EPICS: A Framework for Enforcing Security Policies in Composite Web Services

Download
2019-05-01
Ranchal, Rohit
Bhargava, Bharat
Angın, Pelin
ben Othmane, Lotfi
With advances in cloud computing and the emergence of service marketplaces, the popularity of composite services marks a paradigm shift from single-domain monolithic systems to cross-domain distributed services, which raises important privacy and security concerns. Access control becomes a challenge in such systems because authentication, authorization and data disclosure may take place across endpoints that are not known to clients. The clients lack options for specifying policies to control the sharing of their data and have to rely on service providers which offer limited selection of security and privacy preferences. This lack of awareness and loss of control over data sharing increases threats to a client's data and diminishes trust in these systems. We propose EPICS, an efficient and effective solution for enforcing security policies in composite Web services that protects data privacy throughout the service interaction lifecycle. The solution ensures that the data are distributed along with the client policies that dictate data access and an execution monitor that controls data disclosure. It empowers data owners with control of data disclosure decisions during interactions with remote services and reduces the risk of unauthorized access. The paper presents the design, implementation, and evaluation of the EPICS framework.
IEEE TRANSACTIONS ON SERVICES COMPUTING

Suggestions

PLGAKD: A PUF-based Lightweight Group Authentication and Key Distribution Protocol
Yıldız, Hüsnü; Cenk, Murat; Onur, Ertan (Institute of Electrical and Electronics Engineers (IEEE), 2020-11-01)
Securing Internet of Things (IoT) applications that collect and transport sensitive data by guaranteeing authenticity, integrity, and confidentiality is a critical challenge. Reducing computation and communication overhead of security functions is also a key concern since a large number of constrained devices may take place in such applications. Our main focus in this paper is group authentication and key management in IoT. The existing group authentication and key management protocols in the literature per...
Big data maturity models for the public sector: a review of state and organizational level models
OKUYUCU, ARAS; Yavuz, Nilay (Emerald, 2020-07-01)
Purpose Despite several big data maturity models developed for businesses, assessment of big data maturity in the public sector is an under-explored yet important area. Accordingly, the purpose of this study is to identify the big data maturity models developed specifically for the public sector and evaluate two major big data maturity models in that respect: one at the state level and the other at the organizational level. Design/methodology/approach A literature search is conducted using Web of Science an...
Online DDoS attack detection using Mahalanobis distance and Kernel-based learning algorithm
Cakmakci, Salva Daneshgadeh; Kemmerich, Thomas; Ahmed, Tarem; Baykal, Nazife (Elsevier BV, 2020-10-01)
Distributed denial-of-service (DDoS) attacks are constantly evolving as the computer and networking technologies and attackers' motivations are changing. In recent years, several supervised DDoS detection algorithms have been proposed. However, these algorithms require a priori knowledge of the classes and cannot automatically adapt to frequently changing network traffic trends. This emphasizes the need for the development of new DDoS detection mechanisms that target zero-day and sophisticated DDoS attacks....
IFOOD: An intelligent fuzzy object-oriented database architecture
Koyuncu, M; Yazıcı, Adnan (Institute of Electrical and Electronics Engineers (IEEE), 2003-09-01)
Next generation information system applications require powerful and intelligent information management that necessitates an efficient interaction between database and knowledge base technologies. It is also important for these applications to incorporate uncertainty in data objects, in integrity constraints, and/or in application. In this study, we propose an intelligent object-oriented database architecture, IFOOD, which permits the flexible modeling and querying of complex data and knowledge including un...
Mobile multi-access IP: a proposal for mobile multi-access management in future wireless IP networks
Altuntas, S; Baykal, Buyurman (Elsevier BV, 2005-03-15)
As the wireless networking technologies advance rapidly, providing mobile users with roaming freely in heterogeneous wireless access domains, the need for multi-access arises. This paper introduces the Mobile Multi-Access Management Architecture (MMA-IP) for IP-based future wireless networks. MMA-IP enables mobile users to utilize multiple access domains synchronously and to switch between different access domains. In order to handle multi-access operations, MMA-IP defines a new special mobility agent, call...
Citation Formats
R. Ranchal, B. Bhargava, P. Angın, and L. ben Othmane, “EPICS: A Framework for Enforcing Security Policies in Composite Web Services,” IEEE TRANSACTIONS ON SERVICES COMPUTING, pp. 415–428, 2019, Accessed: 00, 2020. [Online]. Available: https://hdl.handle.net/11511/35052.