|
|
 |
 |
 |
|
eJETA.org Special Issue
Emerging Security Paradigms in the Knowledge Era
Feature Articles
|
Security and Privacy in Outsourcing with Customer-Specified Risk Tolerance
Author(s): Raymond A. Patterson, Erik Rolland, and Lisa Yeo
Keywords: Privacy, Security, Outsourcing, Mixed Integer Linear Programming.
Abstract: Outsourcing coupled with technology that enables data to reside anywhere has opened up
new challenges to the protection of personal privacy. Privacy laws differ internationally as does
the value different cultures place on personal privacy. Such differences have implications for
government as well as businesses. The corporation must be aware of the security efforts of all its
partners and consumers must be aware of the security of all service providers in the extended
value chain, not just the business they are interacting with directly. In this paper we propose a
method for controlling risks associated with spreading personal information across an extended
value chain. In addition, this method accommodates customer-specified levels of risk tolerance.
For businesses, the goal is to minimize the cost of securing data spread across vendors and
international boundaries.
|
Challenges and Potential Solutions for Secure and Efficient Knowledge Leveraging in Coalitions
Author(s): Petros Belsis
Keywords: Coalitions, Security Policies, Soft Constraints.
Abstract: Dynamic coalitions are often formed to facilitate the sharing of knowledge between different organizations that have to collaborate on the grounds of a common purpose (such as emergency incident responding). In such a versatile and dynamic environment - where participant domains may leave or join at any time- the ability to retrieve and disseminate knowledge efficiently and rapidly is a task of extreme significance. Secure management of resources on the other hand is a non-trivial process. In this paper, we present the main challenges in coalition management and provide a framework for efficient classification and retrieval of knowledge assets. We also describe a flexible security framework for coalition management, as well as an optimization effort based on soft constraints that allows the reduction of the systemâs administrative overhead.
|
"Let Me Tell You What I Want" - Security Policy Elicitation Through Computational Narration
Author(s): Ronda R. Henning
Keywords: Security, Policies.
Abstract: A system security policy is subject to considerable interpretation. What to the end user may be a perfectly reasonable access control policy may be impossible to architect into an enforceable policy implementation. The earlier such policy disconnect can be found, the less severe the impact on the system design, cost, and schedule. This paper discusses the use of computational narrative, or computer-assisted storytelling, as a method for eliciting the access control policy associated with a given information system. Similarities in the structure between computational narration and access control models are presented, as are attempts to apply computational narration in similar domains. Finally, a research project is proposed to determine the feasibility of computational narration as an access control modeling technique.
|
Knowledge-based Approach to Security Requirements for e-health Applications
Author(s): S. Dritsas, L. Gymnopoulos, M. Karyda, T. Balopoulos, S. Kokolakis, C. Lambrinoudakis and S. Katsikas
Keywords: Security Requirements, Application Development, Ontology, Security Patterns, e-health Applications.
Abstract: This paper introduces a knowledge-based approach for the security analysis and design of e-health applications. Following this approach, knowledge acquired through the process of developing secure e-health applications is represented in the form of security patterns; thus, it is made available to future developers. In this paper we present a set of security patterns that was developed based on the aforementioned approach. Security requirements for this set of patterns have been identified following a security and privacy analysis. The security patterns have been designed on the basis of a security ontology that was developed for this purpose. The ontology allows all concepts of importance and their relationships to be identified. The paper also describes the validation of the developed ontology, and compares the approach employed to other relevant methods in the domain of secure application development.
|
|