Jodie P. Boyer, Ragib Hasan, Lars E. Olson, Nikita Borisov, Carl A.
Gunter, David Raila
Improving Multi-Tier
Security Using Redundant Authentication
Multi-tier web server systems are used in many important contexts
and their security is a major cause of concern. Such systems can
exploit strategies like least privilege to make lower tiers more
secure in the presence of compromised higher tiers. In this paper,
we investigate an extension of this technique in which higher tiers
are required to provide evidence of the authentication of principals
when they make requests of lower tiers. This concept, which we call
redundant authentication, enables lower tiers to provide security
guarantees that improve significantly over current least privilege
strategies. We validate this technique by applying it to a practical
Building Automation System (BAS) application, where we explore the
use of redundant authentication in conjunction with an authentication
proxy to enable interoperation with existing enterprise authentication
services.
Hide Abstract
Jodie P. Boyer, Karrie G. Karahalios
FriendGlass: A privacy preserving ambient location displays
Ambient displays of information are becoming popular forms on providing
users with information in the periphery. Location information in
a building seems to be an appropriate information source for such
displays as users are often interested in know others locations,
though the information isn’t always immediately needed. However,
location systems are highly privacy sensitive, so it is important
to consider the privacy ramifications of such an ambient display.
In this paper, we present an ambient location display called FriendGlass,
which was designed with privacy as a main goal. This paper presents
the design process for Friend- Glass, which included a small user
survey which aided the designers in determining the needs of users
for such a system. Additionally, this paper presents a discussion
concerning the barriers to performing user tests for privacy sensitive
ubiquitous systems such as FriendGlass.
Hide Abstract
Adam J. Lee, Jodie P. Boyer, Lars E. Olson, and Carl A. Gunter
Defeasible Security
Policy Composition for Web Services
The ability to automatically compose security policies created by
multiple organizations is fundamental to the development of scalable
security systems. The diversity of policies leads to conflicts and
the need to resolve priorities between rules. In this paper we explore
the concept of
defeasible policy composition, wherein policies
are represented in defeasible logic and composition is based on
rules for non-monotonic inference. This enables policy writers to
assert rules tentatively; when policies are composed the policy
with the firmest position takes precedence. In addition, the structure
of our policies allows for composition to occur using a single operator;
this allows for entirely automated composition. We argue that this
provides a practical system that can be understood by typical policy
writers, analyzed rigorously by theoreticians, and efficiently automated
by computers. We aim to partially validate these claims here with
a formulation of defeasible policy composition for web services,
an emerging foundation for B2B commerce on the World Wide Web.
Hide Abstract
Jodie P. Boyer, Kaijun Tan, Carl A. Gunter
Privacy Sensitive
Location Information Systems in Smart Buildings
Increasing automation of buildings enables rich information streams
about the activities of building users to reach networked computer
systems. Privacy concerns typically cause this information to be
accessible only by building managers and security personnel. However,
if appropriate privacy mechanisms can be implemented, then it is
possible to deploy location information systems that can contribute
to the convenience and efficiency of users. This paper describes
a three step approach to privacy-sensitive release of location information
collected by building sensors. These steps entail defining an ownership
model, defining environment events to be monitored, and creating
a sharing model. These steps are described mathematically and then
validated through a case study for a system called Janus’s Map which
provides a location information system for the card reader, door,
and occupancy sensors of a modern smart building.
Hide Abstract
Adam J. Lee, Jodie P. Boyer, Chris Drexelius, Prasad Naldurg, Raquel
L. Hill, Roy H. Campbell
Supporting Dynamically Changing Authorizations in Pervasive Communication
Systems
In pervasive computing environments, changes in context may trigger
changes in an individual's access permissions. We contend that existing
access control frameworks do not provide the fine-grained revocation
needed to enforce these changing authorizations. In this paper,
we present an authorization framework, in the context of the Gaia
OS for active spaces, which integrates context with authorization
and provides fine-grained control over the enforcement of dynamically
changing permissions using cryptographic mechanisms. Our design,
implemented in middleware using distributed objects, addresses the
limitations of traditional authorization frameworks and the specific
access control needs of pervasive computing environments. As part
of our proposed framework, we define cryptographic protocols that
enforce access to the system's communication channels and provide
secure delivery of messages. We also provide a proof of correctness
of key agreement and freshness using the standard BAN deduction
system.
Hide Abstract