Ruchith Fernando

Incorporating attacker capabilities in risk estimation and mitigation

The risk exposure of a given threat to an information system is a function of the likelihood of the threat and the severity of its impacts. Existing methods for estimating threat likelihood assume that the attacker is able to cause a given threat, that exploits existing vulnerabilities, if s/he has the required opportunities (e.g., sufficient attack time) and means (e.g., tools and skills), which is not true; often, s/he can perform an attack and cause the related threat only if s/he has the ability to access related resources (objects) of the system that allow to do so. This paper proposes a risk estimation method that incorporates attacker capabilities in estimating the likelihood of threats as conditions for using the means and opportunities, demonstrates the use of the proposed risk estimation method through two examples: video conferencing systems and connected vehicles, shows that changing attacker capabilities changes the risks of the threats, and compares the uncertainty of experts in evaluating the likelihood of threats considering and not considering attacker capabilities for two experiments. The results of the experiments suggest that experts are less uncertain about their estimations of threat likelihoods when they consider attacker capabilities.

Private Anonymous Messaging

Messaging systems where a user maintains a set of contacts and broadcasts messages to them is very common. We address the problem of a contact obtaining a message that it missed, from other contacts of the user while maintaining anonymity of all parties involved. We identify a set of requirements in addressing this problem and propose a modification to the hierarchical identity based encryption scheme proposed by Boneh et. al. We briefly present an implementation of the proposed cryptographic primitives as a proof of concept.

A Monitoring Approach for Policy Enforcement in Cloud Services

When clients interact with a cloud-based service, they expect certain levels of quality of service guarantees. These are expressed as security and privacy policies, interaction authorization policies, and service performance policies among others. The main security challenge in a cloud-based service environment, typically modeled using service-oriented architecture (SOA), is that it is difficult to trust all services in a service composition. In addition, the details of the services involved in an end-to-end service invocation chain are usually not exposed to the clients. The complexity of the SOA services and multi-tenancy in the cloud environment leads to a large attack surface. In this paper we propose a novel approach for end-to-end security and privacy in cloud-based service orchestrations, which uses a service activity monitor to audit activities of services in a domain. The service monitor intercepts interactions between a client and services, as well as among services, and provides a pluggable interface for different modules to analyze service interactions and make dynamic decisions based on security policies defined over the service domain. Experiments with a real-world service composition scenario demonstrate that the overhead of monitoring is acceptable for real-time operation of Web services.

Privacy Preserving Access Control in Service-Oriented Architecture.

Service-oriented Architecture (SOA) comprises a number of loosely-coupled independent services, which collaborate, interact and share data to accomplish incoming requests. A service invocation can involve multiple services, where each service accesses, processes and shares the clients data. These interactions may share data with unauthorized services and violate clients privacy. The client has no means of identifying if a violation occurred because it has no control over the service invocations beyond its trust domain. Such interactions introduce new security challenges which are not present in traditional systems. This paper proposes a data-centric approach for privacy preserving access control in SOA. Benefits of the proposed approach include the ability to dynamically define access polices by the clients and control data access at the time of each service interaction. A realistic healthcare scenario is used to evaluate the implementation of the proposed solution which validates its viability.