Global ETD Search

41	A Platform for Assessing the Efficiency of Distributed Access Enforcement in Role Based Access Control (RBAC) and its Validation Komlenovic, Marko 14 January 2011 (has links) We consider the distributed access enforcement problem for Role-Based Access Control (RBAC) systems. Such enforcement has become important with RBAC's increasing adoption, and the proliferation of data that needs to be protected. We provide a platform for assessing candidates for access enforcement in a distributed architecture for enforcement. The platform provides the ability to encode data structures and algorithms for enforcement, and to measure time-, space- and administrative efficiency. To validate our platform, we use it to compare the state of the art in enforcement, CPOL [6], with two other approaches, the directed graph and the access matrix [9, 10]. We consider encodings of RBAC sessions in each, and propose and justify a benchmark for the assessment. We conclude with the somewhat surprising observation that CPOL is not necessarily the most efficient approach for access enforcement in distributed RBAC deployments. Role Based Access Control Distributed Access Enforcement in RBAC RBAC CPOL Access Matrix Directed Graph Reference monitor Access control policy Electrical and Computer Engineering
42	Automated Testing for RBAC Policies January 2014 (has links) abstract: Access control is necessary for information assurance in many of today's applications such as banking and electronic health record. Access control breaches are critical security problems that can result from unintended and improper implementation of security policies. Security testing can help identify security vulnerabilities early and avoid unexpected expensive cost in handling breaches for security architects and security engineers. The process of security testing which involves creating tests that effectively examine vulnerabilities is a challenging task. Role-Based Access Control (RBAC) has been widely adopted to support fine-grained access control. However, in practice, due to its complexity including role management, role hierarchy with hundreds of roles, and their associated privileges and users, systematically testing RBAC systems is crucial to ensure the security in various domains ranging from cyber-infrastructure to mission-critical applications. In this thesis, we introduce i) a security testing technique for RBAC systems considering the principle of maximum privileges, the structure of the role hierarchy, and a new security test coverage criterion; ii) a MTBDD (Multi-Terminal Binary Decision Diagram) based representation of RBAC security policy including RHMTBDD (Role Hierarchy MTBDD) to efficiently generate effective positive and negative security test cases; and iii) a security testing framework which takes an XACML-based RBAC security policy as an input, parses it into a RHMTBDD representation and then generates positive and negative test cases. We also demonstrate the efficacy of our approach through case studies. / Dissertation/Thesis / M.S. Computer Science 2014 Engineering Computer science Computer engineering Information Assurance Multi-terminal Binary Decision Diagram Role-Based Access Control Security Security Testing Software Testing
43	Refined Access Control in a Distributed Environment / Finkornig åtkomstkontroll i en distribuerad miljö Boström, Erik January 2002 (has links) In the area of computer network security, standardization work has been conducted for several years. However, the sub area of access control and authorization has so far been left out of major standardizing. This thesis explores the ongoing standardization for access control and authorization. In addition, areas and techniques supporting access control are investigated. Access control in its basic forms is described to point out the building blocks that always have to be considered when an access policy is formulated. For readers previously unfamiliar with network security a number of basic concepts are presented. An overview of access control in public networks introduces new conditions and points out standards related to access control. None of the found standards fulfills all of our requirements at current date. The overview includes a comparison between competing products, which meet most of the stated conditions. In parallel with this report a prototype was developed. The purpose of the prototype was to depict how access control could be administered and to show the critical steps in formulating an access policy. Informationsteknik access control PKI VPN X.509 RBAC role-based access control computer security cryptography Informationsteknik Computer and Information Sciences Data- och informationsvetenskap
44	Erweiterung des CRC-Karten-Konzeptes um Rollen Hamann, Markus 11 January 2018 (has links) (PDF) Die rollenbasierte Modellierung ist ein aktueller Forschungszweig, welcher Verfahren für die Analyse und die Lehre benötigt. Zu diesem Zweck präsentiert die Arbeit eine Erweiterung des klassischen, objektorientierten CRC-Karten-Verfahrens um rollenbasierte Konzepte. Diese basiert auf grundlegenden Eigenschaften rollenbasierter Elemente, wie Rollen, Objekte und Kontexte, welche modular in das CRC-Karten- Verfahren eingebunden werden. Weiterhin soll anhand einer empirische Studie ermittelt werden, wie gut das rollenerweiterte R-CRC-Karten-Verfahren für die Aufgaben in Analyse und Lehre geeignet ist. Das R-CRC-Karten-Verfahren soll letztendlich eine effiziente Möglichkeit bieten, Problemstellungen rollenbasiert zu analysieren und rollenbasierte Konzepte in der Lehre zu vermitteln. CRC-Karten Rollen-Modell Analyse Lehre Rollenbasierte Modellierung CRC cards role model analysis teaching role-based modeling ddc:004 rvk:ST 265
45	Aktualisierung des Rollenbasierten Entwurfsmusterkatalogs Kassin, Kevin Ivo 17 September 2015 (has links) Diese Arbeit präsentiert 9 Entwurfsmuster in einer Darstellung durch das Compartment Role Object Model(CROM). Dabei wird dessen graphische Notation für rollenbasierte Modelle mit verschiedenen Möglichkeiten zur Darstellung von Bedingungen des Entwurfsmusters benutzt. Über eine Evaluationsoll ermittelt werden, ob das CROM dazu geeignet ist, die Bedingungen von Entwurfsmustern verständlich und schnell erfassbar darzustellen. Dabei soll die graphische Dokumentation dieser helfen. Das kann positive E ekte auf die Entwicklung von Software haben, wie bessere Codequalität, verkürzte Entwicklungszeiten und die Vereinfachung der Kommunikation zwischen Entwicklern.:1 Einleitung 5 1.1 Motivation 5 1.2 Problemde nition 6 1.3 Zielstellung 6 2 Analyse der betrachteten Darstellungsformen 7 2.1 Beschreibungsform der Gang of Four 7 2.2 Beschreibungsform von Dirk Riehle 10 2.3 Darstellung mit dem Compartment Role Object Model 12 3 Aktualisierung der Entwurfsmuster 17 3.1 Strukturelle Entwurfsmuster 17 3.1.1 Composite Pattern 17 3.1.2 Bridge Pattern 22 3.2 Entwurfsmuster zur Kontextadaption 27 3.2.1 Object Adapter Pattern 27 3.2.2 Class Adapter Pattern 30 3.2.3 Decorator Pattern 33 3.3 Entwurfsmuster zur Zustandsverwaltung 38 3.3.1 State Pattern 38 3.3.2 Property Pattern 43 3.4 Verhaltensorientierte Entwurfsmuster 45 3.4.1 Iterator Pattern 45 3.4.2 Mediator Pattern 50 4 Schlussteil 54 4.1 Abschlieÿender Vergleich 54 4.2 Diskussion 57 4.2.1 Adapter Pattern 57 4.2.2 Klienten 57 4.2.3 Methoden und Attribute 58 4.2.4 Klassen 59 4.3 Zusammenfassung 59 4.3.1 Ergebnis 59 4.3.2 Ausblick 60 info:eu-repo/classification/ddc/004 ddc:004
46	Erweiterung des CRC-Karten-Konzeptes um Rollen Hamann, Markus 07 September 2017 (has links) Die rollenbasierte Modellierung ist ein aktueller Forschungszweig, welcher Verfahren für die Analyse und die Lehre benötigt. Zu diesem Zweck präsentiert die Arbeit eine Erweiterung des klassischen, objektorientierten CRC-Karten-Verfahrens um rollenbasierte Konzepte. Diese basiert auf grundlegenden Eigenschaften rollenbasierter Elemente, wie Rollen, Objekte und Kontexte, welche modular in das CRC-Karten- Verfahren eingebunden werden. Weiterhin soll anhand einer empirische Studie ermittelt werden, wie gut das rollenerweiterte R-CRC-Karten-Verfahren für die Aufgaben in Analyse und Lehre geeignet ist. Das R-CRC-Karten-Verfahren soll letztendlich eine effiziente Möglichkeit bieten, Problemstellungen rollenbasiert zu analysieren und rollenbasierte Konzepte in der Lehre zu vermitteln. info:eu-repo/classification/ddc/004 ddc:004
47	A Combined Formal Model for Relational Context-Dependent Roles Kühn, Thomas, Böhme, Stephan, Götz, Sebastian, Aßmann, Uwe 08 June 2021 (has links) Role-based modeling has been investigated for over 35 years as a promising paradigm to model complex, dynamic systems. Although current software systems are characterized by increasing complexity and context-dependence, all this research had almost no influence on current software development practice, still being discussed in recent literature. One reason for this is the lack of a coherent, comprehensive, readily applicable notion of roles. Researchers focused either on relational roles or context-dependent roles rather then combining both natures. Currently, there is no role-based modeling language sufficiently incorporating both the relational and context-dependent nature of roles together with the various proposed constraints. Hence, this paper formalizes a full-fledged role-based modeling language supporting both natures. To show its sufficiency and adequacy, a real world example is employed. info:eu-repo/classification/ddc/004 ddc:004
48	FRaMED: Full-Fledge Role Modeling Editor (Tool Demo) Kühn, Thomas, Bierzynski, Kay, Richly, Sebastian, Aßmann, Uwe 09 June 2021 (has links) Since the year 1977, role modeling has been continuously investigated as promising paradigm to model complex, dynamic systems. However, this research had almost no influence on the design of todays increasingly complex and context-sensitive software systems. The reason for that is twofold. First, most modeling languages focused either on the behavioral, relational or context-dependent nature of roles rather than combining them. Second, there is a lack of tool support for the design, validation, and generation of role-based software systems. In particular, there exists no graphical role modeling editor supporting the three natures as well as the various proposed constraints. To overcome this deficiency, we introduce the Full-fledged Role Modeling Editor (FRaMED), a graphical modeling editor embracing all natures of roles and modeling constraints featuring generators for a formal representation and source code of a rolebased programming language. To show its applicability for the development of role-based software systems, an example from the banking domain is employed. info:eu-repo/classification/ddc/004 ddc:004
49	A Generic Language for Query and Viewtype Generation By-Example Werner, Christopher, Wimmer, Manuel, Aßmann, Uwe 02 July 2021 (has links) In model-driven engineering, powerful query/view languages exist to compute result sets/views from underlying models. However, to use these languages effectively, one must understand the query/view language concepts as well as the underlying models and metamodels structures. Consequently, it is a challenge for domain experts to create queries/views due to the lack of knowledge about the computer-internal abstract representation of models and metamodels. To better support domain experts in the query/view creation, the goal of this paper is the presentation of a generic concept to specify queries/views on models without requiring deep knowledge on the realization of modeling languages. The proposed concept is agnostic to specific modeling languages and allows the query/view generation by-example with a simple mechanism for filtering model elements. Based on this generic concept, a generic query/view language is proposed that uses role-oriented modeling for its non-intrusive application for specific modeling languages. The proposed language is demonstrated based on the role-based single underlying model (RSUM) approach for AutomationML to create queries/views by-example, and subsequently, associated viewtypes to modify the result set or view. info:eu-repo/classification/ddc/004 ddc:004
50	Optimistic Adaptation of Decentralised Role-based Software Systems Matusek, Daniel 17 May 2023 (has links) The complexity of computer networks has been rising over the last decades. Increasing interconnectivity between multiple devices, growing complexity of performed tasks and a strong collaboration between nodes are drivers for this phenomenon. An example is represented by Internet-of-Things devices, whose relevance has been rising in recent years. The increasing number of devices requiring updates and supervision makes maintenance more difficult. Human interaction, in this case, is costly and requires a lot of time. To overcome this, self-adaptive software systems (SAS) can be used. SAS are a subset of autonomous systems which can monitor themselves and their environment to adapt to changes without human interaction. In the literature, different approaches for engineering SAS were proposed, including techniques for executing adaptations on multiple devices based on generated plans for reacting to changes. Among those solutions, also decentralised approaches can be found. To the best of our knowledge, no approach for engineering a SAS exists which tolerates errors during the execution of adaptation in a decentralised setting. While some approaches for role-based execution reset the application in case of a single failure during the adaptation process, others do not make assumptions about errors or do not consider an erroneous environment. In a real-world environment, errors will likely occur during run-time, and the adaptation process could be disturbed. This work aims to perform adaptations in a decentralised way on role-based systems with a relaxed consistency constraint, i.e., errors during the adaptation phase are tolerated. This increases the availability of nodes since no rollbacks are required in case of a failure. Moreover, a subset of applications, such as drone swarms, would benefit from an approach with a relaxed consistency model since parts of the system that adapted successfully can already operate in an adapted configuration instead of waiting for other peers to apply the changes in a later iteration. Moreover, if we eliminate the need for an atomic adaptation execution, asynchronous execution of adaptation would be possible. In that case, we can supervise the adaptation process for a long time and ensure that every peer takes the planned actions as soon as the internal task execution allows it. To allow for a relaxed consistent way of adaptation execution, we develop a decentralised adaptation execution protocol, which supports the notion of eventual consistency. As soon as devices reconnect after network congestion or restore their internal state after local failures, our protocol can coordinate the recovery process among multiple devices to attempt recovery of a globally consistent state after errors occur. By superseding the need for a central instance, every peer who received information about failing peers can start the recovery process. The developed approach can restore a consistent global configuration if almost all peers fail. Moreover, the approach supports asynchronous adaptations, i.e., the peers can execute planned adaptations as soon as they are ready, which increases overall availability in case of delayed adaptation of single nodes. The developed protocol is evaluated with the help of a proof-of-concept implementation. The approach was run in five different experiments with thousands of iterations to show the applicability and reliability of this novel approach. The time for execution of the protocol and the number of exchanged messages has been measured to compare the protocol for different error cases and system sizes, as well as to show the scalability of the approach. The developed solution has been compared to a blocking approach to show the feasibility compared to an atomic approach. The applicability in a real-world scenario has been described in an empirical study using an example of a fire-extinguishing drone swarm. The results show that an optimistic approach to adaptation is suitable and specific scenarios can benefit from the improved availability since no rollbacks are required. Systems can continue their work regardless of the failures of participating nodes in large-scale systems.:Abstract VI 1. Introduction 1 1.1. Motivational Use-Case 2 1.2. Problem Definition 3 1.3. Objectives 4 1.4. Research Questions 5 1.5. Contributions 5 1.6. Outline 6 2. Foundation 7 2.1. Role Concept 7 2.2. Self-Adaptive Software Systems 13 2.3. Terminology for Role-Based Self-Adaptation 15 2.4. Consistency Preservation and Consistency Models 17 2.5. Summary 20 3. Related Work 21 3.1. Role-Based Approaches 22 3.2. Actor Model of Computation and Akka 23 3.3. Adaptation Execution in Self-Adaptive Software Systems 24 3.4. Change Consistency in Distributed Systems 33 3.5. Comparison of the Evaluated Approaches 40 4. The Decentralised Consistency Compensation Protocol 43 4.1. System and Error Model 43 4.2. Requirements to the Concept 44 4.3. The Usage of Roles in Adaptations 45 4.4. Protocol Overview 47 4.5. Protocol Description 51 4.6. Protocol Corner- and Error Cases 64 4.7. Summary 66 5. Prototypical Implementation 67 5.1. Technology Overview 67 5.2. Reused Artifacts 68 5.3. Implementation Details 70 5.4. Setup of the Prototypical Implementation 76 5.5. Summary 77 6. Evaluation 79 6.1. Evaluation Methodology 79 6.2. Evaluation Setup 80 6.3. Experiment Overview 81 6.4. Default Case: Successful Adaptation 84 6.5. Compensation on Disconnection of Peers 85 6.6. Recovery from Failed Adaptation 88 6.7. Impact of Early Activation of Adaptations 91 6.8. Comparison with a Blocking Approach 92 6.9. Empirical Study: Fire Extinguishing Drones 95 6.10. Summary 97 7. Conclusion and Future Work 99 7.1. Recap of the Research Questions 99 7.2. Discussion 101 7.3. Future Work 101 A. Protocol Buffer Definition 103 Acronyms 108 Bibliography 109 info:eu-repo/classification/ddc/006 ddc:006

Search results