Full Text Available
Note: Clicking the button above will open the full text document at the original institutional repository in a new window.
Access and information flow control to secure mobile web service compositions in resource constrained environments
The growing use of mobile web services such as electronic health records systems and applications like twitter, Facebook has increased interest in robust mechanisms for ensuring security for such information sharing services. Common security mechanisms such as access control and information flow con...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Thesis |
| Language: | English |
| Published: |
Department of Computer Science
2016
|
| Subjects: | |
| Tags: |
No Tags, Be the first to tag this record!
|
| _version_ | 1867613338959085568 |
|---|---|
| access_status_str | Open Access |
| author | Maziya, Lwazi Enock |
| author2 | Kayem, Anne |
| author_browse | Kayem, Anne Maziya, Lwazi Enock |
| author_facet | Kayem, Anne Maziya, Lwazi Enock |
| author_sort | Maziya, Lwazi Enock |
| collection | Thesis |
| description | The growing use of mobile web services such as electronic health records systems and applications like twitter, Facebook has increased interest in robust mechanisms for ensuring security for such information sharing services. Common security mechanisms such as access control and information flow control are either restrictive or weak in that they prevent applications from sharing data usefully, and/or allow private information leaks when used independently. Typically, when services are composed there is a resource that some or all of the services involved in the composition need to share. However, during service composition security problems arise because the resulting service is made up of different services from different security domains. A key issue that arises and that we address in this thesis is that of enforcing secure information flow control during service composition to prevent illegal access and propagation of information between the participating services. This thesis describes a model that combines access control and information flow control in one framework. We specifically consider a case study of an e-health service application, and consider how constraints like location and context dependencies impact on authentication and authorization. Furthermore, we consider how data sharing applications such as the e-health service application handle issues of unauthorized users and insecure propagation of information in resource constrained environments¹. Our framework addresses this issue of illegitimate information access and propagation by making use of the concept of program dependence graphs (PDGs). Program dependence graphs use path conditions as necessary conditions for secure information flow control. The advantage of this approach to securing information sharing is that, information is only propagated if the criteria for data sharing are verified. Our solution proposes or offers good performance, fast authentication taking into account bandwidth limitations. A security analysis shows the theoretical improvements our scheme offers. Results obtained confirm that the framework accommodates the CIA-triad (which is the confidentiality, integrity and availability model designed to guide policies of information security) of our work and can be used to motivate further research work in this field. |
| format | Thesis |
| id | oai:open.uct.ac.za:11427/20003 |
| institution | University of Cape Town (South Africa) |
| language | eng |
| last_indexed | 2026-06-10T12:34:33.896Z |
| license_str | Not specified — see source repository |
| provenance_str_mv | Harvested via OAI-PMH from UCTD — University of Cape Town Open Access Repository |
| publishDate | 2016 |
| publishDateRange | 2016 |
| publishDateSort | 2016 |
| publisher | Department of Computer Science |
| publisherStr | Department of Computer Science |
| record_format | dspace |
| source_str | UCTD — University of Cape Town Open Access Repository |
| spelling | oai:open.uct.ac.za:11427/20003 Access and information flow control to secure mobile web service compositions in resource constrained environments Maziya, Lwazi Enock Kayem, Anne Computer Science The growing use of mobile web services such as electronic health records systems and applications like twitter, Facebook has increased interest in robust mechanisms for ensuring security for such information sharing services. Common security mechanisms such as access control and information flow control are either restrictive or weak in that they prevent applications from sharing data usefully, and/or allow private information leaks when used independently. Typically, when services are composed there is a resource that some or all of the services involved in the composition need to share. However, during service composition security problems arise because the resulting service is made up of different services from different security domains. A key issue that arises and that we address in this thesis is that of enforcing secure information flow control during service composition to prevent illegal access and propagation of information between the participating services. This thesis describes a model that combines access control and information flow control in one framework. We specifically consider a case study of an e-health service application, and consider how constraints like location and context dependencies impact on authentication and authorization. Furthermore, we consider how data sharing applications such as the e-health service application handle issues of unauthorized users and insecure propagation of information in resource constrained environments¹. Our framework addresses this issue of illegitimate information access and propagation by making use of the concept of program dependence graphs (PDGs). Program dependence graphs use path conditions as necessary conditions for secure information flow control. The advantage of this approach to securing information sharing is that, information is only propagated if the criteria for data sharing are verified. Our solution proposes or offers good performance, fast authentication taking into account bandwidth limitations. A security analysis shows the theoretical improvements our scheme offers. Results obtained confirm that the framework accommodates the CIA-triad (which is the confidentiality, integrity and availability model designed to guide policies of information security) of our work and can be used to motivate further research work in this field. 2016-06-10T07:39:57Z 2016-06-10T07:39:57Z 2015 Master Thesis Masters MSc http://hdl.handle.net/11427/20003 eng application/pdf Department of Computer Science Faculty of Science University of Cape Town |
| spellingShingle | Computer Science Maziya, Lwazi Enock Access and information flow control to secure mobile web service compositions in resource constrained environments |
| thesis_degree_str | Master's |
| title | Access and information flow control to secure mobile web service compositions in resource constrained environments |
| title_full | Access and information flow control to secure mobile web service compositions in resource constrained environments |
| title_fullStr | Access and information flow control to secure mobile web service compositions in resource constrained environments |
| title_full_unstemmed | Access and information flow control to secure mobile web service compositions in resource constrained environments |
| title_short | Access and information flow control to secure mobile web service compositions in resource constrained environments |
| title_sort | access and information flow control to secure mobile web service compositions in resource constrained environments |
| topic | Computer Science |
| url | http://hdl.handle.net/11427/20003 |
| work_keys_str_mv | AT maziyalwazienock accessandinformationflowcontroltosecuremobilewebservicecompositionsinresourceconstrainedenvironments |