應用剖面導向技術研製網路應用程式之可設定式細緻化存取控管

林經緯, Lin,Ching Wei

Unknown Date

存取控管(Access Control)是網路應用程式(Web Applications)安全防護中的核心課題。貫徹存取控管的程式碼往往必須嵌入到應用系統的各個模組中，具有橫跨(cross-cutting)的特性，卻也因此常常造成系統中反覆出現類似的程式碼以及不同需求的程式碼夾雜不清的現象。所以學界業界紛紛提出了許多可設定式(configurable)的存取控管機制來解決此一問題。但這些機制都著重在一般功能性(function-level)的存取控管，對於較細緻化(fine-grained)的資料存取(data-level)控管，並未提供設定式的控管方式，還是得透過程式化(programmatic)的方式處理，所以仍然有程式橫跨性的問題。 最近興起的剖面導向程式設計(Aspect-Oriented Programming)基於關注分離的原則(Separation of Concerns)，針對像安全橫跨性的需求，倡議在原有的物件或函式模組外，另以剖面作為這些橫跨性需求的模組單位，既可集中開發又可依規則將安全程式碼整合至系統的各個模組。因此本研究將以AOP技術來設計與製作一套可設定式的細緻化存取控管服務與工具。 / Security is attracting more and more concerns in the development of Web applications. However, it is not easy to derive a robust security implementation for Web applications. The principle difficulty in designing security such as access control into an application system is that it is a concern that permeates through all the different modules of a system. As a result, security concerns in an application are often implemented with scattered and tangled code, which is not only error-prone but also makes it difficult to verify its correctness and perform the needed maintenance. Aspect-Oriented Programming (AOP) is a relative new design method that allows a programmer to isolate some of the code that crosscuts his program modules into a separate module, and thus realizes the concept of Separation of Concerns. AOP offers significant advantages to programming over traditional OO techniques in implementing crosscutting concerns such as access control. In this thesis, we define an XML schema for specifying fine-grained access control rules for Web applications in a configuration file and devise an aspect-oriented implementation scheme. Specifically, we develop an aspect synthesis tool that generates concrete access control aspects automatically from access control rules. These aspects, after woven into the base application, will enforce proper access control in a highly modular manner. As a result, we get a configurable implementation of access control that is not only adaptive but also effective.

網路應用程式

宣告式存取控管機制

以角色為基礎之存取控管

資料層次存取控管

剖面導向程式設計

web applications

data-level access control

Role-based access control

MVC

Aspect-oriented programming

Wi-Fi tracking : Fingerprinting attacks and counter-measures / Traçage Wi-Fi : Attaques par prise d'empreinte et contre-mesures

Matte, Célestin

07 December 2017

Le récent développement des appareils portatifs possédant une interface Wi-Fi (smartphones, tablettes et « wearables ») s'accompagne d'une menace sur la vie privée de leurs utilisateurs, et sur la société toute entière. Ces appareils émettent en continu des signaux pouvant être capturés par un attaquant passif, à l'aide de matériel peu coûteux et de connaissances basiques. Ces signaux contiennent un identifiant unique appelé l'adresse MAC. Pour faire face à cette menace, les acteurs du secteur déploient actuellement une contre-mesure sur les appareils récents: le changement aléatoire de l'adresse MAC. Malheureusement, nous montrons que cette mesure, dans son état actuel, n'est pas suffisante pour empêcher le traçage des appareils. Pour cela, nous introduisons plusieurs attaques basées sur le contenu et la répartition temporelle des signaux. En complément, nous étudions les implémentations du changement aléatoire de l'adresse MAC sur des appareils récents, et trouvons un certain nombre de manquements limitant l'efficacité de ces implémentations à prévenir le traçage. En parallèle, nous effectuons deux études de terrain. La première s'attaque au développement des acteurs exploitant les problèmes cités plus haut afin d'installer des systèmes de traçage basés sur le Wi-Fi. Nous listons certaines de ces installations et examinons plusieurs aspects de ces systèmes : leur régulation, les implications en terme de vie privée, les questions de consentement et leur acceptation par le public. La seconde étude concerne la progression du changement aléatoire d'adresse MAC dans la population des appareils. Finalement, nous présentons deux outils : le premier est un système de traçage expérimental développé pour effectuer des tests et sensibiliser le public aux problèmes de vie privée liés à de tels systèmes. Le second estime l'unicité d'un appareil en se basant sur le contenu des signaux qu'il émet, même si leur identifiant est modifié. / The recent spread of everyday-carried Wi-Fi-enabled devices (smartphones, tablets and wearable devices) comes with a privacy threat to their owner, and to society as a whole. These devices continuously emit signals which can be captured by a passive attacker using cheap hardware and basic knowledge. These signals contain a unique identifier, called the MAC address. To mitigate the threat, device vendors are currently deploying a countermeasure on new devices: MAC address randomization. Unfortunately, we show that this mitigation, in its current state, is insufficient to prevent tracking. To do so, we introduce several attacks, based on the content and the timing of emitted signals. In complement, we study implementations of MAC address randomization in some recent devices, and find a number of shortcomings limiting the efficiency of these implementations at preventing device tracking. At the same time, we perform two real-world studies. The first one considers the development of actors exploiting this issue to install Wi-Fi tracking systems. We list some real-world installations and discuss their various aspects, including regulation, privacy implications, consent and public acceptance. The second one deals with the spread of MAC address randomization in the devices population. Finally, we present two tools: an experimental Wi-Fi tracking system for testing and public awareness raising purpose, and a tool estimating the uniqueness of a device based on the content of its emitted signals even if the identifier is randomized.

Télécommunications

Communication sans fil

Réseau WIFI

Adresse MAC - Media Access Control

Vie Privée

Prise d'empreintes

Changement aléatoire d'adresse MAC

Captation d'adresse MAC

Telecommunications

Wireless communication

Privacy protection

Fingerprinting

MAC adress randomization

MAC adress tracking

621.384 507 2

Model-Checking Infinite-State Systems For Information Flow Security Properties

Raghavendra, K R

12 1900

Information flow properties are away of specifying security properties of systems ,dating back to the work of Goguen and Meseguer in the eighties. In this framework ,a system is modeled as having high-level (or confidential)events as well as low-level (or public) events, and a typical property requires that the high-level events should not “influence ”the occurrence of low-level events. In other words, the sequence of low-level events observed from a system execution should not reveal “too much” information about the high-level events that may have taken place. For example, the trace-based “non-inference” property states that for every trace produced by the system, its projection to low-level events must also be a possible trace of the system. For a system satisfying non-inference, a low-level adversary (who knows the language generated by the system) viewing only the low-level events in any execution cannot infer any in-formation about the occurrence of high-level events in that execution. Other well-known properties include separability, generalized non-interference, non-deducibility of outputs etc. These properties are trace-based. Similarly there is another class of properties based on the structure of the transition system called bisimulation-based information flow properties, defined by Focardiand Gorrieriin1995. In our thesis we study the problem of model-checking the well-known trace-based and bisimulation-based properties for some popular classes of infinite-state system models. We first consider trace-based properties. We define some language-theoretic operations that help to characterize language-inclusion in terms of satisfaction of these properties. This gives us a reduction of the language inclusion problem for a class of system models, say F, to the model-checking problem for F, whenever F, is effectively closed under these language-theoretic operations. We apply this result to show that the model-checking problem for Petri nets, push down systems and for some properties on deterministic push down systems is undecidable. We also consider the class of visibly pushdown systems and show that their model-checking problem is undecidable in general(for some properties).Then we show that for the restricted class of visibly pushdown systems in which all the high (confidential) event are internal, the model-checking problem becomes decidable. Similarly we show that the problem of model-checking bisimulation-based properties is undecidable for Petrinets, pushdown systems and process algebras. Next we consider the problem of detecting information leakage in programs. Here the programs are modeled to have low and high inputs and low outputs. The well known definition of“ non-interference” on programs says that in no execution should the low outputs depend on the high inputs. However this definition was shown to be too strong to be used in practice, with a simple(and considered to be safe)“password-checking” program failing it.“Abstract non-interference(ANI)”and its variants were proposed in the literature to generalize or weaken non-interference. We call these definitions qualitative refinements of non-interference. We study the problem of model-checking many classes of finite-data programs(variables taking values from a bounded domain)for these refinements. We give algorithms and show that this problem is in PSPACE for while, EXPTIME for recursive and EXPSPACE for asynchronous finite-data programs. We finally study different quantitative refinements of non-interference pro-posed in the literature. We first characterize these measures in terms of pre images. These characterizations potentially help designing analysis computing over and under approximations for these measures. Then we investigate the applicability of these measures on standard cryptographic functions.

Information Flow Properties

Computer Security

Computer Access Control

Infinite-State System Models

Trace-based Information Flow Properties

System Models

Petri Nets

Process Algebra - Model Checking

Pushdown Systems - Model Checking

Access Control Models

Computer Science

WebLang: A Prototype Modelling Language for Web Applications : A Meta Attack Language based Domain Specific Language for web applications / WebLang: Ett Prototypmodelleringsspråk för Web Applikationer : Ett Meta Attack Language baserat Domän Specifikt Språk för Web Applikationer

af Rolén, Mille, Rahmani, Niloofar

January 2023

This project explores how a Meta Attack Language based Domain Specific Language for web applications can be used to threat model web applications in order to evaluate and improve web application security. Organizations and individuals are targeted by cyberattacks every day where malicious actors could gain access to sensitive information. These malicious actors are also developing new and innovative ways to exploit the many different components of web applications. Web applications are becoming more and more complex and the increasingly complex architecture gives malicious actors more components to target with exploits. In order to develop a secure web application, developers have to know the ins and outs of web application components and web application security. The Meta Attack Language, a framework for developing domain specific languages, was recently developed and has been used to create languages for domains such as Amazon Web Services and smart cars but no language previously existed for web applications. This project presents a prototype web application language delimited to the first vulnerability in the top ten list provided by Open Worldwide Application Security Project (OWASP), which is broken access control, and tests it against the OWASP juice shop, which is an insecure web application developed by OWASP to test new tools. Based on the results it is concluded that the prototype can be used to model web application vulnerabilities but more work needs to be done in order for the language to work on any given web application and vulnerability. / Detta projekt utforskar hur ett Meta Attack Language baserat Domän Specifikt Språk för webbapplikationer kan användas för att hotmodellera samt undersöka och förbättra webbapplikationssäkerhet. Organisationer och individer utsätts dagligen för cyberattacker där en hackare kan få tillgång till känslig information. Dessa hackare utverklar nya och innovativa sätt att utnyttja dem många olika komponenterna som finns i webbapplikationer. Webbapplikationer blir mer och mer komplexa och denna ökande komplexa arkitekturen leder till att det finns mer mål för en hackare att utnyttja. För att utveckla en säker webbapplikation måste utvecklare veta allt som finns om webbapplikations komponenter och webbapplikations säkerhet. Meta Attack Language är ett ramverk för att utveckla nya språk för domäner som till exempel Amazon Web Services och smarta fordon men innan detta existerade inget språk för webbapplikationer. Detta projekt presenterar en webbapplikations språk prototyp som är avgränsad till den första sårbarheten i top tio listan av Open Worldwide Application Security Project (OWASP) vilket är broken access control, och testar den mot OWASP juice shop, vilket är en sårbar webapplikation som utveckalts av OWASP för att testa nya verktyg. Baserat på resultaten dras slutsatsen att prototypen kan användas för att modellera webbapplikations sårbarheter men att det behövs mer arbete för att språket ska fungera på vilken webbapplikation och sårbarhet som helst.

Meta Attack Language

Domain Specific Language

OWASP

Attack Simulations

Cyber Attacks

Threat Modelling

OWASP Juice Shop

Broken Access Control

Meta Attack Language

Domän Specifikt Språk

OWASP

Attack Simuleringar

Cyber Attacker

Hotmodellering

OWASP Juice Shop

Broken Access Control

Computer and Information Sciences

Data- och informationsvetenskap

Demonstrate and document : the development of a best practice model for biometric access control management

Norris-Jones, Lynne

January 2011

This thesis investigates the social, legal and ethical perceptions of participants towards the implementation of biometric access control systems within a sample of United Kingdom work-based environments. It focuses on the application of fingerprint scanning and facial recognition systems, whilst alluding to the development of more advanced (bleeding edge) technologies in the future. The conceptual framework is based on a tripartite model in which Maslow's Hierarchy of Needs is applied to the workforce whilst the principles of Utilitarianism and the Psychological Contract are applied to both management strategies and workforce perceptions. A qualitative paradigm is used in which semi-structured interviews are conducted with management and workforce participants within a sample of United Kingdom-based organisations (represented by Case Studies A-D). Discourse from these interviews are analysed, leading to the development of a series of first-cut findings for suggested "Best Practice " in the social, legal and ethical management of biometric access control systems. This process is subsequently developed with a refined sample of respondents (Case Studies A and C) culminating in the presentation of a suggested "Best Practice Model" for application to all four case studies. The model is based upon elements of a pre-determined Code of Practice (ISO/IEC 27002lnformation Technology - Security techniques - Code of Practice for Information Security Management) towards fostering acceptance of biometric technology within the workplace, in answering the question: How should organisations using biometric access control systems address social, legal and ethical concerns in the management of specific working environments in the United Kingdom?

006.4

Analysis and improvement of medium access control protocols in wireless networks : performance modelling and Quality-of-Service enhancement of IEEE 802.11e MAC in wireless local area networks under heterogeneous multimedia traffic

Hu, Jia

January 2010

In order to efficiently utilize the scarce wireless resource as well as keep up with the ever-increasing demand for Quality-of-Service (QoS) of multimedia applications, wireless networks are undergoing rapid development and dramatic changes in the underlying technologies and protocols. The Medium Access Control (MAC) protocol, which coordinates the channel access and data transmission of wireless stations, plays a pivotal role in wireless networks. Performance modelling and analysis has been and continues to be of great theoretical and practical importance in the design and development of wireless networks. This research is devoted to developing efficient and cost-effective analytical tools for the performance analysis and enhancement of MAC protocols in Wireless Local Area Networks (WLANs) under heterogeneous multimedia traffic. To support the MAC-layer QoS in WLANs, the IEEE 802.11e Enhanced Distributed Channel Access (EDCA) protocol has proposed three QoS differentiation schemes in terms of Arbitrary Inter-Frame Space (AIFS), Contention Window (CW), and Transmission Opportunity (TXOP). This research starts with the development of new analytical models for the TXOP scheme specified in the EDCA protocol under Poisson traffic. A dynamic TXOP scheme is then proposed to adjust the TXOP limits according to the status of the transmission queue. Theoretical analysis and simulation experiments show that the proposed dynamic scheme largely improves the performance of TXOP. To evaluate the TXOP scheme in the presence of ii heterogeneous traffic, a versatile analytical model is developed to capture the traffic heterogeneity and model the features of burst transmission. The performance results highlight the importance of taking into account the heterogeneous traffic for the accurate evaluation of the TXOP scheme in wireless multimedia networks. To obtain a thorough and deep understanding of the performance attributes of the EDCA protocol, a comprehensive analytical model is then proposed to accommodate the integration of the three QoS schemes of EDCA in terms of AIFS, CW, and TXOP under Poisson traffic. The performance results show that the TXOP scheme can not only support service differentiation but also improve the network performance, whereas the AIFS and CW schemes provide QoS differentiation only. Moreover, the results demonstrate that the MAC buffer size has considerable impact on the QoS performance of EDCA under Poisson traffic. To investigate the performance of EDCA in wireless multimedia networks, an analytical model is further developed for EDCA under heterogeneous traffic. The performance results demonstrate the significant effects of heterogeneous traffic on the total delay and frame losses of EDCA with different buffer sizes. Finally, an efficient admission control scheme is presented for the IEEE 802.11e WLANs based on analytical modelling and a game-theoretical approach. The admission control scheme can maintain the system operation at an optimal point where the utility of the Access Point (AP) is maximized with the QoS constraints of various users.

621.382

建構電子病歷存取控管規則之可設定式編輯環境 / A Configurable Editor for Specifying Access Control Rule In Electronic Medical Records

王心怡, Wang,Hsin-Yi

Unknown Date

在「設計易調整的電子病歷存取控管機制」論文中，針對病患隱私的保障，設計了一套XML格式的存取控管規則語言，讓安全管理者可以藉由設計安全組態檔，動態並細緻化地切換電子病歷的存取控管程式碼。根據前述論文的需求，我們建構出一套可融合於Eclipse開發平台中的存取規則編輯環境。除了具備XML編輯器的基本功能外，我們的編輯環境針對此存取控管規則語言提供使用者自訂屬性與規則變數的機制，以半自動化的方式免去記憶屬性值的困擾；並在存取規則的限制條件編修畫面當中，加入語法解析功能與基本格式驗證功能，協助使用者編輯限制條件，早期發現錯誤，大幅簡化安全管理人員設計存取控管規則的工作。 / This thesis presents a Configurable Editor for Specifying Access Control Rule in Electronic Medical Records based on the XML rule schema designed in another thesis, "Using Aspects to Implement Adaptable Access Control for Electronic Medical Records". Our editor is developed as a plug-in in the Eclipse development platform. It has three distinguished features. First, the user can configure the specific attributes and rule variables referenced in the rule schema and rule instances. Second, the user can edit access control rules as any XML documents and view the rules in multiple views, such as tree view. Third, the editor performs static checks on the constraints specified in the rules to provide early error detection. Thus, we argue that the editor will of significant help to the security administrators.

存取控管規則語言

延申標記語言編輯器

規則語言編輯器

Eclipse外掛程式

Access Control Rule Language

XML Editor

Rule Editor

Eclipse plug-in

Session hijacking attacks in wireless local area networks

Onder, Hulusi

03 1900

Approved for public release, distribution is unlimited / Wireless Local Area Network (WLAN) technologies are becoming widely used since they provide more flexibility and availability. Unfortunately, it is possible for WLANs to be implemented with security flaws which are not addressed in the original 802.11 specification. IEEE formed a working group (TGi) to provide a complete solution (code named 802.11i standard) to all the security problems of the WLANs. The group proposed using 802.1X as an interim solution to the deficiencies in WLAN authentication and key management. The full 802.11i standard is expected to be finalized by the end of 2004. Although 802.1X provides a better authentication scheme than the original 802.11 security solution, it is still vulnerable to denial-of-service, session hijacking, and man-in-the- middle attacks. Using an open-source 802.1X test-bed, this thesis evaluates various session hijacking mechanisms through experimentation. The main conclusion is that the risk of session hijacking attack is significantly reduced with the new security standard (802.11i); however, the new standard will not resolve all of the problems. An attempt to launch a session hijacking attack against the new security standard will not succeed, although it will result in a denial-of-service attack against the user. / Lieutenant Junior Grade, Turkish Navy

Wireless LANs

IEEE 80211 (Standard)

Data encryption (Computer science)

Authentication

Wireless local area networks

Authentication

Security

Session hijacking

802.1X

802.11

802.11i

Encryption

Access control

Supplicant

Authenticator

Authentication server

Open-source test bed

Contrôle d'accès et présentation contextuelle pour le Web des données / Context-aware access control and presentation of linked data

Costabello, Luca

29 November 2013

La thèse concerne le rôle joué par le contexte dans l'accès au Web de données depuis les dispositifs mobiles. Le travail analyse ce problème de deux points de vue distincts: adapter au contexte la présentation de triplets, et protéger l'accès aux bases des données RDF depuis les dispositifs mobiles. La première contribution est PRISSMA, un moteur de rendu RDF qui étend Fresnel avec la sélection de la meilleure représentation pour le contexte physique où on se trouve. Cette opération est effectuée par un algorithme de recherche de sous-graphes tolérant aux erreurs basé sur la notion de distance d'édition sur les graphes. L'algorithme considère les différences entre les descriptions de contexte et le contexte détecté par les capteurs, supporte des dimensions de contexte hétérogènes et est exécuté sur le client pour ne pas révéler des informations privées. La deuxième contribution concerne le système de contrôle d'accès Shi3ld. Shi3ld supporte tous les triple stores et il ne nécessite pas de les modifier. Il utilise exclusivement les langages du Web sémantique, et il n'ajoute pas des nouveaux langages de définition de règles d'accès, y compris des analyseurs syntaxiques et des procédures de validation. Shi3ld offre une protection jusqu'au niveau des triplets. La thèse décrit les modèles, algorithmes et prototypes de PRISSMA et de Shi3ld. Des expériences montrent la validité des résultats de PRISSMA ainsi que les performances au niveau de mémoire et de temps de réponse. Le module de contrôle d'accès Shi3ld a été testé avec différents triple stores, avec et sans moteur SPARQL. Les résultats montrent l'impact sur le temps de réponse et démontrent la faisabilité de l'approche. / This thesis discusses the influence of mobile context awareness in accessing the Web of Data from handheld devices. The work dissects this issue into two research questions: how to enable context-aware adaptation for Linked Data consumption, and how to protect access to RDF stores from context-aware devices. The thesis contribution to this first research question is PRISSMA, an RDF rendering engine that extends Fresnel with a context-aware selecting of the best presentation according to mobile context. This operation is performed by an error-tolerant subgraph matching algorithm based on the notion of graph edit distance. The algorithm takes into account the discrepancies between context descriptions and the sensed context, supports heterogeneous context dimensions, and runs on the client-side - to avoid disclosing sensitive context information. The second research activity presented in the thesis is the Shi3ld access control framework for Linked Data servers. Shi3ld has the advantage of being a pluggable filter for generic triple stores, with no need to modify the endpoint itself. It adopts exclusively Semantic Web languages and it does not add new policy definition languages, parsers nor validation procedures. Shi3ld provides protection up to triple level. The thesis describes both PRISSMA and Shi3ld prototypes. Test campaigns show the validity of PRISSMA results, along with memory and response time performance. The Shi3ld access control module has been tested on different triple stores, with and without SPARQL engines. Results show the impact on response time, and demonstrate the feasibility of the approach.

Web sémantique

Web de données

Informatique contextuelle

Contrôle d'accès

Adaptation de contenu

Couplage de RDF tolérant aux erreurs

SPARQL

Semantic web

Linked data

Mobile context awareness

Access control

Content adaptation

Error-tolerant RDF matching

SPARQL

Data Protection in Transit and at Rest with Leakage Detection

Denis A Ulybyshev (6620474)

15 May 2019

<p>In service-oriented architecture, services can communicate and share data among themselves. This thesis presents a solution that allows detecting several types of data leakages made by authorized insiders to unauthorized services. My solution provides role-based and attribute-based access control for data so that each service can access only those data subsets for which the service is authorized, considering a context and service’s attributes such as security level of the web browser and trust level of service. My approach provides data protection in transit and at rest for both centralized and peer-to-peer service architectures. The methodology ensures confidentiality and integrity of data, including data stored in untrusted cloud. In addition to protecting data against malicious or curious cloud or database administrators, the capability of running a search through encrypted data, using SQL queries, and building analytics over encrypted data is supported. My solution is implemented in the “WAXEDPRUNE” (Web-based Access to Encrypted Data Processing in Untrusted Environments) project, funded by Northrop Grumman Cybersecurity Research Consortium. WAXEDPRUNE methodology is illustrated in this thesis for two use cases, including a Hospital Information System with secure storage and exchange of Electronic Health Records and a Vehicle-to-Everything communication system with secure exchange of vehicle’s and drivers’ data, as well as data on road events and road hazards. </p><p>To help with investigating data leakage incidents in service-oriented architecture, integrity of provenance data needs to be guaranteed. For that purpose, I integrate WAXEDPRUNE with IBM Hyperledger Fabric blockchain network, so that every data access, transfer or update is recorded in a public blockchain ledger, is non-repudiatable and can be verified at any time in the future. The work on this project, called “Blockhub,” is in progress.</p>

Computer System Security

Database Management

Data Privacy

data protection mechanism

role-based access control

attribute-based encryption scheme

Leakage Detection

encrypted search queries

identity management

authentication scheme

blockchain technology application