A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL.
The file type is application/pdf.
Filters
A Generic Model and Architecture for Automated Auditing
[chapter]
2005
Lecture Notes in Computer Science
Preserved Fulltext
To show its general applicability, the proposed model is applied to different areas including Service Level Agreement (SLA) compliance verification and Intrusion Detection Systems. ...
Research has been performed in areas of auditing, a.o. security auditing, compliance auditing, financial auditing. ...
Concluding, the generic model and architecture provide a common and flexible basis for further development in various auditing areas, in particular security auditing, SLA compliance verification, and business ...
doi:10.1007/11568285_11
fatcat:xebz4iqrfjf4bodehdugrjvvgi
Computational and Behavioral Trust Assurance by Utilizing Profile-based Risk Assessments: The CATM Methodology
2016
Journal of Internet Technology and Secured Transaction
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
Security issues arise due to occurrence of incidents that compromise computational and behavioral trusts. ...
It allows the abstraction and inclusion of different attributes of both computational and behavioral trusts. ...
The Trusted Computing Base (TCB) is the part of the system that is responsible for enforcing the information security policies of the system. ...
doi:10.20533/jitst.2046.3723.2016.0056
fatcat:xaknquodfvh3jftzfscno3xxpm
Proactive Security Auditing in Clouds
[chapter]
2019
Advances in Information Security
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
During the first phase, we propose a runtime security auditing system for the user-level of the cloud; where our proposed system audits wide range of security properties relevant to different authentication ...
, and in verification (e.g., prohibitive performance overhead due to the sheer scale of cloud infrastructures and need of runtime verification for the dynamic nature of cloud). ...
of that event, and enforce the security policy according to the verification result. learning system and proactive verification system. ...
doi:10.1007/978-3-030-23128-6_6
fatcat:b6exjivobrfg5pju3d2eqx6jvu
Confidential Attestation: Efficient in-Enclave Verification of Privacy Policy Compliance
[article]
2020
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Our model is inspired by Proof-Carrying Code, where a code generator produces proof together with the code and a code consumer verifies the proof against the code on its compliance with security policies ...
So its compliance with privacy policies as expected by the data owner should be verified without exposing its code. ...
Security Policies Without exposing its code for verification, the target binary needs to be inspected for compliance with security policies by the bootstrap enclave. ...
arXiv:2007.10513v1
fatcat:p23pajyac5hhvcszvc5els4ap4
Formal Reasoning About the Security of Amazon Web Services
[chapter]
2018
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
We report on the development and use of formal verification tools within Amazon Web Services (AWS) to increase the security assurance of its cloud infrastructure and to help customers secure themselves ...
For example, an SMT-based semanticlevel policy reasoning tool is used to find misconfigured resource policies. ...
At the same time, AWS is increasingly being used for a broad range of security-critical computational workloads. ...
doi:10.1007/978-3-319-96145-3_3
fatcat:satz32czevf3djxace2gshftfe
Data Protection by Design Tool for Automated GDPR Compliance Verification Based on Semantically Modeled Informed Consent
2022
Sensors
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
We present a scalable data protection by design tool for automated compliance verification and auditability based on informed consent that is modeled with a knowledge graph. ...
at which compliance verification must be performed. ...
[3] propose guidelines for implementing a GDPR compliance verification framework for Big Data systems (i.e., systems that can handle high volumes of unstructured data [30] ). ...
doi:10.3390/s22072763
pmid:35408377
pmcid:PMC9002473
fatcat:paihbpaxkvex3dhmwjx22qddie
Don't Yank My Chain: Auditable NF Service Chaining
2021
Symposium on Networked Systems Design and Implementation
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
In contrast, AuditBox continuously self-monitors for correct behavior, proving runtime guarantees that the system remains in compliance with policy goals. ...
In traditional auditing, administrators test the system for correctness on a schedule, e.g., once per month. ...
Acknowledgements: We thank our shepherd Alex Snoeren and the anonymous reviewers for their insightful comments. We also thank Rishabh Poddar ...
dblp:conf/nsdi/LiuSKPSS21
fatcat:e3q3pppfwfcyjb4npjcq7udff4
Security Issues Over Some Cloud Models
2015
Procedia Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
Lavanya scheme (2014) all of which are displayed and its security are discussed. Recommendations are further given for proper security issues over cloud systems. ...
The data leakage, lack of proper security control policy, and weakness in the data sentry are the main worries of the companies. ...
, as previously described, with a secure, private and scalable policy for data sharing in cloud computing, ensure the overheads of the service provided by the system and is as light as possible. ...
doi:10.1016/j.procs.2015.09.041
fatcat:45yyrq5zxrdmvl3bnuprg5aili
Public Auditing Mechanism toVerify Data Integrity in Cloud Storage
2020
International Journal of Emerging Trends in Engineering Research
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Cloud users can manage their data without deploying and maintaining storage servers and devices in the local system. ...
Data integrity and confidentiality are the two most vital security concerns over unreliable cloud service providers (CSP). ...
Then client computes signature ( ) for
each block
with the help of public key u.
= (
|
|
.
|
|
) (4)
Algorithm 1: Setup phase
1.
2.
ℎ
( ,
)
3. ℎ
← ;
compute
s ←
∈ .
4. ...
doi:10.30534/ijeter/2020/53892020
fatcat:p2lyelcfynfxjenukujqytkbjy
Securing Resource Discovery in Content Hosting Networks
[chapter]
2015
Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
We present an efficient and effective verification method for query routes, that is agnostic to the specific routing algorithm being used and achieves strong security guarantees. ...
In this paper, we tackle the problem of secure routing by considering a generic policy-driven routing approach, and focus on the steps required to verify in a fully distributed manner that a search query ...
A weaker notion of the above definition, which will be useful for our verification algorithms is defined as α compliance. Definition 5 (α-Policy-Compliant Distributed Search). ...
doi:10.1007/978-3-319-23829-6_12
fatcat:rcxdambmffcb5pao5vo5tsnrte
STUDY ON SECURITY MODEL IN CLOUD COMPUTING
2017
International Journal of Advanced Research in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
security model which has authentication through verification and validation, security components such as OTP, 2FA, and security policies-through guidelines, procedures and security controls-through privilege ...
Cloud computing is new and latest trend in Information Technology for dynamic provisioning of IT capabilities. ...
Security on demand for cloud computing. ...
doi:10.26483/ijarcs.v8i7.4350
fatcat:2e32jyun3baahl74ted3e734uy
Advanced Analysis of the Integrity of Access Control Policies: the Specific Case of Databases
2020
˜The œinternational Arab journal of information technology
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
We define a formal framework for detecting non-compliance anomalies in concrete Role Based Access Control (RBAC) policies. We rely on an example to illustrate the relevance of our contribution ...
We propose a rigorous and complete solution to help security architects verifying the correspondence between the security planning and its concrete implementation. ...
Introduction Securing a critical Information Systems (IS) requires basically setting up a trusted and reliable access control policy. ...
doi:10.34028/iajit/17/5/14
fatcat:2qlphbtpebfrpmfcd5lkq5esla
Privacy Requirement Modeling and Verification in Cloud Computing
2015
ACM/IEEE International Conference on Model Driven Engineering Languages and Systems
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
To tackle the issues of privacy requirement modeling and verification in cloud computing, a framework that supports model checking consistency, entailment and compliance with the formal definition of privacy ...
Cloud computing, the architecture which shares dynamic heterogeneous characteristics in the cross-layer service composition, has affected traditional security, trust and privacy mechanisms which are mainly ...
Finally, we need to verify the compliance between the cloud computing system practice and requirements. ...
dblp:conf/models/Wang15
fatcat:pos7546e45gx3nvibyllegwg5i
A security policy framework for eEnabled fleets and airports
2011
2011 Aerospace Conference
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
We propose a distributed architecture for policy-compliance monitoring that enables runtime verification of compliance in the multiorganization environments typical of large-scale infrastructure systems ...
In this paper, we present a classification of security policies that need to be enforced in such modern airport systems. ...
The heuristic algorithm that we propose for the mapping of information sources and verification servers allows computing efficiently a solution that respects all confidentiality, integrity, and separation-ofduty ...
doi:10.1109/aero.2011.5747379
fatcat:rcjejobi2jd2zavqnp24idu7vu
Directed Security Policies: A Stateful Network Implementation
2014
Electronic Proceedings in Theoretical Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
Other Versions
Large systems are commonly internetworked. A security policy describes the communication relationship between the networked entities. ...
The security policy defines rules, for example that A can connect to B, which results in a directed graph. ...
Acknowledgements & Availability We thank our network administrator Andreas Korsten for his valuable input, his time and commitment. We appreciate Heiko Niedermayer's and Jasmin Blanchette's feedback. ...
doi:10.4204/eptcs.150.3
fatcat:a2clel3vlrhjlosyqvc2othpsa
« Previous
Showing results 1 — 15 out of 11,075 results