Skip to main content
SpringerLink
Log in

A Study on Recent Trends on Integration of Security Mechanisms

  • Chapter
Advances in Data Management

Part of the book series: Studies in Computational Intelligence ((SCI,volume 223))

  • 627 Accesses

Abstract

Business solutions and security solutions are designed by different authorities at different coordinates of space and time. This engineering approach not only makes the lives of security and the business solution developers easy but also provide a proof of concept that the concerned business solution will have all the security features as expected.But it doesn’t provide a proof that the integration process will not lead to conflicts between the security features in the security solution and also between security features and the functional features of the business solution. For providing a conflict-free secured business solution, both the developers of security solution as well as of the secure business solution need a mechanism to identify all possible cases of conflicts, so that the developers can redesign the corresponding solutions and thus resolve the conflicts if any. Conflict arises due to different authorities and configuration and other resource sharing among the solutions under integration. In this chapter, we discuss conflicts during integration of security solutions with business solutions covering the wide spectrum of social, socio-technical and purely technical perspectives. The investigated recent approaches for automated detection of conflicts are also discussed in brief. The ultimate objective of the chapter is to discover the best suited approaches for detecting conflicts by software developers. It spans over approaches from cryptographic level to policy level weaving over the feature interaction problem typically suited for software systems. The assessment of these approaches is demonstrated by a remote healthcare application.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Simon, R., Zurko, M.E.: Separation of duty in role based access control environments. In: Proceedings of the 10th IEEE Workshop on Computer Security Foundations, Rockport, MA, June 10-12, pp. 183–194. IEEE Computer Society Press, Los Alamitos (1997)

    Google Scholar 

  2. Kuhn, D.R.: Mutual exclusion as a means of implementing separation of duty requirements in role-based access control systems. In: Proceedings of the 2nd ACM Workshop on Role-Based Access Control, Fairfax, VA, pp. 23–30. ACM Press, New York (1997)

    Chapter  Google Scholar 

  3. Nyanchama, M., Osborn, S.: Role-based security, object oriented databases and separation of duty. SIGMOD Rec. 22(4), 45–51 (1993)

    Article  Google Scholar 

  4. Nyanchama, M., Osborn, S.: The role graph model and conflict of interest. ACM Transactions on Information and System Security (TISSEC) 2(1), 3–33 (1999)

    Article  Google Scholar 

  5. Nyanchama, M., Osborn, S.: Access rights administration in role-based security systems. In: Proceedings of the IFIP Working Group 11.3 Working Conference on Database Security. Elsevier North-Holland, Inc., Amsterdam (1994)

    Google Scholar 

  6. Giorgini, P., Massacci, F., Mylopoulos, J., Zannone, N.: Modeling Security Requirements Through Ownership, Permission and Delegation. In: Proceedings of the 13th IEEE International Requirements Engineering Conference (RE 2005), pp. 167–176. IEEE Computer Society Press, Los Alamitos (2005)

    Chapter  Google Scholar 

  7. Johnston, D.: Russian accused of citibank computer fraud, August 18. The New York Times (2007)

    Google Scholar 

  8. van Lamsweerde, A., Darimont, R., Letier, E.: Managing Conflicts in Goal-Driven Requirements Engineering. TSE 24(11), 908–926 (1998)

    Google Scholar 

  9. Benameur, A., Khoury, P.E., Seguran, M., Sinha, K.S.: Serenity in e-Business and Smart Items Scenarios. In: Spanoudakis, G., Mana Gomez, A., Spyros, K. (eds.) The Security and Dependability for Ambient Intelligence Series: Advances in Information Security, vol. 55, pp. 375–392. illus (2009) ISBN: 978-0-387-88774-6

    Google Scholar 

  10. Giorgini, P., Massacci, F., Mylopoulos, J., Zannone, N.: Detecting Conflicts of Interest. In: Proceedings of the 14th IEEE International Requirements Engineering Conference (RE 2006), pp. 315–318. IEEE Computer Society Press, Los Alamitos (2006)

    Chapter  Google Scholar 

  11. Basin, D., Doser, J., Lodderstedt, T.: Model Driven Security: from UML Models to Access Control Infrastructures. TOSEM 15(1), 39–91 (2006)

    Article  Google Scholar 

  12. Shin, M.E., Ahn, G.-J.: UML-Based Representation of Role-Based Access Control. In: Proc. of WETICE 2000, pp. 195–200. IEEE Press, Los Alamitos (2000)

    Google Scholar 

  13. Ray, I., Li, N., France, R., Kim, D.-K.: Using UML to visualize role-based access control constraints. In: Proc. of SACMAT 2004, pp. 115–124. ACM Press, New York (2004)

    Chapter  Google Scholar 

  14. Trimarchi, P.: Istituzioni di diritto privato, XVI edn. Giuffr‘e Editore (2005)

    Google Scholar 

  15. Mazzoleni, P., Bertino, E., Crispo, B., Sivasubramanian, S.: XACML policy integration algorithms: not to be confused with XACML policy combination algorithms! In: Proceedings of the eleventh ACM symposium on Access control models and technologies, Lake Tahoe, California, USA, June 07-09 (2006)

    Google Scholar 

  16. European Parliament. European directive on data privacy 95/46/CE (1995), http://www.cdt.org/privacy/eudirective/EUDirective.html (accessed December 1, 2008)

  17. Fusaro, P.C., Miller, R.M.: What Went Wrong at Enron: Everyone’s Guide to the Largest Bankruptcy in U.S. History. Wiley, Chichester (2002)

    Google Scholar 

  18. HIPAA. U.s. government department of health and human services health. Insurance Portability and Accountability Act (1996)

    Google Scholar 

  19. OASIS. Security services technical committee. eXtendible Access Control Markup Language Committee specification 2.0 (2005)

    Google Scholar 

  20. Lorch, M., Proctor, S., Lepro, R., Kafura, D., Shah, S.: First experiences using xacml for access control in distributed systems. In: XMLSEC 2003: Proceedings of the 2003 ACM workshop on XML security, pp. 25–37. ACM Press, New York (2003)

    Chapter  Google Scholar 

  21. Bertino, E., Bettini, C., Ferrari, E., Samarati, P.: An access control model supporting periodicity constraints and temporal reasoning. ACM Transactions on Database Systems (TODS) 23(3), 231–285 (1998)

    Article  Google Scholar 

  22. Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-Based Access Control Models. Computer 29(2), 38–47 (1996)

    Article  Google Scholar 

  23. Joshi, J., Bertino, E., Latif, U., Ghafoor, A.: Generalized Temporal Role Based Access Control Model. IEEE Transactions on Knowledge and Data Engineering 7(1) (2005)

    Google Scholar 

  24. Abou El Kalam, A., El Baida, R., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., Miège, A., Saurel, C., Trouessin, G.: Organization Based Access Control. In: IEEE 4th International Workshop on Policies for Distributed Systems and Networks, Policy 2003 (2003)

    Google Scholar 

  25. Jajodia, S., Samarati, P., Sapino, M.L., Subrahmanian, V.S.: Flexible support for multiple access control policies. TODS 26(2), 214–260 (2001)

    Article  MATH  Google Scholar 

  26. Samak, T., Al-Shaer, E., Li, H.: QoS Policy Modeling and Conflict Analysis. POLICY (2008)

    Google Scholar 

  27. Cuppens, F., Cuppens-Boulahia, N., Ben Ghorbel, M.: High-level conflict management strategies in advanced access control models. In: Workshop on Information and Computer Security, Timisoara, Romania (2006)

    Google Scholar 

  28. Cuppens, F., Miège, A.: Conflict management in the Or-BAC model, Technical report, ENST Bretagne, France (2003)

    Google Scholar 

  29. Kamoda, H., Yamaoka, M., Matsuda, S., Broda, K., Sloman, M.: Policy Conflict Analysis Using Free Variable Tableaux for Access Control in Web Services Environments. In: WWW2005 Workshop 14th International World Wide Web Conference (2005)

    Google Scholar 

  30. Lupu, E.C., Sloman, M.: Conflicts in policy-based distributed systems management. IEEE Transactions on Software Engineering 25(6), 852–869 (1999)

    Article  Google Scholar 

  31. Dolev, D., Yao, A.: On the security of public key protocols. IEEE Transactions on Information Theory IT-29, 198–208 (1983)

    Article  MathSciNet  Google Scholar 

  32. Derek, A.: Formal Analysis of Security Protocols: Protocol Composition Logic, Ph.D thesis, Computer Science Department, Stanford University (2006)

    Google Scholar 

  33. Cremers, C.: Scyther - Semantics and Verification of Security Protocols. Ph.D thesis, Computer Science Department, Eindhoven University of Technology (2006)

    Google Scholar 

  34. Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuellar, L., Drielsma, P.H., Heam, P., Kouchnarenko, O., Mantovani, J., Modershei, S., von Oheimb, D., Rusinowitch, M., Santiago, J., Turuani, M., Vigano, L., Vigneron, L.: The AVISPA tool for the automated validation of internet security protocols and applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 281–285. Springer, Heidelberg (2005)

    Google Scholar 

  35. Holzmann, G.: Design and Validation of Computer Protocols. Prentice Hall, Englewood Cliffs (1991)

    Google Scholar 

  36. Cremers, C.: Compositionality of security protocols: a research agenda. In: Vodca 2004, Bertinoro, Italy. ENTCS, vol. 142(3), pp. 99–110 (2006)

    Google Scholar 

  37. Cremers, C.: Feasibility of Multi-Protocol Attacks. In: Proceedings of The First International Conference on Availability, Reliability and Security, pp. 287–294. IEEE Computer Society Press, Los Alamitos (2006)

    Chapter  Google Scholar 

  38. Kelsey, J., Schneier, B., Wagner, D.: Protocol interactions and the chosen protocol attack. In: Security Protocols Workshop, pp. 91–104 (1997)

    Google Scholar 

  39. Tzeng, W., Hu, C.: Inter-protocol interleaving attacks on some authentication and key distribution protocols. Inf. Process. Lett. 69(6), 297–302 (1999)

    Article  MATH  Google Scholar 

  40. Gong, L., Syverson, P.: Fail-stop protocols: An approach to designing secure protocols. In: Proc. of the 5th International Working Conference on Dependable Computing for Critical Applications, pp. 44–55 (1995)

    Google Scholar 

  41. Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. Cryptology ePrint Archive, Report (2000)

    Google Scholar 

  42. Guttman, J., Thayer, F.: Protocol independence through disjoint encryption. In: PCSFW: Proc. of the 13th Computer Security Foundations Workshop IEEE (2000)

    Google Scholar 

  43. Datta, A., Derek, A., Mitchell, J.C., Roy, A.: Protocol Composition Logic (PCL). Electronic Notes in Theoretical Computer Science, vol. 172, pp. 311–358 (2007)

    Google Scholar 

  44. Cremers, C.: On the Protocol Composition Logic PCL. In: ASIACCS 2008: Proceedings of the ACM Symposium on Information, Computer and Communications Security, Tokyo, Japan, pp. 66–76 (2008)

    Google Scholar 

  45. Datta, A., Derek, A., Mitchell, J., Pavlovic, D.: A derivation system and compositional logic for security protocols. Journal of Computer Security 13(3), 423–482 (2005)

    Google Scholar 

  46. Backes, M., Pfitzmann, B., Waidner, M.: A universally composable cryptographic library. In: Proceedings of the 10th ACM Conference on Computer and Communications Security (2003)

    Google Scholar 

  47. Ngo, L., Tarkoma, S., Laud, P.: Extending a universally composable cryptographic library. Master thesis. Helsinki University of Technology (2008)

    Google Scholar 

  48. Beltagui, F.: Features and Aspects: Exploring feature-oriented and aspect-oriented programming interactions. Technical Report No: COMP-003-2003. Computing Department, Lancaster University (2003)

    Google Scholar 

  49. Kojarski, S., Lorenz, D.: FIdentifying Feature Interactions in Multi-Language Aspect-Oriented Frameworks. In: Proceedings of the 29th International Conference on Software Engineering (ICSE 2007), Minneapolis, MN, May 20-26, pp. 147–157. IEEE Computer Society, Los Alamitos (2007)

    Chapter  Google Scholar 

  50. Liu, Z.: Manage Component-Specific Access Control with Differentiation and Composition, Technical Report Indiana University (2001)

    Google Scholar 

  51. Sanchez-Cid, F., Munoz, A., El Khoury, P., Compagna, L.: XACML as a Security and Dependability (S&D) pattern for Access Control in AmI environments. In: Proc. of AmI.d 2007, pp. 143–155. Springer, Heidelberg (2007)

    Google Scholar 

  52. Compagna, L., El Khoury, P., Massacci, F., Thomas, R., Zannone, N.: How to capture, communicate, model, and verify the knowledge of legal, security, and privacy experts: a pattern-based approach. In: Proc. of ICAIL 2007, pp. 149–154. ACM Press, New York (2007)

    Google Scholar 

  53. Taentzer, G.: AGG: A Graph Transformation Environment for Modeling and Validation of Software. In: Applications of Graph Transformations with Industrial Relevance, pp. 446–453 (2004) ISBN: 978-3-540-22120-3

    Google Scholar 

  54. Cuevas, A., El Khoury, P., Gomez, L., Laube, A.: Security Patterns for Capturing Encryption-Based Access Control to Sensor Data. In: Proc. of SECURWARE 2008, pp. 62–67. IEEE Press, Los Alamitos (2008)

    Google Scholar 

  55. Braga, A., Dahab, R., Rubira, C.: Composing Cryptographic Services: A Comparison of Six Cryptographic APIs. Technical Report IC-99-05, Institute of Computing, State University of Campinas, Sao Paulo, Brazil (1999)

    Google Scholar 

  56. Braga, A., Dahab, R., Rubira, C.: A Meta-Object Library for Cryptography. Technical Report IC-99-06, Institute of Computing, State University of Campinas. Campinas, Sao Paulo, Brazil (1999)

    Google Scholar 

  57. Borisoff, D., Victor, D.: Conflict Management: A Communication Skills Approach, 2nd edn. Allyn & Bacon (October 24, 1997) ISBN-13: 978-0205272945

    Google Scholar 

  58. Schneier, B.: Applied Cryptography, 2nd edn. John Wiley and Sons, Chichester (1996)

    Google Scholar 

  59. Menezes, A., van Orschot, P., Vanstone, S.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996)

    Google Scholar 

  60. Stroud, R., Wu, Z.: Using Metaobject Protocols to Satisfy Non-Functional Requirements. In: Object-Oriented Meta-Level Architectures and Reflection, ch. 3, pp. 31–52 (1996)

    Google Scholar 

  61. Fabre, J.-C., Perennou, T.: Friends: A Flexible Architecture for implementation of Fault Tolerant and Secure Distributed Applications. In: Hlawiczka, A., Simoncini, L., Silva, J.G.S. (eds.) EDCC 1996. LNCS, vol. 1150, pp. 3–20. Springer, Heidelberg (1996)

    Google Scholar 

  62. Davis, D.: Defective Sign & Encrypt in S/MIME, PKCS#7, MOSS, PEM, PGP, and XML. In: USENIX Annual Technical Conference, General Track, pp. 65–78 (2001)

    Google Scholar 

  63. RFC 5246: The Transport Layer Security (TLS) Protocol Version 1.2

    Google Scholar 

  64. Pfitzmann, B., Waidner, M.: Composition and Integrity Preservation of Secure Reactive Systems. CCS, Greece (2000)

    Google Scholar 

  65. Backes, M., Pfitzmann, B., Waidner, M.: Symmetric authentication within a simulatable cryptographic library. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 271–290. Springer, Heidelberg (2003)

    Google Scholar 

  66. Johnson, D., Dolan, G., Kelly, M., Le, A., Matyas, S.: Common Cryptographic Architecture Cryptographic Application Programming Interface. IBM Systems Journal 30(2), 130–150 (1991)

    Article  Google Scholar 

  67. Kaliski, B.: Cryptoki: A Cryptographic Token Interface, Versopn 1.0 (1995), http://www.rssa.com/rsalabs/pubs/PKCS/html/pkcs-11.html

  68. Microsoft Corporaton. Application Programmer’s Guide: Microsoft CryptoAPI. Version 2.0 (1996)

    Google Scholar 

  69. Al-Shaer, E., Hamed, H.: Taxonomy of Conflicts in Network Security Policies. IEEE Communications Magazine 44(3), 134–141 (2006)

    Article  Google Scholar 

  70. Al-Shaer, E., Hamed, H., Boutaba, R., Hasan, M.: Conflict Classification and Analysis of Distributed Firewall Policies. IEEE Journal on Selected Areas in Communications 23(10), 2069–2084 (2005)

    Article  Google Scholar 

  71. Nhalabatsi, A., Laney, R., Nseibeh, B.: Feature Interaction: The Security Threat from Within the Software Systems. Progress in Informatics, Special Issue: The future of software engineering for security and privacy 5, 75–89 (2008)

    Google Scholar 

  72. Busnel, P., Khoury, P.E., Giroux, S., Li, K.: Achieving Socio-Technical Confidentiality using Security Pattern in Smart Homes. In: Proceedings for the Third International Symposium on Smart Home (2008)

    Google Scholar 

  73. Pigot, H., Mayers, A., Giroux, S.: The intelligent habitat and everyday life activity support. In: Proceedings of the 5th international conference on Simulations in Biomedicine, Slovenia, pp. 507–516 (2003)

    Google Scholar 

  74. Khoury, P.E., Li, K., Busnel, P., Giroux, S.: Serenity demo: Secure remote healthcare environment using serenity. In: Information and Communication Technologies, Lyon, France (2008)

    Google Scholar 

  75. Bauer, L., Garriss, S., Reiter, M.K.: Detecting and resolving policy misconfigurations in access-control systems. In: SACMAT 2008: Proceedings of the 13th ACM symposium on Access control models and technologies, pp. 185–194. ACM, New York (2008)

    Chapter  Google Scholar 

  76. Khoury, P.E., Coquery, E., Hacid, M.: Consistency Checking of Role Assignments in Inter-Organizational Collaboration. In: Proceedings for the 1st ACM GIS Workshop on Security and Privacy in GIS and LBS. ACM, New York (2008)

    Google Scholar 

  77. Anderson, R.: Why cryptosystems fail. COMM 37(11), 32–40 (1994)

    Google Scholar 

  78. Cheng, K.E., Ohta, T. (eds.): Feature Interactions in Telecommunications Systems III. IOS Press, Amsterdam (1995)

    Google Scholar 

  79. Dini, P., Boutaba, R., Logrippo, L. (eds.): Feature Interactions in Telecommunication Networks IV. IOS Press, Amsterdam (1997)

    Google Scholar 

  80. Felty, A., Namjoshi, K.: Feature Specification and Automated Conflict Detection. ACM Transactions on Software Engineering and Methodology 12(1), 3–27 (2003)

    Article  Google Scholar 

  81. Kamoun, J., Logrippo, L.: Goal-oriented feature interaction detection in the intelligent network model. In: Feature Interactions in Telecommunications and Software Systems V (1998)

    Google Scholar 

  82. Keck, D.O., Kuehn, P.J.: The feature and service interaction problem in telecommunications systems: A survey. IEEE Trans. Softw. Eng. 24(10), 779–796 (1998)

    Article  Google Scholar 

  83. Jayaraman, P., Whittle, J., Elkhodary, A., Gomaa, H.: Model Composition in Product Lines and Feature Interaction Detection Using Critical Pair Analysis. In: Engels, G., Opdyke, B., Schmidt, D.C., Weil, F. (eds.) MODELS 2007. LNCS, vol. 4735, pp. 151–165. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  84. Douence, R., Fradet, P., Sudholt, M.: Composition, reuse, and interaction analisys of stateful aspects. In: Proceedings of the 3rd international Conference of Aspect-oriented Software Development, Lancaster, UK. ACM, New York (2004)

    Google Scholar 

  85. Kolberg, M., Magill, E., Marples, D., Tsang, S.: Feature interactions in services for networked appliances. In: IEEE International Conference on Communications, New York, USA (2002)

    Google Scholar 

  86. AGG Homepage, http://tfs.cs.tu-berlin.de/agg

  87. Calder, M., Kolberg, M., Magill, E., Reiff-Marganiec, S.: Feature Interaction: A Critical Review and Considered Forecast. Computer Networks: The International Journal of Computer and Telecommunications Networking 41(1), 115–141 (2003)

    MATH  Google Scholar 

  88. Biggs, N., Lloyd, E., Wilson, R.: Graph Theory, pp. 1736–1936. Oxford University Press, Oxford (1986)

    MATH  Google Scholar 

  89. Gurgens, S., Rudolph, C., Mana, A., Munoz, A.: Facilitating the Use of TPM Technologies through S&D Patterns. In: SPatterns, DEXA Workshops, pp. 765–769 (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. SAP Research, SAP Labs France, University Claude Bernard Lyon 1, LIRIS CNRS UMR, 5205, France

    Paul El Khoury, Mohand-Saïd Hacid & Emmanuel Coquery

  2. SAP Reseach, SAP Labs France, Tezpur University, Tezpur, India

    Smriti Kumar Sinha

Authors
  1. Paul El Khoury
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mohand-Saïd Hacid
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Smriti Kumar Sinha
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Emmanuel Coquery
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. College of Computing and Informatics, University of North Carolina at Charlotte, 28223, Charlotte, N.C., USA

    Zbigniew W. Ras

  2. Wydzial Informatyki, Politechnika Bialostocka, ul.Wiejska 45a, 15-351, Bialystok, Poland

    Agnieszka Dardzinska

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

El Khoury, P., Hacid, MS., Sinha, S.K., Coquery, E. (2009). A Study on Recent Trends on Integration of Security Mechanisms. In: Ras, Z.W., Dardzinska, A. (eds) Advances in Data Management. Studies in Computational Intelligence, vol 223. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-02190-9_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-02190-9_10

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-02189-3

  • Online ISBN: 978-3-642-02190-9

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation