Using agreements as an abstraction for access control administration

Reyneke, André

January 2007

The last couple of decades saw lots of changes in the business world. Not only did technology change at a rapid pace, but businesses' views with respect to the role that information plays also changed drastically. Information is now seen as a strategic resource. This change paved the way for the so-called knowledge worker that not only consumes information, but actively participates in creating new knowledge from information. Employees must therefore be empowered to fulfill their new role as knowledge workers. Empowerment happens through job redefinition and by ensuring that the appropriate information is at hand. Although information is more readily available to employees, appropriate access controls must still be implemented. However, there is conflict between the need to share information and the need to keep information confidential. These conflicting needs must be reflected in the administration of access control. In order to resolve these conflicts, a finer granularity of access controls must be implemented. However, to implement a finer granularity of access control, an increase in the number of access controls and, therefore, the administrative burden is inevitable. Access control administrators must cater for a potentially large number of systems. These systems can not only be heterogenous as far as architecture and technology are concerned, but also with respect to access control paradigms. Vendors have realized that human involvement must be minimized, giving birth to so-called "provisioning systems". Provisioning systems, in principle, automate certain parts of access control administration. However, currently implementations are done in an ad hoc manner, that is, without a systematic process of identifying the real access control needs. This study aims to address this problem by proposing the "agreement abstraction" as a possible vehicle for systematically analyzing the access control requirements in a business. In essence, the agreement abstraction allows us to identify opportunities where access control can be automated. A specific methodological approach is suggested whereby the business is analysed in terms of business processes, as opposed to the more traditional resource perspective. Various business processes are used as examples to explain and motivate the proposed agreement abstraction further. This dissertation therefore contributes to the field of discourse by presenting a new abstraction that can be used systematically to analyse access control administration requirements.

Information -- control and access

Computer security -- Management

Aspects of the theory of weightless artificial neural networks

Ntourntoufis, Panayotis

January 1994

No description available.

621.39

A Certified Core Policy Language

Sistany, Bahman

January 2016

We present the design and implementation of a Certified Core Policy Language (ACCPL) that can be used to express access-control rules and policies. Although full-blown access-control policy languages such as eXtensible Access Control Markup Language (XACML) [OAS13] already exist, because access rules in such languages are often expressed in a declarative manner using fragments of a natural language like English, it isn’t alwaysclear what the intended behaviour of the system encoded in these access rules should be. To remedy this ambiguity, formal specification of how an access-control mechanism should behave, is typically given in some sort of logic, often a subset of first order logic. To show that an access-control system actually behaves correctly with respect to its specification, proofs are needed, however the proofs that are often presented in the literature are hard or impossible to formally verify. The verification difficulty is partly due to the fact that the language used to do the proofs while mathematical in nature, utilizes intuitive justifications to derive the proofs. Intuitive language in proofs means that the proofs could be incomplete and/or contain subtle errors. ACCPL is small by design. By small we refer to the size of the language; the syntax, auxiliary definitions and the semantics of ACCPL only take a few pages to describe. This compactness allows us to concentrate on the main goal of this thesis which is the ability to reason about the policies written in ACCPL with respect to specific questions. By making the language compact, we have stayed away from completeness and expressive power in several directions. For example, ACCPL uses only a single policy combinator, the conjunction policy combinator. The design of ACCPL is therefore a trade-off between ease of formal proof of correctness and expressive power. We also consider ACCPL a core policy access-control language since we have retained the core features of many access-control policy languages. For instance ACCPL employs a single condition type called a “prerequisite” where other languages may have very expressive and rich sets of conditions.

access-control

formal verification

proofs

policy language

Public records : a study in archival theory

Livelton, Trevor

January 1991

This thesis provides a theoretical examination of the nature of public records. The study begins by outlining a view of archival theory as knowledge resulting from the analysis of ideas. This form of analysis is first applied to the concept of records, and then to the narrower concept of public records. The result is a view of public records as documents made or received and preserved by the sovereign or its agents in the legitimate conduct of governance. / Arts, Faculty of / Library, Archival and Information Studies (SLAIS), School of / Graduate

Archives -- Management

Public records -- Access control

Seasonal Incomes and Food Insecurity in Rural Costa Rica: Food Consumption Patterns, Availability and Access

Pearson, Emily

January 2013

This study is based on ethnographic research that was conducted in the villages of Santa María de Rivas and San Gerardo de Rivas in the coffee farming region of Pérez Zeledón, Costa Rica. While these two villages are in close proximity to each other, the economy of San Gerardo is based more on tourism than the economy of Santa María, although both towns still engage in agricultural activities. Within each village, I conducted 15 preliminary interviews, followed by ten follow-up interviews with the main food preparers of the households. From in depth discussions, I found that food consumption patterns of people in both towns were being affected by seasonal variations in incomes due to the cyclical nature of employment in both tourism and agriculture. A number of households from these villages were experiencing periods of food worries throughout the year that were linked to the seasonality of tourism as well as agriculture, and in particular coffee production. Seasonal availability of particular food items also shaped consumption patterns; however, perceptions of food insecurity in this context appear to be primarily related to problems of access.

Access

Food Security

Seasonal

Availability

Costa Rica

Centralizovaná správa rolí / Centralized management of user roles

Kotora, Ondřej

January 2008

Správa rolí a identit se stává elementární součástí podnikových informačních systémů. Je součástí oboru Identity a Access managementu, který je velmi mladou a dynamicky se rozvíjející tržní oblastí. Tato diplomová práce poskytuje základní přehled o členění této tržní oblasti a zároveň charakterizuje tuto oblast z pohledu obecného přístupu a přístupu na úrovni odvětví. Je zde popsána nabídka několika hlavních hráčů na trhu s důrazem na vhodnost nasazení v českém prostředí. Konkrétně je vybírán vhodný produkt pro nasazení v České správě sociálního zabezpečení, největší finančně správní institucí státní správy ČR. Je zde také popsáno několik faktorů na které by měl být při podobném výběru kladen důraz. Samotný výběr je pouze informativní s účelem dodat aktuální přehled o možnostech řešení, které trh pro danou oblast nabízí. Identity a Access management totiž v České správě sociálního zabezpečení již zaveden byl. O tomto řešení se zmiňuje předposlední kapitola.

Projekt pro evidenci údajů o klientech v souvislosti s opatřeními proti legalizaci výnosů z trestné činnosti jako součást risk managementu banky / Project for improving data on clients storage system in relation to anti-money laundering as a branch of risk management in banking

Čejka, Martin

January 2009

Theses in the theoretical part deals with risk management and its concrete form in the banking sector. Closer it is aimed at an area of the implementation of measures against money laundering and terrorist financing (AML). The main task of AML consists in compliance with the legislative framework of the country where the bank operates. In the context of this regulation shall the bank obtain and keep information on a range of clients. The project, which is addressed in practical patr of the theses, is aimed at improving the system of collection and storage of data on clients in co-organization of J&T BANKA. The project is a computerized database application in MS Access, which allows bank staff to work efficiently with information on clients.

The informational needs of historians researching women : an archival user study

Beattie, Diane Lynn

January 1987

This thesis examines the informational needs of historians researching women as a subject in archives. The research methodology employed combines two types of user studies, the questionnaire and the reference analysis, in order to determine both the use and usefulness of archival materials and finding aids for historians researching women. This study begins with an overview of the literature on user studies. The thesis then outlines both the kinds of materials and the information historians researching women require. Finally, this study looks at the way historians researching women locate relevant materials and concomitantly the effectiveness of current descriptive policies and practices in dealing with the needs of this research group. This thesis concludes by suggesting a number of ways in which archivists can respond to the informational needs of historians researching women in archives. Firstly, a considerable amount of documentation relevant to the study of women remains to be acquired by archival repositories. While archives should continue to acquire textual materials, more emphasis needs to be placed upon the acquisition of non-textual materials since these materials are also very useful to historians researching women in archives. Secondly, archivists must focus more attention on the informational value of their holdings since the majority of historians researching women are interested in the information the records contain about people, events or subject area and not the description of institutional life contained in records. Thirdly this study demonstrates the need for more subject oriented finding aids. Archivists can improve subject access to their holdings through the preparation of thematic guides, by the creation of more analytical inventory descriptions and by indexing or cataloguing women's records. / Arts, Faculty of / Library, Archival and Information Studies (SLAIS), School of / Graduate

Women -- History -- Archival resources

Archives -- Access control

An access control model based on time and events

Jaggi, Felix P.

January 1990

A new access control model incorporating the notion of time and events is introduced. It allows the specification of fine-grained and flexible security policies which are sensitive to the operating environment. The system constraints, expressed in terms of access windows and obligations, are stored in extended access control lists. The addition of a capability mechanism gives another dimension of protection and added flexibility, so that the flexibility and expressive power of the system constraints is fully supported by the underlying mechanism. The approach is compared to several existing models and its' expressive power is demonstrated by showing the new model can be used to specify different existing security models as well as some special problems. The model is then adapted to work in a distributed environment. / Science, Faculty of / Computer Science, Department of / Graduate

Computer security

Computers -- Access control

Data protection

An evaluation of integrity control facilities in an AS/400 environment

Bosman, Michael Louis

23 September 2014

M.Com. (Computer Auditing) / Both the auditor, faced with the task of determining an effective and efficient audit approach, as well as management, charged with implementing and monitoring need purer security, need to evaluate integrity controls. This need to evaluate integrity controls is increasing, due to the growing complexity of computer environments, the breakdown of the paper audit trail, and the replacement of application controls by integrity controls. By applying the Access Path and Path Context Models, an evaluation was performed of integrity controls and risks in an AS/400 environment. The operating system (08/400) was delineated into functional categories to assist in the evaluation, in a manner consistent with that outlined in the Access Path Model. It was found that sufficient integrity control facilities exist in an AS/400 environment to meet the control objectives, although several risks were identified which could only be addressed by application controls.

Software protection - Evaluation

Auditing - Access control