Skip to main content
SpringerLink
Log in
Book cover

Pacific-Asia Workshop on Intelligence and Security Informatics

PAISI 2014: Intelligence and Security Informatics pp 18–34Cite as

User Management in Information Security Engineering Environment ISEE

  • Conference paper

  • 701 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8440))

Abstract

An Information Security Engineering Environment (ISEE) based on ISO/IEC security standards has been proposed. ISEE integrates various tools such that its users can use these tools to ensure the whole security of their target information system at anytime consistently and continuously according to ISO/IEC security standards. In order to defend attacks and prevent damage beforehand, ISEE should provide users with some way to control user behavior by giving appropriate suggestions anticipatorily and actively. Such facility to control user behavior should be provided by a user management mechanism of ISEE, i.e., the user management mechanism of ISEE should deal with not only authentication, authorization, accounting or auditing, but also generating effective suggestions from records of user behavior anticipatorily, and informing the suggestions actively. Any traditional user management system is a storehouse of user data and works passively according to queries or transactions explicitly issued by its users and/or application programs, but has no active behavior to do something by itself. This paper presents an anticipatory user management mechanism of ISEE, as a new type of user management mechanism for SaaS-based cloud services with facility to control user behavior.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Apache Software Foundation: Apache Subversion, http://subversion.apache.org/ (accessed at Febraury 19, 2014)

  2. Bao, D., Miura, J., Zhang, N., Goto, Y., Cheng, J.: Supporting Verification and Validation of Security Targets with ISO/IEC 15408. In: The 2nd International Conference on Mechatronic Sciences, Electric Engineering and Computer (MEC 2013), Shenyang, China, pp. 2621–2628. IEEE (2013)

    Google Scholar 

  3. Brown, W.J., Malveau, R.C., McCormick, H.W., Mowbray, T.J.: AntiPatterns: Refactoring Software, Architectures, and Projects in Crisis. John Wiley & Sons, Inc. (1998)

    Google Scholar 

  4. Chen, B., Chi, X., Wu, H.: A Model for User Management in Grid Computing Environments. In: Li, M., Sun, X., Deng, Q., Ni, J. (eds.) GCC 2003, Part I. LNCS, vol. 3032, pp. 732–737. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  5. Cheng, J.: Anticipatory Reasoning-Reacting Systems. In: International Conference on Systems, Development and Self-organization, Beijing, China, pp. 161–165 (2002)

    Google Scholar 

  6. Cheng, J.: Temporal Relevant Logic as the Logical Basis of Anticipatory Reasoning-Reacting Systems. In: Dubois, D.M. (ed.) Computing Anticipatory Systems: CASYS 2003 - Sixth International Conference, Liege, Belgium, August 11-16. AIP Conference Proceedings, vol. 718, pp. 362–375. American Institute of Physics (2004)

    Google Scholar 

  7. Cheng, J.: Temporal Deontic Relevant Logic as the Logical Basis for Decision Making Based on Anticipatory Reasoning. In: 2006 IEEE International Conference on Systems, Man and Cybernetics, Taipei, Taiwan, pp. 1036–1041. IEEE Systems, Man, and Cybernetics Society (2006)

    Google Scholar 

  8. Cheng, J.: Adaptive Prediction by Anticipatory Reasoning Based on Temporal Relevant Logic. In: 2008 Eighth International Conference on Hybrid Intelligent Systems, Barcelona, Spain, pp. 410–416. IEEE (2008)

    Google Scholar 

  9. Cheng, J., Goto, Y., Horie, D.: ISEE: An Information Security Engineering Environment. In: International Conference on Security and Cryptography, Milan, Italy, pp. 395–400. INSTICC Press (2009)

    Google Scholar 

  10. Cheng, J., Goto, Y., Kitajima, N.: Anticipatory Reasoning about Mobile Objects in Anticipatory Reasoning-Reacting Systems. In: Dubois, D.M. (ed.) Computing Anticipatory Systems: CASYS 2007 - Eighth International Conference. AIP Conference Proceedings, vol. 718, pp. 244–254. American Institute of Physics (2008)

    Google Scholar 

  11. Cheng, J., Goto, Y., Morimoto, S., Horie, D.: A Security Engineering Environment Based on ISO/IEC Standards: Providing Standard, Formal, and Consistent Supports for Design, Development, Operation, and Maintenance of Secure Information Systems. In: The 2nd International Conference on Information Security and Assurance, Busan, Korea, pp. 350–354. IEEE Computer Society (2008)

    Google Scholar 

  12. Cheng, J., Nara, S., Goto, Y.: FreeEnCal: A Forward Reasoning Engine with General-Purpose. In: Apolloni, B., Howlett, R.J., Jain, L. (eds.) KES 2007, Part II. LNCS (LNAI), vol. 4693, pp. 444–452. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  13. Dean, J., Ghemawat, S.: MapReduce: Simplified Data Processing on Large Clusters. Communications of the ACM 51(1), 107–113 (2008)

    Article  Google Scholar 

  14. Denemark, J., Jankowski, M., Křenek, A., Matyska, L., Meyer, N., Ruda, M., Wolniewicz, P.: Best Practices of User Account Management with Virtual Organization Based Access to Grid. In: Wyrzykowski, R., Dongarra, J., Meyer, N., Waśniewski, J. (eds.) PPAM 2005. LNCS, vol. 3911, pp. 633–642. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  15. Dubois, D.M.: Computing Anticipatory Systems with Incursion and Hyperincursion. In: Dubois, D.M. (ed.) The First International Conference on Computing Anticipatory Systems. AIP Conference Proceedings, vol. 437, pp. 3–30. American Institute of Physics (1998)

    Google Scholar 

  16. Dubois, D.M.: Introduction to Computing Anticipatory Systems. International Journal of Computing Anticipatory Systems 2, 3–14 (1998)

    Article  Google Scholar 

  17. Git: Git, http://git-scm.com/ (accessed at Febraury19, 2014)

  18. Goto, Y., Gao, H., Tsuji, T., Cheng, J.: Practical Usage of FreeEnCal: An Automated Forward Reasoning Engine for General-Purpose. In: The International Conference on Machine Learning and Cybernetics, Xi’an, China, pp. 1878–1883. IEEE (2012)

    Google Scholar 

  19. Goto, Y., Koh, T., Cheng, J.: A General Forward Reasoning Algorithm for Various Logic Systems with Different Formalizations. In: Lovrek, I., Howlett, R.J., Jain, L.C. (eds.) KES 2008, Part II. LNCS (LNAI), vol. 5178, pp. 526–535. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  20. Goto, Y., Nara, S., Cheng, J.: Efficient Anticipatory Reasoning for Anticipatory Systems with Requirements of High Reliability and High Security. International Journal of Computing Anticipatory Systems 14, 156–171 (2004)

    Google Scholar 

  21. Grzonkowski, S., Gzella, A., Krawczyk, H., Kruk, S.R., MartinRecuerda, F., Woroniecki, T.: D-FOAF - Security Aspects in Distributed User Management System. In: The IEEE International Conference on Technologies for Homeland Security and Safety (2005)

    Google Scholar 

  22. Hacker, T.J., Athey, B.D.: A Methodology for Account Management in Grid Computing Environments. In: Lee, C.A. (ed.) GRID 2001. LNCS, vol. 2242, pp. 133–144. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  23. Han, J., Kamber, M., Pei, J.: Data Mining: Concepts and Techniques, 3rd edn. Morgan Kaufmann Publishers (2011)

    Google Scholar 

  24. Hogan, M., Sokol, A.: NIST Cloud Computing Standards Roadmap, Version 2 (2013)

    Google Scholar 

  25. Horie, D., Goto, Y., Cheng, J.: Development of ISEE: An Information Security Engineering Environment. In: 2009 Second International Symposium on Electronic Commerce and Security, Nanchang, China, pp. 338–342. IEEE (2009)

    Google Scholar 

  26. Horie, D., Kasahara, T., Goto, Y., Cheng, J.: A New Model of Software Life Cycle Processes for Consistent Design, Development, Management, and Maintenance of Secure Information Systems. In: 2009 Eighth IEEE/ACIS International Conference on Computer and Information Science, Shanghai, China, pp. 897–902. IEEE Computer Society (2009)

    Google Scholar 

  27. Horie, D., Morimoto, S., Azimah, N., Goto, Y., Cheng, J.: ISEDS: An Information Security Engineering Database System Based on ISO Standards. In: 2008 Third International Conference on Availability, Reliability and Security, Barcelona, Spain, pp. 1219–1225. IEEE Computer Society (2008)

    Google Scholar 

  28. Horie, D., Yajima, K., Azimah, N., Goto, Y., Cheng, J.: GEST: A Generator of ISO/IEC 15408 Security Target Templates. In: Lee, R., Hu, G., Miao, H. (eds.) Computer and Information Science 2009. SCI, vol. 208, pp. 149–158. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  29. International Organization for Standardization: ISO/IEC 15408:2009, Information Technology – Security Techniques - Evaluation Criteria for IT Security (2009)

    Google Scholar 

  30. International Organization for Standardization: ISO/IEC 18045:2008 Information Technology – Security Techniques – Methodology for IT Security Evaluation (2008)

    Google Scholar 

  31. International Organization for Standardization: ISO/IEC 27000: Information Technology – Security Techniques – Information Security Management Systems – Overview and Vocabulary (2009)

    Google Scholar 

  32. International Organization for Standardization: ISO/IEC 27001: Information Technology – Security Techniques – Information Security Management Systems – Requirements (2005)

    Google Scholar 

  33. International Organization for Standardization: ISO/IEC 27002: Information Technology – Security Techniques – Code of Practice for Information Security Management (2005)

    Google Scholar 

  34. International Organization for Standardization: ISO/IEC 27003: Information Technology – Security Techniques – Information Security Management Implementation Guidance (2010)

    Google Scholar 

  35. International Organization for Standardization: ISO/IEC 27004: Information Technology – Security Techniques – Information Security Management – Measurement (2009)

    Google Scholar 

  36. International Organization for Standardization: ISO/IEC 27005: Information Technology – Security Techniques – Information Security Risk Management (2011)

    Google Scholar 

  37. Iqbal, A., Horie, D., Goto, Y., Cheng, J.: A Database System for Effective Utilization of ISO/IEC 27002. In: 2009 Fourth International Conference on Frontier of Computer Science and Technology, Shanghai, China, pp. 607–612. IEEE Computer Society (2009)

    Google Scholar 

  38. Kitajima, N., Goto, Y., Cheng, J.: Fast Qualitative Reasoning about Actions for Computing Anticipatory Systems. In: 2008 Third International Conference on Availability, Reliability and Security, Barcelona, Spain, pp. 171–178. IEEE Computer Society (2008)

    Google Scholar 

  39. Kitajima, N., Goto, Y., Cheng, J.: Development of a Decision-Maker in an Anticipatory Reasoning-Reacting System for Terminal Radar Control. In: Corchado, E., Wu, X., Oja, E., Herrero, Á., Baruque, B. (eds.) HAIS 2009. LNCS, vol. 5572, pp. 68–76. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  40. Kitajima, N., Nara, S., Goto, Y., Cheng, J.: A Deontic Relevant Logic Approach to Reasoning. International Journal of Computing Anticipatory Systems 20, 177–190 (2008)

    Google Scholar 

  41. Koh, T., Goto, Y., Cheng, J.: A Fast Duplication Checking Algorithm for Forward Reasoning Engines. In: Lovrek, I., Howlett, R.J., Jain, L.C. (eds.) KES 2008, Part II. LNCS (LNAI), vol. 5178, pp. 499–507. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  42. Li, J., Zhang, C.: A Three-Dimensional Role Based User Management Model in Web Information Systems. In: Lu, W., Cai, G., Liu, W., Xing, W. (eds.) Proceedings of the 2012 International Conference on Information Technology and Software Engineering. LNEE, vol. 210, pp. 657–665. Springer, Heidelberg (2013)

    Google Scholar 

  43. Lin, J., Lu, X., Yu, L., Zou, Y., Zha, L.: VegaWarden: A Uniform User Management System for Cloud Applications. In: 2010 IEEE Fifth International Conference on Networking, Architecture, and Storage, Macau, China, pp. 457–464. IEEE (2010)

    Google Scholar 

  44. Liu, F., Dogdu, E.: A User Management System for Federated Databases Using Web Services. In: Gavrilova, M.L., et al. (eds.) ICCSA 2006. LNCS, vol. 3983, pp. 88–97. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  45. Liu, L.M., Xu, Z., Li, W.: A Layered Grid User Expression Model in Grid User Management 2 The Grid User Expression RUS Model. In: Li, M., Sun, X.H., Deng, Q.N., Ni, J. (eds.) GCC 2003. LNCS, vol. 3033, pp. 1055–1058. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  46. Nara, S., Shang, F., Omi, T., Goto, Y., Cheng, J.: An Anticipatory Reasoning Engine for Anticipatory Reasoning-Reacting Systems. International Journal of Computing Anticipatory Systems 18, 225–234 (2006)

    Google Scholar 

  47. Rosen, R.: Anticipatory Systems – Philosophical, Mathematical and Methodological Foundations. Pergamon Press (1985)

    Google Scholar 

  48. Sandhu, R.S., Feinstein, H.L., Youman, C.E.: Role Based Access Control Models. Computer 29(2), 38–47 (1996)

    Article  Google Scholar 

  49. Suhaimi, A.I.H., Goto, Y., Cheng, J.: An Engineering Environment for Supporting Information Security Management Systems. In: Kim, T.H., et al. (eds.) SecTech, CA, CES3 2012. CCIS, vol. 339, pp. 30–37. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  50. Suhaimi, A.I.H., Goto, Y., Cheng, J.: An Analysis of Software Supportable Tasks in Information Security Management System Life Cycle Processes. In: International Conference on Information and Social Science, Nagoya, Japan, pp. 29–58 (2013)

    Google Scholar 

  51. Suhaimi, A.I.H., Manji, T., Goto, Y., Cheng, J.: A Systematic Management Method of ISO Information Security Standards for Information Security Engineering Environments. In: Abd Manaf, A., Zeki, A., Zamani, M., Chuprat, S., El-Qawasmeh, E. (eds.) ICIEIS 2011, Part I. CCIS, vol. 251, pp. 370–384. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  52. Sun, G., Yajima, K., Miura, J., Goto, Y., Cheng, J.: A Supporting Tool for Creating and Maintaining Security Targets according to ISO/IEC 15408. In: 2012 IEEE International Conference on Computer Science and Automation Engineering, Beijing, China, pp. 745–749. IEEE (2012)

    Google Scholar 

  53. Wu, X., Kumar, V., Ross Quinlan, J., Ghosh, J., Yang, Q., Motoda, H., McLachlan, G.J., Ng, A., Liu, B., Yu, P.S., Zhou, Z.H., Steinbach, M., Hand, D.J.: Top 10 Algorithms in Data Mining. Knowledge and Information Systems 14(1), 1–37 (2008)

    Article  Google Scholar 

  54. Xu, L., Shi, K., Goto, Y., Cheng, J.: ISEC: An Information Security Engineering Cloud. In: 2012 IEEE International Conference on Computer Science and Automation Engineering, Beijing, China, pp. 750–753. IEEE (2012)

    Google Scholar 

  55. Xu, L., Wang, B., Zhang, N., Goto, Y., Cheng, J.: Providing Users with Suitable Services of Information Security Engineering Cloud based on ISO/IEC 15408. In: 2013 IEEE 4th International Conference on Software Engineering and Service Science, Beijing, China, pp. 321–325. IEEE (2013)

    Google Scholar 

  56. Yajima, K., Morimoto, S., Horie, D., Azreen, N.S., Goto, Y., Cheng, J.: FORVEST: A Support Tool for Formal Verification of Security Specifications with ISO/IEC 15408. In: 2009 International Conference on Availability, Reliability and Security, Fukuoka, Japan, pp. 624–629. IEEE Computer Society (2009)

    Google Scholar 

  57. Zhang, N., Bao, D., Xu, L., Suhaimi, A.I.H., Miura, J., Goto, Y., Cheng, J.: Supporting Tools for Software Supportable Tasks Related with ISO/IEC 15408. In: The 2nd International Conference on Mechatronic Sciences, Electric Engineering and Computer, Shenyang, China, pp. 2002–2006. IEEE (2013)

    Google Scholar 

  58. Zhang, N., Suhaimi, A.I.H., Goto, Y., Cheng, J.: An Analysis of Software Supportable Tasks Related with ISO/IEC 15408. In: The 9th International Conference on Computational Intelligence and Security, E’Mei Shan, China, pp. 601–606. IEEE Computer Society (2013)

    Google Scholar 

  59. Zhu, L., Kent, R.D., Aggarwal, A., Viranthi, P., Rahman, Q., Elamsy, T., Ejelike, O., Statement, P.: Construction of a Webportal and User Management Framework for Grid. In: 21st International Symposium on High Performance Computing Systems and Applications, Saskatoon, SK, pp. 3–9. IEEE Computer Society (2007)

    Google Scholar 

  60. Zikopoulos, P., Eaton, C.: Understanding Big Data: Analytics for Enterprise Class Hadoop and Streaming Data. McGraw-Hill Osborne Media (2011)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Information and Computer Science, Saitama University, Saitama, 338-8570, Japan

    Yuichi Goto, Liqing Xu, Ning Zhang & Jingde Cheng

Authors
  1. Yuichi Goto
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Liqing Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ning Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jingde Cheng
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. The University of Hong Kong, School of Business, Pokfulam Road, Pokfulam, Hong Kong, SAR, China

    Michael Chau

  2. MIS Department, University of Arizona, Tucson, USA

    Hsinchun Chen

  3. Virginia Tech, Pamplin College of Business, Pamplin Hall, 1007, 24061, Blacksburg, VA, USA

    G. Alan Wang

  4. Central Police University, 56 Shujen Rd., Takang Village, 33304, Kueishan Hsiang, Taoyuan County, Taiwan, R.O.C.

    Jau-Hwang Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Goto, Y., Xu, L., Zhang, N., Cheng, J. (2014). User Management in Information Security Engineering Environment ISEE. In: Chau, M., Chen, H., Wang, G.A., Wang, JH. (eds) Intelligence and Security Informatics. PAISI 2014. Lecture Notes in Computer Science, vol 8440. Springer, Cham. https://doi.org/10.1007/978-3-319-06677-6_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-06677-6_3

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-06676-9

  • Online ISBN: 978-3-319-06677-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation