EPICS: A Framework for Enforcing Security Policies in Composite Web Services

Download
2019-05-01
Ranchal, Rohit
Bhargava, Bharat
Angın, Pelin
ben Othmane, Lotfi
With advances in cloud computing and the emergence of service marketplaces, the popularity of composite services marks a paradigm shift from single-domain monolithic systems to cross-domain distributed services, which raises important privacy and security concerns. Access control becomes a challenge in such systems because authentication, authorization and data disclosure may take place across endpoints that are not known to clients. The clients lack options for specifying policies to control the sharing of their data and have to rely on service providers which offer limited selection of security and privacy preferences. This lack of awareness and loss of control over data sharing increases threats to a client's data and diminishes trust in these systems. We propose EPICS, an efficient and effective solution for enforcing security policies in composite Web services that protects data privacy throughout the service interaction lifecycle. The solution ensures that the data are distributed along with the client policies that dictate data access and an execution monitor that controls data disclosure. It empowers data owners with control of data disclosure decisions during interactions with remote services and reduces the risk of unauthorized access. The paper presents the design, implementation, and evaluation of the EPICS framework.
IEEE TRANSACTIONS ON SERVICES COMPUTING

Suggestions

PLGAKD: A PUF-based Lightweight Group Authentication and Key Distribution Protocol
Yıldız, Hüsnü; Cenk, Murat; Onur, Ertan (Institute of Electrical and Electronics Engineers (IEEE), 2020-11-01)
Securing Internet of Things (IoT) applications that collect and transport sensitive data by guaranteeing authenticity, integrity, and confidentiality is a critical challenge. Reducing computation and communication overhead of security functions is also a key concern since a large number of constrained devices may take place in such applications. Our main focus in this paper is group authentication and key management in IoT. The existing group authentication and key management protocols in the literature per...
Online DDoS attack detection using Mahalanobis distance and Kernel-based learning algorithm
Cakmakci, Salva Daneshgadeh; Kemmerich, Thomas; Ahmed, Tarem; Baykal, Nazife (Elsevier BV, 2020-10-01)
Distributed denial-of-service (DDoS) attacks are constantly evolving as the computer and networking technologies and attackers' motivations are changing. In recent years, several supervised DDoS detection algorithms have been proposed. However, these algorithms require a priori knowledge of the classes and cannot automatically adapt to frequently changing network traffic trends. This emphasizes the need for the development of new DDoS detection mechanisms that target zero-day and sophisticated DDoS attacks....
Big data maturity models for the public sector: a review of state and organizational level models
OKUYUCU, ARAS; Yavuz, Nilay (Emerald, 2020-07-01)
Purpose Despite several big data maturity models developed for businesses, assessment of big data maturity in the public sector is an under-explored yet important area. Accordingly, the purpose of this study is to identify the big data maturity models developed specifically for the public sector and evaluate two major big data maturity models in that respect: one at the state level and the other at the organizational level. Design/methodology/approach A literature search is conducted using Web of Science an...
Energy efficient wireless unicast routing alternatives for machine-to-machine networks
Tekbiyik, Neyre; Uysal, Elif (Elsevier BV, 2011-09-01)
Machine-to-machine (M2M) communications is a new and rapidly developing technology for large-scale networking of devices without dependence on human interaction. Energy efficiency is one of the important design objectives for machine-to-machine network architectures that often contain multihop wireless subnetworks. Constructing energy-efficient routes for sending data through such networks is important not only for the longevity of the nodes which typically depend on battery energy, but also for achieving a...
SWARM-based data delivery in Social Internet of Things
Hasan, Mohammed Zaki; Al-Turjman, Fadi (Elsevier BV, 2019-03-01)
Social Internet of Things (SIoTs) refers to the rapidly growing network of connected objects and people that are able to collect and exchange data using embedded sensors. To guarantee the connectivity among these objects and people, fault tolerance routing has to be significantly considered. In this paper, we propose a bio-inspired particle multi-swarm optimization (PMSO) routing algorithm to construct, recover and select k-disjoint paths that tolerates the failure while satisfying quality of service (QoS) ...
Citation Formats
R. Ranchal, B. Bhargava, P. Angın, and L. ben Othmane, “EPICS: A Framework for Enforcing Security Policies in Composite Web Services,” IEEE TRANSACTIONS ON SERVICES COMPUTING, pp. 415–428, 2019, Accessed: 00, 2020. [Online]. Available: https://hdl.handle.net/11511/35052.