In decentralized network-based environments, resource sharing occurs more frequently as
computing becomes more pervasive. Access to shared resources must be protected allowing
access only to authorized entities. Delegation is a powerful mechanism to provide flexible
and distributed access control when a user acts on another user’s behalf. User’s rights/
attributes are contained in digital certificates and successive delegations generate chains of
certificates.When an access control decision related to a delegation path has to be taken, its
corresponding certificate chain has to be validated. Validation of long delegation paths is
a costly process that might be critical when constrained devices are involved. In this article,
we propose a mechanism called PREON (Prefix Revocation) which is based on prefix codes.
PREON allows a privilege verifier to efficiently check a delegation chain when cascade
revocation is enabled. We show by statistical analysis that our proposal outperforms delegation
systems without prefix coding especially for long delegation paths and high revocation
Statistical Disclosure Control (SDC) is an active research area in the recent years. The goal is to transform an original dataset X into a protected one X0, such that X0 does not reveal any relation between confidential and (quasi-)identifier attributes and such that X0 can be
used to compute reliable statistical information about X. Many specific protection methods have been proposed and analyzed, with respect to the
levels of privacy and utility that they offer. However, when measuring utility, only differences between the statistical values of X and X0 are considered. This would indicate that datasets protected by SDC methods can be used only for statistical purposes.
We show in this paper that this is not the case, because a protected dataset X0 can be used to construct good classifiers for future data. To do so, we describe an extensive set of experiments that we have run with different SDC protection methods and different (real) datasets. In general, the resulting classifiers are very good, which is good news for both the SDC and the Privacy-preserving Data Mining communities. In particular, our results question the necessity of some specific protection methods that have appeared in the
privacy-preserving data mining (PPDM) literature with the clear goal of providing good classification.
Forne, J.; Hinarejos, M.; Marin, A.; Almenarez, F.; López, J.; Montenegro, J.; Lacoste, M.; Díaz, D. Computers and security Vol. 29, num. 4, p. 501-514 DOI: 10.1016/j.cose.2009.09.001 Data de publicació: 2010-06 Article en revista
Network and device heterogeneity, nomadic mobility, intermittent connectivity and, more generally, extremely dynamic operating conditions, are major challenges in the design of security infrastructures for pervasive computing. Yet, in a ubiquitous computing environment, limitations of traditional solutions for authentication and authorization can be overcome with a pervasive public key infrastructure (pervasive-PKI). This choice allows the validation of credentials of users roaming between heterogeneous networks, even when global connectivity is lost and some services are temporarily unreachable. Proof-of-concept implementations and testbed validation results demonstrate that strong security can be achieved for users and applications through the combination of traditional PKI services with a number of enhancements like: (i) dynamic and collaborative trust model, (ii) use of attribute certificates for privilege management, and (iii) modular architecture enabling nomadic mobility and enhanced with reconfiguration capabilities.