Security policy enforcement in application environments using distributed script-based control structures

Fischer-Hellmann, Klaus-Peter

January 2007

Business processes involving several partners in different organisations impose demanding requirements on procedures for specification, execution and maintenance. A framework referred to as business process management (BPM) has evolved for this purpose over the last ten years. Other approaches, such as service-oriented architecture (SOA) or the concept of virtual organisations (VOs), assist in the definition of architectures and procedures for modelling and execution of so-called collaborative business processes (CBPs). Methods for the specification of business processes play a central role in this context, and, several standards have emerged for this purpose. Among these, Web Services Business Process Execution Language (WS-BPEL, usually abbreviated BPEL) has evolved to become the de facto standard for business process definition. As such, this language has been selected as the foundation for the research in this thesis. Having a broadly accepted standard would principally allow the specification of business processes in a platform-independent manner, including the capability to specify them at one location and have them executed at others (possibly spread across different organisations). Though technically feasible, this approach has significant security implications, particularly on the side that is to execute a process. The research project focused upon these security issues arising when business processes are specified and executed in a distributed manner. The central goal has been the development of methods to cope with the security issues arising when BPEL as a standard is deployed in such a way exploiting the significant aspect of a standard to be platform-independent The research devised novel methods for specifying security policies in such a manner that the assessment of compliance with these policies is greatly facilitated such that the assessment becomes suited to be performed automatically. An analysis of the securityrelevant semantics of BPEL as a specification language was conducted that resulted in the identification of so-called security-relevant semantic patterns. Based on these results, methods to specify security policy-implied restrictions in terms of such semantic patterns and to assess the compliance of BPEL scripts with these policies have been developed. These methods are particularly suited for assessment of remotely defined BPEL scripts since they allow for pre-execution enforcement of local security policies thereby mitigating or even removing the security implications involved in distributed definition and execution of business processes. As initially envisaged, these methods are comparatively easy to apply, as they are based on technologies customary for practitioners in this field. The viability of the methods proposed for automatic compliance assessment has been proven via a prototypic implementation of the essential functionality required for proof-of-concept.

658.478

A socio-organizational approach to information systems security management in the context of internet banking

Koskosas, Ioannis Vasileios

January 2004

This thesis takes a social and organizational point of view for studying information systems security in the context of internet banking. While the internet provides opportunities for businesses to extend their public network infrastructure, reduce transaction costs, and sell a wide range of products and services worldwide, security threats impede the business. Although, a number of valuable information systems security approaches have been developed through the years they tend to offer narrow, technically oriented solutions and they ignore the social aspects of risks and the informal structures of organizations. To this end, there is an emphasis in the literature to adopt a socio-organizational approach to information systems security (ISs) management. This thesis is based on the assumption that information systems security in the context of internet banking can be efficiently investigated and understood through a systematic and comprehensive study of various social organizational aspects in the goal setting context. To this end, the thesis presents a novel approach to the management of information systems security based on the use of the performance pyramid model. Using previous research in the social organizational literature this work examines the interrelationship of trust, culture, and risk communication and their possible effect on the level of goal setting within the context of information systems security management with a focus on internet banking. It explores and discusses the process of goal setting in the context of risk management. Based on the proposed performance pyramid model this research identifies the determinants of trust, culture, and risk communication as well as the determinants of goal commitment at macro level. The thesis contributes to interpretive information systems research with the in-depth analysis and study of the social organizational concepts in a security management context and its grounding within an interpretive epistemology. It emphasises the importance and interrelationship between different socio-organizational aspects of goal setting theory and demonstrates the values of each aspect in the information systems security domain thus contributing to a rich insight in the particular empirical research context.

658.478

Communicative action in information security systems : an application of social theory in a technical domain

Drake, Paul David

January 2005

This thesis is about grounding an increasingly common practice in an established theory where no explicit theory currently exists. The common practice that is the subject of this study is information security. It is commonly held that information security means maintaining the confidentiality, integrity (accuracy) and availability of information. It seems that a whole industry has built up with tools, techniques and consultants to help organisations achieve a successful information security practice. There is even a British Standard containing around 130 controls, and a management system to guide organisations and practitioners. In the absence of many alternatives this British Standard has grown into something of a requirement for organisations who are concerned about the security of their information. The British Standard was developed almost entirely through the collaboration of some powerful blue-chip organisations. These organisations compared their practices and found some key areas of commonality. These common areas became the foundation of many information security practices today. Although there has been considerable evolutionary change the fundamentals, and not least the principles of confidentiality, integrity and availability, remain largely the same. It is argued in this thesis that the absence of a theoretical grounding has left the domain as weak and unable to cope with the rapidly developing area of information security. It is also argued that there was far too little consideration of human issues when the standard was devised and that situation has worsened recently with greater reliance on information security driven by more threats of increasing complexity, and more restrictive controls being implemented to counteract those threats. This thesis aims to pull human issues into the domain of information security: a domain which is currently dominated by non-social and practical paradigms. The key contribution of this thesis is therefore to provide a new model around which information security practices can be evaluated. This new model has a strong and established theoretical basis. The theory selected to underpin the new model is in the broad domain of critical social theory.

658.478

Business

Hardware level countermeasures against differential power analysis

Baddam, Karthik

January 2012

Hardware implementations of mathematically secure algorithms unintentionally leak side channel information, that can be used to attack the device. Such attacks, known as side channel attacks, are becoming an increasingly important aspect of designing security systems. In this thesis, power analysis attacks are discussed along with existing countermeasures. In the first part of the thesis, the theory and practice of side-channel attacks is introduced. In particular, it is shown that plain implementations of block ciphers are highly susceptible to power-analysis attacks. Dual rail precharge (DRP) circuits have already been proposed as an effective countermeasure against power analysis attacks. DRP circuits suffer from an implementation problem; balancing the routing capacitance of differential signals. In this thesis we propose a new countermeasure, path switching, to address the routing problem in DRP circuits which has very low overheads compared to existing methods. The proposed countermeasure is tested with simulations and experimentally on an FPGA board. Results from these tests show a minimum of 75 times increase in the power traces required for a first order DPA attack. Some of the existing countermeasures to address the routing problem in DRP circuits do not consider coupling capacitance between differential signals. In this thesis we propose a new method, divided backend duplication that effectively addresses balanced the routing problem of DRP circuits. The proposed countermeasure is tested with simulations and results show a minimum of 300 times increase in the power traces required for a first order DPA attack. Randomisation as a DPA countermeasure is also explored. It is found that randomising the power consumption of the cryptographic device itself has little impact on DPA. Randomising the occurrence of intermediate results, on which DPA relies on, has better effect at mitigating DPA.

658.478

Gestion de la sécurité dans une infrastructure de services dynamique : Une approche par gestion des risques / Security management in a dynamic services' infrastructure : A risk management approach

Bou Nassar, Pascal

21 December 2012

Les changements de contexte économiques imposent de nouvelles stratégies organisationnelles aux entreprises : recentrages métier et développement de stratégies de collaboration interentreprises. Ces tendances du marché laissent prévoir une croissance exponentielle d’écosystèmes de service accessibles à la fois aux clients finaux et aux partenaires. Tout laisse prévoir que ces écosystèmes s’appuieront largement sur les architectures orientées services permettant de construire des systèmes d’information capable d’avoir l’agilité requise et de supporter l’interconnexion des processus métier collaboratifs en composant dynamiquement les processus à partir de services distribués. Ce type d’architecture qui permet d’assurer l’alignement du système d’information sur les besoins métier de l’entreprise, rend indispensable la prise en compte des contraintes de sécurité tant au niveau individuel des services qu’au niveau de la composition. Dans un environnement de services distribués et dynamiques, la sécurité ne doit pas se limiter à fournir des solutions technologiques mais à trouver une stratégie de sécurité prenant en compte les dimensions métier, organisationnelle et technologique. En outre, la sécurité doit être appréhendée comme un processus continu qui vise l’optimisation des investissements de sécurité et assure la pérennité des mesures de sécurité mises en œuvre. Or les modèles et architectures de référence du domaine des services ont sous-estimé la définition des besoins en termes de sécurité, les biens à protéger et l’identification des risques pesant sur ces biens. Pour cela, nous proposons d’aborder la problématique de la sécurité par une approche de gestion des risques permettant d’identifier les différents types de risques et de proposer les mesures de sécurité les plus adéquates au contexte. Toutefois, la gestion des risques s’avère un vrai défi dans un environnement ouvert de services collaboratifs. En effet, les méthodes de gestion des risques développées dans le cadre des systèmes d’information ne répondent pas aux exigences de sécurité dans un environnement ouvert et ne sont pas adaptées aux environnements dynamiques. Pour pallier ces limites, nous proposons un cadre méthodologique de gestion de la sécurité portant sur les phases préparation, conception, exécution et supervision du cycle de vie des services. Nous proposons un modèle de services sécurisés permettant de définir des patrons de sécurité, un modèle de classification des biens à protéger et une ontologie pour définir les concepts associés à ces biens. En outre, nous développons une méthodologie de conception d’une architecture orientée services sécurisée puis abordons la construction de processus métier sécurisés avant de proposer un service de gestion des vulnérabilités de l’infrastructure. / Changes in economic environment impose new organizational strategies to companies: refocusing business and creating collaboration strategies. These trends point to an exponential growth of service ecosystems accessible to both end users and partners. All foreshadows that these ecosystems rely heavily on service-oriented architectures that can build information systems having the required agility and supporting the interconnection of collaborative business processes by composing processes dynamically from distributed services. This type of architecture that ensures business and information systems alignment, makes it essential to take into account security constraints at the services’ and the composition’s levels. In a distributed and dynamic services’ environment, security should not be limited to providing technological solutions but to find a security strategy taking into account the business, organizational and technological dimensions. Besides, the security must be considered as an ongoing process that aims to optimize security investments and ensures the sustainability of implemented security measures. However, the models and reference architectures in the services’ domain have underestimated the definition of security requirements, assets to protect and the identification of risks to those assets. Therefore, we propose to address the security management issues by a risk management approach to identify the different types of risks and propose the most appropriate security measures to the context. Nevertheless, risk management is a real challenge in an open collaborative services’ environment. The methods of risk management developed in the context of information systems do not meet the security requirements in an open environment and are not suitable for dynamic environments. To overcome these limitations, we propose a methodological framework for security management covering the phases: preparation, design, execution and supervision of the services’ lifecycle. We propose a model of secure services to identify security patterns, an assets’ classification model and an ontology defining the concepts associated with those assets. Moreover, we develop a methodology for designing secure service oriented architectures, we address the development of secure business processes then we propose a security service for managing and supervising the infrastructure components’ vulnerabilities.

Informatique

Système d'information

Architecture orientée services

Sécurité

Gestion de la sécurité

Gestion des risques

Information Technology

Information system

Service-oriented architecture

Security

Security management

Risk management

658.478 072

Development of an intelligent e-commerce assurance model to promote trust in online shopping environment

Mayayise, Thembekile Olivia

01 1900

Electronic commerce (e-commerce) markets provide benefits for both buyers and sellers; however, because of cyber security risks consumers are reluctant to transact online. Trust in e-commerce is paramount for adoption. Trust as a subject for research has been a term considered in depth by numerous researchers in various fields of study, including psychology and information technology. Various models have been developed in e-commerce to alleviate consumer fears, thus promoting trust in online environments. Third-party web seals and online scanning tools are some of the existing models used in e-commerce environments, but they have some deficiencies, e.g. failure to incorporate compliance, which need to be addressed. This research proposes an e-commerce assurance model for safe online shopping. The machine learning model is called the Page ranking analytical hierarchy process (PRAHP). PRAHP builds complementary strengths of the analytical hierarchy process (AHP) and Page ranking (PR) techniques to evaluate the trustworthiness of web attributes. The attributes that are assessed are Adaptive legislation, Adaptive International Organisation for Standardisation Standards, Availability, Policy and Advanced Security login. The attributes were selected based on the literature reviewed from accredited journals and some of the reputable e-commerce websites. PRAHP’s paradigms were evaluated extensively through detailed experiments on business-to-business, business-to-consumer, cloud-based and general e-commerce websites. The results of the assessments were validated by customer inputs regarding the website. The reliability and robustness of PRAHP was tested by varying the damping factor and the inbound links. In all the experiments, the results revealed that the model provides reliable results to guide customers in making informed purchasing decisions. The research also reveals hidden e-commerce topics that have not received attention, which generates knowledge and opens research questions for future researchers. These ultimately made significant contributions in e-commerce assurance, in areas such as security and compliance through the fusing of AHP and PR, integrated into a decision table for alleviating trustworthiness anxiety in various e-commerce transacting partners, e-commerce platforms and markets. / College of Engineering, Science and Technology / D. Phil. Information Systems

E-commerce

Assurance

Page rank

Compliance

Policy

AHP

Security

658.478

Electronic commerce -- Insurance

Computer crimes -- Prevension

System safety

Processus guidé pour l'identification des exigences de sécurité à partir de l'analyse des risques / Guided process for the identification security requirements from risk analysis

Laoufi, Nabil

20 March 2017

Toute organisation est activée par un flux physique continu et un flux décisionnel qui opèrent de symbiose pour atteindre des objectifs déterminés. Ce qui engendre l’implantation d’un système d’information fiable, opérant avec un contrôle continu et une sécurité maximale, prenant en compte le contexte interne et externe pour garder son rôle opérationnel et stratégique. Compte tenu du niveau d'exposition aux risques et de la dépendance vitale des entreprises vis-à-vis de leurs systèmes d'information, il est crucial de prêter attention aux exigences de sécurité. La réalisation d'un équilibre entre la sécurité et l'efficacité du système d’information est une tâche complexe qui exige au préalable une analyse approfondie du contexte organisationnel. Elle nécessite également l'identification, l'analyse, et la gestion des risques encourus par l’entreprise. Elle nécessite aussi la détermination des exigences de sécurité. Peu d'approches offrent un guidage permettant de dériver les exigences de sécurité à partir des risques encourus. Le but de cette thèse est de concevoir un mécanisme de guidage suggestif qui permet de dériver les exigences de sécurité à partir de l'analyse des risques. Nous proposons, pour cela, une approche fondée sur une ontologie modulaire et un ensemble de règles de correspondance. A cette fin, nous proposons le développement de quatre ontologies et un processus d'alignement entre celles-ci en utilisant des relations sémantiques cohérentes. Le processus de validation se fonde sur une étude de cas et un prototype. / Any organization is enabled by continuous physical flow and decision flow from operating symbiosis to achieve specific objectives. Which generates the implementation of a reliable information system, operating with a continuous control and maximum security, taking in to account the internal and external environment to maintain its operational and strategic role. Given the level of risk exposure and the vital dependence of companies on their information systems, it is crucial to pay attention to security requirements. Achieving a balance between the security and effectiveness of the information system is a complex task requiring an in-depth analysis of the organizational context. It also requires the identification, analysis, and management of the risks incurred by the company. It also requires the determination of security requirements. Few approaches offer guidance to derive security requirements from the risks involved. The aim of this thesis is to design a suggestive guiding mechanism that allows to derive the security requirements from the risk analysis. We propose an approach based on a modular ontology and a set of correspondence rules. To achieve, we propose the development of four ontologies and an alignment process between then using consistent semantic relationships. The validation process is based on a case study and a prototype.

Ontologie

Analyse de risques

Exigences de sécurité

Contexte

Actifs

Règles de correspondance

Safety requirements

Risk Analysis

Ontology

Context

Assets

Correspondance rules

005.8

658.478

658.403 801 1

Internet-based electronic payment systems

Kortekaas, Birgit Friederike

01 January 2002

As today, the traditional payment systems of cash, cheques and credit cards are being supplemented by electronic cheques, electronic credit card-based systems, and token-based systems, online security is of utmost importance and one of the biggest criteria used for evaluating electronic payment systems. Electronic payment systems must guarantee the essential security requirements: confidentiality, privacy, integrity, availability. authentication, non-repudiation as well as anonymity and trust. This paper compares the various payment systems (both traditional and electronic) available today mainly according to their security aspects. Secure processing can be accomplished including access controls and detection techniques, such as, encrypted communication channels, user and/or message authentication, symmetric and asymmetric encryption, digital certificates and firewalls. These effective security measures, which are outlined in detail in this paper, will protect the information and payment systems against security risks that currently threaten the Internet / Computing / M.Sc. (Information Systems)

Internet

Electronic commerce

Electronic payment systems

Authentication

Confidentiality

Identification

Integrity

Privacy

Security

Cryptography

Certificates

Encryption

Digital signatures

Anonymity

Threats

Electronic cash

Electronic cheque

Smart cards

Electronic credit cards

658.478

Internet -- Economic aspects

Internet -- Security measures

Payment

Electronic commerce -- Security measures

Computer networks -- Security measures

Data encryption (Computer science)

Smart cards

Internet-based electronic payment systems

Kortekaas, Birgit Friederike

01 January 2002

As today, the traditional payment systems of cash, cheques and credit cards are being supplemented by electronic cheques, electronic credit card-based systems, and token-based systems, online security is of utmost importance and one of the biggest criteria used for evaluating electronic payment systems. Electronic payment systems must guarantee the essential security requirements: confidentiality, privacy, integrity, availability. authentication, non-repudiation as well as anonymity and trust. This paper compares the various payment systems (both traditional and electronic) available today mainly according to their security aspects. Secure processing can be accomplished including access controls and detection techniques, such as, encrypted communication channels, user and/or message authentication, symmetric and asymmetric encryption, digital certificates and firewalls. These effective security measures, which are outlined in detail in this paper, will protect the information and payment systems against security risks that currently threaten the Internet / Computing / M.Sc. (Information Systems)

Internet

Electronic commerce

Electronic payment systems

Authentication

Confidentiality

Identification

Integrity

Privacy

Security

Cryptography

Certificates

Encryption

Digital signatures

Anonymity

Threats

Electronic cash

Electronic cheque

Smart cards

Electronic credit cards

658.478

Internet -- Economic aspects

Internet -- Security measures

Payment

Electronic commerce -- Security measures

Computer networks -- Security measures

Data encryption (Computer science)

Smart cards