79 research outputs found
MagicNET: Security System for Development, Validation and Adoption of Mobile Agents
Current research in the area of mobile agents' security mainly deals with protection and security for agents and agents' runtime platforms. Mobile agent systems usually do not provide an extensive security methodology for the entire agent's life cycle, from agent's creation to its deployment and execution. In this paper we propose a comprehensive secure system for deployment of mobile agents. The system provides methodology that spans a number of phases in agent's lifetime: it starts from agent creation and ends with agent's execution. It addresses classification, validation, publishing, discovery, adoption, authentication and authorization of agents. Our system is based on secure web services and uses RBAC XACML policies and SAML protocol.</p
MagicNET: XACML authorization policies for mobile agents
One approach to authorization of mobile agents is to use XACML policies by assigning roles to agents and then enforcing role-based authorization. In this paper we show how traditional XACML polices, used for user access control in distributed environments, can be used for mobile agents' access control. We use such polices to manage delegation of access rights from users to agents while at the same time following the core principles of the XACML standard. We also propose a combination of policies that map users to their mobile agents and make access control decisions for mobile agents by evaluating complex policy sets.</p
Security Technologies for Open Networking Environments (STONE)
Under this project SETECS performed research, created the design, and the initial prototype of three groups of security technologies: (a) middleware security platform, (b) Web services security, and (c) group security system. The results of the project indicate that the three types of security technologies can be used either individually or in combination, which enables effective and rapid deployment of a number of secure applications in open networking environments. The middleware security platform represents a set of object-oriented security components providing various functions to handle basic cryptography, X.509 certificates, S/MIME and PKCS No.7 encapsulation formats, secure communication protocols, and smart cards. The platform has been designed in the form of security engines, including a Registration Engine, Certification Engine, an Authorization Engine, and a Secure Group Applications Engine. By creating a middleware security platform consisting of multiple independent components the following advantages have been achieved - Object-oriented, Modularity, Simplified Development, and testing, Portability, and Simplified extensions. The middleware security platform has been fully designed and a preliminary Java-based prototype has been created for the Microsoft Windows operating system. The Web services security system, designed in the project, consists of technologies and applications that provide authentication (i.e., single sign), authorization, and federation of identities in an open networking environment. The system is based on OASIS SAML and XACML standards for secure Web services. Its topology comprises three major components: Domain Security Server (DSS) is the main building block of the system Secure Application Server (SAS) Secure Client In addition to the SAML and XACML engines, the authorization system consists of two sets of components An Authorization Administration System An Authorization Enforcement System Federation of identities in multi-domain scenarios is supported by a set of security engines that represent the core of the Federated Identities Management Server, which is also an extension of the Domain Security Server. The Federated Identity Management server allows users to federate their identities or terminate the federation between the service provider and the identity provider. At the service provider web site, the users are offered a list of identity providers to which they can choose to federate their identities. After users federate their identity, they can perform Single Sign-On protocol in an environment of federated domains. The group security system consists of a number of security technologies under a unified architecture, which supports creation of secure groups and execution of secure group transactions and applications in an open networking environment. The system is based on extensions of the GSAKMP standard for group key distribution and management. The Top layer is the Security Infrastructure with the Security Management and Administration System components and protocols that provide security functions common to all secure network applications The Middle layer is the Secure Group Protocols and Applications layer, consisting of the Policy and Group Key Distribution Server and Web-based (thin) Client. The Bottom layer is the supporting Middleware Security Platform, the cryptographic platform already described above. The group security system is designed to perform the functions necessary to create secure groups and enable secure group applications. Specifically, the system can manage group roles, create and disseminate a group security policy, perform authentication and authorization of users using PKI certificates and Web services security, generate group keys, and recover from compromises. In accordance with the GSAKMP standard, the group security system must perform all the required group life-cycle functions: group definition, group establishment, group maintenance, and group removal. The group security system has been designed to support four roles: The Security Domain Administrator is responsible for providing security functions defined in the top layer The Server Administrator. The central component of the group security system is the Policy and Group Key Distribution Server The Group Officer (GO) authorizes the creation of groups at a specific Policy and Group Key Distribution Server The Group Member (user) is any entity that participates in group transactions. Secure Group Applications The group security system has been designed to support four secure group applications: A Secure Instant Messaging: with the Secure Instant Messaging application A Secure Whiteboard A Secure Document Sharing A Secure Document Archiving: During the project, the group security system architecture was fully designed and preliminary prototyping was carried out for some of its components
Secure System for Crypto Currencies based on Virtual Accounts and Virtual Currencies
BIX SystemTM Corporation, Washington D.C., US
Management of Groups and Group Keys in Multi-Level Security Environments
This paper describes techniques and solutions for management of groups and cryptographic keys when sharing secure documents protected at different classification levels. Such access control environment enforces access to documents at multiple security classification levels, starting from the membership in the group, then access to particular group applications, then access to individual documents and finally even their sections.</p
BIX Certificates: Cryptographic Tokens for Anonymous Transactions Based on Certificates Public Ledger
With the widespread use of Internet, Web, and mobile technologies, a new category of applications and transactions that requires anonymity is gaining increased interest and importance. Examples of such new applications are innovative payment systems, digital notaries, electronic voting, documents sharing, electronic auctions, medical applications, and many others. In addition to anonymity, these applications and transactions also require standard security services: identification, authentication, and authorization of users and protection of their transactions. Providing those services in combination with anonymity is an especially challenging issue, because all security services require explicit user identification and authentication. To solve this issue and enable applications with security and also anonymity we introduce a new type of cryptographically encapsulated objects called BIX certificates. “BIX” is an abbreviation for “Blockchain Information Exchange.” Their purpose is equivalent to X.509 certificates: to support security services for users and transactions, but also enhanced with anonymity. This paper describes the structure and attributes of BIX certificate objects and all related protocols for their creation, distribution, and use. The BIX Certification Infrastructure (BCI) as a distributed public ledger is also briefly described
Management of Groups and Group Keys in Multi-level Security Environments
This paper describes techniques and solutions for management of groups and cryptographic keys when sharing secure documents protected at different classification levels. Such access control environment enforces access to documents at multiple security classification levels, starting from the membership in the group, then access to particular group applications, then access to individual documents and finally even their sections.</p
- …
