Global ETD Search

111	Design and implementation of an attribute-based authorization management system Mohan, Apurva 05 April 2011 (has links) The proposed research is in the area of attribute-based authorization systems. We address two specific research problems in this area. First, evaluating authorization policies in multi-authority systems where there are multiple stakeholders in the disclosure of sensitive data. The research proposes to consider all the relevant policies related to authorization in real time upon the receipt of an access request and to resolve any differences that these individual policies may have in authorization. Second, to enable a lot of entities to participate in the authorization process by asserting attributes on behalf of the principal accessing resources. Since it is required that these asserted attributes be trusted by the authorization system, it is necessary that these entities are themselves trusted by the authorization system. Two frameworks are proposed to address these issues. In the first contribution a dynamic authorization system is proposed which provides conflict detection and resolution among applicable policies in a multi-authority system. The authorization system is dynamic in nature and considers the context of an access request to adapt its policy selection, execution and conflict handling based on the access environment. Efficient indexing techniques are used to increase the speed of authorization policy loading and evaluation. In the second contribution, we propose a framework for service providers to evaluate trust in entities asserting on behalf of service users in real time upon receipt of an access request. This trust evaluation is done based on a reputation system model, which is designed to protect itself against known attacks on reputation systems. Policy-based systems Reputation systems XACML Trust metrics Attribute-based systems Authorization systems Computer security Data protection Computers Access control Software protection
112	Biocidų rinkos ir jos dalyvių raida Lietuvoje / Biocides market and its participants development in Lithuania Gerasimavičienė, Daiva 14 June 2006 (has links) Introduction. This paper discusses the most topical issues of the Biocidal Products Directive (BPD) implementation, in particular, the impact on the social and health safety on various population groups, environmental safety, trade, manufacturing and their prospectives. The Aim of the Study – to evaluate the development of the biocides market and its participants in Lithuania. The Tasks – to evaluate the impact of the approximation of the laws of Lithuania and the European Union, concerning the placing of biocides on the market and its participants. Methods. Based on the "Methodology for impact of the regulatory laws assessment", the study identifies changes in the biocides market and the activity of its participants. A sample survey of manufacturers of biocides and of the users (personal health care institutions and preventive disinfection and disinfestation enterprises) was conducted. The analysis and evaluation of the available biocides database was also undertaken and SPSS statistics software was used to measure the statistical significance of the results. The market was assessed by the application of the criteria laid down in the BPD, in particular, the number of authorized biocides, distribution of product types, distribution of biocides according to categories of users, distribution of use of identified and notified active substances of biocides. Results. The study demonstrated that the Lithuanian biocides market has changed following the implementation of the BPD:... [to full text] Public Health Autorizacija Placing on the market Professional user Active substance Biocides Tiekimas į rinką Biocidai Dangerous chemical substance Profesionalusis vartotojas Pavojinga cheminė medžiaga Manufacturer Authorization Veiklioji medžiaga Gamintojas
113	OAuth 2.0 Authentication Plugin for SonarQube Lavesson, Alexander, Luostarinen, Christina January 2018 (has links) Many web services today give users the opportunity to sign in using an account belonging to a different service. Letting users authenticate themselves using another service eliminates the need of a user having to create a new identity for each service they use. Redpill Linpro uses the open source platform SonarQube for code quality inspection. Since developers in the company are registered users of another open source platform named OpenShift, they would like to authenticate themselves to SonarQube using their OpenShift identity. Our task was to create a plugin that offers users the functionality to authenticate themselves to SonarQube using OpenShift as their identity provider by applying the authentication framework OAuth. Theproject resulted in a plugin of high code quality according to SonarQube’s assessment. RedpillLinpro will use the plugin to easily access SonarQube’s functionality when using theapplication in their developer platform. OAuth Authentication Authorization Plugin Open Source SonarQube OpenShift Code Quality PaaS Platform as a Service Java Maven ScribeJava JSON REST API Integration Identity Provider Computer Sciences Datavetenskap (datalogi)
114	Mining Exploration in Peru: A Brief Scope on the Main Authorizations for the Development of an Exploration Project in Peru / La Exploración Minera en el Perú: Un Breve Alcance sobre las Principales Autorizaciones para el Desarrollo de un Proyecto de Exploración en el Perú Pachas Pérez, Diego 10 April 2018 (has links) The purpose of the author in this article is to outline the main licenses regarding mineral exploration and publicize the usual paperwork and contingencies obtaining these permits.It also presents alternatives to traditional procedures, which are more useful in practice to expedite to start of mining exploration activities in Peru. / El fin del autor en este artículo es hacer un esbozo de los principales títulos habilitantes para lo referente a la exploración minera, así como dar a conocer los trámites y usuales contingencias que acarrean la obtención de estos permisos. Asimismo, se presentanalternativas a las tradicionales autorizaciones, que son más útiles en la práctica para agilizarel comienzo de actividades de exploración minera en el Perú. Law Mining Exploration Mining Procedures Authorization For Mining Mining Exploration Rules Mining Activity Mineral Exploration Exploración Minera Procedimientos Mineros Autorizaciones Para Minería Normativa Minera Actividad Minera Exploración Mineralógica
115	Uma arquitetura de segurança para ambientes de educação a distância / A security architecture for distance education environments Castro, Reinaldo de Oliveira 27 August 2002 (has links) Made available in DSpace on 2016-06-02T19:05:31Z (GMT). No. of bitstreams: 1 Dissert-vfce.pdf: 667781 bytes, checksum: f89884a63bab88f526faf7e3a3075944 (MD5) Previous issue date: 2002-08-27 / Financiadora de Estudos e Projetos / Distance Education (DE) is a very important theme that has been discussed intensively owing to the growing demand for continued education and to the modernization and availability of new technologies. Several DE environments have emerged as a result of the increasing popularity of the Internet, each offering a variety of resources, mainly to maximize the teaching/learning process. Due to its relevance to the DE theory, this process has been the focus of several researches aimed at developing this type of environment. As a result, designers and developers have devoted little attention to subjects not directly related to it. The purpose of this work, therefore, is precisely to broach on of these subjects, in the form of a safety architecture for DE environments that takes into account the aspects of authentication and control of user access. From the standpoint of authentication, the architecture employs the password and random question mechanisms coded using cryptographic keys. With regard to access control, the scheme formulated for the architecture combines a series of techniques that allow the manager of course in a DE environment the maximum flexibility and simplicity in managing the authorizations attributed to the users registered in the course. These techniques involve the use of collective/individual authorizations, positive/negative authorizations, and explicit/implicit authorizations. / Educação a Distância (EaD) é um tema de grande importância que vem sendo intensamente abordado devido à crescente demanda pela educação continuada e à modernização e disponibilização de novas tecnologias. Diversos ambientes de EaD surgiram com o aumento da popularidade da Internet, cada um oferecendo uma gama de recursos para, principalmente, maximizar o processo de ensino/aprendizado. Tal processo ocupa um lugar de destaque em várias pesquisas voltadas para o desenvolvimento desse tipo de ambiente devido a sua importância na teoria de EaD. Dessa forma, assuntos que não estão diretamente ligados a ele têm recebido pouca atenção por parte de projetistas e desenvolvedores. O objetivo deste trabalho é justamente atentar para um desses assuntos, apresentando uma arquitetura de segurança para ambientes de EaD que contempla os aspectos da autenticação e do controle de acesso de usuários. Em relação à autenticação, a arquitetura utiliza os mecanismos de senhas e questões randômicas codificadas através de chaves de criptografia. Já em relação ao controle de acesso, o esquema formulado para a arquitetura combina uma série de técnicas que permitem que o administrador de um curso de um ambiente de EaD tenha o máximo de flexibilidade e simplicidade no gerenciamento das autorizações atribuídas aos usuários pertencentes a esse mesmo curso. Tais técnicas englobam o uso de autorizações coletivas/individuais, autorizações positivas/negativas e autorizações explícitas/implícitas. Educação a distância Segurança Autorização Computadores - medidas de segurança Computadores - controle de acesso Distance education Security Authorization
116	Le marché des autorisations administratives à objet économique / The market of economically-aimed administrative authorizations Maublanc, Jean-Victor 05 December 2016 (has links) En matière économique, l'autorisation administrative est un instrument de contrôle du marché dont l'instauration et souvent l'allocation sont théoriquement décidées par l'État. Le recours au marché pour distribuer certaines autorisations administratives bouscule cette présentation. L'autorisation administrative devient l'objet même d'un marché tout en étant un outil censé le réguler. Une fois admise cette ambivalence, se pose la question de la pérennité du contrôle de l'État lorsque l'octroi des autorisations administratives qu'il prévoit repose sur le marché. Susceptible de mettre les bienfaits de ce mode d'allocation des ressources au service de la régulation de l'économie, cette évolution du régime de l'autorisation administrative peut en même temps exprimer la soumission à la loi du marché de la régulation étatique au moyen de l'autorisation administrative.L'objet de cette thèse est de démontrer que l'État n'a qu'une influence limitée sur l'allocation marchande des autorisations administratives à objet économique. Impuissant à empêcher la formation du marché en raison des considérations économiques et psychologiques qui président à sa construction, il l'encourage généralement de façon involontaire ou sous la contrainte. Avec l'Union européenne, les opérateurs économiques soumis à autorisation préalable sont les premiers artisans du marché. Une fois le marché construit, des leviers d'intervention permettent à l'État d'influencer les échanges d'autorisations administratives. En adoptant tour à tour les rôles d'offreur d'autorisations administratives, de demandeur et d'autorité régulatrice, il cumule les facultés de contrôle respectivement attachées à ces fonctions. La circonstance que ces compétences soient toutes partagées et pas nécessairement mises en œuvre atténue notablement ce constat. / In the economic sphere, administrative authorization is traditionally considered a tool used to control the market, with its creation and oftentimes, allocation being, in theory, the result of the State’s decision. Appealing to the market itself for the distribution some administrative authorizations shifts this paradigm. The administrative authorization becomes itself the subject of the market that it supposedly regulates. With this ambivalence having been underlined, the durability of the State’s control over administrative authorizations can be questioned when the market itself determines the authorizations’ distribution. While this evolution could benefit the process of economic regulation with the introduction of its resource distribution model, it could simultaneously reflect the submission of State regulation to the law of the market, through the use of the administrative authorization. Autorisation Acte administratif unilatéral Aide d'État Concession Concurrence Liberté du commerce et de l'industrie Authorization Unilateral administrative act State aid Freedom of trade and industry Patrimonialization 343.08
117	Autentisering och Riskmedvetande : En studie om Lösenordshantering och Risktagande / Authentication and Risk Consciousness : A study on password management and risk taking Håkansson, Daniel Clarke, Lundström, Markus January 2018 (has links) Efter regelbundna diskussioner om huruvida autentisering med statiska lösenord är ett bra tillvägagångssätt växte en idé fram om att undersöka hur människor hanterar sina autentiseringsuppgifter. Detta arbete tar sig an uppgiften att kartlägga svagheter i samband med autentisering vad gäller metoden, samt människors säkerhetsmedvetande och risktagande. Under studien genomfördes en enkätundersökning där 100 personer med varierande ålder och sysselsättning svarade fullständigt. Vi frågade hur de värderar, skapar och hanterar lösenord. De svarande fick även ta ställning till ett antal påståenden, vad gäller deras säkerhetsmedvetande och risktagande i samband med autentisering.Resultatet från studien visar att en majoritet återanvänder lösenord i mycket hög grad. Det framkommer också att en övervägande majoritet använder sig av memorering som huvudsaklig teknik för hantering av lösenord. Resultatet visar även att de svarande i hög utsträckning tycker lösenordets komplexitet är viktigare än dess längd. Dessutom kände sig endast 22% av de svarande ej trygga med ett lösenord som är 8 tecken långt, vilket är en låg procentandel eftersom 8 tecken är för svagt idag. Ämnet är dock komplext, en kombination av längd och komplexitet är önskvärt för att skapa ett starkt lösenord, samtidigt som lösenorden skall vara unika för varje enskild tjänst. Att använda memorering som sin huvudsakliga metod är dessvärre i dessa fall ej applicerbart. En bättre strategi är att använda sig av exempelvis en lösenordshanterare eller att memorera en ramsa. Exempelvis ta förstabokstaven från varje ord i en mening, Min katt heter Glenn han har 3 ben Vit nos & Rött koppel vilket kan resultera i MkhGhh3bVn&Rk. En bra början för att förbättra sin lösenordshantering är att först och främst värdera sina autentiseringsuppgifter som värdefulla, läsa på om ämnet, samt därefter ta fram en egen strategi som är lämplig. / After regular discussions about whether authentication with static passwords is a good approach, an idea emerged to investigate how people handle their authentication credentials. This report tackles the task of mapping weaknesses associated with authentication regarding the method, as well as human security awareness and risk taking. During the study, a survey was conducted in which 100 people completely responded, all with varying age and employment. We asked how they value, create, and manage their passwords. The respondents were also tasked to take a position on a number of allegations, regarding their security awareness and risk-taking in connection with authentication.The result of the study shows that the majority reuse passwords to a very high extent. It also appears that a large majority uses memorization as the maintechnique for password management. The result also shows that respondents to a great extent think the complexity of the password is more important than its length. In addition, only 22% of respondents felt unsafe with a password that is 8 characters long, which is a low percentage since 8 characters are too weak today.Though the subject is complex, a combination of length and complexity is desirable to create a strong password. In addition to that the passwords must be unique to each service. Using memorization as its main method is unfortunately not applicable in these cases. A better strategy is to use, for example, a password manager or to generate a memorandum chant. For example, take the first letter of each word in one sentence, My cat is called Glenn he has 3 legs White nose & Redlink which can result in McicGhh3lWn&Rl. A good start to improve one’s password management is to firstly evaluate authentication credentials as valuable, read upon the subject, and then develop a strategy that is appropriate to one’s needs. Authentication Authorization Security Consciousness Password Risk Detection Identity Identification Compromise Study Survey Autentisering Auktorisering Säkerhetsmedvetande Lösenord Risktagande Identitet Identifiering Kompromettering Studie Enkät Information Systems
118	An architecture to resilient and highly available identity providers based on OpenID standard / Uma arquitetura para provedores de identidade resistente e altamente disponíveis com base no padrão OpenID Cunha, Hugo Assis 26 September 2014 (has links) Submitted by Lúcia Brandão (lucia.elaine@live.com) on 2015-07-14T15:58:20Z No. of bitstreams: 1 Dissertação - Hugo Assis Cunha.pdf: 4753834 bytes, checksum: 4304c038b5fb3c322af4b88ba5d58195 (MD5) / Approved for entry into archive by Divisão de Documentação/BC Biblioteca Central (ddbc@ufam.edu.br) on 2015-07-20T14:08:11Z (GMT) No. of bitstreams: 1 Dissertação - Hugo Assis Cunha.pdf: 4753834 bytes, checksum: 4304c038b5fb3c322af4b88ba5d58195 (MD5) / Approved for entry into archive by Divisão de Documentação/BC Biblioteca Central (ddbc@ufam.edu.br) on 2015-07-20T14:12:26Z (GMT) No. of bitstreams: 1 Dissertação - Hugo Assis Cunha.pdf: 4753834 bytes, checksum: 4304c038b5fb3c322af4b88ba5d58195 (MD5) / Made available in DSpace on 2015-07-20T14:12:26Z (GMT). No. of bitstreams: 1 Dissertação - Hugo Assis Cunha.pdf: 4753834 bytes, checksum: 4304c038b5fb3c322af4b88ba5d58195 (MD5) Previous issue date: 2014-09-26 / Não Informada / Quando se trata de sistemas e serviços de autenticação seguros, há duas abordagens principais: a primeira procura estabelecer defesas para todo e qualquer tipo de ataque. Na verdade, a maioria dos serviços atuais utilizam esta abordagem, a qualsabe-sequeéinfactívelefalha. Nossapropostautilizaasegundaabordagem, a qual procura se defender de alguns ataques, porém assume que eventualmente o sistema pode sofrer uma intrusão ou falha e ao invés de tentar evitar, o sistema simplesmente as tolera através de mecanismos inteligentes que permitem manter o sistema atuando de maneira confiável e correta. Este trabalho apresenta uma arquiteturaresilienteparaserviçosdeautenticaçãobaseadosemOpenIDcomuso deprotocolosdetolerânciaafaltaseintrusões, bemcomoumprotótipofuncional da arquitetura. Por meio dos diversos testes realizados foi possível verificar que o sistema apresenta um desempenho melhor que um serviço de autenticação do OpenID padrão, ainda com muito mais resiliência, alta disponibilidade, proteção a dados sensíveis e tolerância a faltas e intrusões. Tudo isso sem perder a compatibilidade com os clientes OpenID atuais. / Secure authentication services and systems typically are based on two main approaches: the first one seeks to defend itself of all kind of attack. Actually, the major current services use this approach, which is known for present failures as well as being completely infeasible. Our proposal uses the second approach, which seeks to defend itself of some specific attacks, and assumes that eventually the system may suffer an intrusion or fault. Hence, the system does not try avoiding the problems, but tolerate them by using intelligent mechanisms which allow the system keep executing in a trustworthy and safe state. This research presents a resilient architecture to authentication services based on OpenID by the use of fault and intrusion tolerance protocols, as well as a functional prototype. Through the several performed tests, it was possible to note that our system presents a better performance than a standard OpenID service, but with additional resilience, high availability, protection of the sensitive data, beyond fault and intrusion tolerance, always keeping the compatibility with the current OpenID clients. Tolerância a faltas e intrusões Sistemas resilientes Replicação de máquinas de estado Fault and intrusion tolerance Resilient systems State machine replication OpenID
119	UTILIZAÇÃO DE INFORMAÇÕES CONTEXTUAISEMUMMODELO DE CONTROLE DE ACESSO A INFORMAÇÕES MÉDICAS / USE OF CONTEXTUAL INFORMATION IN A MODEL OF ACCESS CONTROL TO MEDICAL INFORMATION Soares, Gerson Antunes 17 January 2007 (has links) This work presents a boarding on the use of contextual information in a model of access control to electronic patient record (EPR). The EPR registers information on the health of the patient and the assistance given it, and has legal, secret and scientific character, being able to also include administrative and financial contents related the carried through procedures or treatments. In summary, can be said that the EPR keeps to the documents on the state of health and the cares received for an individual throughout its life. However, the availability of clinical information in computer networks raises questionings on the privacy of the patients and the integrity and confidentiality of the data. The access control is a point key to keep such requirements. The main objective in the development of this modelof access control is to provide different forms of access to information in a hospital environment, propitiating the adequacy with the pertinent legislation. To boarding proposal in this work allows to the application of politics and more specific rules of access, adding more functionality to the systems of access control. The focus of quarrel of this work deals with the use of medical information in the scope of the University Hospital of Santa Maria, and aims at to the integration of the model with modules in development in the data processing center of the institution. / Este trabalho apresenta uma abordagem sobre a utilização de informações contextuais em um modelo de controle de acesso a informações de prontuários eletrônicos de paciente (PEP). O PEP registra informações sobre a saúde do paciente e a assistência a ele prestada, e tem caráter legal, sigiloso e científico, podendo incluir também conteúdos administrativos e financeiros relacionados a procedimentos ou tratamentos realizados. Resumidamente, pode-se dizer que o PEP guarda os documentos sobre o estado de saúde e os cuidados recebidos por um indivíduo ao longo da sua vida. Entretanto, a disponibilização de informações clínicas em redes de computadores levanta questionamentos sobre a privacidade dos pacientes e a integridade e confidencialidade dos dados. O controle de acesso é um ponto chave para manter tais requisitos. O principal objetivo no desenvolvimento deste modelo de controle de acesso é prover diferentes formas de acesso a informações em um ambiente hospitalar, propiciando a adequação com a legislação pertinente. A abordagem proposta neste trabalho permite a aplicação de políticas e regras de acesso mais específicas, agregando mais funcionalidade aos sistemas de controle de acesso. O foco de discussão desta dissertação trata da utilização de informações médicas no âmbito do Hospital Universitário de Santa Maria, e visa à integração do modelo com módulos em desenvolvimento no centro de processamento de dados da instituição. Modelo de controle de acesso Prontuário eletrônico do paciente Informações contextuais Segurança Autorização Model of access control Electronic patient record Contextual information Security Authorization
120	SGPCA SISTEMA GERENCIADOR DE POLÍTICAS DE CONTROLE DE ACESSO Lima, Paulo Ricardo Barbieri Dutra 17 August 2008 (has links) Coordenação de Aperfeiçoamento de Pessoal de Nível Superior / Information is the most precious assets to organizations; hence it is necessary to have mechanisms to protect it and to make it available only to whom have factual permission to use it. Considering the need for protection of the information in organizations it is proposed in this work a system to manage access control policies which can be easily used, that is, it does not require any knowledge of policies codification language. Further, as the creation of new policies could generate conflicts with existent ones, this work also proposes algorithms which manage automatically, in a period of policies creation, the control of some kinds of conflicts, such as interest conflicts. As result, we have offer a Access Control Police Management System that enable that the process of generation and editing policies occurs easily and without conflicts. The reference model used in this work refers to health organizations; however this study can be applied in other fields. / A informação é o bem mais valioso para as organizações, logo deve-se ter mecanismos para que ela possa ser bem protegida e que seja disponível somente para quem tem real permissão de utilizá-la. Dado esta necessidade de proteção da informação nas organizações, propõe-se neste trabalho um sistema de gerenciamento de políticas de controle de acesso, que possa ser utilizado de forma facilitada, ou seja, não requerendo conhecimento de linguagem de codificação de políticas. Adicionalmente, como a criação de novas políticas pode gerar conflitos com as já existentes, este trabalho propõe também algoritmos que gerenciam automaticamente, em tempo de criação das políticas, o controle de alguns tipos de conflitos, tais como conflitos de interesse. Como resultado tem-se um Sistema Gerenciador de Políticas de Controle de Acesso que possibilita que o processo de geração e edição de políticas ocorra de maneira facilitada e sem conflitos. O modelo de referência utilizado neste trabalho refere-se no âmbito de organizações da saúde, mas o estudo realizado pode ser utilizado em outras áreas. Gerenciamento baseado em políticas Políticas de controle de acesso XACML Conflitos Segurança e autorização Police based management Access control policies XACML Conflicts Security Authorization

Search results