Multiprocessor architectures for supporting secure database management

Trueblood, Robert P.

January 1979

In most conventional computer environments an increase in complexity of security mechanisms for greater precision and resolution can possibly degrade the performance of the system. Also, security checking which is often embedded In the operating system, database management system, or both is difficult to change and verify. This dissertation presents a new system architecture that can possibly solve many of the problems of protection and security found in a conventional environment. This new system is a MULTIprocessor system for supporting Secure Authorization with Full Enforcement (MULTISAFE) for database management. The architecture of MULTISAFE combines the concepts of multiprocessing, pipelining, and parallelism to form a new system organization. The system's organization ls partitioned into three modules: the user and application module (UAM), the data storage and retrieval module (SRM), and the protection and security module (PSM). Each module is viewed as being implemented on one or more hardware (or virtual) processors with its own memory. The system organization incorporates a multiport-memory organization with private memories. A memory is made "private" by connecting only certain processors to it thereby providing physical separation between the UAM memory and the PSM and SRM memories. This separation (or isolation) can significantly improve security because it is physically impossible for a user to access the PSM or the SRM memories. System performance can possibly be enhanced by concurrent processing. The modules (or processors) require direct communication among themselves and the system users. Because of this communication requirement MULTISAFE is viewed as a message-driven, dataflow system. The majority of this dissertation focuses on the flow of messages and on showing that this flow is secure. To have secure message flow in MULTISAFE all messages are classified, and all message sequences are identified. All messages are classified by five attributes (class, source, target, type, and subtype). Message sequences are formed by the receiving and sending of messages. That is, the target module of the received message becomes the source of the sent message. Message sequences begin with a user’s access request and ends with a response for that request. Such sequences are called round-trip message sequences. Once the messages and their flow have been described, it is then possible to describe how each MULTISAFE module monitors its own messages. The monitoring of messages follows the pattern of receiving a message, processing the message, and sending a message. These three dataflow components are described as abstract data operations on the data object message. These operations are then used to describe the monitoring procedure for each module. Each module monitor is basically a table look-up process which uses the classification of the received message as the table index for determining the next message to be sent. The proof that message flow is secure consists of showing that every message in MULTISAFE is part of a message sequence and. that every message sequence is part of a round-trip message sequence. The proof culminates by showing that an access decision is made on all MULTISAFE round-trip message sequences. / Ph. D.

LD5655.V856 1979.T78

Computers -- Access control

Multiprocessors

A microprocessor-based entry access and identification logging system

Pendharkar, Vivek S.

January 1982

M. S.

LD5655.V855 1982.P432

Computers -- Access control

Microprocessors

An empirically developed system for the selection of input devices for users with physical disabilities

Casali, Sherry P.

28 July 2008

The selection of an input method to allow computer access by persons with disabilities is currently done by trained personnel; however, the selection process is unsystematic, subjective, and plagued with problems. This research has attempted to develop a systematic method, based on objective measures of an individual's hand skills, for selecting a computer input device. Each input device being considered was evaluated to determine the probable basic elements of motor performance which contribute to successful operation of the device. Subjects in the study consisted of individuals with various degrees of functional limitations of their upper extremities. Subjects first underwent a specially-developed motor assessment test designed to measure each of the motor functions identified as contributing to the operation and control of the input devices. Each subject then performed a series of computer-based tasks with each input device. The task itself was a modified target acquisition task with the independent variables of target size, target distance, mode (button up vs. button down (i.e. point vs. drag moves)), and trial block. The participants’ scores on both the assessment test and each device were analyzed in order to form the relationships between the two sets of scores. Results show that : 1) By analyzing a prospective input device with respect to the physical actions necessary for operation, and comparing an individual's scores on the subtests of the motor function assessment which correspond to those necessary actions, the test administrator can immediately identify actions which may be necessary, but which are extremely difficult or unavailable. If no discrepancies between the available and required actions exist, then one can conclude that the device is operable by the client. 2) Where discrepancies do exist between what a client can do and what a device requires, the assessment test targets the specific actions which create the difficulty. As a result, one can then recommend modifications to the device which may lead to the client being able to operate the device. 3) Finally, the effects of task parameters such as target size, target distance, and the effects of practice were determined for persons with different levels of hand skill (as measured by the assessment test). In general, persons with limited hand skill require only slightly longer to become proficient with a device than persons without disabilities. The rank ordering of the five devices tested with respect to input rates achievable was the same for persons with and without disabilities. Persons with disabilities were, as expected, slower overall with each device. In general, the trackball, mouse, and tablet resulted in better performance than the keys or joystick, for persons with and without disabilities. Persons with limited hand skill were more affected by the task parameter of target size on all devices, particularly for button down moves. Regardless of disability level, persons generally preferred the trackball over the remaining devices, and rated the joystick as being less preferable than the other devices. This research not only developed guidelines concerning the five devices selected for use in this study, but also serves to demonstrate the feasibility and utility of an accommodative aid selection system based on a functional assessment of the client's residual abilities. In addition, this research provides important information to hardware and software manufacturers regarding accessibility issues. / Ph. D.

LD5655.V856 1991.C393

Computers -- Access control

People with disabilities

Performance analysis of the MULTISAFE protection enforcement processes

Deaver, Mason C.

30 October 2008

This paper describes the performance of the MULTISAFE database protection model through response-time equations. A predicate-based protection model is described. Various classes of access decision dependencies are reviewed. The distinct modules of MULTISAFE are discussed, and a relational database approach to the management of data protection is developed for these modules. A performance equation which models user login into MULTISAFE is developed. A set of equations is developed which model the processing of database queries as a series of steps. These equations are then modified to consider the possibility of concurrent processing among the MULTISAFE modules. The two sets of equations are compared and analyzed. The analysis reveals that the concurrency feature of MULTISAFE allows database protection to be implemented with a minimum of system overhead. Further analysis shows that, in some cases, an arbitrary database query takes less time to process with all protection checks in force than a similar query in a protection less environment. / Master of Science

LD5655.V855 1983.D429

Computers -- Access control

Data protection

Flexible authorizations in workflow management systems

Lui, W. C., 雷永祥.

January 2002

published_or_final_version / Computer Science and Information Systems / Master / Master of Philosophy

Management information systems.

Computers - Access control.

Computer security.

Data protection.

METHODOLOGY FOR THE OPTIMIZATION OF RESOURCES IN THE DETECTION OF COMPUTER FRAUD.

DUNN, THURMAN STANLEY.

January 1982

A methodology is proposed for optimizing the allocation of resources in the detection of computer fraud. The methodology consists of four major segments. First, a threat assessment is performed. A general threat assessment is provided which relies upon reported incidents of computer fraud. Then, recognizing the limitations of computer fraud reporting, a specific threat assessment technique is provided which is based entirely on the characteristics of a given computer system. Both the general and specific threat assessment techniques use a matrix approach which evaluates and assigns threat values by type of computer fraud and perpetrator. Second, a Detection Quotient is established which measures the effectiveness of computer fraud detection resource allocation for all of the possible combinations of computer fraud types and perpetrators. However, for many computer systems, the large number of possible resource allocation alternatives results in a Combinatorial Dilemma whereby the phenomenally large number of alternatives precludes comprehensive analysis. This leads to the third major segment of the dissertation, a General Solution to the Combinatorial Dilemma which ensures an alternative very near the optimum while evaluating only an extremely small percentage of possible alternatives. Fourth, a Resource Optimization Model is provided which, beginning with the results of the Threat Assessment, iteratively assigns varying levels of computer fraud detection resources to different fraud type and perpetrator combinations. Using the general solution to the Combinatorial Dilemma and the Detection Quotient as a measure of the effectiveness of each combination, the model produces a statistically defensible near optimum allocation of available resources to computer fraud detection. Also provided are the results of the research into reported cases of fraud in the form of a Typology. This Typology combines frequency of occurrence and dollar impact of reported cases of fraud into a measure of vulnerability for various types of fraud and perpetrator. Finally, an overview of investigative techniques and automated tools for evaluating the propriety of computer systems is provided.

Computer crimes

Computers -- Access control

PERSONAL PRIVACY IN A COMPUTER INFORMATION SOCIETY.

ESQUERRA, RONALD LEE.

January 1982

Americans live in a service-oriented, computer-based society whose collective market place is fueled by the collection, use, exchange, and storage of information about people by government and business institutions. Consequently, individuals are having fewer face-to-face contacts in their relationships with these institutions while more decisions affecting their everyday lives are being made by strangers based upon information maintained in computer data systems. This being so, public concern about privacy, specifically the potential abuse and misuse of personal information by government and business, has increased substantially in recent years. There also exists the constant threat of information technology outstripping existing legal frameworks and outpacing the privacy expectations of citizens. More than ever, government and business policy makers will face the dilemma of balancing the legitimate needs of institutions for information about people with the privacy standing of the individual. Knowledge of public views are essential to this task. The purpose of this opinion research study is to learn the views of Arizona residents regarding their personal privacy and relationships with select privacy-intensive public and private institutions. The results provide empirical data for the privacy protection deliberations of the government and business policy makers who practice within Arizona. The results show personal privacy as an issue of serious public concern, with Arizona residents requesting further government laws and business policies and practices to protect their privacy. Arizona residents recognize the legitimate information needs of government and business institutions, but they expect protections against unwelcome, unfair, improper, and excessive collection and dissemination of personal information about them. Computers are perceived as threats to personal privacy, suggesting if institutions expect to be able to continue widespread applications of computers, measures must be taken to assure the public that the personal information stored in such systems are safeguarded from abuse and misuse. The results also show that there is a direct relationship between the degree of alienation or estrangement which individuals feel from government and business institutions and their attitudes toward privacy issues and perception of computer benefits and dangers. Consequently, to affect such attitudes will require sound measures.

Privacy, Right of -- Arizona.

Computers -- Access control.

Public records -- United States.

A tree grammar-based visual password scheme

Okundaye, Benjamin

January 2016

A thesis submitted to the Faculty of Science, University of the Witwatersrand, Johannesburg, in fulfilment of the requirements for the degree of Doctor of Philosophy. Johannesburg, August 31, 2015. / Visual password schemes can be considered as an alternative to alphanumeric passwords. Studies have shown that alphanumeric passwords can, amongst others, be eavesdropped, shoulder surfed, or guessed, and are susceptible to brute force automated attacks. Visual password schemes use images, in place of alphanumeric characters, for authentication. For example, users of visual password schemes either select images (Cognometric) or points on an image (Locimetric) or attempt to redraw their password image (Drawmetric), in order to gain authentication. Visual passwords are limited by the so-called password space, i.e., by the size of the alphabet from which users can draw to create a password and by susceptibility to stealing of passimages by someone looking over your shoulders, referred to as shoulder surfing in the literature. The use of automatically generated highly similar abstract images defeats shoulder surfing and means that an almost unlimited pool of images is available for use in a visual password scheme, thus also overcoming the issue of limited potential password space. This research investigated visual password schemes. In particular, this study looked at the possibility of using tree picture grammars to generate abstract graphics for use in a visual password scheme. In this work, we also took a look at how humans determine similarity of abstract computer generated images, referred to as perceptual similarity in the literature. We drew on the psychological idea of similarity and matched that as closely as possible with a mathematical measure of image similarity, using Content Based Image Retrieval (CBIR) and tree edit distance measures. To this end, an online similarity survey was conducted with respondents ordering answer images in order of similarity to question images, involving 661 respondents and 50 images. The survey images were also compared with eight, state of the art, computer based similarity measures to determine how closely they model perceptual similarity. Since all the images were generated with tree grammars, the most popular measure of tree similarity, the tree edit distance, was also used to compare the images. Eight different types of tree edit distance measures were used in order to cover the broad range of tree edit distance and tree edit distance approximation methods. All the computer based similarity methods were then correlated with the online similarity survey results, to determine which ones more closely model perceptual similarity. The results were then analysed in the light of some modern psychological theories of perceptual similarity. This work represents a novel approach to the Passfaces type of visual password schemes using dynamically generated pass-images and their highly similar distractors, instead of static pictures stored in an online database. The results of the online survey were then accurately modelled using the most suitable tree edit distance measure, in order to automate the determination of similarity of our generated distractor images. The information gathered from our various experiments was then used in the design of a prototype visual password scheme. The generated images were similar, but not identical, in order to defeat shoulder surfing. This approach overcomes the following problems with this category of visual password schemes: shoulder surfing, bias in image selection, selection of easy to guess pictures and infrastructural limitations like large picture databases, network speed and database security issues. The resulting prototype developed is highly secure, resilient to shoulder surfing and easy for humans to use, and overcomes the aforementioned limitations in this category of visual password schemes.

Content-based image retrieval.

Pattern recognition systems.

Password-authenticated two-party key exchange with long-term security

Unknown Date

In the design of two-party key exchange it is common to rely on a Die-Hellman type hardness assumption in connection with elliptic curves. Unlike the case of nite elds, breaking multiple instances of the underlying hardness assumption is here considered substantially more expensive than breaking a single instance. Prominent protocols such as SPEKE [12] or J-PAKE [8, 9, 10] do not exploit this, and here we propose a password-authenticated key establishment where the security builds on the intractability of solving a specied number of instances v of the underlying computational problem. Such a design strategy seems particularly interesting when aiming at long-term security guarantees for a protocol, where expensive special purpose equipment might become available to an adversary. In this thesis, we give one protocol for the special case when v = 1 in the random oracle model, then we provide the generalized protocol in the random oracle model and a variant of the generalized protocol in the standard model for v being a polynomial of the security parameter `. / by WeiZheng Gao. / Thesis (Ph.D.)--Florida Atlantic University, 2012. / Includes bibliography. / Electronic reproduction. Boca Raton, Fla., 2012. Mode of access: World Wide Web.

Data encryption (Computer science)

Computer networks (Security measures)

Software protection

Computers--Access control--Passwords

Security of distributed data systems

Finch, Steven D.

January 2010

Typescript (photocopy). / Digitized by Kansas Correctional Industries

Computers-- Access control.