Data Protection in Transit and at Rest with Leakage Detection

Denis A Ulybyshev (6620474)

15 May 2019

<p>In service-oriented architecture, services can communicate and share data among themselves. This thesis presents a solution that allows detecting several types of data leakages made by authorized insiders to unauthorized services. My solution provides role-based and attribute-based access control for data so that each service can access only those data subsets for which the service is authorized, considering a context and service’s attributes such as security level of the web browser and trust level of service. My approach provides data protection in transit and at rest for both centralized and peer-to-peer service architectures. The methodology ensures confidentiality and integrity of data, including data stored in untrusted cloud. In addition to protecting data against malicious or curious cloud or database administrators, the capability of running a search through encrypted data, using SQL queries, and building analytics over encrypted data is supported. My solution is implemented in the “WAXEDPRUNE” (Web-based Access to Encrypted Data Processing in Untrusted Environments) project, funded by Northrop Grumman Cybersecurity Research Consortium. WAXEDPRUNE methodology is illustrated in this thesis for two use cases, including a Hospital Information System with secure storage and exchange of Electronic Health Records and a Vehicle-to-Everything communication system with secure exchange of vehicle’s and drivers’ data, as well as data on road events and road hazards. </p><p>To help with investigating data leakage incidents in service-oriented architecture, integrity of provenance data needs to be guaranteed. For that purpose, I integrate WAXEDPRUNE with IBM Hyperledger Fabric blockchain network, so that every data access, transfer or update is recorded in a public blockchain ledger, is non-repudiatable and can be verified at any time in the future. The work on this project, called “Blockhub,” is in progress.</p>

Computer System Security

Database Management

Data Privacy

data protection mechanism

role-based access control

attribute-based encryption scheme

Leakage Detection

encrypted search queries

identity management

authentication scheme

blockchain technology application

Kontaktlös flödesmätning med trådlös dataöverföring : Undersökning av kostnadseffektiva system

Svensson, Sonny

January 2017

Målet med undersökningen har varit att undersöka möjligheten att ta fram en kostnadseffektiv lösning för att mäta flöden i slutna rörsystem. Anledningen till att kontaktlösa metoder valts för arbetet är dess egen-skaper att kunna installeras utan att göra ingrepp i ledningarna eller på något sätt påverka det flödande mediet i dessa. Utrustning skall inhand-las och testas i fält. I underökningen ingår det även att ta fram en lämplig metod för att trådlöst överföra insamlat mätdata till valfri IT-miljö och där kunna presentera mätdata på ett översiktligt sätt i ett övervaknings-system samt använda mätdatat till olika statistiska beräkningar. Det hu-vudsakliga applikationsområdet som undersöks är läckageindikering i dricksvattenledningsnät. Anledningen till detta är att många kommuner inte har råd att investera i dyr mätutrustning för övervakning och för dem kan det vara intressant med ett billigt system som är relativt enkelt att installera och implementera i deras befintliga övervakningssystem. Re-sultat av en enkätundersökning som gjorts i samband med undersök-ningen har visat att intresset är stort hos kommunerna, men den visar även att övervakning av vattenledningsnäten med vissa traditionella me-toder kommer att bli svårare i framtiden i och med den stigande andelen plaströr i ledningsnäten. Fälttester av inköpt mätutrustning visar att den skulle kunna implementeras och fungera som flödesövervakning i led-ningsnät. Även fast dess mätnoggrannhet var under det förväntade så vi-sade utrustningen på god linjäritet. / The aim of the survey has been to investigate the possibilities of using a cost-effective solution for measuring flows in closed pipes. Non-intrusive measuring methods are chosen because it’s able to install them without interfering the flow in- or alter- the pipe in any way. Equipment will be purchased and field tested during the time of the survey. The survey also includes investigating suitable methods for wirelessly transmitting col-lected data to an IT-environment, and using measurement data for sur-veillance purposes and various statistical calculations. The main applica-tion area investigated is leakage indication in drinking water pipeline net-works, the reason being that many municipalities can’t afford to invest in expensive measuring equipment and they may be interested in an inex-pensive system that is relatively easy to install and implement in their existing monitoring system. The results of a poll conducted in connection with the survey have shown that there is considerable interest among the municipalities, but it also shows that monitoring of the water supply net-works with traditional methods may become more difficult in the future, the main reason for this seems to be the increasing amount of plastic pipe-lines in the pipeline networks. Field tests of the purchased equipment show that it may be suitable to implement as flow measuring device with the purpose of leakage monitoring, even though its measurement accu-racy was below expected it still shows good linearity.

Non-intrusive flow measuring

ultrasonic

water pipeline net-works

leakage detection

data logger

Kontaktlös flödesmätning

ultraljud

vattendistribution

läck-sökning

datalogger

Annan elektroteknik och elektronik

Model-Checking Infinite-State Systems For Information Flow Security Properties

Raghavendra, K R

12 1900

Information flow properties are away of specifying security properties of systems ,dating back to the work of Goguen and Meseguer in the eighties. In this framework ,a system is modeled as having high-level (or confidential)events as well as low-level (or public) events, and a typical property requires that the high-level events should not “influence ”the occurrence of low-level events. In other words, the sequence of low-level events observed from a system execution should not reveal “too much” information about the high-level events that may have taken place. For example, the trace-based “non-inference” property states that for every trace produced by the system, its projection to low-level events must also be a possible trace of the system. For a system satisfying non-inference, a low-level adversary (who knows the language generated by the system) viewing only the low-level events in any execution cannot infer any in-formation about the occurrence of high-level events in that execution. Other well-known properties include separability, generalized non-interference, non-deducibility of outputs etc. These properties are trace-based. Similarly there is another class of properties based on the structure of the transition system called bisimulation-based information flow properties, defined by Focardiand Gorrieriin1995. In our thesis we study the problem of model-checking the well-known trace-based and bisimulation-based properties for some popular classes of infinite-state system models. We first consider trace-based properties. We define some language-theoretic operations that help to characterize language-inclusion in terms of satisfaction of these properties. This gives us a reduction of the language inclusion problem for a class of system models, say F, to the model-checking problem for F, whenever F, is effectively closed under these language-theoretic operations. We apply this result to show that the model-checking problem for Petri nets, push down systems and for some properties on deterministic push down systems is undecidable. We also consider the class of visibly pushdown systems and show that their model-checking problem is undecidable in general(for some properties).Then we show that for the restricted class of visibly pushdown systems in which all the high (confidential) event are internal, the model-checking problem becomes decidable. Similarly we show that the problem of model-checking bisimulation-based properties is undecidable for Petrinets, pushdown systems and process algebras. Next we consider the problem of detecting information leakage in programs. Here the programs are modeled to have low and high inputs and low outputs. The well known definition of“ non-interference” on programs says that in no execution should the low outputs depend on the high inputs. However this definition was shown to be too strong to be used in practice, with a simple(and considered to be safe)“password-checking” program failing it.“Abstract non-interference(ANI)”and its variants were proposed in the literature to generalize or weaken non-interference. We call these definitions qualitative refinements of non-interference. We study the problem of model-checking many classes of finite-data programs(variables taking values from a bounded domain)for these refinements. We give algorithms and show that this problem is in PSPACE for while, EXPTIME for recursive and EXPSPACE for asynchronous finite-data programs. We finally study different quantitative refinements of non-interference pro-posed in the literature. We first characterize these measures in terms of pre images. These characterizations potentially help designing analysis computing over and under approximations for these measures. Then we investigate the applicability of these measures on standard cryptographic functions.

Information Flow Properties

Computer Security

Computer Access Control

Infinite-State System Models

Trace-based Information Flow Properties

System Models

Petri Nets

Process Algebra - Model Checking

Pushdown Systems - Model Checking

Access Control Models

Computer Science