separation of inter-organizational workflow security from concrete organization level security enforcement, and the enforcement of fine-grained access control for inter-organizational workflow.

A pump for rapid, reliable, secure communication

Communication from a low- to a high-level system without acknowledgements will be unreliable; with acknowledgements, it can be insecure. We propose to provide quantifiable security, acceptable reliability, and minimal performance penalties by interposing a device (called the Pump) to push messages to the high system and provide a controlled stream of acknowledgements to the low system. This paper describes how the Pump supports the transmission of messages upward and limits the capacity of the covert timing channel in the acknowledgement stream without affecting the average acknowledgement delay seen by the low system or the message delivery delay seen by the high system in the absence of actual Trojan horses. By adding random delays to the acknowledgment stream, we show how to further reduce the covert channel capacity even in the presence of cooperating Trojan horses in both the high and low systems. We also discuss engineering trade-offs relevant to practical use of the Pump.

MobiCloud: Building Secure Cloud Framework for Mobile Computing and Communication

Cloud services can greatly enhance the computing capability of mobile devices. Mobile users can rely on the cloud to perform computationally intensive operations such as searching, data mining, and multimedia processing. In this paper, we propose a new mobile cloud framework called MobiCloud. In addition to providing traditional computation services, MobiCloud also enhances the operation of the ad hoc network itself by treating mobile devices as service nodes. The MobiCloud framework will enhance communication by addressing trust management, secure routing, and risk management issues in the network. A new class of applications can be developed using the enhanced processing power and connectivity provided by MobiCloud. Open research issues for MobiCloud are also discussed to outline future research directions.

Security ontology for annotating resources

Annotation with security-related metadata enables discovery of resources that meet security requirements. This paper presents the NRL Security Ontology, which complements existing ontologies in other domains that focus on annotation of functional aspects of resources. Types of security information that could be described include mechanisms, protocols, objectives, algorithms, and credentials in various levels of detail and specificity. The NRL Security Ontology is more comprehensive and better organized than existing security ontologies. It is capable of representing more types of security statements and can be applied to any electronic resource. The class hierarchy of the ontology makes it both easy to use and intuitive to extend. We applied this ontology to a Service Oriented Architecture to annotate security aspects of Web service descriptions and queries. A refined matching algorithm was developed to perform requirement-capability matchmaking that takes into account not only the ontology concepts, but also the properties of the concepts.

Injecting RBAC to secure a Web-based workflow system

Web-based workflow systems have recently received much attention because they can support dynamic business processes over heterogeneous computing systems. Most existing web-based workflow systems, however, provide minimal security services such as authentication of users and network security. In this paper we describes an experiment in injecting role-based access control (RBAC) into an existing web-based workflow system. Specifically, we ensure that each task can only be executed by users belonging to a specific role. In order to achieve this, we define a simplified RBAC model to meet our needs and describe the security architecture to be applied to an existing web-based workflow system. We describe our implementation using commercial off-the-shelf (COTS) technology to demonstrate the feasibility of this approach. Our implementation uses X.509v3 certificates with role attribute, and employs a user-pull style where the client requests a client certificate from the role-server and presents it to the workflow system. A major goal of our implementation is to have minimal changes to the existing web server and no changes to the browser. We also discuss alternative architecture such as server-pull with LDAP (Lightweight Directory Access Protocol).

Protection of Identity Information in Cloud Computing without Trusted Third Party

Cloud computing allows the use of Internet-based services to support business processes and rental of IT-services on a utility-like basis. It offers a concentration of resources but also poses risks for data privacy. A single breach can cause significant loss. The heterogeneity of “users” represents a danger of multiple, collaborative threats. In cloud computing, entities may have multiple accounts associated with a single or multiple service providers (SPs). Sharing sensitive identity information (that is, Personally Identifiable information or PII) along with associated attributes of the same entity across services can lead to mapping of the identities to the entity, tantamount to privacy loss. Identity management (IDM) is one of the core components in cloud privacy and security and can help alleviate some of the problems associated with cloud computing. Available solutions use trusted third party (TTP) in identifying entities to SPs. The solution providers do not recommend the usage of their solutions on untrusted hosts. We propose an approach for IDM, which is independent of TTP and has the ability to use identity data on untrusted hosts. The approach is based on the use of predicates over encrypted data and multi-party computing for negotiating a use of a cloud service. It uses active bundle—which is a middleware agent that includes PII data, privacy policies, a virtual machine that enforces the policies, and has a set of protection mechanisms to protect itself. An active bundle interacts on behalf of a user to authenticate to cloud services using user’s privacy policies.

Adding OWL-S Support to the Existing UDDI Infrastructure

Although universal description, discovery and integration (UDDI) is the de jure Web service registry standard, it is not suitable for handling semantic markups due to its flat data model and limited search capabilities. In this paper, we introduce an approach to support semantic service descriptions and queries using registries that conform to the UDDI version 3 specification. Specifically, we present a scheme that allows users to store OWL-S service descriptions in the UDDI data model and use that information to perform semantic query processing. Our approach does not require any modification to the existing UDDI registries. The add-on modules only reside on the client-side machines that wish to take advantage of the semantic capabilities. This approach is completely backward compatible and can integrate seamlessly into the existing service-oriented architecture (SOA) infrastructure

A network version of the Pump

A designer of reliable MLS networks must consider covert channels and denial of service attacks in addition to traditional network performance measures such as throughput, fairness, and reliability. We show how to extend the NRL data Pump to a certain MLS network architecture in order to balance the requirements of congestion control, fairness, good performance, and reliability against those of minimal threats from covert channels and denial of service attacks. We back up our claims with simulation results.<<ETX>>

A Multilevel Secure Workflow Management System

The Department of Defense (DoD) needs multilevel secure (MLS) workflow management systems to enable globally distributed users and applications to cooperate across classification levels to achieve mission critical goals. An MLS workflow management system that allows a user to program multilevel mission logic, to securely coordinate widely distributed tasks, and to monitor the progress of the workflow across classification levels is required. In this paper, we present a roadmap for implementing MLS workflows and focus on a workflow builder that is a graphical design tool for specifying such workflows.

Design and assurance strategy for the NRL Pump

The NRL Pump forwards messages from a low level system to a high level system and monitors the timing of acknowledgments from the high level system to minimize leaks. It is the keystone to a proposed architecture that uses specialized high assurance devices to separate data at different security levels. We describe the software design and assurance argument strategy for this device, the Network NRL Pump, which can be used in any multilevel secure distributed architecture. We have completed the system requirements and logical design of a prototype pump and are working on its physical design.