Congratulations to Dr. Rasib Khan, from SECRETLab, for successfully defending his thesis, titled “Towards Trustworthy Authentication in Service Oriented Computing”, supervised by Dr. Ragib Hasan.
Dr. Ragib Hasan, Chair (UAB CIS)
Dr. Purushotham Bangalore (UAB CIS)
Dr. Alan Sprague (UAB CIS)
Dr. Anthony Skjellum (Auburn)
Dr. John Sloan (UAB Justice Sciences)
Today’s Internet and network-based applications are highly driven by the service-oriented architecture model. Given the variety of online services, we hypothesized that there is a significant non-uniformity in the behavior of users pertaining to security-oriented practices on the Internet. We performed statistical analysis on open source user-survey datasets to establish the validity of the statement. We performed further study with respect to the security-oriented behavioral practices in developing countries. We were able to determine certain traits and insecure practices that general Internet users from both developed and developing countries adopt, and addressed the corresponding issues to devise secure authentication technologies for online services.
The rapid growth in the number and type of online services has resulted in adopting diverse models for authentication. Cross-platform and service composition architectures require a complex integration procedure and limit adoptability of newer authentication models. Authentication is generally based on a binary success or failure and relies on credentials proffered at the present moment without considering how or when the credentials were obtained by the subject. The resulting access control engines suffer from rigid service policies and complexity of management.
We adopted notions of real-life authentication with similar causal effects in service computing architectures. We introduced the concept of interaction provenance in service oriented computing as the only and unified authentication factor. Interaction provenance uses the causal relationship of past events to leverage service composition, cross-platform integration, timeline authentication, and easier adoption of newer methods. We presented a W3C PROV standard compliant model for interaction provenance, including secure provenance preservation techniques for service oriented computing architectures. We also applied the concept of interaction provenance to create secure frameworks for provenance-aware services. Next, we explored the causal relationship with the quality of past events to create a flexible and novel authentication and threshold based access control engine using fuzzy policies. We showed how linguistic terminologies, fuzzy ranges, and visualization of policies in fuzzy engines can be used to create simplistic yet innovative policies with additional benefits in the usability and maintenance of such systems.