Implementation of a logic-based access control system with dynamic policy updates and temporal constraints

Crescini, Vino Fernando, University of Western Sydney, College of Health and Science, School of Computing and Mathematics

January 2006

As information systems evolve to cope with the ever increasing demand of today’s digital world, so does the need for more effective means of protecting information. In the early days of computing, information security started out as a branch of information technology. Over the years, several advances in information security have been made and, as a result, it is now considered a discipline in its own right. The most fundamental function of information security is to ensure that information flows to authorised entities, and at the same time, prevent unauthorised entities from accessing the protected information. In a typical information system, an access control system provides this function. Several advances in the field of information security have produced several access control models and implementations. However, as information technology evolves, the need for a better access control system increases. This dissertation proposes an effective, yet flexible access control system: the Policy Updater access control system. Policy Updater is a fully-implemented access control system that provides policy evaluations as well as dynamic policy updates. These functions are provided by the use of a logic-based language, L, to represent the underlying access control policies, constraints and policy update rules. The system performs authorisation query evaluations, as well as conditional and dynamic policy updates by translating language L policies to normal logic programs in a form suitable for evaluation using the well-known Stable Model semantics. In this thesis, we show the underlying mechanisms that make up the Policy Updater system, including the theoretical foundations of its formal language, the system structure, a full discussion of implementation issues and a performance analysis. Lastly, the thesis also proposes a non-trivial extension of the Policy Updater system that is capable of supporting temporal constraints. This is made possible by the integration of the well-established Temporal Interval Algebra into the extended authorisation language, language LT , which can also be translated into a normal logic program for evaluation. The formalisation of this extension, together with the full implementation details, are included in this dissertation. / Doctor of Philosophy (PhD)

computer security

database security

logic programming

computer safety

Data base security through simulation

Hong, Seng-Phil

January 1994

This research explores the complexities of database security, encompassing both the computer hardware and software. Also important is its nature as a people oriented issue. A risk analysis of a database system's security can be examined by creating a simulation model. Though, in order for it to be truly meaningful and accurate, all aspects of design, performance and procedure must be thoroughly and carefully scrutinized.Computer or data security is a major problem in today's world of data processing. This thesis outlines the security problem' and presents trends and issues. It also addresses current trends in computer security environments, database risk analysis, and simulations.Risk analysis is a technique used to quantitatively assess the relative value of protective measures. It is useful when appropriately applied and is in some cases required by regulatory agencies.The goal of security environments is to outline the framework which is valuable in assessing security issues and in establishing partitions in the overall environment within which this and other approaches to security can be examined.A simulation prototype is given which demonstrates the concepts of risk analysis for a database system. / Department of Computer Science

Database security.

Risk assessment -- Computer simulation.

Computer security : data control and protection

Neophytou, Andonis

January 1992

Computer security is a crucial area for any organization based on electronic devices that process data. The security of the devices themselves and the data they process are the backbone of the organization. Until today there have been no completely secure systems or procedures until and a lot of research is being done in this area. It impossible for a machine or a mechanical procedure to "guess" all possible events and lead to conclusive, cohesive and comprehensive secure systems, because of: 1) the human factor, and 2) acts of nature (fire, flood etc). However, proper managerial control can alleviate the extent of the damage caused by those factors.The purpose of this study is to examine the different frameworks of computer security. Emphasis is given to data/database security and the various kinds of attacks on the data. Controls over these attacks and preventative measures will be discussed, and high level language programs will demonstrate the protection issues. The Oracle, SOL query language will be used to demonstrate these controls and prevention measures. In addition the FORTRAN high level language will be used in conjunction with SOL (Only the FORTRAN and COBOL compilers are available for embedded SOL). The C language will be used to show attacks on password files and also as an encryption/decryption program.This study was based mainly on research. An investigation of literature spanning the past decade, was examined to produce the ideas and methods of prevention and control discussed in the study. / Department of Computer Science

Computer security.

Data protection.

Database security.

Computer crimes.

Security and privacy model for association databases

Kong, Yibing.

January 2003

Thesis (M.Comp.Sc.)--University of Wollongong, 2003. / Typescript. Bibliographical references: leaf 93-96.

Robust and efficient intrusion detection systems /

Gupta, Kapil Kumar.

January 2009

Thesis (Ph.D.)--University of Melbourne, Dept. of Computer Science and Software Engineering, 2009. / Typescript. Includes bibliographical references (p. 131-146)

Database system architecture for fault tolerance and disaster recovery

Nguyen, Anthony.

January 2009

Thesis (M.S.C.I.T.)--Regis University, Denver, Colo., 2009. / Title from PDF title page (viewed on Jun. 26, 2010). Includes bibliographical references.

A reference framework for security in enterprise resource planning (ERP) systems.

Hertenberger, Manfred Paul

02 June 2008

Prof. S.H. von Solms

Oracle E-business suite

business planning

database security

Microsoft Navision

Bucketization Techniques for Encrypted Databases: Quantifying the Impact of Query Distributions

Raybourn, Tracey

06 May 2013

No description available.

Computer Science

Database security

Query Distributions

Database Bucketization

Data Privacy

A Framework for Property-preserving Encryption in Wide Column Store Databases

Waage, Tim

05 May 2017

No description available.

510

NoSQL

Wide Colum Stores

Property-preserving Encryption

Database Security

NoSQL

Wide Colum Stores

Property-preserving Encryption

Database Security

Informatik (PPN619939052)

A PC Database and GUI for Telemetry Data Reduction

Reinsmith, Lee, Surber, Steven

10 1900

International Telemetering Conference Proceedings / October 25-28, 1999 / Riviera Hotel and Convention Center, Las Vegas, Nevada / The Telemetry Definition and Processing (TDAP II) application is a PC-based software tool that meets the varied needs - both now and into the 21st century - of instrumentation engineers, data analysts, test engineers, and project personnel in the Test and Evaluation (T&E) community. TDAP II uses state-of-the-art commercial software technology that includes a Microsoft Access 97Ô database and a Microsoft Visual BasicÔ Graphical User Interface (GUI) for users to view and navigate the database. Developed by the Test and Analysis Division of the 96th Communications Group for the tenants of the Air Armament Center (AAC), Eglin AFB Florida, TDAP II provides a centralized repository for both aircraft and weapons instrumentation descriptions and telemetry EU conversion calibrations. Operating in a client/server environment, TDAP II can be effectively used on a small or large network as well as on both a classified or unclassified Intranet or Internet. This paper describes the components and design of this application, along with its operational flexibility and varied uses resulting from the chosen commercial software technology.

PC Database

Telemetry Data Reduction

TDAP II

Client/Server Application

Database Security