David W Chadwick

David W Chadwick
University of Kent | KENT · Computer Laboratory

Doctor of Philosophy

About

192
Publications
41,903
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
3,692
Citations
Citations since 2016
16 Research Items
861 Citations
2016201720182019202020212022020406080100120140
2016201720182019202020212022020406080100120140
2016201720182019202020212022020406080100120140
2016201720182019202020212022020406080100120140
Introduction
David W Chadwick currently works at the School of Computing, University of Kent. David does research in Distributed Computing, Computer Security, Identity Management, Privacy Protection and Trust Managment. Their current project is 'NeCS: European Training Network on Cyber Security' and C3ISP 'Collaborative and Confidential Information Sharing and Analysis for Cyber Protection'
Additional affiliations
November 2004 - present
University of Kent
Position
  • Professor of Information Systems Security
September 1980 - October 2004
University of Salford
Position
  • Professor of Information Systems Security

Publications

Publications (192)
Article
Today, Linux users use sudo/su commands to attribute Linux’s administrative privileges to their programs. These commands always give the whole list of administrative privileges to Linux programs, unless there are pre-installed default policies defined by Linux Security Modules(LSM). LSM modules require users to inject the needed privileges into the...
Chapter
The typical way to run an administrative task on Linux is to execute it in the context of a super user. This breaks the principle of least privilege on access control. Other solutions, such as SELinux and AppArmor, are available but complex to use. In this paper, a new Linux module, named RootAsRole, is proposed to allow users to fine-grained contr...
Article
Full-text available
The Transport Layer Security (TLS) protocol aims to provide confidentiality and integrity of data. It is based on X.509 Certificates. Our previous research showed that popular Web Browsers exhibit non-standardized behaviour with respect to the certificate validation process [1]. This paper extends that work by examining their handling of OCSP Stapl...
Article
Full-text available
We describe how FIDO and W3C VCs can overcome the problems of existing identity management systems. We describe our conceptual model and architecture, and the protocol we used by extending FIDO's UAF in order to provide both strong authentication and strong authorization. We built a pilot implementation for U.K. NHS patients to validate our impleme...
Article
Full-text available
Cyber-attacks affect every aspect of our lives. These attacks have serious consequences, not only for cyber-security, but also for safety, as the cyber and physical worlds are increasingly linked. Providing effective cyber-security requires cooperation and collaboration among all the entities involved. Increasing the amount of cyber threat informat...
Article
Full-text available
Current Infrastructure as a Service (IaaS) cloud platforms have their own authorisation system, containing different access control policies and models. Clients with accounts in multiple cloud providers struggle to manage their rules in order to provide a homogeneous access control experience to users. This work proposes a solution: an Authorisatio...
Article
Full-text available
Identity federations enable users, service providers, and identity providers from different organizations to exchange authentication and authorization information in a secure way. In this paper, we present a novel identity federation architecture for cloud services based on the integration of a cloud identity management service with an authenticati...
Article
Full-text available
A Public Key Infrastructure (PKI) is considered one of the most important techniques used to propagate trust in authentication over the Internet. This technology is based on a trust model defined by the original X.509 (1988) standard and is composed of three entities: the certification authority (CA), the certificate holder (or subject), and the Re...
Conference Paper
With the advent of Advanced Persistent Threats (APTs) and exploits such as Eurograbber, we can no longer trust the user's PC or mobile phone to be honest in their transactions with banks. This paper reviews the current state of the art in protecting PCs from malware and APTs that can modify banking transactions, and identifies their strengths and w...
Conference Paper
Full-text available
The economic benefits of cloud computing are encouraging customers to bring complex applications and data into the cloud. However security remains the biggest barrier in the adoption of cloud, and with the advent of multi-cloud and federated clouds in practice security concerns are for applications and data in the cloud. This paper proposes securit...
Article
Full-text available
Authorization infrastructures are an integral part of any network where resources need to be protected. As networks expand and organizations start to federate access to their resources, authorization infrastructures become increasingly difficult to manage. In this paper, we explore the automatic adaptation of authorization assets (policies and subj...
Conference Paper
We describe a web based federated identity management system loosely based on the user centric Windows Card Space model. Unlike Card Space that relies on a fat desktop client (the identity selector) in which the user can only select a single card per session, our model uses a standard web browser with a simple plugin that connects to a trusted attr...
Conference Paper
Full-text available
This paper shows the design and implementation of a Role Based Access Control (RBAC) mechanism for securing a hypervisor called BitVisor. BitVisor is a small hypervisor that provides security functions like encryption services for I/O devices in its hypervisor-layer. BitVisor enforces security functions without the help of guest OSs, but it only su...
Conference Paper
Full-text available
The autonomic management of federated authorization infrastructures (federations) is seen as a means for improving the monitoring and use of a service provider's resources. However, federations are comprised of independent management domains with varying scopes of control and data ownership. The focus of this paper is on the autonomic management of...
Conference Paper
Full-text available
We present the Federation Semantic Attribute Mapping System (F-SAMS), a web services based system which enables a semi-automated dynamic trust establishment mechanism for managing identity federations. We present the conceptual model which allows current members to dynamically introduce new members into the federation in a trustworthy manner, using...
Article
Full-text available
The Special Issue of Information Systems Front, 2013, addresses the threat of insider data leakage from a variety of perspectives. The first paper, 'Understanding Insiders: An Analysis of Risk-Taking Behavior" by Fariborz Farahmand and Eugene H. Spafford, explores accepted models of perceptions of risk and the unique characteristics of insider thre...
Article
Full-text available
OpenStack is an open source cloud computing project that is enjoying wide. While many cloud deployments may be stand-alone, it is clear that secure federated community clouds, i.e., inter-clouds, are needed. Hence, there must be methods for federated identity management (FIM) that enable authentication and authorisation to be flexibly enforced acro...
Article
Full-text available
We describe the research undertaken in the six month JISC/EPSRC funded My Private Cloud project, in which we built a demonstration cloud file storage service that allows users to login to it, by using their existing credentials from a configured trusted identity provider. Once authenticated, users are shown a set of accounts that they are the owner...
Chapter
Full-text available
Password sharing is a common security problem. Some application domains are more exposed than others and, by dealing with very sensitive information, the healthcare domain is definitely not exempt from this problem. This chapter presents a case study of a cross section of how healthcare professionals actually deal with password authentication in ty...
Conference Paper
Full-text available
We describe the Federation Semantic Attribute Mapping System (F-SAMS), a web services based system that automatically collects, in a trustworthy manner, the semantic mappings of Identity Provider (IdP) assigned attributes into a federation agreed set of standard attributes. The collected knowledge may be used by federation service providers (SPs) t...
Article
In this paper we describe a policy based authorisation infrastructure that a cloud provider can run as an infrastructure service for its users. It will protect the privacy of usersʼ data by allowing the users to set their own privacy policies, and then enforcing them so that no unauthorised access is allowed to their data. The infrastructure ensure...
Conference Paper
This paper presents the extraction of a legal access control policy and a conflict resolution policy from the EU Data Protection Directive [1]. These policies are installed in a multi-policy authorization infrastructure described in [2, 3]. A Legal Policy Decision Point (PDP) is constructed with a legal access control policy to provide automated de...
Book
Full-text available
This book constitutes the refereed proceedings of the 13th IFIP TC 6/TC 11 International Conference on Communications and Multimedia Security, CMS 2012, held in Canterbury, UK, in September 2012. The 6 revised full papers presented together with 8 short papers, 8 extended abstracts describing the posters that were discussed at the conference, and 2...
Conference Paper
Full-text available
Authorization systems are an integral part of any network where resources need to be protected. They act as the gateway for providing (or denying) subjects (users) access to resources. As networks expand and organisations start to federate access to their resources, authorization infrastructures become increasingly difficult to manage. In this pape...
Conference Paper
Full-text available
We describe a set of security APIs that grant federated access to a user's cloud resources, and that also allow the user to grant access to his resources to anyone from anywhere at any time. The APIs implement federated access to clouds, fine grained access controls and delegation of authority. We have integrated these APIs into two cloud applicati...
Conference Paper
Full-text available
We describe a federated identity management service that allows users to access organisational resources using their existing login accounts at social networking and other sites, without compromising the security of the organisation’s resources. We utilise and extend the Level of Assurance (LoA) concept to ensure the organisation’s site remains sec...
Conference Paper
Full-text available
Based on the assumption that cloud providers can be trusted (to a certain extent) we define a trust, security and privacy preserving infrastructure that relies on trusted cloud providers to operate properly. Working in tandem with legal agreements, our open source software supports: trust and reputation management, sticky policies with fine grained...
Conference Paper
Full-text available
The use of Shibboleth as a mechanism for implementing federated authentication is commonplace in many countries. The ability of Shibboleth to transmit extra information about a user, including licenses, roles and other attributes, is not exploited for many reasons, mainly because institional Identity Providers (IdPs) are not maintainable sources of...
Conference Paper
Organisations are facing huge pressure to assure their users about the privacy protection of their personal data. Organisations may need to consult the privacy policies of their users when deciding who should access their personal data. The user’s privacy policy will need to be combined with the organisation’s own policy, as well as policies from d...
Conference Paper
Full-text available
This paper addresses the problem of access control in the context of unified distributed architectures, in which a local authorization policy is not able to recognize all the terms applicable to the authorization decision requests. The approach is based on semantic interoperability between the different services of the architecture. More specifical...
Conference Paper
With increasingly distributed computing systems, the management task of controlling access to shared resources becomes more and more complicated. Policy based access control systems may provide a solution to this problem, but the issue then becomes one of how to easily specify access control policies. We have designed and implemented a user interfa...
Article
This paper describes a conceptual model for attribute aggregation that allows a service provider (SP) to authorise a user’s access request based on attributes asserted by multiple identity providers (IdPs), when the user is known by different identities at each of the IdPs. The user only needs to authenticate to one of the IdPs and the SP is given...
Article
There are several problems associated with the current ways that certificates are published and revoked. This paper discusses these problems, and then proposes a solution based on the use of WebDAV, an enhancement to the HTTP protocol. The proposed solution provides instant certificate revocation, minimizes the processing costs of the certificate i...
Article
The objective of this paper is to show that grounded theory (GT), together with mixed methods, can be used to involve healthcare professionals in the design and enhancement of access control policies to Electronic Medical Record (EMR) systems. The mixed methods applied for this research included, in this sequence, focus groups (main qualitative met...
Article
Full-text available
Password sharing is a common security problem. Some application domains are more exposed than others and, by dealing with very sensitive information, the healthcare domain is definitely not exempt from this problem. This chapter presents a case study of a cross section of how healthcare professionals actually deal with password authentication in ty...
Article
Full-text available
Purpose The objective of this paper is to show that grounded theory (GT), together with mixed methods, can be used to involve healthcare professionals in the design and definition of access control policies to EMR systems. Methods The mixed methods applied for this research included, in this sequence, focus groups (main qualitative method that used...
Conference Paper
Full-text available
This paper describes a web based federated identity management system which is based on the user centric approach of the Information Card model, and has been enhanced to remove many of the problems inherent in Microsoft's original design. Furthermore the new design is adapted to interwork with existing SAML 2 federations. Our model supports not onl...
Article
Organisations are facing huge pressure to assure their users about the privacy protection of their personal data. Organisations may need to consult the privacy policies of their users when deciding who should access their personal data. The user's privacy policy will need to be combined with the organisation's own policy, as well as policies from d...
Article
Full-text available
This paper describes a secure role based messaging system design based on the use of X.509 Attribute Certificates for holding user roles. Access to the messages is authorised by the PERMIS Privilege Management Infrastructure, a policy driven role based access control (RBAC) infrastructure, which allows the assignment of roles to be distributed betw...
Article
Full-text available
In this article the new trend in authorisation decision making will be described, using the Security Assertions Mark up Language (SAML). We then present an overview of the Globus Toolkit (GT), used in Grid computing environments, and highlight its authorisation requirements. We then introduce the PERMIS authorisation infrastructure and describe how...
Article
Full-text available
Translating legislation and regulations into access control systems in healthcare is, in practice, not a straightforward task. Excessive regulation can create barriers to appropriate patient treatment. The main objective of this paper is to present a new methodology that can define, from legislation to practice, an access control policy as well as...
Conference Paper
Securing individual data objects using sticky policies in trusted networks is essential in user centric distributing computing applications. However aggregation of data objects presents a challenge in terms of sticky policy integrity for the new object. A possible solution is based on a mathematical merger of sticky polices associated with all aggr...
Conference Paper
Full-text available
Access control models describe frameworks that dictate how subjects (e.g. users) access resources. In the Role-Based Access Control (RBAC) model access to resources is based on the role the user holds within the organization. RBAC is a rigid model where access control decisions have only two output options: Grant or Deny. Break The Glass (BTG) poli...
Chapter
Full-text available
This paper addresses the topic of federated identity management. It discusses in detail the following topics: what is digital identity, what is identity management, what is federated identity management, Kim Cameron’s 7 Laws of Identity, how can we protect the user’s privacy in a federated environment, levels of assurance, some past and present fed...
Conference Paper
Full-text available
There exist many obstacles that slow the global adoption of public key infrastructure (PKI) technology. The PKI interoperability problem, being poorly understood, is one of the most confusing. In this paper, we clarify the PKI interoperability issue by exploring both the juridical and technical domains. We demonstrate the origin of the PKI interope...
Article
Full-text available
Most federated identity management systems are limited by users' ability to choose only one identity provider per service session. A proposed linking service lets users securely link their various identity provider (IdP) accounts, enabling the system to aggregate attributes from multiple authoritative sources automatically without requiring users t...
Conference Paper
Full-text available
SSL is the primary technology used to secure web communications. Before setting up an SSL connection, web browsers have to validate the SSL certificate of the web server in order to ensure that users access the expected web site. We have tested the handling of the main fields in SSL certificates and found that web browsers do not process them in a...
Article
Full-text available
Purpose This paper aims to describe a bilateral symmetric approach to authorization, privacy protection and obligation enforcement in distributed transactions. The authors introduce the concept of the obligation of trust (OoT) protocol as a privacy assurance and authorization mechanism that is built upon the XACML standard. The OoT allows two commu...
Article
Full-text available
We describe adding support for dynamic delegation of authority (DOA) between users in multiple administrative domains, to the XACML model for authorisation decision making. DOA is enacted via the issuing of credentials from one user to another, and follows the role based access control model. We present the problems and requirements that such a del...
Conference Paper
Full-text available
This paper describes a federated identity management system based on long lived encrypted credential files rather than virtual cards and short lived assertions. Users obtain their authorisation credential files from their identity providers and have them bound to their public key certificates, which can hold any pseudonym the user wishes. Users can...
Conference Paper
We describe a more advanced authorisation infrastructure for identity management systems which in addition to the traditional Policy Enforcement Point (PEP) and Policy Decision Point (PDP) has an application independent policy enforcement point (AIPEP), a credential validation service (CVS) and a master PDP. The AIPEP is responsible for handling st...
Conference Paper
The Electronic Medical Record (EMR) allows for the distributed collection and searching of healthcare information. However, it usually does not integrate easily into healthcare professionalspsila daily workflows. Barriers to its acceptance include costs such as time and effort, but also relational and educational issues. Access controls are likely...
Article
Authorization infrastructures manage privileges and render access control decisions, allowing applications to adjust their behavior according to the privileges allocated to users. This paper describes the PERMIS role based authorization infrastructure along with its conceptual authorization, access control, and trust models. PERMIS has the novel co...
Conference Paper
Full-text available
The Bell-LaPadula security model is a hybrid model that combines mandatory access controls and discretionary access controls. The Bell-LaPadula security model has been widely accepted in military environments for its capability to specify military style confidentiality policies. The role based access control (RBAC) model has attracted extensive res...
Article
Full-text available
We describe how to control the cumulative use of distributed grid resources by using coordination aware policy decision points (coordinated PDPs) and an SQL database to hold "coordination" data. When access to a resource is granted, obligations in the security policy ensure that the coordination database is updated. The coordination database is a n...
Conference Paper
Full-text available
Grids allow for collaborative e-Research to be undertaken, often across institutional and national boundaries. Typically this is through the establishment of virtual organizations (VOs) where policies on access and usage of resources across partner sites are defined and subsequently enforced. For many VOs, these agreements have been lightweight and...
Conference Paper
Full-text available
Conference Paper
Full-text available
The implementation of usable security is particularly challenging in the growing field of Grid computing, where control is decentralised, systems are heterogeneous, and authorization applies across administrative domains. PERMIS, based on the Role-Based Access Control (RBAC) model, provides a unified infrastructure to address these challenges. Prev...
Conference Paper
Full-text available
Existing policy enforcement points (PEPs) typically call a local policy decision point (PDP) running at the local site, either embedded in the application, or running as a local stand alone service. In distributed applications, the PDPs at each site do not usually coordinate decision making amongst themselves, and do not pass policies between thems...
Conference Paper
Full-text available
The principal motivation for organizing a panel session at DBSEC’08 was to invite a number of distinguished researchers in data security to present their thoughts and to stimulate conference debate on a question of major importance: what are the key future challenges in distributed data security? The thoughts of the panellists on this issue are sum...
Article
Full-text available
EduRoam allows universities to cooperate to authenticate users as they roam between the federated institutions. However, authentication is not always sufficient since the host institution does not know how to differentiate between different groups of roaming users in order to give them access to different network resources. We have designed and bui...
Article
Full-text available
This chapter reports the authors' experiences regarding security of the electronic medical record (EMR). Although the EMR objectives are to support shared care and healthcare professionals' workflow, there are some barriers that prevent its successful use. These barriers comprise not only costs, regarding resources and time, but also patient / heal...
Article
Full-text available
The EPSRC pilot project Meeting the Design Challenges of nanoCMOS Electronics (nanoCMOS – www.nanocmos.ac.uk) has been funded to tackle some of the challenges facing the semiconductor electronics industry caused by the progressive scaling of CMOS transistors. As transistor dimensions are now at the nanometer scale with 40nm MOSFETs already in mass...
Article
This paper describes how it is possible to use today's existing stateless PDPs such as the XACML PDP, to provide coordinated access control decision making throughout a distributed application. This is achieved by utilising an external database service to store the retained ADI that is needed by the PDPs. In this way the decision making can be coor...
Conference Paper
Full-text available
Existing access control systems are typically unilateral in that the enterprise service provider assigns the access rights and makes the access control decisions, and there is no negotiation between the client and the service provider. As access management systems lean towards being user-centric, unilateral approaches can no longer adequately prese...
Conference Paper
Full-text available
The model for grid authorisation is now reasonably well established. Attribute Authorities (or Identity Providers) assign attributes to users, and policy decision points (PDPs) at the resource sites make access control decisions based on the user’s attributes. Well known examples of AAs/IdPs are VOMS, CAS and Shibboleth, and well known examples of...
Conference Paper
Full-text available
A Virtual Organisation (VO) is a temporary alliance of au- tonomous, diverse, and geographically dispersed organisations, where the participants pool resources, information and knowledge in order to meet common objectives. This requires dynamic security policy management. We propose an authorisation policy management model called recogni- tion of a...
Conference Paper
Full-text available
There are several problems associated with the current ways that certificates are published and revoked. This paper discusses these problems, and then proposes a solution based on the use of WebDAV, an enhancement to the HTTP protocol. The proposed solution provides instant certificate revocation, minimizes the processing costs of the certificate i...
Article
In a virtual organization environment, where services and data are provided and shared among organizations from different administrative domains and protected with dissimilar security policies and measures, there is a need for a flexible authentication framework that supports the use of various authentication methods and tokens. The authentication...
Conference Paper
Full-text available
Role based access control has been widely researched in security critical systems. Conventional role based access control is a passive model, which makes authorization decisions on requests, and the authorization decisions contain only information about whether the corresponding requests are authorised or denied. One of the potential improvements f...
Conference Paper
Full-text available
One of the most challenging problems in managing large networks is the complexity of security administration. Role based access control (RBAC) has become the predominant model for advanced access control. Flexibility and manageability are important requirements for any delegation system which is one of the most important access control management m...
Conference Paper
Full-text available
Separation of duties (SoD) is a key security requirement for many business and information systems. Role based access controls (RBAC) is a relatively new paradigm for protecting information systems. In the ANSI standard RBAC model both static and dynamic SoD are defined. However, static SoD policies assume that the system has full control over the...
Conference Paper
Full-text available
Purpose – This paper describes a bilateral symmetric approach to authorization, privacy protection and obligation enforcement in distributed transactions. We introduce the concept of the Obligation of Trust (OoT) protocol as a privacy assurance and authorization mechanism that is built upon the XACML standard. The OoT allows two communicating parti...