Smriti Kumar Sinha

Security Pattern Lattice: A Formal Model to Organize Security Patterns

Except for some work in classifying security patterns (SP) based on taxonomy and linguistic metaphors not much has been done in organizing SP. No suitable formal model for organization of security patterns is yet available. In this paper, exploiting results from formal concept analysis (FCA) a formal model to organize SP is introduced. Using a trust-based security model, trust elements (TE) and SP are enumerated. These elements and patterns are treated as formal concepts leading to a security pattern lattice SPL and organized as a concept lattice to generate the security pattern lattice. Within such a model the patterns are categorized using the FCA technique of scaling.

Formal concept analysis: current trends and directions

Formalization of human thinking helps in fostering the process of learning by giving an explicit representation to human thoughts. Formal Concept Analysis (FCA) finds it’s core here. It considers a “concept” as a formal unit of human thought. A concept is represented as a set of inter related objects called the extent and the set of the properties of these objects, called the intent. Making use of the mathematical principles of Lattice Theory and Map Theory of Abstract Algebra, a set of tools and algorithms have been developed in FCA. These helps us to analyze and represent any context as a relation between it’s extent and intent. Concepts drawn from the subsets of the extent and intent can be organized in the form of a lattice giving a subsumption hierarchy. Such concept lattices could be maintained by different operations on the lattice like scaling, pruning, navigating etc. A host of applications and software have been developed over the years which serves the usage of FCA tools and processes for specific purposes in various fields. This paper reviews the theoretical foundation, research and applications of FCA in different areas. The paper projects current trends in FCA and concludes with a discussion on open issues and limitations of FCA.

A New Trust Model Based on Time Series Prediction and Markov Model

In this paper, we propose a new statistical predictive model of Trust based on the well-known methodologies of the Markov model and Local Learning technique. Repeatedly appearing similar subsequences in the trust time series constructed from history of direct interactions or recommended trust values collected from intermediaries over a sequence of time slots are clustered into regime. Each regime is learnt by a local model called as local expert. The time series is then modeled as a coarse-grain transition network of regimes by using a Markov process and value of the trust at any future time is predicted by selecting the local expert with the help of the Markov matrix.

A New Trust Model Based on Social Characteristics and Reputation Mechanisms Using Best Local Prediction Selection Approach

In this paper we propose a new context-aware model for calculation of direct and reputation-based trust. We propose a categorization of intermediaries based on characteristics of social trust relations. This categorization provides wider sources of information to be considered for calculation of new trust value. After converting the reputation values into a time series, it is embedded in a state space using delayed coordinate embedding. Then a technique of prediction of trust value in current time point and in a given context using statistical method of local model selection based on a consistency criterion is proposed. We claim that prediction based on only the recent values of trust will be more accurate and reliable than using the entire past history.

A new trust model using Hidden Markov Model based mixture of experts

In service-oriented computing, selection of an appropriate web service is a challenging problem. The more services are available, the more difficult is the service selection. Trust and reputation mechanisms have been used to filter good services from bad ones. Trust and reputation system of web services can often be modeled as a multi-agent system where agents are used to manage and reason about trust and reputation on behalf of their users providing or consuming services. In this paper, we propose a trust establishment framework for such a system based on direct experience and recommended trust. While making trust based decision of accessing a web service from a service provider, the value of the trust on which the decision is based is predicted from the direct trust values in the past. If the direct trust values in the past are not available, a recommended trust value is established by mixing the opinions obtained from a number of so-called “experts”. These experts are trained to learn regions of different volatilities in a time series constructed from the recommended trust values. The dynamics between the experts and the mixing weights are obtained using a coarse-grain Hidden Markov Model.

SERENITY in e-Business and Smart Item Scenarios

SERENITY Artefacts, like Class, Patterns, Implementations and Executable Components for Security & Dependability (S&D) in addition to Serenity Runtime Framework (SRF) are discussed in previous chapters. How to integrate these artefacts with applications in Serenity approach is discussed here with two scenarios. The e-Business scenario is a standard loan origination process in a bank. The Smart Item scenario is an Ambient intelligence case study where we take advantage of Smart Items to provide an electronic healthcare infrastructure for remote healthcare assistance. In both cases, we detail how the prototype implementations of the scenarios select proper executable components through Serenity Runtime Framework and then demonstrate how these executable components of the S&D Patterns are deployed.

Synchronization of Authorization Flow with Work Object Flow in a Document Production Workflow Using XACML and BPEL

The issue of synchronization of authorization flow with work object flow in a document production workflow environment is presented and discussed in this paper. We have shown how a work object flow is synchronized with the authorization flow using a central arbiter in Web service paradigms. The co-ordination of Web services is done using WS-BPEL which supports orchestration and XACML provides authorization for Web services. The synchronization is achieved by exploiting the obligation provisions in XACML.

Signature replacement attack and its counter-measures

2-tuple Digital Signature scheme has two elements: a message and a signature. A tempered message can be verified by the decryption of the message digest, encrypted by the secret key of the signer, with the help of its corresponding public key. On the contrary, if the signature element is replaced then it cannot be verified. This is termed as signature replacement attack hitherto not discussed in the literature. In case of signature replacement attack, proof of origin is compromised. In this paper this attack is brought into focus for the first time. A solution for digital signature, resilient to signature replacement attack, is also proposed, where a trusted central arbiter is used as an in-line TTP. However, the central arbiter becomes the main bottleneck of performance. The problem is equally true for XML signature scheme used in Web service security today. This paper also proposes a solution with a BPEL process which acts as a central arbiter in the proposed special protocol.

Game-Theoretic Method for Selection of Trustworthy Cloud Service Providers

In spite of lucrative features, customers are still afraid of deploying their business in the Cloud. The main hindrance in the acceptance of cloud computing is lack of trust on Cloud service providers by promising customers. This paper introduces a game-theoretic technique for selection of a trustworthy Cloud service provider in strategic and extensive-form games. Potential Cloud service providers as well as consumers are assumed as the two rational players, whose actions are measured in terms of ordinal payoffs. We then solved those games based on game theory solution concepts. The solutions are demonstrated in this paper through experiment.

Reputation-Based Trust for Selection of Trustworthy Cloud Service Providers

In cloud computing—an emerging paradigm, the challenges of trust management are the prime issue. Inadequate security assertion, loss of asset control, and transparency compel enterprise to question cloud services. Cloud environment being dynamic and transient, establishment of trust becomes a necessity. In this paper, we present a reputation-based trust management architecture for cloud computing. In the proposed framework, the selection of trustworthy Cloud Service Provider is made on the basis of direct, indirect, and transitive trust values. History of reputation rating is used as weight to calculate the trust values. The effectiveness of our approach is demonstrated with experimental results.