Es wird ein Referenzmodell ontologisch sinnvoll organisierter Begriffe der IT-Sicherheit vorgestellt und gezeigt, wie dieses eine Begründung zur systematischen Durchführung von IT-Sicherheitsanalysen liefert. Das Referenzmodell besteht aus vier Ebenen: erstens die vorhandene Welt aus Gütern und Interessenkonflikten mit den bestehenden Systemen und ihren Schwachstellen; zweitens das Potenzial aus Bedrohungen und Sicherheitsanforderungen; drittens das planvolle Vorgehen mit Sicherheitsmaßnahmen zum Schutz von Geschäftszielen; und viertens die aktuellen Ereignisse aus Angriffen, Unfällen und Abwehroperationen. Das Referenzmodell wird in bestehende Verfahren der Sicherheitsanalyse eingeordnet und anhand des Beispiels Online-Banking erläutert
Existing algorithms for signing graph data typically do not cover the whole signing process. In addition, they lack distinctive features such as signing graph data at different levels of granularity, iterative signing of graph data, and signing multiple graphs. In this paper, we introduce a novel framework for signing arbitrary graph data provided, e g., as RDF(S), Named Graphs, or OWL. We conduct an extensive theoretical and empirical analysis of the runtime and space complexity of different framework configurations. The experiments are performed on synthetic and real-world graph data of different size and different number of blank nodes. We investigate security issues, present a trust model, and discuss practical considerations for using our signing framework.
Distributed Identity Management (DIM) refers to the ability of defining distributed identities of agents and roles, i.e. a single agent is represented using multiple unique identifiers managed in different namespaces and may have various roles across those namespaces. We propose semDIM, a novel approach for Semantic DIM based on a Semantic Web architecture. For the first time, semDIM provides a framework for a distributed definition and management of entities such as persons being part of an organization, groups, and roles across namespaces. It is suitable for informal, i.e. social networks, as well as for professional networks such as cross-organizational collaborations. In addition, the framework ensures authenticity, authorization and integrity for such distributed identities by featuring certificate-based graph signatures. Beyond the capabilities of existing Identity Management solutions, we allow distributed identifiers and management of groups (consisting of agents and sub-groups) and roles as “first-class entities”. semDIM uses owl:sameAs relations to represent and verify distributed identities via formal reasoning. This concept enables novel functionalities for DIM, as these entities can be identified, related to one another, as well as be managed across namespaces. Our semDIM approach consists of a modular software architecture, a process model using a novel approach for pattern-based concurrency control, as well as a set of state-of-the-art formal OWL ontology patterns. The use of formal patterns ensures semantic interoperability, and extensibility for future requirements. Thereby, our approach can be combined with other applications based on the same or related patterns. We evaluate semDIM in the context of a real-world scenario of securely exchanging DIM information across organizations.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.