In this paper we describe architecture and implementation of a Probabilistic Agent-Based Intrusion Detection (PAID) system. The PAID system has a cooperative agent architecture. Autonomous agents can perform specific intrusion detection tasks (e.g., identify IP-spoofing attacks) and also collaborate with other agents. The main contributions of our work are the following: our model allows agents to share their beliefs, i.e., the probability distribution of an event occurrence. Agents are capable to perform soft-evidential update, thus providing a continuous scale for intrusion detection. We propose methods for modelling errors and resolving conflicts among beliefs. Finally, we have implemented a proofof-concept prototype of PAID. ª
No abstract
Abstract. Enterprise Rights Management (ERM) systems aim to protect disseminated data even after it has been sent to remote locations. Existing systems are based on common components, have similar functionalities and often have two shortcomings: a centralised architecture and a lack of concern for the trust and privacy of data recipients. To access the data, recipients must present their credentials to a policy evaluation authority, which they cannot choose and may not trust. Furthermore, recipients may be unable to access the data if their connection is intermittent or if they are off-line. To address these limitations, we propose PAES: a Policy-based Authority Evaluation Scheme, which combines data protection with a distributed policy evaluation protocol. The result allows us to implement the sticky policies paradigm in combination with trust management techniques. This permits distributing policy evaluation over a flexible set of authorities, simultaneously increasing the resilience of policy enforcement.
Crisis management requires rapid sharing of data among organizations responding to the crisis. Existing crisis management practices rely on ad hoc or centralized data sharing based on agreements written in natural language. The ambiguity of natural language specifications often leads to errors and can hinder data availability. Therefore, it is desirable to develop automatic data sharing systems. The need to share data during crises presents additional challenges, such as evaluation of security constraints in different administrative domains and in situations with intermittent network connectivity. We compare two different architectural approaches to develop secure data sharing solutions. The first approach assumes reliable network connectivity, while the second approach works in ad hoc networks. We then suggest a unified architecture that caters for both scenarios.
Abstract. Existing ERM/DRM systems and more generally usage control systems aim to control who accesses data and the usage data is subject to even after the data has been disseminated to recipients. However, once the data has been used, no control or protection is applied to the information created as result of the usage. We propose a solution to derive protection requirements for derived data that makes use of Multi-Level Security (MLS) labels to associate data with its protection level and usage functions (transformations) with the protection requirements of the data they can derive. Users are also associated with clearance labels according to their roles. Clearance and data labels are used to determine whether a user can access data as in traditional Mandatory Access Control systems, while labels associated with transformations are used to derive labels for derived data. The solution assumes that the amount of sensitive information flowing from the input to the output of a transformation can be deduced from the input data and the transformation itself, so that adequate protection can be associated with the derived output.
In this paper we evaluate security methods for extensible Markup Language (XML) and the Resource Description Framework (RDF). We argue that existing models are insufficient to provide high assurance security for future Web-based applications. We begin with a brief overview of XML access control models, where the protection objects are identified by the XML syntax. However, these approaches are limited to handle updates and structural modifications of the XML documents. We argue that XML security methods must be based on the intended meaning of XML and the semantics of the application using XML. We identify two promising research directions to extend the XML model with semantics. The first approach incorporates traditional database concepts, like key and integrity constraints, in the XML model. The second approach aims to associate XML documents with metadata supporting Web-based applications. We propose the development of security models based on these semantics-oriented approaches to achieve high assurance. Further, we investigate the security needs of Web metadata, like RDF, RDFS, and OWL. In particular, we study the security risks of unwanted inferences and data aggregation, supported by these languages.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.