Spelling suggestions: "subject:"access control atemsystem"" "subject:"access control systsystem""
1 |
Separation of Duty in Role Based AccessKugblenu, Francis M., Asim, Memon January 2007 (has links)
In today’s business world, many organizations use Information Systems to many their sensitive and business critical information. The need to protect such a key component of the organization cannot be over emphasized. Access control has been found to be one of the effective ways of insuring that only authorized users have access to the information resources to perform their job function. Role Based Access Control has been found to be the access control mechanism that fits naturally with the organizational structure of businesses. Separation of duties is a security principle that has been used extensively to prevent conflict of interest, fraud and error control in organizations. In this thesis, we identify the various forms of separation of duties in role based access control systems. We also do a case study of the role based access control system in the banking application of a financial institution.
|
2 |
An Integrated Room Booking and Access Control System for Public SpacesKamil, Jaffar, Amer, Mohamed January 2023 (has links)
Public spaces, especially educational institutions like universities, encounter challenges with their room booking and access control systems. These challenges commonly manifest as overlapping bookings and unauthorized entry. The latter issue, unauthorized access, specifically stems from inadequate integration between the respective systems. This bachelor thesis introduces a proof-of-concept for a cohesive room booking and access control system to address these issues. The proposed solution encompasses two mobile applications, one as the room reservation platform and the other as the access control mechanism. By integrating the management of bookings and access control, this proof-of-concept aims to overcome the prevalent shortcomings in existing systems. Halmstad University's IT department was consulted during the requirement definition phase to ensure a comprehensive understanding of the common problems, their underlying causes, and possible solutions. The proposed system utilizes common technologies such as NodeJS, Android Studio, and PostgreSQL. Additionally, Mobile BankID is integrated as a unique feature for secure user authentication, providing a trusted and widely-accepted method to verify users' identities. The final results were tested in a simulated environment and indicate that the developed system satisfies the initial requirements, addressing the problems of double bookings and unauthorized access identified during the consultation with the IT department.
|
3 |
Designing an Access Control System for Internet of Things / Utformning av ett accesskontrollsystem för sakernas internetGrape, Felix January 2017 (has links)
For many Internet of Things (IoT) devices security have not been a priority during the development, but what happens if the makers of IoT devices use a secure framework for developing their devices? In this thesis a number of such frameworks have been evaluated for their suitability to build an access control system around. Both Vanadium and Protocol of Things (PoT) were found to be suitable candidates. Both frameworks employ a distributed access control model where the owner of a device can grant other users access to the device by generating a signed authorization. PoT was ultimately chosen as the framework around which to design the prototype access control system because it was deemed to be slightly more suitable than Vanadium. The prototype takes the rule based and discretionary access control model from the underlying framework and makes it possible for administrators to transparently authorize users to devices through role abstractions. Thus it is possible to transparently manage a class of users at the same time instead of having to manage each individual user. Furthermore the prototype is able to do this in a generic way. The prototype does not contain any code of functionality for any specific device it manages, it is capable of managing access to any PoT device. The design and implementation is deemed both scalable and efficient. Running on a single thread it is possible to generate over one thousand signed authorizations per second. In a system where users are granted access to 200 unique device permissions the total file size of the signed authorizations and accompanying meta data does not exceed 150 kB. It takes approximately 70 ms to establish a secure connection between the client and server software. For large data transfers the throughput is approximately 2.6-2.8 MB per second, including encryption and decryption of request and response from the client to the server. / För många enheter tillhörande sakernas internet har säkerhet inte varit en prioritet under utvecklingen, men vad händer om tillverkare istället använder ett säkert ramverk för att utveckla sina produkter? I den här rapporten presenteras en utvärdering av några sådana ramverks lämplighet för att användas för att bygga ett accesskontrollsystem kring. Både Vanadium och Protocol of Things (PoT) finns vara lämpliga kandidater. Båda ramverken använder en decentraliserad säkerhetsmodell där ägaren av en enhet kan ge andra användare tillgång till enheten genom att generera en signerad auktorisation. PoT är det ramverk som användes för att utforma accesskontrollsystemprototypen kring för att det ansågs vara något mer lämpligt jämfört med Vanadium. Prototypen använder en rollabstraktion för att underlätta arbetet för administratörer att ge användare rätt behörigheter. På så vis blir det möjligt att konfigurera en klass av användare samtidigt istället för att behöva konfigurera varje användare individuellt. Prototypen kan göra allt detta på ett generiskt sätt. Det innebär att prototypen inte innehåller någon kod eller funktionalitet som är specifik för någon enhet så länge det är en PoT-enhet. Den föreslagna designen och implementationen är skalbar och effektiv. Över ett tusen signerade auktorisationer kan genereras per sekund på en exekveringstråd. I ett system där användare ges behörighet till 200 unika behörigheter på olika enheter uppgår den totala filstorleken för de signerade auktorisationerna och tillhörande metadata till mindre än 150 kB. Det tar uppskattningsvis 70 ms att skapa en säker anslutning mellan klient- och server-mjukvara. För stora dataöverföringar är överföringshastigheten uppskattningsvis 2.6-2.8 MB per sekund, vilket inkluderar kryptering och avkryptering av fråga och svar från klienten till servern.
|
4 |
Zařízení pro testování výroby / Production testing equipmentVokřál, Jiří January 2019 (has links)
The thesis introduces the design of a test device for preassembled mechatronic cylindrical locks. The device is designed to test the mechanical and electronic parts which ensure minimisation of loss caused by poor preassembling or defect due to electronic parts. Since the defect will only come to realisation upon the complete product testing, the time of complete dismounting, exchange and assembly of the mechatronic parts would be saved and also time required for the final test of the whole product on the device would be saved.
|
5 |
Návrh a realizace jednotek modulárního přístupového systému / Modular access control system units design and implementationFoltýn, Petr January 2010 (has links)
This thesis describes design and realization of units of a developed modular access control system. It is focused on creating a software units modular system and its function.
|
6 |
CLONING ATTACKS AGAINST NFC-BASED ACCESS CONTROL SYSTEMSLeclerc, Sebastian, Kärrström, Philip January 2022 (has links)
The wireless communication methods Near Field Communication (NFC) and Radio FrequencyIdentification (RFID) are today used in different products such as access cards, smartphones, andpayment cards. An effective attack against this type of technology is cloning attacks. Cloning attacks can deceive access control systems which may cause serious damage to organizations such asinformation leakage and financial loss. This type of attack attempts to deceive a system with anillegitimate cloned card that may be an identical copy of all the data on a card, parts of the data, orperhaps only by using its identification number. Therefore the existing security flaws that cloningattacks exploit are an important threat for organizations to acknowledge and manage. This thesis focuses on evaluating three different access control systems in use and demonstratessecurity flaws that exist in these systems. The systems are evaluated by how data can be extractedfrom the access control cards, this includes the time to collect all the data, reading distance, andinterfering objects. Systems are also evaluated by what information the systems validate. Compatible equipment for evaluating the different systems is necessary such as readers, writers, and otherpenetration testing tools. The type of card that the systems use is called Mifare classic whereastwo of the systems used a 1K version and one a 4K version, specifying the amount of availablememory on the card itself. The equipment also made it possible to perform and verify cloningattacks through different processes such as simulation and sniffing to explore what information certain access control systems deem necessary on the access cards. Rigorous experiments on the systems and the results reveal that crucial information on the accesscards could easily be extracted, reused, and simulated for accessing two of the systems. One systemproved to be more secure since it required more advanced methods to clone cards that the systemaccepted. The results of this thesis demonstrate that the evaluated access control systems cannotbe considered secure without additional layers of security added to them, instead, it is important tokeep the back-end system maintained through various applicable means.
|
7 |
Návrh přístupového systému jako součást řešení fyzické bezpečnosti / Design of Access System as a Part of Physical Security SolutionDohnal, Matěj January 2017 (has links)
This master’s thesis deals with design of an access system as a part of physical security solution for an energy company in the Czech Republic. The access system is designed to meet all legal requirements and conform to ISO 27001 certification. Implementation of the proposed access system is demonstrated on the selected company object, a representative example of connecting the critical infrastructure element and the company's common facility.
|
8 |
Návrh optimalizace a monitoringu infrastruktury serverovny podniku / Enterprise Server Room Infrastructure Optimalization and MonitoringHink, Tomáš January 2019 (has links)
This master's thesis deals with the design and implementation of optimization and monitoring of the server room. Optimization consists in designing access system and server room temperature measurement, automatic infrastructure start-up and power management, server and network infrastructure optimization, server virtualization management and network monitoring.
|
Page generated in 0.0801 seconds