Programų sistemos vartotojų teisių valdymo modelis ir jo tyrimas / The software system users authorization management model development and research

Janulevičius, Kęstutis

31 May 2006

In security engineering and computer security, authorization, is a part of the operating system that protects computer resources by only allowing those resources to be used by resource consumers that have been granted authority to use them. Resources include individual files or items data, computer programs, computer devices and functionality provided by computer applications. Examples of consumers are computer users, computer programs and other devices on the computer. Authorization process makes use of the authentication process to identify consumers. When a consumer tries to use a resource, the authorization process checks that the consumer has been granted permission to use that resource. Permissions are generally defined by the computer's system administrator in some types of "security policy application", such as an access control list or a capability, on the basis of the "principle of least privilege": consumers should only be granted permissions they need to do their jobs. Older and single user operating systems often had weak or non-existent authentication and authorization systems. "Anonymous consumers" or "guests", are consumers that have not been required to authenticate. They often have very few permissions. On a distributed system, it is often desirable to grant access without requiring a unique identity. Familiar examples of authorization tokens include keys and tickets: they grant access without proving identity.

Informatics Engineering

Informacinės technologijos

Information technologies

Authorization

Autorizacija

Biocidų rinkos ir jos dalyvių raida Lietuvoje / Biocides market and its participants development in Lithuania

Gerasimavičienė, Daiva

14 June 2006

Introduction. This paper discusses the most topical issues of the Biocidal Products Directive (BPD) implementation, in particular, the impact on the social and health safety on various population groups, environmental safety, trade, manufacturing and their prospectives. The Aim of the Study – to evaluate the development of the biocides market and its participants in Lithuania. The Tasks – to evaluate the impact of the approximation of the laws of Lithuania and the European Union, concerning the placing of biocides on the market and its participants. Methods. Based on the "Methodology for impact of the regulatory laws assessment", the study identifies changes in the biocides market and the activity of its participants. A sample survey of manufacturers of biocides and of the users (personal health care institutions and preventive disinfection and disinfestation enterprises) was conducted. The analysis and evaluation of the available biocides database was also undertaken and SPSS statistics software was used to measure the statistical significance of the results. The market was assessed by the application of the criteria laid down in the BPD, in particular, the number of authorized biocides, distribution of product types, distribution of biocides according to categories of users, distribution of use of identified and notified active substances of biocides. Results. The study demonstrated that the Lithuanian biocides market has changed following the implementation of the BPD:... [to full text]

Public Health

Autorizacija

Placing on the market

Professional user

Active substance

Biocides

Tiekimas į rinką

Biocidai

Dangerous chemical substance

Profesionalusis vartotojas

Pavojinga cheminė medžiaga

Manufacturer

Authorization

Veiklioji medžiaga

Gamintojas

Elektroninio parašo atributų sertifikavimas / Certification of electronic signature attributes

Lozda, Marius

27 June 2014

Darbe nagrinėjama atributinės informacijos sertifikavimo šiuo metu naudojamuose elektroniniuse parašuose problema. Trumpai apžvelgiami elektroninio parašo principai ir supažindinama su viešųjų raktų infrastruktūra, nurodant galimybes jai išplėsti, iškilus poreikiui užtikrinti aukštesnį saugumo lygį keičiantis papildoma (atributine) informacija. Nagrinėjami įvairūs atributinės informacijos sertifikavimo metodai, viešųjų raktų infrastruktūroje įvedant atributų sertifikato ir atributų sertifikavimo centro sąvokas. Pateikiamas tinkamiausio metodo pritaikymo pavyzdys, modeliuojant elektroninio parašo naudojimo situaciją, artimą dabartinei situacijai Lietuvoje. Sprendimo pritaikymas demonstruojamas apibrėžiant patobulintos elektroninio parašo infrastruktūros prototipą. / This paper analyses issues of attribute certification in currently used electronic signatures. Fundamentals of electronic signatures and public key infrastructure are briefly described, focusing on possibilities of achieving higher security level in communication when attribute information is important. Various suggestions for attribute certification are analysed, introducing atribute certificates and atribute authorities. Different certification methods are compared and evaluated, applying the most suitable one in the public key infrastructure usage model, that is constructed by simplifying the current situation of electronic signatures. The solution is represented by describing the prototype of improved electronic signature infrastructure.

Atributų sertifikavimas

Autorizacija

Autentifikacija

Atributinė informacija

Elektroninis parašas

Sertifikatas

Sertifikavimo centras

X.509

Parašo taisyklės

Prototipas

Skaitmeninis parašas

Viešųjų raktų infrastruktūra

Sertifikavimo veiklos nuostatai

Attribute certification

Authorization

Autentification

Digital signature

Electronic signature

Certificate

Certificate authority

Signature policy

Prototipe

Public key infrastructure

Certificate practice statement