Wahrend die Sicherheitsproblemaktik von Network Management Anwendungen seit langem bekannt ist un... more Wahrend die Sicherheitsproblemaktik von Network Management Anwendungen seit langem bekannt ist und ihre Losungen in den OSI-Spezifikationen der X.700-Serie beschrieben sind, gibt es bisher kaum Erfahrungen mit ihrer Implementie rung. Dieses Papier gibt eine kritische Sicht auf den OSI-Standard von Authentifizierung und Zugriffsschutz fur Managementanwendungen und beschreibt dann unsere Erfahrung mit seiner Implementierung. Unsere Implementierung wurde mit Hilfe von OSIMaDE, SecuDE und IsoDE im BMSec-Projekt realisiert. Die verwendeten Abkurzungen und Akronyme sind am Ende dieses Artikels erlautert.
2009 Third International Conference on Emerging Security Information, Systems and Technologies, 2009
ABSTRACT This article presents a formal IT-security model for the step-by-step exchange of digita... more ABSTRACT This article presents a formal IT-security model for the step-by-step exchange of digital items. Following the taxonomy of Asokan the model presented here addresses the security requirements for a so-called ldquoweakrdquo fair exchange. ldquoWeakrdquo refers to the fact, that third parties are used to dissolve disputes. In this model, non-repudiation proofs are used in an external dispute to establish weak fairness. It shows how many unproved steps can be tolerated by one party without loss of fairness. The model is based on the idea of a ldquocontinuous balance of obligations and their proofsrdquo. This idea was proposed 1993 by Grimm, but never since formalized properly.
... eines auf den Datenschutz ausgerichteten DRM. Rüdiger Grimm und Stefan Puchta be-schreiben an... more ... eines auf den Datenschutz ausgerichteten DRM. Rüdiger Grimm und Stefan Puchta be-schreiben an Hand einiger Beispiele die Strategien der Datenerfassung von DRM-Systemen. Jan Möller und Johann Bizer arbeiten vor ...
The term process analysis usually describes the systematic analysis of business processes with th... more The term process analysis usually describes the systematic analysis of business processes with the objective to optimize the process. In contrast, this paper shows how a systematic process analysis can be used for a security analysis by deriving security objectives from an event-driven process chain (EPC). Home banking serves as an example of application. First, the derived objectives are collected in a requirements catalogue. Then this catalogue will be used to specify the IT-security objectives within the scope of the Common Criteria Protection Profile.
Information and knowledge are assets. Therefore, authorization conflicts about information flow a... more Information and knowledge are assets. Therefore, authorization conflicts about information flow are subject to security concerns. The protection of information flow in a decentralized system is an important security objective in the business world. Once information is given away, there is an asymmetric relationship between the owner and the recipient of the information, because the owner has no control over a proper use or misuse by the recipient. The Common Limes Security Model (the Limes model for short) presented in this paper is a substantial extension of a simple model. It provides provable policies for asset (information) flow control. Rule elements are history and conflict functions maintained by the asset owners and protected by contracts between communication partners. If correctly implemented and enforced the rules of the Limes model guarantee the protection of assets from an unauthorized flow. They allow an information object to stay in a secure state in a decentralized, ...
Abstract In order to clarify the question of whether we need security for our networks, we need t... more Abstract In order to clarify the question of whether we need security for our networks, we need to identify the assets we have in our networks. It will be pointed out that the trusted partner relation plays a key role in secure communication. We will look at the threats against our assets. We also need to make visible the vulnerability, i.e. to identify the weak points of our networks. It will be shown, that security is not only “against” threats but also “for” a new quality of communication. Concrete steps how to improve security in RARE networks are described. The problem of trusted hard- and software will also be mentioned. Finally, security will be be presented as a concept of responsibility.
Wahrend die Sicherheitsproblemaktik von Network Management Anwendungen seit langem bekannt ist un... more Wahrend die Sicherheitsproblemaktik von Network Management Anwendungen seit langem bekannt ist und ihre Losungen in den OSI-Spezifikationen der X.700-Serie beschrieben sind, gibt es bisher kaum Erfahrungen mit ihrer Implementie rung. Dieses Papier gibt eine kritische Sicht auf den OSI-Standard von Authentifizierung und Zugriffsschutz fur Managementanwendungen und beschreibt dann unsere Erfahrung mit seiner Implementierung. Unsere Implementierung wurde mit Hilfe von OSIMaDE, SecuDE und IsoDE im BMSec-Projekt realisiert. Die verwendeten Abkurzungen und Akronyme sind am Ende dieses Artikels erlautert.
2009 Third International Conference on Emerging Security Information, Systems and Technologies, 2009
ABSTRACT This article presents a formal IT-security model for the step-by-step exchange of digita... more ABSTRACT This article presents a formal IT-security model for the step-by-step exchange of digital items. Following the taxonomy of Asokan the model presented here addresses the security requirements for a so-called ldquoweakrdquo fair exchange. ldquoWeakrdquo refers to the fact, that third parties are used to dissolve disputes. In this model, non-repudiation proofs are used in an external dispute to establish weak fairness. It shows how many unproved steps can be tolerated by one party without loss of fairness. The model is based on the idea of a ldquocontinuous balance of obligations and their proofsrdquo. This idea was proposed 1993 by Grimm, but never since formalized properly.
... eines auf den Datenschutz ausgerichteten DRM. Rüdiger Grimm und Stefan Puchta be-schreiben an... more ... eines auf den Datenschutz ausgerichteten DRM. Rüdiger Grimm und Stefan Puchta be-schreiben an Hand einiger Beispiele die Strategien der Datenerfassung von DRM-Systemen. Jan Möller und Johann Bizer arbeiten vor ...
The term process analysis usually describes the systematic analysis of business processes with th... more The term process analysis usually describes the systematic analysis of business processes with the objective to optimize the process. In contrast, this paper shows how a systematic process analysis can be used for a security analysis by deriving security objectives from an event-driven process chain (EPC). Home banking serves as an example of application. First, the derived objectives are collected in a requirements catalogue. Then this catalogue will be used to specify the IT-security objectives within the scope of the Common Criteria Protection Profile.
Information and knowledge are assets. Therefore, authorization conflicts about information flow a... more Information and knowledge are assets. Therefore, authorization conflicts about information flow are subject to security concerns. The protection of information flow in a decentralized system is an important security objective in the business world. Once information is given away, there is an asymmetric relationship between the owner and the recipient of the information, because the owner has no control over a proper use or misuse by the recipient. The Common Limes Security Model (the Limes model for short) presented in this paper is a substantial extension of a simple model. It provides provable policies for asset (information) flow control. Rule elements are history and conflict functions maintained by the asset owners and protected by contracts between communication partners. If correctly implemented and enforced the rules of the Limes model guarantee the protection of assets from an unauthorized flow. They allow an information object to stay in a secure state in a decentralized, ...
Abstract In order to clarify the question of whether we need security for our networks, we need t... more Abstract In order to clarify the question of whether we need security for our networks, we need to identify the assets we have in our networks. It will be pointed out that the trusted partner relation plays a key role in secure communication. We will look at the threats against our assets. We also need to make visible the vulnerability, i.e. to identify the weak points of our networks. It will be shown, that security is not only “against” threats but also “for” a new quality of communication. Concrete steps how to improve security in RARE networks are described. The problem of trusted hard- and software will also be mentioned. Finally, security will be be presented as a concept of responsibility.
Lecture Notes in Informatics (LNI)-Proceedings Series of the Gesellschaft für Informatik (GI) Vol... more Lecture Notes in Informatics (LNI)-Proceedings Series of the Gesellschaft für Informatik (GI) Volume P-167 ISBN 978-3-88579-261-1 ISSN 1617-5468 Volume Editors Mag. Robert Krimmer E-Voting. CC gGmbH Competence Center for Electronic Voting and Participation Pyrkergasse 33/1/2, A-1190 Vienna, Austria Email: r. krimmer@ e-voting. cc Prof. Dr. Rüdiger Grimm Universität Koblenz-Landau Institut für Wirtschafts-und Verwaltungsinformatik Universitätsstraße 1, D-56016 Koblenz, Germany Email: grimm@ uni-koblenz.
Uploads
Papers by Ruediger Grimm