Copyright  | Privacy  | Help
The Electronic Journal for e-Commerce Tools & Applications
eJETA.org Home
About This Site
    Search
    Editorial Board
    Rel. Publication
Journal
    Issues
    Submissions
    Reviews
Sponsors:
Institute for Security Technology Studies at Dartmouth
DEVLAB -- Dartmouth Experimental Visualization Laboratory

eJETA.org Special Issue

Emerging Security Paradigms in the Knowledge Era

Guest Editor: Stefanos Gritzalis

Oct 2006

Please note the copyrights agreement for these papers.

Feature Articles


Security and Privacy in Outsourcing with Customer-Specified Risk Tolerance

Author(s): Raymond A. Patterson, Erik Rolland, and Lisa Yeo

Keywords: Privacy, Security, Outsourcing, Mixed Integer Linear Programming.

Abstract: Outsourcing coupled with technology that enables data to reside anywhere has opened up new challenges to the protection of personal privacy. Privacy laws differ internationally as does the value different cultures place on personal privacy. Such differences have implications for government as well as businesses. The corporation must be aware of the security efforts of all its partners and consumers must be aware of the security of all service providers in the extended value chain, not just the business they are interacting with directly. In this paper we propose a method for controlling risks associated with spreading personal information across an extended value chain. In addition, this method accommodates customer-specified levels of risk tolerance. For businesses, the goal is to minimize the cost of securing data spread across vendors and international boundaries.


Challenges and Potential Solutions for Secure and Efficient Knowledge Leveraging in Coalitions

Author(s): Petros Belsis

Keywords: Coalitions, Security Policies, Soft Constraints.

Abstract: Dynamic coalitions are often formed to facilitate the sharing of knowledge between different organizations that have to collaborate on the grounds of a common purpose (such as emergency incident responding). In such a versatile and dynamic environment - where participant domains may leave or join at any time- the ability to retrieve and disseminate knowledge efficiently and rapidly is a task of extreme significance. Secure management of resources on the other hand is a non-trivial process. In this paper, we present the main challenges in coalition management and provide a framework for efficient classification and retrieval of knowledge assets. We also describe a flexible security framework for coalition management, as well as an optimization effort based on soft constraints that allows the reduction of the systemâ™s administrative overhead.


"Let Me Tell You What I Want" - Security Policy Elicitation Through Computational Narration

Author(s): Ronda R. Henning

Keywords: Security, Policies.

Abstract: A system security policy is subject to considerable interpretation. What to the end user may be a perfectly reasonable access control policy may be impossible to architect into an enforceable policy implementation. The earlier such policy disconnect can be found, the less severe the impact on the system design, cost, and schedule. This paper discusses the use of computational narrative, or computer-assisted storytelling, as a method for eliciting the access control policy associated with a given information system. Similarities in the structure between computational narration and access control models are presented, as are attempts to apply computational narration in similar domains. Finally, a research project is proposed to determine the feasibility of computational narration as an access control modeling technique.


Knowledge-based Approach to Security Requirements for e-health Applications

Author(s): S. Dritsas, L. Gymnopoulos, M. Karyda, T. Balopoulos, S. Kokolakis, C. Lambrinoudakis and S. Katsikas

Keywords: Security Requirements, Application Development, Ontology, Security Patterns, e-health Applications.

Abstract: This paper introduces a knowledge-based approach for the security analysis and design of e-health applications. Following this approach, knowledge acquired through the process of developing secure e-health applications is represented in the form of security patterns; thus, it is made available to future developers. In this paper we present a set of security patterns that was developed based on the aforementioned approach. Security requirements for this set of patterns have been identified following a security and privacy analysis. The security patterns have been designed on the basis of a security ontology that was developed for this purpose. The ontology allows all concepts of importance and their relationships to be identified. The paper also describes the validation of the developed ontology, and compares the approach employed to other relevant methods in the domain of secure application development.

Copyright ©2001-2008
Trustees of Dartmouth College
and University of Texas at Arlington.
All Rights Reserved.
Powered By OpenBSD Contact for problems and questions:
Zhengyi Le
email:zyle@uta.edu

This page has been visited 824737 times since 2006-05-09 09:49:40