Global ETD Search

1	A MOBILE ROLE BASED ACCESS CONTROL SYSTEM USING IDENTITY BASED ENCRYPTION WITH NON-INTERACTIVE ZERO KNOWLEDGE PROOF OF AUTHENTICATION Khandavilli, Ambica Pawan 29 March 2012 (has links) Controlled access to confidential information and resources is a critical element in security systems. Role based access control (RBAC) has gained widespread usage in modern enterprise systems. Extensions have been proposed to RBAC for incorporating spatial constraints into such systems. Several solutions have been proposed for such models and much research has now been directed towards enforcing system policies. The thesis proposes a security framework for RBAC systems with spatial constraints based on identity based encryption. Integration of identity based encryption and with zero knowledge proof is proposed to provide authentication and information security. We also show how Near Field Communication can be used to establish the integrity of a user’s proof of location. We discuss the design choices made in the protocol and explain the protocol implementation. Simulation results in Java validate our model. Furthermore, security analysis has been done to show how our framework protects against well-known attacks. NFC,RBAC,IBE
2	Model kontekstno zavisne kontrole pristupa u poslovnim sistemima / Context Sensitive Access Control Model TI for Business Processes Sladić Goran 07 April 2011 (has links) <p>Kontrola pristupa odnosno autorizacija, u &scaron;irem smislu, razmatra na koji način korisnici mogu pristupiti resursima računarskog sistema i na koji način ih koristiti. Ova disertacija se bavi problemima kontrole pristupa u poslovnim sistemima. Tema disertacije je formalna specifkacija modela kontekstno zavisne kontrole pristupa u poslovnim sistemima koji je baziran na RBAC modelu kontrole pristupa. Uvođenjem kontekstno zavisne kontrole pristupa omogućeno je defnisanje složenijih prava pristupa koje u postojećim modelima kontrole pristupa za poslovne sisteme nije bilo moguće realizovati ili bi njihova realizacija bila komplikovana. Dati model primenljiv je u različitim poslovnim sistemima, a podržava defnisanje prava pristupa kako za jednostavne tako i za slo·zene poslovne tokove. Sistem je verifkovan na dva realna poslovna procesa pomoću razvijenog prototipa. Prikazana prototipska implementacija koja ispunjava ciljeve u pogledu funkcionalnosti postavljene pred sistem predstavlja potvrdu praktične vrednosti predloženog modela.</p> / <p>Access control is concerned with the way in which users can access to resources in the computer system. This dissertation focuses on problems of access control for business processes. The subject of the dissertation is a formal specification of the RBAC-based context sensitive access control model for business processes. By using a context-sensitive access control it is possible to define more complex access control policies whose implementation in existing access control models for business processes is not possible or is very complicated. The given model is applicable in diferent business systems, and supports the definition of access control policies for both simple and complex business processes. The model's prototype is verified by two case studies on real business processes. The presented prototype implementation represents a proof of the proposed model's practical value.</p> Access control, context, RBAC, work°ow
3	A Framework for Enforcing Role Based Access Control in Open Source Software Manning, Francis Jay 01 January 2013 (has links) While Role Based Access Control (RBAC) has been a popular topic of research over the last several years, there are some gaps in the literature that have been waiting to be addressed. One of these gaps involves the application of RBAC to free and open source software (FOSS). With the prevalence of FOSS in most information systems growing rapidly, there is a need to be able to provide a level of confidence that the software will not compromise the data integrity of an environment, nor will it enable the violation of established access controls. Additionally, when utilizing FOSS software it is desirable to do so without having to modify its source code whenever an update is released in order to maintain a secure environment; this makes adding proprietary modules both time consuming and expensive. The challenges involved in maintaining proprietary changes to FOSS generates a particular interest in an RBAC environment that could be deployed without requiring modification to the source code. Developing this type of a framework presented a significant challenge due to the software having been established prior to the definition of any security requirements that would have to be applied by the proposed framework. What this research paper shows are the results of the development of a software framework that allowed security requirements engineering to seamlessly meld with an application after it had already been developed. This framework provided a mechanism to measurably reduce the attack surface of the application against which the framework was implemented, while performing these tasks without requiring alterations to the source code of the application. Additionally, this research introduced a mechanism that was utilized to measure the effectiveness of the framework. This mechanism provided a means of comparing the relative effectiveness of different frameworks against the same software, as well as the effectiveness of a framework against different pieces of software. AOP AspectJ attack graph FOSS RBAC security Computer Sciences
4	An Extended Role-based Access Control Model for Enterprise Systems and Web Services Shi, Wei, wshi2001@yahoo.com.au January 2006 (has links) This thesis intends to develop application-level access control models to address several major security issues in enterprise environments. The first goal is to provide simple and efficient authorization specifications to reduce the complexity of security management. The second goal is to provide dynamic access control for Web service applications. The third goal is to provide an access control framework for Semantic Web services. In this thesis, an Authorization-Function-Based Role-based Access Control (FB-RBAC) model is proposed for controlling enterprise systems at the application level. The unique features of the proposed model are authorization-function-based access control and constraint-based finegrained access control. This model significantly simplifies the management of an access control system by adopting roles and authorization-functions in authorization specifications. An extension of FB-RBAC, Extended FB-RBAC (ERBAC), is applied to Web service applications. New features such as credential-based access control and dynamic role assignment are added to FB-RBAC in order to address user heterogeneity and dynamicity in the Web environment. The proposed ERBAC model is then extended to support Semantic Web services. Each component of the ERBAC model is described by security ontologies. These correlated security ontologies are integrated with Semantic Web services to form a complete ontology network. Ontology-based role assignment is facilitated so that security information can be queries and discovered through a network of ontologies. access control RBAC ontology enterprise system web service semantic web
5	Flexible role-handling in command and control systems Landberg, Fredrik January 2006 (has links) <p>In organizations the permissions a member has is not decided by their person, but by their functions within the organization. This is also the approach taken within military command and control systems. Military operations are often characterized by frictions and uncontrollable factors. People being absent when needed are one such problem.</p><p>This thesis has examined how roles are handled in three Swedish command and control systems. The result is a model for handling vacant roles with the possibility, in some situations, to override ordinary rules.</p> Command and control system RBAC access control vacancy delegation
6	Flexible role-handling in command and control systems Landberg, Fredrik January 2006 (has links) In organizations the permissions a member has is not decided by their person, but by their functions within the organization. This is also the approach taken within military command and control systems. Military operations are often characterized by frictions and uncontrollable factors. People being absent when needed are one such problem. This thesis has examined how roles are handled in three Swedish command and control systems. The result is a model for handling vacant roles with the possibility, in some situations, to override ordinary rules. Command and control system RBAC access control vacancy delegation
7	Role-based access control and single sign-on for Web services Falkcrona, Jerry January 2008 (has links) <p>Nowadays, the need for sharing information between different systems in a secure manner is common, not only in the corporate world but also in the military world. This information often resides at different locations, creating a distributed system. In order to share information in a secure manner in a distributed system, credentials are often used to attain authorization.</p><p>This thesis examines how such a distributed system for sharing information can be realized, using the technology readily available today. Accounting to the results of this examination a basic system is implemented, after which the overall security of the system is evaluated. The thesis then presents possible extensions and improvements that can be done in future implementations.</p><p>The result shows that dynamic roles do not easily integrate with a single sign-on system. Combining the two technologies leads to several synchronization issues, where some are non-trivial to solve.</p> DACS Single signon RBAC Web services authentication Information technology Informationsteknologi
8	The Abacus: A New Approach to Authorization Siebach, Jacob Aaron Jess 09 August 2021 (has links) The purpose of this thesis is to investigate the implementation of digital authorization for computer systems, specifically how to implement an efficient and secure authorization engine that uses policies and attributes to calculate authorization. The architecture for the authorization engine is discussed, the efficiency of the engine is characterized by various tests, and the security model is reviewed against other presently existing models. The resulting efforts showed an increase in efficiency of almost two orders of magnitude, along with a reduction in the amount of processing power required to run the engine. The main focus of the work is how to provide precise, performant authorization using policies and attributes in a way that does not require the authorization engine to break domain boundaries by directly accessing data stores. Specifically, by pushing attributes from source domains into the authorization service, domains do not require the authorization service to have access to the data stores of the domain, nor is the authorization service required to have credentials to access data via APIs. This model also allows for a significant reduction in data motion as attributes need only be sent over the network once (when the attribute changes) as opposed to every time that the engine needs the attribute or every time that an attribute cache needs to be refreshed, resulting in a more secure way to store attributes for authorization purposes. authorization RBAC ABAC domain-driven design attribute-based authorization Engineering
9	Evaluating finite state machine based testing methods on RBAC systems / Avaliação de métodos de teste baseado em máquinas de estados finitos em sistemas RBAC Damasceno, Carlos Diego Nascimento 09 May 2016 (has links) Access Control (AC) is a major pillar in software security. In short, AC ensures that only intended users can access resources and only the required access to accomplish some task will be given. In this context, Role Based Access Control (RBAC) has been established as one of the most important paradigms of access control. In an organization, users receive responsibilities and privileges through roles and, in AC systems implementing RBAC, permissions are granted through roles assigned to users. Despite the apparent simplicity, mistakes can occur during the development of RBAC systems and lead to faults or either security breaches. Therefore, a careful verification and validation process becomes necessary. Access control testing aims at showing divergences between the actual and the intended behavior of access control mechanisms. Model Based Testing (MBT) is a variant of testing that relies on explicit models, such as Finite State Machines (FSM), for automatizing test generation. MBT has been successfully used for testing functional requirements; however, there is still lacking investigations on testing non-functional requirements, such as access control, specially in test criteria. In this Master Dissertation, two aspects of MBT of RBAC were investigated: FSM-based testing methods on RBAC; and Test prioritization in the domain of RBAC. At first, one recent (SPY) and two traditional (W and HSI) FSM-based testing methods were compared on RBAC policies specified as FSM models. The characteristics (number of resets, average test case length and test suite length) and the effectiveness of test suites generated from the W, HSI and SPY methods to five different RBAC policies were analyzed at an experiment. Later, three test prioritization methods were compared using the test suites generated in the previous investigation. A prioritization criteria based on RBAC similarity was introduced and compared to random prioritization and simple similarity. The obtained results pointed out that the SPY method outperformed W and HSI methods on RBAC domain. The RBAC similarity also achieved an Average Percentage Faults Detected (APFD) higher than the other approaches. / Controle de Acesso (CA) é um dos principais pilares da segurança da informação. Em resumo, CA permite assegurar que somente usuários habilitados terão acesso aos recursos de um sistema, e somente o acesso necessário para a realização de uma dada tarefa será disponibilizado. Neste contexto, o controle de acesso baseado em papel (do inglês, Role Based Access Control - RBAC) tem se estabelecido como um dos mais importante paradigmas de controle de acesso. Em uma organização, usuários recebem responsabilidades por meio de cargos e papéis que eles exercem e, em sistemas RBAC, permissões são distribuídas por meio de papéis atribuídos aos usuários. Apesar da aparente simplicidade, enganos podem ocorrer no desenvolvimento de sistemas RBAC e gerar falhas ou até mesmo brechas de segurança. Dessa forma, processos de verificação e validação tornam-se necessários. Teste de CA visa identificar divergências entre a especificação e o comportamento apresentado por um mecanismo de CA. Teste Baseado em Modelos (TBM) é uma variante de teste de software que se baseia em modelos explícitos de especificação para automatizar a geração de casos testes. TBM tem sido aplicado com sucesso no teste funcional, entretanto, ainda existem lacunas de pesquisa no TBM de requisitos não funcionais, tais como controle de acesso, especialmente de critérios de teste. Nesta dissertação de mestrado, dois aspectos do TBM de RBAC são investigados: métodos de geração de teste baseados em Máquinas de Estados Finitos (MEF) para RBAC; e priorização de testes para RBAC. Inicialmente, dois métodos tradicionais de geração de teste, W e HSI, foram comparados ao método de teste mais recente, SPY, em um experimento usando políticas RBAC especificadas como MEFs. As características (número de resets, comprimento médio dos casos de teste e comprimento do conjunto de teste) e a efetividade dos conjuntos de teste gerados por cada método para cinco políticas RBAC foram analisadas. Posteriormente, três métodos de priorização de testes foram comparados usando os conjuntos de teste gerados no experimento anterior. Neste caso, um critério baseado em similaridade RBAC foi proposto e comparado com a priorização aleatória e baseada em similaridade simples. Os resultados obtidos mostraram que o método SPY conseguiu superar os métodos W e HSI no teste de sistemas RBAC. A similaridade RBAC também alcançou uma detecção de defeitos superior. Access control Controle de acesso Finite state machine Máquinas de estados finitos Model based testing Priorização de testes RBAC RBAC Test priorization Teste baseado em modelos
10	A Platform for Assessing the Efficiency of Distributed Access Enforcement in Role Based Access Control (RBAC) and its Validation Komlenovic, Marko 14 January 2011 (has links) We consider the distributed access enforcement problem for Role-Based Access Control (RBAC) systems. Such enforcement has become important with RBAC's increasing adoption, and the proliferation of data that needs to be protected. We provide a platform for assessing candidates for access enforcement in a distributed architecture for enforcement. The platform provides the ability to encode data structures and algorithms for enforcement, and to measure time-, space- and administrative efficiency. To validate our platform, we use it to compare the state of the art in enforcement, CPOL [6], with two other approaches, the directed graph and the access matrix [9, 10]. We consider encodings of RBAC sessions in each, and propose and justify a benchmark for the assessment. We conclude with the somewhat surprising observation that CPOL is not necessarily the most efficient approach for access enforcement in distributed RBAC deployments. Role Based Access Control Distributed Access Enforcement in RBAC RBAC CPOL Access Matrix Directed Graph Reference monitor Access control policy Electrical and Computer Engineering

Search results