Annual Symposium on Information Assurance >> ASIA


Navigation Menu
ASIA Main Page
Call for Papers
Organizing Committee
Symposium Proceedings
Best Paper Awards
Keynote Speakers
Author/Presenter Info.
NYS Cyber Security Conf.
Directions & Parking
EISO Website
UAlbany Business Website
Contact Us
Want to Sponsor?
End of Menu


Twitter logo image Facebook logo image YouTube logo image
Years for Selection: 2006 - 2007 - 2008 - 2009 - 2010 - 2011 - 2012 - 2013 - 2014

Secure Space Computing with Exertions
Daniel Kerr and Michael Sobolewski
Texas Tech University

Exertion-oriented space computing is a valuable advance in distributed and parallel computing seeing as it abstracts out several major problems in distributed computing, such as load balancing and mutual exclusion. The main problem with space computing is that of security due to the face that exertion spaces are inherently public and ad hoc, thus making it difficult to implement secure groups. The location independent group key interactive management framework presents a federated methodology and protocol for group management that is secure, scalable, and modifiable for the metacomputing exertion-oriented space computing environment. The framework does so through the use of a group establishment protocol, authorization and authentication services, high level cryptography, and persistent group information storage. The SORCER computing grid is used as a validation case for the framework and is prsented in this paper.

Content-sensitive, Temporally Adaptive Metadata
Brendan J. Gilbert, Raj Sharman, Manish Gupta, H.R. Rao, Shambhu Upadhyaya, and Kenneth P. Mortensen, Esq.*
University at Buffalo, SUNY and U.S. Department of Justice*

Role-based access is the most commonly used method for providing access to information systems. Roles are secured through design principles such as least privilege and separation of duties. However, during emergency situations, system availability to first-responders and emergency coordinators through privilege escalation has proved to offer tremendous benefits. While need for privilege escalation had received much attention, little research and focus has been given to area of ensuring security of information after the emergency. Focus of the paper is secure return of access privilege levels to normalcy after the emergency situation and resulting risks. This paper discusses some models for managed privilege escalation, using a deterministic finite state machine as a framework to select sets of context-sensitive and temporally adaptive metadata, with environmental and temporal state transitions. The framework is demonstrated through its application to a historical scenario whose result could have been improved by having such a framework in place. Risk assessment discussions are also provided to ensure that reliable and secure roles are designed (for emergency) and secure transitions occur (during and after emergency).

See the ASIA Ď08 Proceedings for the complete papers...
Important Dates

I do not fear computers. I fear the lack of them.

- Isaac Asimov

Just as drivers who share the road must also share responsibility for safety, we all now share the same global network, and thus must regard computer security as a necessary social responsibility. To me, anyone unwilling to take simple security precautions is a major, active, part of the problem.

- Fred Langa

In theory, one can build provably secure systems. In theory, theory can be applied to practice, but in practice, it canít.

- M. Dacier