54,845 Hits in 11.2 sec

Information Flow Audit for Transparency and Compliance in the Handling of Personal Data

Thomas F. J. -M. Pasquier, David Eyers
2016 2016 IEEE International Conference on Cloud Engineering Workshop (IC2EW)  
In this paper we explore how an Information Flow Audit (IFA) mechanism, that provides key data regarding provenance, can be used to verify compliance with regulatory and contractual duty, and survey potential  ...  We explore the use of IFA for such a purpose through a smart electricity metering use case derived from a French Data Protection Agency recommendation.  ...  Acknowledgement This work was supported by UK Engineering and Physical Sciences Research Council grant EP/K011510 CloudSafetyNet: End-to-End Application Security in the Cloud.  ... 
doi:10.1109/ic2ew.2016.29 dblp:conf/ic2e/PasquierE16 fatcat:qjp2zgnxu5huxnvcdowat6pkty

Towards Compliance and Accountability: a Framework for Privacy Online

Huanchun Peng, Jun Gu, Xiaojun Ye
2009 Journal of Computers  
While "access control" is well understood, how to achieve "usage control" is still unclear. In the online environment, information is easily copied or delivered.  ...  UCON ABC , as the next generation of access control, is inadequate to cover the entire privacy information life cycle.  ...  Information accountability means the use of information should be transparent so it is possible to determine whether a particular use is appropriate under a given set of predefined rules and that the system  ... 
doi:10.4304/jcp.4.6.494-501 fatcat:csyeg6zgzrbzfj7lde3n3yvvhy

A Responsible Internet to Increase Trust in the Digital World

Cristian Hesselman, Paola Grosso, Ralph Holz, Fernando Kuipers, Janet Hui Xue, Mattijs Jonker, Joeri de Ruiter, Anna Sperotto, Roland van Rijswijk-Deij, Giovane C. M. Moura, Aiko Pras, Cees de Laat
2020 Journal of Network and Systems Management  
of other users by improving the transparency, accountability, and controllability of the Internet at the network-level.  ...  We believe that a responsible Internet is the next stage in the evolution of the Internet and that the concept is useful for clean slate Internet systems as well.  ...  Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long  ... 
doi:10.1007/s10922-020-09564-7 fatcat:fogj7wp6lnb6rotyjbune2xuwy

Practical information flow for legacy web applications

Georgios Chinis, Polyvios Pratikakis, Sotiris Ioannidis, Elias Athanasopoulos
2013 Proceedings of the 8th Workshop on Implementation, Compilation, Optimization of Object-Oriented Languages, Programs and Systems - ICOOOLPS'13  
To enforce a policy, LabelFlow tracks the propagation of information throughout the application, transparently and efficiently, both in the PHP runtime and through persistent storage.  ...  We used LabelFlow to add and enforce access control policies in three popular realworld large scale web applications: MediaWiki, Wordpress and OpenCart.  ...  Label-based information flow, in particular, uses a set of labels to represent security levels and to track the flow of information.  ... 
doi:10.1145/2491404.2491410 dblp:conf/ecoop/ChinisPIA13 fatcat:td6qyfthtbeu7clqc3p2fid2y4


Michael Dalton, Hari Kannan, Christos Kozyrakis
2007 Proceedings of the 34th annual international symposium on Computer architecture - ISCA '07  
First, it supports flexible and programmable security policies that enable software to direct hardware analysis towards a wide range of high-level and low-level attacks.  ...  This paper proposes Raksha, an architecture for software security based on dynamic information flow tracking (DIFT).  ...  Recent research has established dynamic information flow tracking (DIFT) [9, 17] as a promising platform for detecting a wide range of security attacks.  ... 
doi:10.1145/1250662.1250722 dblp:conf/isca/DaltonKK07 fatcat:6ve3ir4yq5epxh5dkq5oqtmhma


Michael Dalton, Hari Kannan, Christos Kozyrakis
2007 SIGARCH Computer Architecture News  
First, it supports flexible and programmable security policies that enable software to direct hardware analysis towards a wide range of high-level and low-level attacks.  ...  This paper proposes Raksha, an architecture for software security based on dynamic information flow tracking (DIFT).  ...  Recent research has established dynamic information flow tracking (DIFT) [9, 17] as a promising platform for detecting a wide range of security attacks.  ... 
doi:10.1145/1273440.1250722 fatcat:gdo5x6x7xrdgje3tq44pt6ohxu

Information Flow Monitor Inlining

Andrey Chudnov, David A. Naumann
2010 2010 23rd IEEE Computer Security Foundations Symposium  
We show how to inline an information flow monitor, specifically a flow sensitive one previously proved to enforce termination insensitive noninterference.  ...  In recent years it has been shown that dynamic monitoring can be used to soundly enforce information flow policies.  ...  Acknowledgments: Ale Russo and Andrei Sabelfeld kindly shared drafts of their work and discussed it with us. Cormac Flanagan shared unpublished work on "no sensitive upgrade".  ... 
doi:10.1109/csf.2010.21 dblp:conf/csfw/ChudnovN10 fatcat:6lcqykyuonb5daxgtfk6yhqcqu

A roadmap for comprehensive online privacy policy management

Annie I. Antón, Elisa Bertino, Ninghui Li, Ting Yu
2007 Communications of the ACM  
Information technology advances are making Internet and Web-based system use the common choice in many application domains, ranging from business to healthcare to scientific collaboration and distance  ...  Finally, endusers must be able to easily understand privacy policies [AEB04] and need effective, transparent and comprehensible online privacy-protection mechanisms.  ...  Middle tier (security policies): In this layer, traditional security policies, e.g., those governing authentication, access control and information flow are needed to enforce high-level privacy policies  ... 
doi:10.1145/1272516.1272522 fatcat:optjvlmf2zg4pllr2nm4ll7tza

Camflow: Managed Data-Sharing for Cloud Services

Thomas F. J.-M. Pasquier, Jatinder Singh, David Eyers, Jean Bacon
2017 IEEE Transactions on Cloud Computing  
Information Flow Control (IFC), in addition, offers system-wide, end-to-end, flow control based on the properties of the data.  ...  In addition, the audit log associated with IFC provides transparency, giving configurable system-wide visibility over data flows. [...]  ...  ACKNOWLEDGMENTS This work was supported by UK Engineering and Physical Sciences Research Council grant EP/K011510 Cloud-SafetyNet: End-to-End Application Security in the Cloud.  ... 
doi:10.1109/tcc.2015.2489211 fatcat:bytla3mpwfhwjgr52yqj5ghewm

Building an Application-Aware IPsec Policy System

Heng Yin, Haining Wang
2007 IEEE/ACM Transactions on Networking  
The end-to-end security services provided by IPsec have not been widely used. To bring the IPsec services into wide usage, a standard IPsec API is a potential solution.  ...  The experimental results show that the overhead of policy translation is insignificant, and the overall system performance of the enhanced IPsec is comparable to those of security mechanisms at upper layers  ...  This technique may move us toward a more secure Internet, allowing users to create an environment where message privacy is the default.  ... 
doi:10.1109/tnet.2007.896536 fatcat:el7dsxlksncnxpknwfdnr7ikxe

Information Flow Control for Secure Cloud Computing

Jean Bacon, David Eyers, Thomas F. J.-M. Pasquier, Jatinder Singh, Ioannis Papagiannis, Peter Pietzuch
2014 IEEE Transactions on Network and Service Management  
Security concerns are widely seen as an obstacle to the adoption of cloud computing solutions. Information Flow Control (IFC) is a well understood Mandatory Access Control methodology.  ...  Index Terms-Cloud, data security, information flow, information flow control (IFC).  ...  For each, we discuss the typical approaches used to secure them. We then introduce Information Flow Control and discuss cross-cutting legal and security concerns. A.  ... 
doi:10.1109/tnsm.2013.122313.130423 fatcat:oczijxwkfvdtrgar6nvab4ypem

Inlined Information Flow Monitoring for JavaScript

Andrey Chudnov, David A. Naumann
2015 Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS '15  
Extant security mechanisms for web apps, notably the "sameorigin policy", are not sufficient to achieve confidentiality and integrity goals for the many apps that manipulate sensitive information.  ...  Researchers are exploring dynamic information flow controls (IFC) for JavaScript, but there are many challenges to achieving strong IFC without excessive performance cost or impractical browser modifications  ...  Like language semantics, APIs need to be mediated too: They often involve complex control flows and information flows, and they need to be instrumented to work with boxes.  ... 
doi:10.1145/2810103.2813684 dblp:conf/ccs/ChudnovN15 fatcat:zdvqrhvq4vf75pz3t2ehclu75q

The Transitivity of Trust Problem in the Interaction of Android Applications [article]

Steffen Bartsch and Karsten Sohr and Michaela Bunke and Oliver Hofrichter and Bernhard Berger
2012 arXiv   pre-print
Instead, the information flow needs to be policed for the composite system of applications in a transparent and usable manner.  ...  Mobile phones have developed into complex platforms with large numbers of installed applications and a wide range of sensitive data.  ...  This kind of language-based security analysis is limited to the use of annotations by programmers at the source-code level.  ... 
arXiv:1204.1458v1 fatcat:ugbmbbqgb5gm3a2mlgfdej6lbm

Decision Provenance: Harnessing Data Flow for Accountable Systems

Jatinder Singh, Jennifer Cobbe, Chris Norval
2019 IEEE Access  
A key reason for this is because the details and nature of the information flows that interconnect and drive systems, which often occur across technical and organisational boundaries, tend to be invisible  ...  Decision provenance entails using provenance methods to provide information exposing decision pipelines: chains of inputs to, the nature of, and the flow-on effects from the decisions and actions taken  ...  Towards this, standardisation, verification, attestation, and secure logging mechanisms will all be relevant. B.  ... 
doi:10.1109/access.2018.2887201 fatcat:bx57wrrunna5nfzdqvsqjz3piy

Are Blockchain-based Systems the Future of Project Management? A Preliminary Exploration

Robin Renwick
2020 The Journal of British Blockchain Association  
Five constructs emerge: transparency, control, dynamic status updating, incentives, and trust.  ...  Blockchain technologies have introduced a platform for a new wave of project management systems, providing managers with a range of characteristics, capabilities, and feature sets to aid their practice  ...  Acknowledgements: The authors would like to thank Enterprise Ireland, University College Cork, the JBBA, and all the participants that contributed to the study.  ... 
doi:10.31585/jbba-3-2-(2)2020 fatcat:ecjzysalyff7tgdlgrnzentt6e
« Previous Showing results 1 — 15 out of 54,845 results