Even well administered networks are vulnerable to attack. Recent work in network security has focused on the fact that combinations of exploits are the typical means by which an attacker breaks into a network. Researchers have proposed a variety of graph-based algorithms to generate attack trees (or graphs). Either structure represents all possible… (More)
Traditional discretionary access control, without data alteration operators, applied directly on ontologies can result in revealing unintended information because ontologies contain meta-information about objects. As an alternative we provide a constraint logic programming based policy language that can extract, rove or desensitize sensitive concepts in… (More)
WebMail proposes to migrate existing SMTP-based mail systems to Web-Services. We show how a verifiably-correct, generic mail service that enables extensions of SMTP-based standard mail use cases that avoids known misuse cases can be specified using WSDL and orchestrated using BPEL.
The extensible access control markup language (XACML) is the standard access control policy specification language of the World Wide Web. XACML does not provide exclusive accesses to globally resources. We do so by enhancing the policy execution framework with locks.
We extend the XACML reference implementation so that a policyset consisting of remote references to other policies can be evaluated distributively. Our extension also covers requests to resources that need to be used exclusively. We do so by implementing a nested transaction model for the evaluation of distributed XACML policies. Experiments show reasonable… (More)
The primary original design goal for email was to provide best-effort message delivery. Unfortunately, as the ever increasing uproar over SPAM demonstrates, the existing email infrastructure is no longer well suited to the worldwide set of email users-particularly email receivers. Rather than propose yet another band-aid solution to SPAM, this paper… (More)
Ontologies are used as a means of expressing agreements to a vocabulary shared by a community in a coherent and consistent manner. As it happens in the Internet, ontologies are created by community members in a decentralized manner, requiring that they be merged before being used by the community. We develop an algabra to do so in the Resource Discription… (More)
Current email-control mechanisms, though highly effective, are pro-ne to dropping desirable messages. This can be attributed to their coarseness in filtering out undesirable messages from desirable ones. As a result policies to control undesirable messages are often overly permissive. To allow policies to be more restrictive, the transmission mechanism must… (More)
In this paper we identify an undesirable side-effect of combining different email-control mechanisms for protection from unwanted messages, namely, leakage of re-cipients' private information to message senders. The problem arises because some email-control mechanisms like bonds, graph-turing tests, etc., inherently leak information , and without… (More)
The XACML is the access controller of the World Wide Web (WWW). The current reference implementation has a single policy decision point and a policy enforcement point. If XACML policies are used to control workflow among cooperating web services, such as those envisioned in more contemporary languages like (BPEL), it requires coordination to be policy… (More)