Vijay Atluri

Preserving Privacy in Social Networks: A Structure-Aware Approach

Graph structured data can be ubiquitously found in the real world. For example, social networks can easily be represented as graphs where the graph connotes the complex sets of relationships between members of social systems. While their analysis could be beneficial in many aspects, publishing certain types of social networks raises significant privacy concerns. This brings the problem of graph anonymization into sharp focus. Unlike relational data, the true information in graph structured data is encoded within the structure and graph properties. Motivated by this, we propose a structure aware anonymization approach that maximally preserves the structure of the original network as well as its structural properties while anonymizing it. Instead of anonymizing each node one by one independently, our approach treats each partitioned substructural component of the network as one single unit to be anonymized. This maximizes utility while enabling anonymization. We apply our method to both synthetic and real datasets and demonstrate its effectiveness and practical usefulness.

Role engineering: from theory to practice

Role Based Access Control (RBAC) is the de facto standard in access control models, and is widely used in many applications and organizations of all sizes. However, the task of finding an appropriate set of roles, called role engineering, remains the most challenging roadblock to effective deployment. In recent years, this problem has attracted a lot of attention, with several bottom-up approaches being proposed, under the field of role mining. However, most of these theoretical approaches cannot be directly applied to large scale datasets, which is where they are most necessary. Therefore, in this paper, we look at how to make role mining practical and usable for actual deployment. We propose a six steps methodology that makes role mining scalable without sacrificing on utility and is agnostic to the actual role mining technique used. The experimental evaluation validates the viability of our approach.

A meta model for access control: why is it needed and is it even possible to achieve?

Security policy enforcement is instrumental in preventing the unauthorized disclosure of sensitive data, protecting the integrity of vital data, mitigating the likelihood of fraud, and ultimately enabling the secure sharing of information. In accessing a given resource, policy may dictate, for example that a user has a need-to-know, is appropriately cleared, is competent, has not already performed a different operation on the same resource, the resource was previously accessed by a different user, is incapable of accessing other enterprise resources, or is capable of accessing an object or any copy of the object while performing a specific task. Currently, there exist a rich set of formal security models that can translate organizational policies. A small sample of well documented policies include, avors of Discretionary Access Control (DAC), Mandatory Access Control (MAC), Role-Based Access Control (RBAC), ORCON, Chinese wall, and History-Based Separation of Duty. Enterprise policies that are designed to protect resources are also ad-hoc in nature. As a major component of any operating system or application, access control mechanisms come in a wide variety of forms, each with their individual method for authentication, access control data constructs for specifying and managing policy, and functions for making access control decisions and enforcement of policies. Of the numerous recognized access control policies, todays OSs rigidly limit enforcement to a small subset of known policies. Policies are also routinely accommodated through the implementation of access control mechanisms within applications. Prominent among these applications are database management systems, but these applications can also include a number of smaller applications such as enterprise calendars, time and attendance, and workflow management. Essentially, any application that requires a users authentication, typically also affords an independent access control service. Not only do these applications further aggravate identity and privilege management problems, applications can also undermine policy enforcement objectives. For instance, although a file management system may narrowly restrict user access to a specific file, chances are the content of that file can be copied to an attachment or a message and mailed to anyone in the organization, or for that matter, the world. In consideration of these issues an important question is raised - does a Meta model exist that can serve as a unifying framework for specifying and comprehensively enforcing any access control policy? Some may argue that convergence towards a Meta model is already underway. For example, RBAC, and XACML have been shown effective in their specification and enforcement of access control policies and have been applied in providing interoperable protection. Is RBAC fundamental to access control and can it eventually be extended and tinkered with to accommodate any policy? RBAC has already been shown to be able to be configured to enforce both DAC and MLS. And, since RBAC was formally proposed in the early and mid 90s a large number of extensions to the RBAC model have been proposed to accommodate a wide variety of policy issues and applications. The question here is - are these extensions getting closer to a Meta model or are we making it up as we go along. At SACMAT 2005, NIST had proposed an access control framework, referred to as the Policy Machine (PM) that has been shown to accommodate a wide variety of access control policies including DAC, MAC, and RBAC. Since that publication the PM has been refined and to demonstrate its viability in specifying and enforcing a wide variety of attribute-based policies, NIST has developed a reference implementation. However, some have suggested that the basic relations of the PM are similar to that of RBAC and that its other policy appeasing relations and functions could be applied in extending the RBAC model. In addressing the interoperability problem and the policy exibility problem the XACML policy specification language has been growing in recognition and its use. Can this approach to access control be adopted or can it evolve as the Meta model? XACMLs current focus is on providing access control that is interoperable among applications. As currently specified and applied XACML has does not deal with all types of objects, for example files in an operating system. It is not comprehensive (e.g., It would not prevent the leakage of a sensitive object to an unauthorized principle through copying and past to an email message that could be sent to anyone in the world). In addition to discussions related to the above technologies, this panel will address two fundament questions. What practical good can the existence of a Meta Model Provide? And, is it even possible for a Meta model to be developed given the large diversity and types of access control policies?

EDI through a distributed information systems approach

The model of electronic commerce envisions the ability to send large quantities of business transactions electronically to a large number of sometimes anonymous parties. The EDI standards ANSI X12 and EDIFACT provide a framework for formatting a given EDI message, called an EDI transaction. Although the EDI paradigm provides an obvious improvement over the paper world, it suffers from several problems, a major one being lack of flexibility. Introducing a new EDI transaction or making a simple change to an existing transaction is complex, tedious and time-consuming, as it has to be first approved by the ANSI ASC X12 committee and requires updating of the EDI translation software. In this paper, we propose a simple and straightforward approach, based on distributed database concepts, that can eliminate the tedious process of standardization. EDI messages are exchanged through database transactions via a database-to-database communication rather than application-to-application. The most significant outcome of this approach is that EDI is transformed from an electronic analog of a business process in the paper world to a process supporting electronic commerce.

Research Advances in Database and Information Systems Security

List of Figures. List of Tables. Preface. Contributing Authors. Part I: Intrusion Detection. 1. Intrusion Confinement by Isolation in Information Systems P. Liu, et al. 2. Analyzing the Performance of Program Behavior Profiling for Intrusion Detection A.K. Ghosh, A. Schwartzbard. 3. Integrating Data Mining Techniques with Intrusion Detection Methods R. Mukkamala, et al. Part II: Role-Based Access Control. 4. RBAC on the Web by Secure Cookies J.S. Park, et al. 5. eMEDAC: Role-based Access Control Supporting Discretionary and Mandatory Features I. Mavridis, et al. 6. Software Agents for Role Based Security S. Demurjian, et al. Part III: Critical Infrastructure Protection Panel. 7. Selected Topics in Infrastructure and Information Assurance W.V. Maconachu, et al. Part IV: Policy/Modeling. 8. A Secret Splitting Method for Assuring the Confidentiality of Electronic Records A.P.-J. Ho. 9. For Unknown Secrecies Refusal is Better than Lying J. Biskup. Part V: Workflow Systems. 10. Extending The BFA Workflow Authorization Model to Express Weighted Voting S. Kandala, R. Sandhu. 11. A Strategy for an MLS Workflow Management System M.H. Kang, et al. Part VI: Data Mining/Data Warehousing. 12. Impact of Decision-Region Based Classification Mining Algorithms on Database Security T. Johnsten, V.V. Raghavan. 13. Protecting Against Data Mining through Samples C. Clifton. 14. Security Administration for Federations, Warehouses, and other Derived Data A. Rosenthal, et al. Part VII: Intrusion Detection Panel. 15. Panel on Intrusion Detection TC Ting, et al. Part VIII: Multilevel Security. 16. Enforcing Integrity While Maintaining Secrecy D.G. Marks. Part IX: Temporal Authorization Models. 18. Temporal Authorization in the Simplified Event Calculus S. Barker. 19. Specifying and Computing Hierarchies of Temporal Authorizations E. Bertino, et al. Part X: Object-Oriented Databases. 20. The Security Problem against Inference Attacks on Object-Oriented Databases Y. Ishihara, et al. 21. A Logical Formalization for Specifying Authorizations in Object-Oriented Databases Y. Bai, V. Varadharajan. Index.

Policy Mining: A Bottom-Up Approach toward a Model Based Firewall Management

Todays enterprises rely entirely on their information systems, usually connected to the internet. Network access control, mainly ensured by firewalls, has become a paramount necessity. Still, the management of manually configured firewall rules is complex, error prone, and costly for large networks. The use of high abstract models such as role based access control RBAC has proved to be very efficient in the definition and management of access control policies. The recent interest in role mining which is the bottom-up approach for automatic RBAC configuration from the already deployed authorizations is likely to further promote the development of this model. Recently, an extension of RBAC adapted to the specificities of network access control, which we refer to as NS-RBAC model, has been proposed. However, no effort has been made to extend the bottom-up approach to configure this model. In this paper, we propose an extension of role mining techniques to facilitate the adoption of a model based framework in the management of network access control. We present policy mining, a bottom-up approach that extracts instances of the NS-RBAC model from the deployed rules on a firewall. We provide a generic algorithm that could adapt most of the existing role mining solutions to the NS-RBAC model. We illustrate the feasibility of our solution by experimentations on real and synthetic data.

Resource sharing using UICDS™ framework for incident management

Purpose – Pertinent information sharing across various government agencies, as well as non‐governmental and private organizations, is essential to assess the incident situation, identify the needed resources for emergency response and generate response plans. However, each agency may have incident management systems of its choice with valuable information in its own format, posing difficulty in effective information sharing. Application‐to‐application sharing cross agency boundaries will significantly reduce human efforts and delay in emergency response. Information sharing from disparate systems and organizations, however, requires solving of the interoperability issue. The purpose of this paper is to present the UICDS™‐based resource sharing framework as a step toward addressing the afore‐mentioned challenges.Design/methodology/approach – A prototype middleware system is developed using a standards‐based information sharing infrastructure called UICDS™ (Unified Incident Command and Decision Support™), a...

UICDS-based information sharing among emergency response application systems

The essential requirements of effective emergency management and response include pertinent information sharing across various government agencies as well as non-governmental and private organizations to assess the situation, identify the needed resources for emergency response and generate response plans. Interoperability is a key requirement for information sharing from disparate systems and organizations, such as the case in emergency response. In this demo, we present the capabilities and features of application to application level information sharing among different incident management systems via DHS-initiated information sharing platform called UICDS (Unified Incident Command and Decision Support).

Panel on role engineering

Due to its exibility, ease of administration and intuitiveness, role-based access control (RBAC) is now part of most operating systems and application software. As a result of its commercial success, it has become a standard to implementing access control in many of todays organizations. However, deploying RBAC requires one to first identify an accurate and complete set of roles, and assign users to roles and permissions to roles. This process, known as role engineering [3], has been identified as one of the costliest components in realizing RBAC [7]. Although the problem of role engineering has been studied since early nineties, a recent surge in interest can be seen equally from academic and industry communities. The primary focus of this panel is to have an in-depth discussion of this problem along several dimensions. The panelists, drawn from both academia and industry, include Gail Ahn (University of North Carolina, Charlotte), Vijay Atluri (Rutgers University), Edward Coyne (Science Applications International Corporation), William Horne (Hewlett-Packard), Axel Kern (Beta Systems), Sylvia Osborn (University of Western Ontario) and Andreas Schaad (SAP Labs), who are experts in role engineering. The first dimension of discussions will be on the different means of approaching the role engineering problem, which basically include top-down and bottom-up approaches. Under the top-down approach, roles are defined by carefully analyzing and decomposing business processes into smaller units in a functionally independent manner. These functional units are then associated with permissions on information systems. Coyne [3] is the first to describe the role engineering problem, and to present the concepts of the top-down approach. Later, several top-down approaches have been proposed [6, 1, 12, 14, 15, 11, 5, 8, 2]. In contrast, the bottom-up approach utilizes the existing permission assignments to formulate roles. Recently, several solutions have been proposed in this direction [9, 13, 18, 16, 17, 4, 10]. It may also be advantageous to use a hybrid approach, which is a mixture of the top-down and the bottom-up approaches. The focus of the discussion will be on the pragmatics of applying these classes of solutions in real world situations. Another dimension of discussion will be on the past experiences and current practices employed by organizations in dealing with the role engineering problem, as well as on the opinions of the panelists on the expected practices in future. Yet another dimension is to tackle this problem from a formal perspective and examine the different variants of the problem. These include devising a minimal but complete and good set of roles, minimal number of user-to-role and role-permission assignments, weaker notions of devising minimal roles [16], and the like. The discussions include formal versus practical solutions, their limitations and issues needing further investigation.

PEER: A Framework for Public Engagement in Emergency Response

While government agencies, NGOs, and even commercial entities immediately swing into action to help out, in the case of large disasters, one of the biggest resources-citizens themselves-are underutilized. The rise of social media creates an opportunity for the citizen participation for disaster response management. By harnessing the power of citizen crowdsourcing, the government can have enhanced disaster situation awareness and utilize resources provided by citizen volunteers, resulting in more effective disaster responses. In this paper, the prototype Public Engagement in Emergency Response PEER framework is presented. It provides a comprehensive online and mobile crowdsourcing platform for situation reporting and resource volunteering. Events are described that transpired in the aftermath of superstorm Sandy, which demonstrate the benefits of using the PEER framework in a major disaster situation. Also described is how it can alleviate some of the issues associated with the crowdsourcing responses such as fraud.