- About
-
The Global ETD Search service is a free service for researchers
to find electronic theses and dissertations. This service is
provided by the
Networked Digital Library of Theses and Dissertations.
Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
Search results
Showing 1 to 10 of 30 (0.08 seconds)Spelling suggestions: "subject:"role based access eontrol"" "subject:"role based access 7control""
| 1 |
A Flexible Role-Based Delegation Model and Its Application in Healthcare InformationSystemLiu, Zidong 27 November 2013 (has links)
No description available.
|
| 2 |
Role based access control in a telecommunications operations and maintenance network / Rollbaserad behörighetskontroll i ett drift- och underhållssystem för telekommunikationGunnarsson, Peter January 2005 (has links)
<p>Ericsson develops and builds mobile telecommunication networks. These networks consists of a large number of equipment. Each telecommunication company has a staff of administrators appointed to manage respective networks. </p><p>In this thesis, we investigate the requirements for an access control model to manage the large number of permissions and equipment in telecommunication networks. Moreover, we show that the existing models do not satisfy the identified requirements. Therefore, we propose a novel RBAC model which is adapted for these conditions. </p><p>We also investigate some of the most common used commercial tools for administrating RBAC, and evaluate their effectiveness in coping with our new proposed model. However, we find the existing tools limited, and thereby design and partly implement a RBAC managing system which is better suited to the requirements posed by our new model.</p>
|
| 3 |
A Statistically Rigorous Evaluation of the Cascade Bloom Filter for Distributed Access Enforcement in Role-Based Access Control (RBAC) SystemsZitouni, Toufik January 2010 (has links)
We consider the distributed access enforcement problem for Role-Based
Access Control (RBAC) systems. Such enforcement has become important
with RBAC’s increasing adoption, and the proliferation of data that
needs to be protected. Our particular interest is in the evaluation of a
new data structure that has recently been proposed for enforcement: the
Cascade Bloom Filter. The Cascade Bloom Filter is an extension of the
Bloom filter, and provides for time- and space-efficient encodings of
sets. We compare the Cascade Bloom Filter to the Bloom Filter, and
another approach called Authorization Recycling that has been proposed
for distributed access enforcement in RBAC. One of the challenges we
address is the lack of a benchmark: we propose and justify a benchmark
for the assessment. Also, we adopt a statistically rigorous approach for
empirical assessment from recent work. We present our results for time-
and space-efficiency based on our benchmark. We demonstrate that, of the
three data structures that we consider, the Cascade Bloom Filter scales the
best with the number of RBAC sessions from the standpoints of time- and
space-efficiency.
|
| 4 |
A Statistically Rigorous Evaluation of the Cascade Bloom Filter for Distributed Access Enforcement in Role-Based Access Control (RBAC) SystemsZitouni, Toufik January 2010 (has links)
We consider the distributed access enforcement problem for Role-Based
Access Control (RBAC) systems. Such enforcement has become important
with RBAC’s increasing adoption, and the proliferation of data that
needs to be protected. Our particular interest is in the evaluation of a
new data structure that has recently been proposed for enforcement: the
Cascade Bloom Filter. The Cascade Bloom Filter is an extension of the
Bloom filter, and provides for time- and space-efficient encodings of
sets. We compare the Cascade Bloom Filter to the Bloom Filter, and
another approach called Authorization Recycling that has been proposed
for distributed access enforcement in RBAC. One of the challenges we
address is the lack of a benchmark: we propose and justify a benchmark
for the assessment. Also, we adopt a statistically rigorous approach for
empirical assessment from recent work. We present our results for time-
and space-efficiency based on our benchmark. We demonstrate that, of the
three data structures that we consider, the Cascade Bloom Filter scales the
best with the number of RBAC sessions from the standpoints of time- and
space-efficiency.
|
| 5 |
Access management in electronic commerce systemWang, Hua January 2004 (has links)
The definition of Electronic commerce is the use of electronic transmission mediums to engage in the exchange, including buying and selling, of products and services requiring transportation, either physically or digitally, from location to location. Electronic commerce systems, including mobile e-commerce, are widely used since 1990. The number of world-wide Internet users tripled between 1993 and 1995 to 60 million, and by 2000 there were 250 million users. More than one hundred countries have Internet access. Electronic commerce, especial mobile e-commerce systems, allows their users to access a large set of traditional (for example, voice communications) and contemporary (for example, e-shop) services without being tethered to one particular physical location. With the increasing use of electronic service systems for security sensitive application (for example, e-shop) that can be expected in the future, the provision of secure services becomes more important. The dynamic mobile environment is incompatible with static security services. Electronic service access across multiple service domains, and the traditional access mechanisms rely on cross-domain authentication using roaming agreements starting home location. Cross-domain authentication involves many complicated authentication activities when the roam path is long. This limits future electronic commerce applications. Normally, there are three participants in an electronic service. These are users, service providers, and services. Some services bind users and service providers as well as services such as flight services; other services do not bind any participants, for instance by using cash in shopping services, everyone can use cash to buy anything in shops. Hence, depending on which parts are bound, there are different kinds of electronic services. However, there is no scheme to provide a solution for all kinds of electronic services. Users have to change service systems if they want to apply different kind of electronic services on the Internet. From the consumer's point of view, users often prefer to have a total solution for all kinds of service problems, some degree of anonymity with no unnecessary cross authentications and a clear statement of account when shopping over the Internet. There are some suggested solutions for electronic service systems, but the solutions are neither total solution for all kinds of services nor have some degree of anonymity with a clear statement of account. In our work, we build a bridge between existing technologies and electronic service theory such as e-payment, security and so on. We aim to provide a foundation for the improvement of technology to aid electronic service application. As validation, several technologies for electronic service system design have been enhanced and improved in this project. To fix the problems mentioned above, we extend our idea to a ticket based access service system. The user in the above electronic service system has to pay when s/he obtains service. S/He can pay by traditional cash (physical cash), check, credit or electronic cash. The best way to pay money for goods or services on the Internet is using electronic cash. Consumers, when shopping over the Internet, often prefer to have a high level of anonymity with important things and a low level with general one. The ideal system needs to provide some degree of anonymity for consumers so that they cannot be traced by banks. There are a number of proposals for electronic cash systems. All of them are either too large to manage or lack flexibility in providing anonymity. Therefore, they are not suitable solutions for electronic payment in the future. We propose a secure, scalable anonymity and practical payment protocol for Internet purchases. The protocol uses electronic cash for payment transactions. In this new protocol, from the viewpoint of banks, consumers can improve anonymity if they are worried about disclosure of their identities. An agent, namely anonymity provider agent provides a higher anonymous certificate and improves the security of the consumers. The agent will certify re-encrypted data after verifying the validity of the content from consumers, but with no private information of the consumers required. With this new method, each consumer can get the required anonymity level. Electronic service systems involve various subsystems such as service systems, payment systems, and management systems. Users and service providers are widely distributed and use heterogeneous catalog systems. They are rapidly increasing in dynamic environments. The management of these service systems will be very complex. Whether systems are successful or not depends on the quality of their management. To simplify the management of e-commerce systems \cite{Sandhu97}, we discuss role based access control management. We define roles and permissions in the subsystems. For example, there are roles TELLER, AUDITOR, MANAGER and permissions teller (account operation), audit operation, managerial decision in a bank system. Permissions are assigned to roles such as permission teller is assigned to role TELLER. People (users) employed in the bank are granted roles to perform associated duties. However, there are conflicts between various roles as well as between various permissions. These conflicts may cause serious security problems with the bank system. For instance, if permissions teller and audit operation are assigned to a role, then a person with this role will have too much privilege to break the security of the bank system. Therefore, the organizing of relationships between users and roles, roles and permissions currently requires further development. Role based access control (RBAC) has been widely used in database management and operating systems. In 1993, the National Institute of Standards and Technology (NIST) developed prototype implementations, sponsored external research, and published formal RBAC models. Since then, many RBAC practical applications have been implemented, because RBAC has many advantages such as reducing administration cost and complexity. However, there are some problems which may arise in RBAC management. One is related to authorization granting process. For example, when a role is granted to a user, this role may conflict with other roles of the user or together with this role; the user may have or derive a high level of authority. Another is related to authorization revocation. For instance, when a role is revoked from a user, the user may still have the role. To solve these problems, we present an authorization granting algorithm, and weak revocation and strong revocation algorithms that are based on relational algebra. The algorithms check conflicts and therefore help allocate the roles and permissions without compromising the security in RBAC. We describe the applications of the new algorithms with an anonymity scalable payment scheme. In summary, this thesis has made the following major contributions in electronic service systems: 1. A ticket based global solution for electronic commerce systems; A ticket based solution is designed for different kinds of e-services. Tickets provide a flexible mechanism and users can check charges at anytime. 2. Untraceable electronic cash system; An untraceable e-cash system is developed, in which the bank involvement in the payment transaction between a user and a receiver is eliminated. Users remain anonymous, unless she/he spends a coin more than once. 3. A self-scalable anonymity electronic payment system; In this payment system, from the viewpoint of banks, consumers can improve anonymity if they are worried about disclosure of their identities. Each consumer can get the required anonymity level. 4. Using RBAC to manage electronic payment system; The basic structure of RBAC is reviewed. The challenge problems in the management of RBAC with electronic payment systems are analysed and how to use RBAC to manage electronic payment system is proposed. 5. The investigation of recovery algorithms for conflicting problems in user-role assignments and permission-role assignments. Formal authorization allocation algorithms for role-based access control have developed. The formal approaches are based on relational structure, and relational algebra and are used to check conflicting problems between roles and between permissions.
|
| 6 |
Separation of Duty in Role Based AccessKugblenu, Francis M., Asim, Memon January 2007 (has links)
In today’s business world, many organizations use Information Systems to many their sensitive and business critical information. The need to protect such a key component of the organization cannot be over emphasized. Access control has been found to be one of the effective ways of insuring that only authorized users have access to the information resources to perform their job function. Role Based Access Control has been found to be the access control mechanism that fits naturally with the organizational structure of businesses. Separation of duties is a security principle that has been used extensively to prevent conflict of interest, fraud and error control in organizations. In this thesis, we identify the various forms of separation of duties in role based access control systems. We also do a case study of the role based access control system in the banking application of a financial institution.
|
| 7 |
Role based access control in a telecommunications operations and maintenance network / Rollbaserad behörighetskontroll i ett drift- och underhållssystem för telekommunikationGunnarsson, Peter January 2005 (has links)
Ericsson develops and builds mobile telecommunication networks. These networks consists of a large number of equipment. Each telecommunication company has a staff of administrators appointed to manage respective networks. In this thesis, we investigate the requirements for an access control model to manage the large number of permissions and equipment in telecommunication networks. Moreover, we show that the existing models do not satisfy the identified requirements. Therefore, we propose a novel RBAC model which is adapted for these conditions. We also investigate some of the most common used commercial tools for administrating RBAC, and evaluate their effectiveness in coping with our new proposed model. However, we find the existing tools limited, and thereby design and partly implement a RBAC managing system which is better suited to the requirements posed by our new model.
|
| 8 |
Model kontrole pristupa u Smart Grid sistemima / Access control model in Smart Grid systemsRosić Daniela 22 September 2017 (has links)
<p>U tezi je analiziran problem kontrole pristupa u Smart Grid sistemima. Formalno je specificiran model kontrole pristupa za Smart Grid koji je zasnovan na unapređenju i proširenju RBAC modela i koji je usklađen sa aktuelnim zahtevima u elektroenergetskoj industriji. Postavljena je softverska arhitektura predloženog modela kontrole pristupa, čija je prototipska implementacija zatim integrisana u simuliranom Smart Grid okruženju.</p> / <p>This thesis discusses the challenges related to access control in Smart<br />Grid systems. A formal model for access control in the Smart Grid is<br />specified, extending the role-based access control (RBAC) model to be<br />in accordance with the existing security requirement in the power industry.<br />Based on the proposed access control model, software architecture was<br />developed and its prototype implementation is integrated in a Smart Grid<br />simulated environment.</p>
|
| 9 |
Privacy in Database Designs: A Role Based ApproachPoe, Gary A 30 November 2007 (has links)
Privacy concerns have always been present in every society. The introduction of information technology information has enabled a reduction in the cost of gathering information, management of that information and the permitted that same information to become increasingly portable. Coupled with these reductions of cost has been an increase in the demand for information as well as the concern that privacy expectations be respected and enforced through security systems that safeguard access to private-type data. Security systems enforce privacy expectations. Unfortunately there is no consensus on a definition of privacy making the specification of security often over broad and resulting in the loss of critical functionality in the systems produced. This research expands the understanding of privacy by proposing a replicable type-based taxonomy of privacy that is grounded in philosophy and law. This type-based system is applied to a Role Based Access Control System to specify and control access to data in a in a hospital setting as a proof of concept.
|
| 10 |
Refined Access Control in a Distributed Environment / Finkornig åtkomstkontroll i en distribuerad miljöBoström, Erik January 2002 (has links)
<p>In the area of computer network security, standardization work has been conducted for several years. However, the sub area of access control and authorization has so far been left out of major standardizing. </p><p>This thesis explores the ongoing standardization for access control and authorization. In addition, areas and techniques supporting access control are investigated. Access control in its basic forms is described to point out the building blocks that always have to be considered when an access policy is formulated. For readers previously unfamiliar with network security a number of basic concepts are presented. An overview of access control in public networks introduces new conditions and points out standards related to access control. None of the found standards fulfills all of our requirements at current date. The overview includes a comparison between competing products, which meet most of the stated conditions. </p><p>In parallel with this report a prototype was developed. The purpose of the prototype was to depict how access control could be administered and to show the critical steps in formulating an access policy.</p>
|
Page generated in 0.0855 seconds