{"title":"Personalized access control for a personally controlled health record","authors":"Lillian Røstad, Ø. Nytrø","doi":"10.1145/1456508.1456511","DOIUrl":"https://doi.org/10.1145/1456508.1456511","url":null,"abstract":"Access control is a key feature of healthcare systems. Up until recently most healthcare information systems have been local to a healthcare facility and accessible only to clinicians. Currently there is a move towards making health information more accessible to patients. One example is the Personally Controlled Health Record (PCHR) where the patient is in charge of deciding who gets access to the information. In the PCHR the patient is the administrator of access control. While it certainly is possible to create roles representing people most patients would want to share with, like primary physician, it is also likely, and desirable, to afford the patients a high level of control and freedom to be able to create specialized access policies tailored to their personal wishes. We entitle this personalized access control. In this paper we present a semi-formal model for how we believe personalized access control may be realized. The model draws on and combines properties and concepts of both Role-Based Access Control (RBAC) and Discretionary Access Control (DAC) to achieve the desired properties. Throughout the paper we use the PCHR as a motivating example and to explain our reasoning and practical use of the model.","PeriodicalId":121387,"journal":{"name":"Workshop on Computer Security Architecture","volume":"472 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116413794","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"An access control reference architecture","authors":"A. Jerbi, E. Hadar, C. Gates, Dmitry Grebenev","doi":"10.1145/1456508.1456513","DOIUrl":"https://doi.org/10.1145/1456508.1456513","url":null,"abstract":"System administrators typically have unrestricted access to all files and programs on a system, with no enforced principle of least privilege. Additionally, this unrestricted access causes challenges for audit as many different users might have superuser access and the audit trail may not distinguish between the actual users, recording instead all access as being by \"superuser\". These two issues result in further concerns regarding compliance for those organizations subject to government regulations (such as Sarbanes-Oxley in the United States). In this paper we present a reference architecture for an access control mechanism that addresses this issue by focusing specifically on the control and audit of system administrators. This reference architecture has been implemented and widely deployed. We describe some of its capabilities through a case study.","PeriodicalId":121387,"journal":{"name":"Workshop on Computer Security Architecture","volume":"65 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115525537","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Ellick Chan, Carl A. Gunter, Sonia Jahid, Evgeni Peryshkin, Daniel Rebolledo
{"title":"Using rhythmic nonces for puzzle-based DoS resistance","authors":"Ellick Chan, Carl A. Gunter, Sonia Jahid, Evgeni Peryshkin, Daniel Rebolledo","doi":"10.1145/1456508.1456518","DOIUrl":"https://doi.org/10.1145/1456508.1456518","url":null,"abstract":"To protect against replay attacks, many Internet protocols rely on nonces to guarantee freshness. In practice, the server generates these nonces during the initial handshake, but if the server is under attack, resources consumed by managing certain protocols can lead to DoS vulnerabilities. To help alleviate this problem, we propose the concept of rhythmic nonces, a cryptographic tool that allows servers to measure request freshness with minimal bookkeeping costs. We explore the impact of this service in the context of a puzzle-based DoS resistance scheme we call \"SYN puzzles\". Our preliminary results based on mathematical analysis and evaluation of a prototype suggests that our scheme is more resistant than existing techniques.","PeriodicalId":121387,"journal":{"name":"Workshop on Computer Security Architecture","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116451555","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Asynchronous policy evaluation and enforcement","authors":"Matthew Burnside, A. Keromytis","doi":"10.1145/1456508.1456517","DOIUrl":"https://doi.org/10.1145/1456508.1456517","url":null,"abstract":"Evaluating and enforcing policies in large-scale networks is one of the most challenging and significant problems facing the network security community today. Current solutions are limited by an out-of-date allow/deny paradigm, and policies are evaluated synchronously and independently at each service. This makes it difficult to detect or defend against multi-stage attacks, or attacks which begin as innocent requests and then later exhibit malicious behavior in the same context. In this paper we describe Arachne, a prototype for asynchronous policy evaluation. We evaluate the system by testing it against pre-recorded traffic containing known and unknown attacks and show that it is capable of processing events at more than 10x the required rate for a deployed, heavily-used network.","PeriodicalId":121387,"journal":{"name":"Workshop on Computer Security Architecture","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128676981","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Beacon certificate push revocation","authors":"Jon A. Solworth","doi":"10.1145/1456508.1456519","DOIUrl":"https://doi.org/10.1145/1456508.1456519","url":null,"abstract":"Authentication information is best localized. Local sources of authentication information are better able to physically identify users, provide authoritative information on them, adequately protect authentication information and infrastructure, and ato provide high quality authentication at an affordable cost.\u0000 We consider here the problem of public key authentication using a potentially large number of local Certificate Authorities (CAs). The information provided by these CAs is federated together to create a large-scale distributed authentication base. One of the key problems in doing so is certificate revocation. Efficient mechanisms are described for certificate revocation when there are many CAs and we provide some measures on their efficiency.","PeriodicalId":121387,"journal":{"name":"Workshop on Computer Security Architecture","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131110228","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
J. Kong, O. Aciiçmez, Jean-Pierre Seifert, Huiyang Zhou
{"title":"Deconstructing new cache designs for thwarting software cache-based side channel attacks","authors":"J. Kong, O. Aciiçmez, Jean-Pierre Seifert, Huiyang Zhou","doi":"10.1145/1456508.1456514","DOIUrl":"https://doi.org/10.1145/1456508.1456514","url":null,"abstract":"Software cache-based side channel attacks present a serious tthreat to computer systems. Previously proposed countermeasures were either too costly for practical use or only effective against particular attacks. Thus, a recent work identified cache interferences in general as the root cause and proposed two new cache designs, namely partition-locked cache (PLcache) and random permutation cache(RPcache), to defeat cache-based side channel attacks by eliminating/obfuscating cache interferences. In this paper, we analyze these new cache designs and identify significant vulnerabilities and shortcomings of those new cache designs. We also propose possible solutions and improvements over the original new cache designs to overcome the identified shortcomings.","PeriodicalId":121387,"journal":{"name":"Workshop on Computer Security Architecture","volume":"204 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122430284","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Flexible security configuration for virtual machines","authors":"S. Rueda, Yogesh Sreenivasan, T. Jaeger","doi":"10.1145/1456508.1456515","DOIUrl":"https://doi.org/10.1145/1456508.1456515","url":null,"abstract":"Virtual machines are widely accepted as a promising basis for building secure systems. However, while virtual machines offer effective mechanisms to create isolated environments, mechanisms that offer controlled interaction among VMs are immature. Some VM systems include flexible policy models and some enable MLS enforcement, but the flexible use of policy to control VM interactions has not been developed. In this paper, we propose an architecture that enables administrators to configure virtual machines to satisfy prescribed security goals. We describe the design and implementation of such an architecture using SELinux, Xen and IPsec as the tools to express and enforce policies at the OS, VM and Network layers, respectively. We develop a web application using our architecture and show that we can configure application VMs in such a way that we can verify the enforcement of the security goals of those applications.","PeriodicalId":121387,"journal":{"name":"Workshop on Computer Security Architecture","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133825098","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"A security architecture for transient trust","authors":"C. Irvine, T. Levin, P. Clark, Thuy D. Nguyen","doi":"10.1145/1456508.1456510","DOIUrl":"https://doi.org/10.1145/1456508.1456510","url":null,"abstract":"In extraordinary situations, certain individuals may require access to information for which they are not normally authorized. For example, to facilitate rescue of people trapped inside of a burning building, firefighters may need its detailed floor plan - information that may not typically be accessible to emergency responders. Thus, it is necessary to provide transient trust so that such sensitive information is available to selected individuals only during the emergency. The architecture presented here is designed to support transient trust. It encompasses pre-positioned, updateable domains for use exclusively during emergencies along with a set of \"normal\" domains with different sensitivity levels. Allocated to partitions, these domains are entered via a high integrity trusted path service located in a separate trusted partition. Interaction among subjects in different partitions is controlled by a high assurance separation kernel, and efficient use of devices is achieved through the application of a three-part device model. The resulting architecture enforces mandatory security policies, yet ensures secure and revocable access to a class of information during declared emergencies.","PeriodicalId":121387,"journal":{"name":"Workshop on Computer Security Architecture","volume":"104 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134337775","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Lieven Desmet, W. Joosen, F. Massacci, K. Naliuka, Pieter Philippaerts, F. Piessens, Dries Vanoverberghe
{"title":"A flexible security architecture to support third-party applications on mobile devices","authors":"Lieven Desmet, W. Joosen, F. Massacci, K. Naliuka, Pieter Philippaerts, F. Piessens, Dries Vanoverberghe","doi":"10.1145/1314466.1314470","DOIUrl":"https://doi.org/10.1145/1314466.1314470","url":null,"abstract":"The problem of supporting the secure execution of potentially malicious third-party applications has received a considerable amount of attention in the past decade. In this paper we describe a security architecture for mobile devices that supports the flexible integration of a variety of advanced technologies for such secure execution of applications, including run-time monitoring, static verification and proof-carrying code. The architecture also supports the execution of legacy applications that have not been developed to take advantage of our architecture, though it can provide better performance and additional services for applications that are architecture-aware.The proposed architecture has been implemented on a Windows Mobile device with the .NET Compact Framework. It offers a substantial security benefit compared to the standard (state-of-practice) security architecture of such devices, even for legacy applications.","PeriodicalId":121387,"journal":{"name":"Workshop on Computer Security Architecture","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-11-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121254346","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
J. C. Robinson, W. S. Harrison, N. Hanebutte, P. Oman, J. Alves-Foss
{"title":"Implementing middleware for content filtering and information flow control","authors":"J. C. Robinson, W. S. Harrison, N. Hanebutte, P. Oman, J. Alves-Foss","doi":"10.1145/1314466.1314474","DOIUrl":"https://doi.org/10.1145/1314466.1314474","url":null,"abstract":"This paper discusses the design and implementation of a middleware guard for purposes of content filtering and information flow control in the Multiple Independent Levels of Security (MILS) architecture. The MILS initiative is a joint research effort between academia, industry, and government to develop and implement a high assurance real-time architecture for embedded systems. The MILS architecture incorporates a separation kernel with formal system security policies that are evaluatable, non-bypassable, tamper-proof, and always invoked. Vendor specific high-level applications are assumed to be untrustworthy components; information flow control needs to be performed by middleware entities external to the applications.\u0000 In the MILS architecture, a MILS Message Router and guards are placed between communicating entities to act as message content filters and enforce information flow control. As the MILS architecture does not restrict the protocols that can be employed for communications between applications, a distinct guard is needed for filtering messages within each protocol. Incorporating protocol specific guards in MILS embedded systems aids in the formal certification of those systems or the high-assurance safety critical formally-proven applications. The guards enable formally-proven security policies that guarantee information flow control, data isolation, predictable process control, damage limitation, and resource availability. An example is provided using a multi-level secure file server that uses a GIOP guard for fine-grained access control. The inclusion of a GIOP guard reduces the complexity and the effort necessary for system certification.","PeriodicalId":121387,"journal":{"name":"Workshop on Computer Security Architecture","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-11-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129688951","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
