Computer and Cyber Security
eBook - ePub

Computer and Cyber Security

Principles, Algorithm, Applications, and Perspectives

  1. 666 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Computer and Cyber Security

Principles, Algorithm, Applications, and Perspectives

Book details
Book preview
Table of contents
Citations

About This Book

This is a monumental reference for the theory and practice of computer security. Comprehensive in scope, this text covers applied and practical elements, theory, and the reasons for the design of applications and security techniques. It covers both the management and the engineering issues of computer security. It provides excellent examples of ideas and mechanisms that demonstrate how disparate techniques and principles are combined in widely-used systems. This book is acclaimed for its scope, clear and lucid writing, and its combination of formal and theoretical aspects with real systems, technologies, techniques, and policies.

Frequently asked questions

Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes, you can access Computer and Cyber Security by Brij B. Gupta in PDF and/or ePUB format, as well as other popular books in Business & Operations. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Auerbach Publications
Year
2018
ISBN
9780429756306
Edition
1
Topic
Business
Subtopic
Operations
Index
Business

Chapter 1

Context-Aware Systems: Protecting Sensitive Information and Controlling Network Behavior

Alberto Huertas CeldrĂĄn, Manuel Gil PĂ©rez, FĂ©lix J. GarcĂ­a Clemente, and Gregorio MartĂ­nez PĂ©rez
University of Murcia

Contents

1.1 Introduction to Information Management Systems
1.2 Objectives and Contribution
1.3 Policy-Based IMS Solutions
1.4 Context-Aware IMS Solutions
1.4.1 Location and Context-Awareness
1.4.2 Context-Aware Application Scenarios
1.4.2.1 Management of Location Privacy
1.4.2.2 Hybrid Recommender Systems
1.4.2.3 Protecting Information in eHealth Scenarios
1.4.2.4 Networking Paradigm
1.4.3 Context-Awareness Proposals
1.5 Challenges of IMS
1.6 Conclusions and Future Work
References

1.1 Introduction to Information Management Systems

The first proposal in charge of categorizing the different areas that should be considered by information management systems (IMSs) to reduce the complexity of the management process was called FCAPS (Fault, Configuration, Accounting, Performance, and Security). This solution was proposed by ISO (International Organization for Standardization) in the OSI Systems Management (OSI-SM) [1]. Among the five proposed areas, this chapter is focused on security and configuration, although the management of these areas also affects important aspects of others like, for example, the systems’ performance or the fault tolerance.
The security management area is oriented to emphasize security considerations like the protection of the information handled by IMSs. The increment of the information managed by these systems during the past decades has influenced the necessity of protecting some sensitive pieces of information. For example, in Spain, depending on the nature of the information, the legislation [2] categorizes it into three levels of security. The basic level contains personal information like, for example, the name, age, sex, address, telephone, or bank account number. The medium level contains the information related to financial operations and personalities, for example, patrimonial assets, habits of consumers, criminal records, or curriculum. Finally, the last category has the highest level of security and is composed of information such as the ideology, political affiliations, religion, or health. The protection of these pieces of information is known in the literature with the terms of privacy. Privacy refers to the rights of persons and organizations to determine for themselves when, where, how, and what information about them can be revealed [3]. In that sense, the consideration of the information’s privacy also increases the complexity of the management process performed by IMSs. These systems should allow their users to control what pieces of information they want to reveal, the place where these pieces of information can be revealed, the moment or period of time, the situation in which the information should be revealed, and the person(s) or organization(s) to whom the information can be revealed.
On the other hand, another area proposed by FCAPS, in which this chapter is focused on, is the management of the systems’ configuration and behavior to control the deployment of hardware and software components. In this sense, the networking paradigm is one of the topics in which industry and academic sectors are making more efforts to manage at real time the resources composing the network infrastructure. Networks are dynamic systems composed of distributed and heterogeneous resources managed by different administrators. When the network status varies depending on different aspects like, for example, the number of connected users or the availability of resources, it is needed to reconfigure the network resources in order to continue providing services. The Software-Defined Networking (SDN) paradigm arose with the goal of reducing the complexity during the network management process by separating the control and data planes, and “softwarizing” the configuration of the network resources. However, performing reconfiguration and management of distributed resources is still a difficult task that needs new mechanisms to ease it. These new mechanisms should allow network administrators to control at real time the network resources according to the current status of the network. The behavior of network resources should be adapted automatically, taking into account the network status and the decisions of administrators oriented to guarantee network requirements like the Quality of Service (QoS), energy efficiency, or fault tolerance.
Several proposals have been made during the past decades to reduce the complexity in the management processes performed by IMSs, as commented at the beginning of this section. One of the most relevant ones was made by the Internet Engineering Task Force (IETF) with the definition of a new paradigm called policy-based management (PBM) [4]. This paradigm arose with the aim of separating the behavior of systems from their functionality. This separation allowed the flexible, automatic, and dynamic management of the systems behavior and their information while reducing maintenance costs. One of the main goals of PBM consists in managing systems, information, and resources at a high abstraction level. Using this paradigm, systems administrators define policies, or rules, indicating the actions that should be applied when certain events are triggered. These rules are composed of conditions and decisions, where conditions are representations of the prerequisites that must be accomplished in order to enforce the actions established by the decisions. According to the Policy Core Information Model [5] developed jointly by IETF and Distributed Management Task Force (DMTF), policies are stored in a repository called Policy Repository, and the entities in charge of checking if conditions are accomplished and making the policy decisions are called Policy Decision Point. Finally, entities enforcing decisions of the policies are called Policy Enforcement Point.
In order to express the intention of administrators and information’s owners, several technologies and policy-based languages have been proposed during the past decades. eXtensible Access Control Markup Language [6] is one of the most well-known languages. It is accepted in industry and academia as de facto standard, and it is mainly focused on access control management in distributed systems. KAoS (Knowledge Acquisition in automated Specification) [7] is another well-known language designed for goal-directed software requirements analysis. KAoS provides the capability of assigning system-level and organizational objectives rather than lower-level processor action-oriented descriptions. Among the proposed technologies, semantic web techniques [8] are a promising way to manage the information and the behavior of systems. Administrators of systems or users can manage the behavior of the systems’ resources and the handled information by using semantic rules, also called policies. These policies let control the system’s behavior at run-time and dynamically taking into account the preferences of the administrators or the owners of the information. Furthermore, ontologies [9] allow the formal representation of the information in a way that together with certain governing rules, it is possible to infer new knowledge by using semantic reasoners. Ontologies also allow sharing knowledge between independent systems and using semantic reasoning about the context to offer advanced services to customers.
The remainder of this chapter is organized as follows. Section 1.2 presents the main objectives and contributions of this chapter. In Section 1.3, we discuss the related work regarding policy-based IMS solutions. Section 1.4 reviews the current status of context-aware solutions and some of their most common scenarios. Current challenges of context-aware systems about privacy and other important aspects are highlighted in Section 1.5. Finally, the conclusions and future work are drawn in Section 1.6.

1.2 Objectives and Contribution

The goal of this chapter consists in showing how the evolution of technology has increased the complexity of the IMSs and how new paradigms and solutions are needed to face their increasing complexity. In particular, the increasing of heterogeneous information provided by new technologies and paradigms, the evaluation processes to make decisions and protect the privacy of sensitive pieces of information, and the diversity of components distributed along different organizations are few of the most important aspects that have increased the complexity in IMSs, thus creating the need to design new mechanisms to address them.
The intention of this chapter is also to provide a clear vision of the current state-of-the-art context-aware and privacy-preserving solutions as well as how the contextual information can be used to manage efficiently distributed systems like, for example, computer networks. To reach it, this chapter focuses the efforts on knowing how the advances made by new paradigms, scenarios, and technologies have influenced the management of the information and protection of the privacy of sensitive pieces of information, as well as their influence in the management and control of the behavior of the IMSs. Specifically, this chapter is focused on:
  • Context-aware solutions in charge of controlling automatically the information of users and contexts as well as the systems behavior. Architectures based on semantic web techniques to gather and handle large volumes of heterogeneous information, evaluate and protect the privacy of sensitive pieces of information, consider independent administrators distributed along different organizations, and manage diverse components with different requirements and locations.
  • Policy-based solutions to protect dynamically the privacy of sensitive information considered by the context-aware paradigm. Solutions that allows users to decide when, where, how, and to whom they want to disclose private pieces of information handled by the context like, for example, locations, activities, and identities, among others. Privacy-preserving and context-aware policies in charge of allowing users to protect their information at real time and dynamically.
  • Privacy-preserving mechanisms to exchange personal and contextual information between independent and different contexts. Current IMSs require solutions that exchange sensitive information in multi-context scenarios in a secure way. In this sense, this chapter will focus on solutions oriented to semantic web that model the information in a formal way and allow the secure exchange of information, taking into account the privacy preferences of the information’s owners.
  • Autonomic management of the network resources by considering location-based and context-aware information. This chapter is also focused on the analysis of mechanisms that control dynamically and at real time the network infrastructure, taking into account the information about the context of both where the network provides services and where end users are receiving these services.
This analysis has detected some of the main challenges of this domain which are explained in the next section.

1.3 Policy-Based IMS Solutions

In the current literature, several works can be found that trace the history and evolution of the PBM paradigm [10,11]. The early works oriented to this paradigm were focused on emphasizing security considerations. In this sense, security policies were the first policies in charge of defining rules according to which access control systems were regulated [12]. Access control mechanisms [13] manage if the access to given resources should be granted or denied according to the security policies defined by the system administrator. Security policies can be grouped into different access security levels with diverse criteria for defining what should and should not be allowed. The access control matrix [14] was introduced to protect different objects in shared computers. Different access rights protected objects such as files, memory, and terminals which were shared between different domains. Each entry of the matrix contained a list of access attributes that define the access rights of that domain to the objects. Attributes could be of different forms, such as read, write, owner, call, and control. Access Control Lists (ACLs) [15] were another solution proposed as an alternative approach of the access control matrix presenting the matrix information in a column fashion.
Confidentiality and integrity are two important aspects belonging to the security topi...

Table of contents

  1. Cover
  2. Half Title
  3. Title Page
  4. Copyright Page
  5. Dedication Page
  6. Table of Contents
  7. Preface
  8. Acknowledgements
  9. Editors
  10. List of Contributors
  11. 1 Context-Aware Systems: Protecting Sensitive Information and Controlling Network Behavior
  12. 2 Critical Infrastructure Protection: Port Cybersecurity, Toward a Hybrid Port
  13. 3 Forecasting Problems in Cybersecurity: Applying Econometric Techniques to Measure IT Risk
  14. 4 Cyberspace and Cybersecurity in the Digital Age: An Evolving Concern in Contemporary Security Discourse
  15. 5 A Systematic Review of Attack Graph Generation and Analysis Techniques
  16. 6 Biometric-Based Authentication in Cloud Computing
  17. 7 Analysis of Various Trust Computation Methods: A Step toward Secure FANETs
  18. 8 Security in Wireless LAN (WLAN) and WiMAX Systems
  19. 9 Botnet Behavior and Detection Techniques: A Review
  20. 10 Overview of Smartphone Security: Attack and Defense Techniques
  21. 11 Cryptography for Addressing Cloud Computing Security, Privacy, and Trust Issues
  22. 12 Medical Image Enhancement Techniques: A Survey
  23. 13 Extraction of Malware IOCs and TTPs Mapping with CoAs
  24. 14 Implementing a Secure Web-Based Application Using Microsoft SDL
  25. 15 Preserving Privacy for Trust-Based Unwanted Traffic Control with Homomorphic Encryption
  26. 16 DOM-Guard: Defeating DOM-Based Injection of XSS Worms in HTML5 Web Applications on Mobile-Based Cloud Platforms
  27. 17 Secure and Fault-Tolerant Computing in Mobile Ad Hoc Networks
  28. 18 Applications of Digital Signatures in Cryptography
  29. 19 Credit Scoring Using Birds Swarm Optimization
  30. 20 A Review of Cryptographic Properties of 4-Bit S-Boxes with Generation and Analysis of Crypto Secure S-Boxes
  31. 21 Role of Software-Defined Networking (SDN) in Internet of Things (IoT) Security: Attacks and Countermeasures
  32. 22 Security Issues and Challenges in Online Social Networks (OSNs) Based on User Perspective
  33. 23 A Compendium of Security Issues in Wireless Sensor Networks
  34. 24 Identity Theft, Malware, and Social Engineering in Dealing with Cybercrime
  35. Index