In today's world, IT security plays a critical role in different organizations, yet little is known about IT security in the context of organizations. This paper addresses this issue based on qualitative description analysis of 10 interviews with IT security practitioners from small to medium size organizations. Our results revealed the required knowledge and skills for effective IT security, IT security tasks, and the tools which are used to perform these tasks. Based on these results, we realized that current IT security tools can be improved in order to provide more effective support for security practitioners' activities. Founded on our analysis, we proposed some guidelines, such as regular update, settings for alerts, integrity of data, and effective logging of forensics information, in order to improve IT security tools.
Effectiveness of IT Security Tools in Practice
↧
↧
Revealing Hidden Context: Improving Users' Mental Models of Personal Firewalls
Windows Vista’s personal firewall provides its diverse users with a basic interface that hides many operational details. However, our study of this interface revealed that concealing the impact of network context on the security state of the firewall results in mental models that are unclear about the protection provided by the firewall resulting in an inaccurate understanding of the firewall configuration. We developed a prototype to support more contextually complete mental models through inclusion of network context information. Results from our initial evaluation of the prototype support our approach of improving user understanding of underlying system states by revealing hidden context, while considering the tension between complexity of the interface and security of the system.
↧
Towards Understanding Diagnostic Work During the Detection and Investigation of Security Incidents
This study investigates how security practitioners perform diagnostic work during the identification of security incidents. Based on empirical data from 16 interviews with security practitioners, we identify the tasks, skills, strategies and tools that security practitioners use to diagnose security incidents. Our analysis shows that diagnosis is a highly collaborative activity, which may involve practitioners developing their own tools to perform specific tasks. Our results also show that diagnosis during incident response is complicated by practitioners’ need to rely on tacit knowledge, as well as usability issues with security tools. We offer recommendations to improve technology that supports the diagnosis of security incidents.
↧
A Multi-method Approach for User-centered Design of Identity Management Systems
Identity management (IdM) comprises the processes and infrastructure for the creation, maintenance, and use of digital identities. This includes designating who has access to resources, who grants that access, and how accountability and compliance is maintained. IdM has become an important aspect of IT security infrastructure in organizations, and some consider it to be the most important solution for enabling compliance. To facilitate identity management, usable technological solutions are important. In this ongoing research, we plan to study the practice of identity management from a socio-technical point of view, and study how technology can improve IdM. Our final goal is to develop recommendations for user-centered design of IdM systems. We've devised a multi-method approach to address this problem. To begin with, we performed a case study of IdM adoption and use in an insurance organization. The case study provides us with a high level understanding about the problem domain and directions for the rest of our research. We plan to continue our research in two phases: (1) evaluate the usability of an IdM system using heuristic evaluation, and (2) perform a field study to further our understanding about IdM practices and technologies, validate the results of our heuristic evaluation, and develop recommendations for user-centered design of IdM systems.
↧
Authorization Recycling in RBAC Systems
As distributed applications increase in size and complexity, traditional authorization mechanisms based on a single policy decision point are increasingly fragile because this decision point represents a single point of failure and a performance bottleneck. Authorization recycling is one technique that has been used to address these challenges. This paper introduces and evaluates the mechanisms for authorization recycling in RBAC enterprise systems. The algorithms that support these mechanisms allow precise and approximate authorization decisions to be made, thereby masking possible failures of the policy decision point and reducing its load. We evaluate these algorithms analytically and using a prototype implementation. Our evaluation results demonstrate that authorization recycling can improve the performance of distributed access control mechanisms.
↧
↧
Authorization Using the Publish-Subscribe Model
Traditional authorization mechanisms based on the request-response model are generally supported by point-to-point communication between applications and authorization servers. As distributed applications increase in size and complexity, an authorization architecture based on point-to-point communication becomes fragile and difficult to manage. This paper presents the use of the publish-subscribe (pub-sub) model for delivering authorization requests and responses between the applications and the authorization servers. Our analysis suggests that using the pub-sub architecture improves authorization system availability and reduces system administration overhead. We evaluate our design using a prototype implementation, which confirms the improvement in availability. Although the response time is also increased, this impact can be reduced by bypassing the pub-sub channel when returning authorizations or by caching coupled with local inference of authorization decisions based on previously cached authorizations.
↧
Support for ANSI RBAC in EJB
We analyze access control mechanisms of the Enterprise Java Beans (EJB)architecture and define a configuration of the EJB protection system in a more precise and less ambiguous language than the EJB 3.0 standard. Using this configuration, we suggest an algorithm that formally specifies the semantics of authorization decisions in EJB. We analyze the level of support for the American National Standard Institute's (ANSI) specification of Role-Based Access Control (RBAC) components and functional specification in EJB. Our results indicate that the EJB specification falls short of supporting even Core ANSI RBAC. EJB extensions dependent on the operational environment are required in order to ANSI RBAC required components. Other vendor-specific extensions are necessary in order to support ANSI RBAC optional components. Fundamental limitations exist, however, due to impracticality of some aspects in the ANSI RBAC standard itself. This paper sets up a framework for assessing implementations of ANSI RBAC for EJB systems.
↧
Secure Web 2.0 Content Sharing Beyond Walled Gardens
Web 2.0 users need usable mechanisms for sharing their content with each other in a controlled manner across boundaries of content-hosting or application-service providers (CSPs). In this paper, we describe the architecture, design, and implementation of a proposed system for Web 2.0 content sharing across CSPs. With our approach, users use their existing email account to login to CSPs, and content owners use their email-based contact-lists to specify access policies. Users are assumed to be equipped only with a Web browser and CSPs do not need to change their existing access-control mechanisms. In addition, policy statements are URI-addressable, and the same access policies can be reused and enforced across CSPs.
↧
Towards Investigating User Account Control Practices in Windows Vista
This poster presents the research plan for investigating user account control practices in Windows Vista. The research will explore end users' behaviours in using user account types acrossWindows Vista to examine their understanding about user accounts and find out their motives for using each type of accounts.
↧
↧
Towards Improving the Availability and Performance of Enterprise Authorization Systems
Authorization protects application resources by allowing only authorized entities to access them. Existing authorization solutions are widely based on the request-response model, where a policy enforcement point intercepts application requests, obtains authorization decisions from a remote policy decision point, and enforces those decisions. This model enables sharing the decision point as an authorization service across multiple applications. But, with many requests and resources, using a remote shared decision point leads to increased latency and presents the risk of introducing a bottleneck and/or a single point of failure. This dissertation presents three approaches to addressing these problems. The first approach introduces and evaluates the mechanisms for authorization recycling in role-based access control systems. The algorithms that support these mechanisms allow a local secondary decision point to not only reuse previously-cached decisions but also infer new and correct decisions based on two simple rules, thereby masking possible failures of the central authorization service and reducing the network delays. Our evaluation results suggest that authorization recycling improves the availability and performance of distributed access control solutions. The second approach explores a cooperative authorization recycling system, where each secondary decision point shares its ability to make decisions with others through a discovery service. Our system does not require cooperating secondary decision points to trust each other. To maintain cache consistency at multiple secondary decision points, we propose alternative mechanisms for propagating update messages. Our evaluation results suggest that cooperation further improves the availability and performance of authorization infrastructures. The third approach examines the use of a publish-subscribe channel for delivering authorization requests and responses between policy decision points and enforcement points. By removing enforcement points' dependence on a particular decision point, this approach helps improve system availability, which is confirmed by our analytical analysis, and reduce system administration/development overhead. We also propose several subscription schemes for different deployment environments and study them using a prototype system. We finally show that combining these three approaches can further improve the authorization system availability and performance, for example, by achieving a unified cooperation framework and using speculative authorizations.
↧
A Case Study of Enterprise Identity Management System Adoption in an Insurance Organization
This case study describes the adoption of an enterprise identity management(IdM) system in an insurance organization. We describe the state of the organization before deploying the IdM system, and point out the challenges in its IdM practices. We describe the organization's requirements for an IdM system, why a particular solution was chosen, issues in the deployment and configuration of the solution, the expected benefits, and the new challenges that arose from using the solution. Throughout, we identify practical problems that can be the focus of future research and development efforts. Our results confirm and elaborate upon the findings of previous research, contributing to an as-yet immature body of cases about IdM. Furthermore, our findings serve as a validation of our previously identified guidelines for IT security tools in general.
↧
Towards Developing Usability Heuristics for Evaluation of IT Security Management (ITSM) Tools
Evaluating the usability of specific information technology (IT) security tools is challenging. For example, laboratory experiments can have little validity due to the complexity of real-world security problems and the need to situate a specific tool within a larger context. However, it is difficult to recruit IT security practitioners for simple interviews, let alone field observations. Direct observation of tool use can be time consuming as much security work is spontaneous (e.g. security incident response) or occurs over many months (e.g., deploying an identity management system). As ITSM tool use is intrinsically cooperative, its study inherits the difficulties of studying cooperation. As a result, heuristic evaluation of ITSM tools could be a viable component of tool usability evaluations.
↧
Preparation, detection, and analysis: the diagnostic work of IT security incident response
Purpose — The purpose of this study is to examine security incident response practices of IT security practitioners as a diagnostic work process, including the preparation phase, detection, and analysis of anomalies. Design/methodology/approach — The data set consisted of 16 semi-structured interviews with IT security practitioners from 7 organizational types (e.g., academic, government, private). The interviews were analyzed using qualitative description with constant comparison and inductive analysis of the data to analyze diagnostic work during security incident response. Findings — Our analysis shows that security incident response is a highly collaborative activity, which may involve practitioners developing their own tools to perform specific tasks. Our results also show that diagnosis during incident response is complicated by practitioners’ need to rely on tacit knowledge, as well as usability issues with security tools. Research limitations/implications — Due to the nature of semi-structured interviews, not all participants discussed security incident response at the same level of detail. More data are required to generalize and refine our findings. Originality/value — The contribution of our work is twofold. First, using empirical data, we analyze and describe the tasks, skills, strategies, and tools that security practitioners use to diagnose security incidents. Our findings enhance the research community’s understanding of the diagnostic work during security incident response. Second, we identify opportunities for future research directions related to improving security tools.
↧
↧
Security Research Advances in 2009
This presentation reviews latest scientific conference reports on the cutting edge research in computer security. It presents and explains 2009 highlights from such top world annual research conferences as IEEE Symposium in Security and Privacy, ACM Conference in Computer and Communications Security (CCS), Symposium on Network and Distributed Systems Security (NDSS), Symposium on Usable Privacy and Security (SOUPS), ACM Symposium on Access Control Models and Technologies (SACMAT), New Security Paradigms Workshop (NSPW). For those who missed any of these venues in 2009, it provides an opportunity to catch up with the developments in the computer security technologies. The attendees will gain an understanding in the intuition behind latest technological advancements.
↧
Authorization Recycling in Hierarchical RBAC Systems
As distributed applications increase in size and complexity, traditional authorization architectures based on a dedicated authorization server become increasingly fragile because this decision point represents a single point of failure and a performance bottleneck. Authorization caching, which enables the re-use of previous authorization decisions, is one technique that has been used to address these challenges. This paper introduces and evaluates the mechanisms for authorization "recycling" in RBAC enterprise systems. The algorithms that support these mechanisms allow making precise and approximate authorization decisions, thereby masking possible failures of the authorization server and reducing its load. We evaluate these algorithms analytically as well as using simulation and a prototype implementation. Our evaluation results demonstrate that authorization recycling can improve the performance of distributed access control mechanisms.
↧
An RT-based Policy Model for Converged Networks
Technologies advanced in communication devices and wireless networks enable telecommunication network operators to provide rich personalized multimedia services. To attract potential customers and increase average revenue per customer, network operators will provide personalized services as differentiating factors in the near future. To accommodate the diversity and complexity of future networks, it is desirable to have an unified access management framework for supporting current and future network operations. As part of efforts in developing access management framework for a large telecommunication company in Canada, we developed policy models for current and future operation modes of converged networks. The proposed policy models are used as the basis for the specification of access control policies in a larger project of access management framework. The relations between elements in the proposed policy model are expressed formally using RT framework. Policy model use-cases are used to demonstrate how RT credentials and policies can be developed based on the proposed policy models.
↧
Poster: OpenIDemail Enabled Browser
Today's Web is site-centric. Web users have to maintain a separate copy of user ID and password for each website, which leads to weaker passwords and password re-use across accounts. Currently, single-domain SSO is not scalable to the Web and federated SSO requires pre-built agreements and trust relationships between identity and service providers. OpenID is promising, but it has usability issues of URI-based identifier scheme and is vulnerable to phishing attacks. In this poster, we describe the architecture, design, and implementation of a proposed system for usable and secure Web single sign-on. Our approach builds OpenID support into web browsers, hides OpenID identifiers from users with their existing email accounts, extends the OpenID protocol to perform authentication directly by browsers, and introduces an OpenIDAuth HTTP access authentication scheme to convey authenticated identities automatically into websites that support OpenID for authentication.
↧
↧
Investigating an Appropriate Design for Personal Firewalls
Personal firewalls are an important aspect of security for home computer users, but little attention has been given to their usability. We conducted semi-structured interviews to understand participants’ knowledge, requirements, expectations, and misconceptions for personal firewalls. Analysis of 10 interviews shows that different design decisions (i.e., level of automation, multiple profile settings) are appropriate for users with different levels of security knowledge and experience.
↧
Investigating User Account Control Practices
Non-administrator user accounts and the user account control (UAC) approach of Windows Vista are two practical solutions to limit the damage of malware infection. UAC in Windows Vista supports usage of lower privilege accounts; a UAC prompt allows users to raise their privileges when required. We conducted a user study and contextual interviews to understand the motives and challenges participants face when using different user accounts and the UAC approach. Most participants were not aware of or motivated to employ low-privileged accounts. Moreover, most did not understand or carefully consider the prompts.
↧
SIMD-Scan: Ultra Fast in-Memory Table Scan Using on-Chip Vector Processing Units
The availability of huge system memory, even on standard servers, generated a lot of interest in main memory database engines. In data warehouse systems, highly compressed column-oriented data structures are quite prominent. In order to scale with the data volume and the system load, many of these systems are highly distributed with a shared-nothing approach. The fundamental principle of all systems is a full table scan over one or multiple compressed columns. Recent research proposed different techniques to speedup table scans like intelligent compression or using an additional hardware such as graphic cards or FPGAs. In this paper, we show that utilizing the embedded Vector Processing Units (VPUs) found in standard superscalar processors can speed up the performance of mainmemory full table scan by factors. This is achieved without changing the hardware architecture and thereby without additional power consumption. Moreover, as on-chip VPUs directly access the system's RAM, no additional costly copy operations are needed for using the new SIMD-scan approach in standard main memory database engines. Therefore, we propose this scan approach to be used as the standard scan operator for compressed column-oriented main memory storage. We then discuss how well our solution scales with the number of processor cores; consequently, to what degree it can be applied in multi-threaded environments. To verify the feasibility of our approach, we implemented the proposed techniques on a modern Intel multi-core processor using Intel® Streaming SIMD Extensions (Intel® SSE). In addition, we integrated the new SIMD-scan approach into SAP® Netweaver® Business Warehouse Accelerator. We conclude with describing the performance benefits of using our approach for processing and scanning compressed data using VPUs in column-oriented main memory database systems.
↧
More Pages to Explore .....
