The Italian Electronic Identity Card: Overall Architecture and It Infrastructure

Abstract:In this paper we present a computational infrastructure, the Security Backbone, which is able to satisfy security requirements arising from resource sharing and services interoperability in Grid-like environments, without having to rely on a PublicKey Infrastructure (PKI). Motivation of our approach is rooted in the well-known difficulties encountered to show that interoperability of PKIs is effective or efficient in real-world environments.The proposed solution uses a security layer, lying between the communication and the application level, which provides confidentiality, integrity and authentication services in a fully transparent way from the application point of view, thus enabling the deployment of distributed network applications satisfying the highest security constraints, at a very low organizational and financial cost.Moreover, we have designed a service for scalable and flexible management of authorization policies governing access to resources shared by members of a Virtual Organization, by improving on the Community Authorization Service distributed with the Globus Toolkit. Keywords: Grid security, network security, organizational aspects of network security, inter-organizational services, authorization management. Corresponding author: Fabio Fioravanti A Specification for Security Services on Computational GridsFranco Arcieri 1 , Fabio Fioravanti 2 , Enrico Nardelli 1 , Maurizio Talamo 1(1) NESTOR -Laboratorio Sperimentale per la Sicurezza e la Certificazione di Servizi Telematici Multimediali -Univ. of Roma "Tor Vergata", Roma, Italia (2) Dipartimento di Informatica, Univ. of L'Aquila, L'Aquila, Italia.Abstract. In this paper we present a computational infrastructure, the Security Backbone, which is able to satisfy security requirements arising from resource sharing and services interoperability in Grid-like environments, without having to rely on a Public-Key Infrastructure (PKI). Motivation of our approach is rooted in the well-known difficulties encountered to show that interoperability of PKIs is effective or efficient in real-world environments.The proposed solution uses a security layer, lying between the communication and the application level, which provides confidentiality, integrity and authentication services in a fully transparent way from the application point of view, thus enabling the deployment of distributed network applications satisfying the highest security constraints, at a very low organizational and financial cost. Moreover, we have designed a service for scalable and flexible management of authorization policies governing access to resources shared by members of a Virtual Organization, by improving on the Community Authorization Service distributed with the Globus Toolkit. 1Computational resources sharing between different organizations in an untrusted environment arises several issues related to information security. This is especially true on computational grids [26] where members of different organizations join a Virtual Organization (VO)...

show abstract

“…We also want to point out that our solution for security services provision is currently in use within large Italian e-government projects [6,4].…”

Section: The Security Backbonementioning

confidence: 99%

A Specification for Security Services on Computational Grids

Arcieri

Fioravanti

Nardelli

et al. 2004

Grid Services Engineering and Management

Self Cite

View full text Add to dashboard Cite

show abstract

“…Distributing business processes among multiple organizations have been found to improve business performance [2] and provide better cost predictability, as well as higher flexibility and scalability upon demand [3]. Also in the public administration cross-organizational business processes are very common for example to administer digital government services [4], [5], [6], [7], [8] and to exchange complex data [9]. However, the increasingly widespread distribution of business processes also creates new challenges such as [10] cloud auditing, management of service heterogeneity, coordination of involved parties, management of client-vendor relationships, localizing and migrating data, and coping with a significant lack of security awareness [11], [12].…”

Section: Introductionmentioning

confidence: 99%

Providing online operational support for distributed, security sensitive electronic business processes

Talamo

Povilionis

Arcieri

et al. 2015

2015 International Carnahan Conference on Security Technology (ICCST)

Self Cite

View full text Add to dashboard Cite

Online process mining techniques are increasingly used to provide operational support. In this work we describe tools to support distributed business processes which handle sensitive data and require a high level of security together with real-time validation. The techniques presented here have been specifically developed for real-time compliance checking of distributed processes in choreographies of heterogeneous entities. Challenges include the fast aggregation, analysis and validation of process logs that are collected from the distributed participants. The autonomy of the participating entities has to be respected and no sensitive data pertaining to the content of the individual transactions must be accessed for process support and validation purposes. A validation authority for process monitoring and validation is set up. Together with software agents dispatched to the participating entities the validation authority collects events in a central log and then analyzes these events using a particular representation of the process in form of a validation tree to detect and resolve anomalies. We describe the application of these technologies in a distributed business process with more than 400,000 daily process executions. The business process is supported by a help desk managing and responding to incidents and anomalies. We observe a reduction of 90% of the calls to the help desk and an average reduction of 15% in call length. Further the help desk was enabled to act pro-actively, calling participants to the process even before they became aware of anomalies that affected their organization

show abstract

Multimodal Biometrics and Multilayered IDM for Secure Authentication

Rashed

Santos

2010

Communications in Computer and Information Science

View full text Add to dashboard Cite

The Italian Electronic Identity Card: Overall Architecture and It Infrastructure

Cited by 3 publications

References 8 publications

A Specification for Security Services on Computational Grids

A Specification for Security Services on Computational Grids

Providing online operational support for distributed, security sensitive electronic business processes

Multimodal Biometrics and Multilayered IDM for Secure Authentication

Contact Info

Product

Resources

About