Application of active rules to support database integrity constraints and view management

Visavapattamawon, Suwanna

01 January 2001

The project demonstrates the enforcement of integrity constraints in both the conventional and active database systems. The project implements a more complex user-defined constraint, a complicated view and more detailed database auditing on the active database system.

Database management

Databases -- Computer networks

Computers -- Access control

Management information systems

Databases and Information Systems

Secure Management of Networked Storage Services: Models and Techniques

Singh, Aameek

03 May 2007

With continued advances in computing, the amount of digital data continues to grow at an astounding rate. This has strained enterprise infrastructures and triggered development of service oriented architectures. In recent years, storage has also begun its transformation into a class of service. By outsourcing storage to an external storage service provider (SSP), enterprises not only cut management cost but also obtain on-demand infrastructure with superior disaster recovery and content dissemination capabilities. Wide deployment of this new outsourced storage environment requires solutions to many challenging problems. The foremost is the development of usable security and access control mechanisms that provide desirable levels of data confidentiality without placing an inordinate amount of trust into the SSP. This absence of a trusted reference monitor is a fundamental departure from traditional mechanisms and new solutions are required. The second important challenge is the autonomic management of SSP's infrastructure, uniquely characterized by a highly dynamic workload with large data capacity requirements. This dissertation research proposes models and techniques to address these two challenges. First, we introduce a novel access control system called xACCESS that uses cryptographic access control primitives (CAPs) to "embed" access control into stored data. This eliminates any dependency on the SSP for enforcement of security policies. We also analyze the privacy characteristics of its data sharing mechanisms and propose enhancements for more secure and convenient data sharing. We also develop a secure multiuser search approach that permits hosting of secured search indices at untrusted SSPs. We introduce a novel access control barrel (ACB) primitive that embeds access control into indices to prevent unauthorized information extraction during search. Our contribution to the autonomic SSP storage management has two important highlights. First, we have developed an impact analysis engine that efficiently analyzes the impact of a client-initiated change (workload surge, storage growth) on the SSP storage area network with minimal administrator involvement. Second, we have designed a new algorithm to quickly perform reallocation of resources in order to efficiently integrate the client change.

Access control

Storage management

Outsourced storage

Networked storage services

Storage as a service

Computers Access control

Data protection

Design and implementation of an attribute-based authorization management system

Mohan, Apurva

05 April 2011

The proposed research is in the area of attribute-based authorization systems. We address two specific research problems in this area. First, evaluating authorization policies in multi-authority systems where there are multiple stakeholders in the disclosure of sensitive data. The research proposes to consider all the relevant policies related to authorization in real time upon the receipt of an access request and to resolve any differences that these individual policies may have in authorization. Second, to enable a lot of entities to participate in the authorization process by asserting attributes on behalf of the principal accessing resources. Since it is required that these asserted attributes be trusted by the authorization system, it is necessary that these entities are themselves trusted by the authorization system. Two frameworks are proposed to address these issues. In the first contribution a dynamic authorization system is proposed which provides conflict detection and resolution among applicable policies in a multi-authority system. The authorization system is dynamic in nature and considers the context of an access request to adapt its policy selection, execution and conflict handling based on the access environment. Efficient indexing techniques are used to increase the speed of authorization policy loading and evaluation. In the second contribution, we propose a framework for service providers to evaluate trust in entities asserting on behalf of service users in real time upon receipt of an access request. This trust evaluation is done based on a reputation system model, which is designed to protect itself against known attacks on reputation systems.

Policy-based systems

Reputation systems

XACML

Trust metrics

Attribute-based systems

Authorization systems

Computer security

Data protection

Computers Access control

Software protection

A token based MAC protocol for wireless ad hoc networks.

Liu, Yi-Sheng.

January 2003

The emergence of portable terminals in work and living environments is accelerating the progression of wireless networks. A wireless ad hoc network is a new network concept where users establish peer-to-peer communication among themselves independently, in their small area. Since the wireless medium is a shared resource, it becomes an important design issue to efficiently allocate bandwidth among users. MAC (Medium Access Control) layer arbitrates the channel access to the wireless medium and is also responsible for bandwidth allocation to different users, therefore a large amount of research has been conducted on various MAC protocols for ad hoc wireless networks. This dissertation begins with a survey of existing wireless MAC protocols. The survey includes protocols designed for different network generations and topologies, classifying them based on architecture and mode of operation. Next, we concentrate on the MAC protocols proposed for distributed wireless networks. We propose a new MAC protocol based on a token-passing strategy; which not only incorporates the advantages of the guaranteed access scheme into the distributed type of wireless networks, but also the data rate and delay level QoS guarantees. Data rate QoS provides fairness into sharing of the channel, while delay level QoS introduces a flexible prioritized access to channels by adjusting transmission permission to the current network traffic activities. A simulation model for the protocol is developed and delay and throughput performance results are presented. To examine the efficiency and performance of the proposed MAC scheme in an ad hoc wireless environment, it is incorporated into the Bluetooth structured network. The model is then simulated in the Bluetooth environment and performance results are presented. Furthermore, an analytical model is proposed and an approximate delay analysis conducted for the proposed MAC scheme. Analytical results are derived and compared with results obtained from computer simulations. The dissertation concludes with suggestions for improvements and future work. / Thesis (M.Sc.-Engineering)-University of Natal, 2003.

Wireless communication systems.

Computers--Access control.

Bluetooth technology.

Cell phone systems.

Packet switching (Data transmission)

Theses--Electronic engineering.

A framework for the application of network telescope sensors in a global IP network

Irwin, Barry Vivian William

January 2011

The use of Network Telescope systems has become increasingly popular amongst security researchers in recent years. This study provides a framework for the utilisation of this data. The research is based on a primary dataset of 40 million events spanning 50 months collected using a small (/24) passive network telescope located in African IP space. This research presents a number of differing ways in which the data can be analysed ranging from low level protocol based analysis to higher level analysis at the geopolitical and network topology level. Anomalous traffic and illustrative anecdotes are explored in detail and highlighted. A discussion relating to bogon traffic observed is also presented. Two novel visualisation tools are presented, which were developed to aid in the analysis of large network telescope datasets. The first is a three-dimensional visualisation tool which allows for live, near-realtime analysis, and the second is a two-dimensional fractal based plotting scheme which allows for plots of the entire IPv4 address space to be produced, and manipulated. Using the techniques and tools developed for the analysis of this dataset, a detailed analysis of traffic recorded as destined for port 445/tcp is presented. This includes the evaluation of traffic surrounding the outbreak of the Conficker worm in November 2008. A number of metrics relating to the description and quantification of network telescope configuration and the resultant traffic captures are described, the use of which it is hoped will facilitate greater and easier collaboration among researchers utilising this network security technology. The research concludes with suggestions relating to other applications of the data and intelligence that can be extracted from network telescopes, and their use as part of an organisation’s integrated network security systems

Sensor networks

Computer networks

TCP/IP (Computer network protocol)

Internet

Computer security

Computers -- Access control

Computer networks -- Security measures

Computer viruses

Malware (Computer software)

An enterprise information security model for a micro finance company: a case study

Owen, Morné

January 2009

The world has entered the information age. How the information is used within an organization will determine success or failure of the organisation. This study aims to provide a model, that once implemented, will provide the required protection for the information assets. The model is based on ISO 27002, an international security standard. The primary objective is to build a model that will provide a holistic security system specifically for a South African Micro Finance Company (MFC). The secondary objectives focuses on successful implementation of such a model, the uniqueness of the MFC that should be taken into account, and the maintenance of the model once implemented to ensure ongoing relevance. A questionnaire conducted at the MFC provided insight into the perceived understanding of information security. The questionnaire results were used to ensure the model solution addressed current information security shortcomings within the MFC. This study found that the information security controls in ISO 27002 should be applicable to any industry. The uniqueness for the MFC is not in the security controls, but rather in the regulations and laws applicable to it.

A standards-based security model for health information systems

Thomson, Steven Michael

January 2008

In the healthcare environment, various types of patient information are stored in electronic format. This prevents the re-entering of information that was captured previously. In the past this information was stored on paper and kept in large filing cabinets. However, with the technology advancements that have occurred over the years, the idea of storing patient information in electronic systems arose. This led to a number of electronic health information systems being created, which in turn led to an increase in possible security risks. Any organization that stores information of a sensitive nature must apply information security principles in order to ensure that the stored information is kept secure. At a basic level, this entails ensuring the confidentiality, integrity and availability of the information, which is not an easy feat in today’s distributed and networked environments. This paved the way for organized standardization activities in the areas of information security and information security management. Throughout history, there have been practices that were created to help “standardize” industries of all areas, to the extent that there are professional organizations whose main objective it is to create such standards to help connect industries all over the world. This applies equally to the healthcare environment, where standardization took off in the late eighties. Healthcare organizations must follow standardized security measures to ensure that patient information stored in health information systems is kept secure. However, the proliferation in standards makes it difficult to understand, adopt and deploy these standards in a coherent manner. This research, therefore, proposes a standards-based security model for health information systems to ensure that such standards are applied in a manner that contributes to securing the healthcare environment as a whole, rather than in a piecemeal fashion.

Taxonomy of synchronization and barrier as a basic mechanism for building other synchronization from it

Braginton, Pauline

01 January 2003

A Distributed Shared Memory(DSM) system consists of several computers that share a memory area and has no global clock. Therefore, an ordering of events in the system is necessary. Synchronization is a mechanism for coordinating activities between processes, which are program instantiations in a system.

Computers -- Access control

Algorithms -- Data processing

Data structures (Computer science)

Time-sharing computer systems

Numerical taxonomy

Synchronous data transmission systems

OS and Networks

Secure web applications against off-line password guessing attack : a two way password protocol with challenge response using arbitrary images

Lu, Zebin

14 August 2013

Indiana University-Purdue University Indianapolis (IUPUI) / The web applications are now being used in many security oriented areas, including online shopping, e-commerce, which require the users to transmit sensitive information on the Internet. Therefore, to successfully authenticate each party of web applications is very important. A popular deployed technique for web authentication is the Hypertext Transfer Protocol Secure (HTTPS) protocol. However the protocol does not protect the careless users who connect to fraudulent websites from being trapped into tricks. For example, in a phishing attack, a web user who connects to an attacker may provide password to the attacker, who can use it afterwards to log in the target website and get the victim’s credentials. To prevent phishing attacks, the Two-Way Password Protocol (TPP) and Dynamic Two-Way Password Protocol (DTPP) are developed. However there still exist potential security threats in those protocols. For example, an attacker who makes a fake website may obtain the hash of users’ passwords, and use that information to arrange offline password guessing attacks. Based on TPP, we incorporated challenge responses with arbitrary images to prevent the off-line password guessing attacks in our new protocol, TPP with Challenge response using Arbitrary image (TPPCA). Besides TPPCA, we developed another scheme called Rain to solve the same problem by dividing shared secrets into several rounds of negotiations. We discussed various aspects of our protocols, the implementation and experimental results.

Web Security

Web sites -- Security measures

World Wide Web -- Security measures

Computer network protocols -- Standards

Computer hackers

Computers -- Access control -- Passwords

Internet -- Security measures

Phishing -- Security measures

Multiplexed network commnication for secure operating systems

Ciccarelli, Eugene Charles.

January 1978

Thesis: Elec. E., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 1978 / Bibliography: leaves 247-251. / by Eugene Charles Ciccarelli, IV. / Elec. E. / Elec. E. Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science

Computers Access control.

Multics (Electronic computer system)

Computer networks.

Telephone Multiplex systems.

Telephone fast

Computer networks. fast

Computers fast