Global ETD Search

61	Enhancing security in distributed systems with trusted computing hardware Reid, Jason Frederick January 2007 (has links) The need to increase the hostile attack resilience of distributed and internet-worked computer systems is critical and pressing. This thesis contributes to concrete improvements in distributed systems trustworthiness through an enhanced understanding of a technical approach known as trusted computing hardware. Because of its physical and logical protection features, trusted computing hardware can reliably enforce a security policy in a threat model where the authorised user is untrusted or when the device is placed in a hostile environment. We present a critical analysis of vulnerabilities in current systems, and argue that current industry-driven trusted computing initiatives will fail in efforts to retrofit security into inherently flawed operating system designs, since there is no substitute for a sound protection architecture grounded in hardware-enforced domain isolation. In doing so we identify the limitations of hardware-based approaches. We argue that the current emphasis of these programs does not give sufficient weight to the role that operating system security plays in overall system security. New processor features that provide hardware support for virtualisation will contribute more to practical security improvement because they will allow multiple operating systems to concurrently share the same processor. New operating systems that implement a sound protection architecture will thus be able to be introduced to support applications with stringent security requirements. These can coexist alongside inherently less secure mainstream operating systems, allowing a gradual migration to less vulnerable alternatives. We examine the effectiveness of the ITSEC and Common Criteria evaluation and certification schemes as a basis for establishing assurance in trusted computing hardware. Based on a survey of smart card certifications, we contend that the practice of artificially limiting the scope of an evaluation in order to gain a higher assurance rating is quite common. Due to a general lack of understanding in the marketplace as to how the schemes work, high evaluation assurance levels are confused with a general notion of 'high security strength'. Vendors invest little effort in correcting the misconception since they benefit from it and this has arguably undermined the value of the whole certification process. We contribute practical techniques for securing personal trusted hardware devices against a type of attack known as a relay attack. Our method is based on a novel application of a phenomenon known as side channel leakage, heretofore considered exclusively as a security vulnerability. We exploit the low latency of side channel information transfer to deliver a communication channel with timing resolution that is fine enough to detect sophisticated relay attacks. We avoid the cost and complexity associated with alternative communication techniques suggested in previous proposals. We also propose the first terrorist attack resistant distance bounding protocol that is efficient enough to be implemented on resource constrained devices. We propose a design for a privacy sensitive electronic cash scheme that leverages the confidentiality and integrity protection features of trusted computing hardware. We specify the command set and message structures and implement these in a prototype that uses Dallas Semiconductor iButtons. We consider the access control requirements for a national scale electronic health records system of the type that Australia is currently developing. We argue that an access control model capable of supporting explicit denial of privileges is required to ensure that consumers maintain their right to grant or withhold consent to disclosure of their sensitive health information in an electronic system. Finding this feature absent in standard role-based access control models, we propose a modification to role-based access control that supports policy constructs of this type. Explicit denial is difficult to enforce in a large scale system without an active central authority but centralisation impacts negatively on system scalability. We show how the unique properties of trusted computing hardware can address this problem. We outline a conceptual architecture for an electronic health records access control system that leverages hardware level CPU virtualisation, trusted platform modules, personal cryptographic tokens and secure coprocessors to implement role based cryptographic access control. We argue that the design delivers important scalability benefits because it enables access control decisions to be made and enforced locally on a user's computing platform in a reliable way. trusted computing trusted computing hardware trusted systems operating system security distributed systems security smart card security evaluation tamper resistance distance bounding protocol side channel leakage electronic cash electronic health records role-based access control
62	Systém správy identit pro malé a střední firmy / Identity Management Solution for Small and Medium Businesses MAXA, Karel January 2014 (has links) The topic of this master's thesis is development of identity management solution for small and medium business. The thesis is divided into four major parts. The first part contains theoretical background as description of RBAC model or model with relationships between practically used objects (user identity, role, position, permission, account...). Analysis of functioning and needs of targeted organizations was carried out in the second part. The third part describes the design of the developed application. The fourth part discusses actual implementation of the application. The main outcome of the thesis is implemented application that can be deployed at thesis defined organizations. The application includes all the functionality required in the first phase of the project.
63	MAC řízení přístupu / Mandatory access control Grepl, Miroslav January 2008 (has links) This master's thesis describes the problems of SELinux, and the methods of creation of a proper security policy with a focus on the SELinux reference policy and its mechanisms. It designs the methodics of formulation of specific security rules, supplemented with the practical example of its application. Furthermore, it describes the available security rules commonly used for http, ftp and ssh services securing, their modification and practical utilization. According to the proposed methodology, these services are protected with their own security rules and both security methods are mutually compared and evaluated.
64	Generic Quality-Aware Refactoring and Co-Refactoring in Heterogeneous Model Environments Reimann, Jan 09 July 2015 (has links) Software has been subject to change, at all times, in order to make parts of it, for instance, more reusable, better to understand by humans, or to increase efficiency under a certain point of view. Restructurings of existing software can be complex. To prevent developers from doing this manually, they got tools at hand being able to apply such restructurings automatically. These automatic changes of existing software to improve quality while preserving its behaviour is called refactoring. Refactoring is well investigated for programming languages and mature tools exist for executing refactorings in integrated development environments (IDEs). In recent years, the development paradigm of Model-Driven Software Development (MDSD) became more and more popular and we experience a shift in the sense that development artefacts are considered as models which conform metamodels. This can be understood as abstraction, which resulted in the trend that a plethora of new so-called model-based Domain-Specific Languages (DSLs) arose. DSLs have become an integral part in the MDSD and it is obvious that models are subject to change, as well. Thus, refactoring support is required for DSLs in order to prevent users from doing it manually. The problem is that the amount of DSLs is huge and refactorings should not be implemented for new for each of them, since they are quite similar from an abstract viewing. Existing approaches abstract from the target language, which is not flexible enough because some assumptions about the languages have to be made and arbitrary DSLs are not supported. Furthermore, the relation between a strategy which finds model deficiencies that should be improved, a resolving refactoring, and the improved quality is only implicit. Focussing on a particular quality and only detecting those deficiencies deteriorating this quality is difficult, and elements of detected deficient structures cannot be referred to in the resolving refactoring. In addition, heterogeneous models in an IDE might be connected physically or logically, thus, they are dependent. Finding such connections is difficult and can hardly be achieved manually. Applying a restructuring in a model implied by a refactoring in a dependent model must also be a refactoring, in order to preserve the meaning. Thus, this kind of dependent refactorings require an appropriate abstraction mechanism, since they must be specified for dependent models of different DSLs. The first contribution, Role-Based Generic Model Refactoring, uses role models to abstract from refactorings instead of the target languages. Thus, participating structures in a refactoring can be specified generically by means of role models. As a consequence, arbitrary model-based DSLs are supported, since this approach does not make any assumptions regarding the target languages. Our second contribution, Role-Based Quality Smells, is a conceptual framework and correlates deficiencies, their deteriorated qualities, and resolving refactorings. Roles are used to abstract from the causing structures of a deficiency, which then are subject to resolving refactorings. The third contribution, Role-Based Co-Refactoring, employs the graph-logic isomorphism to detect dependencies between models. Dependent refactorings, which we call co-refactorings, are specified on the basis of roles for being independent from particular target DSLs. All introduced concepts are implemented in our tool Refactory. An evaluation in different scenarios complements the thesis. It shows that role models emerged as very powerful regarding the reuse of generic refactorings in arbitrary languages. Role models are suited as an interface for certain structures which are to be refactored, scanned for deficiencies, or co-refactored. All of the presented approaches benefit from it.:List of Figures xv List of Tables xvii List of Listings xix 1. Introduction 1 1.1. Language-Tool Generation Without Consideration Of Time And Space . . . . . 4 1.2. Challenges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 1.3. Generic Quality-Aware Refactoring and Co-Refactoring in Heterogeneous Model Environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 2. Foundations 15 2.1. Refactoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 2.2. Model-Driven Software Development . . . . . . . . . . . . . . . . . . . . . . . . 16 2.2.1. Levels of Abstraction and Metamodelling . . . . . . . . . . . . . . . . . 17 2.2.2. Model Transformations . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 2.3. Role-Based Modelling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 3. Related Work 23 3.1. Model Refactoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 3.1.1. Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 3.1.2. Literature Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 3.1.3. Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 3.2. Determination of Quality-Related De ciencies . . . . . . . . . . . . . . . . . . . 32 3.2.1. Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 3.2.2. Literature Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 3.2.3. Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 3.3. Co-Refactoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 3.3.1. Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 3.3.2. Literature Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 3.3.3. Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 3.4. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 4. Role-Based Generic Model Refactoring 51 4.1. Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 4.2. Specifying Generic Refactorings with Role Models . . . . . . . . . . . . . . . . . 53 4.2.1. Specifying Structural Constraints using Role Models . . . . . . . . . . . 55 4.2.2. Mapping Roles to Language Concepts Using Role Mappings . . . . . . . 57 4.2.3. Specifying Language-Independent Transformations using Refactoring Speci cations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 4.2.4. Composition of Refactorings . . . . . . . . . . . . . . . . . . . . . . . . . 67 4.3. Preserving Semantics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 4.4. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71 5. Suggesting Role Mappings as Concrete Refactorings 73 5.1. Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 5.2. Automatic Derivation of Suggestions for Role Mappings with Graph Querying . 74 5.3. Reduction of the Number of Valid Matches . . . . . . . . . . . . . . . . . . . . . 76 5.4. Comparison to Model Matching . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 5.5. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78 6. Role-Based Quality Smells as Refactoring Indicator 79 6.1. Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 6.2. Correlating Model De ciencies, Qualities and Refactorings . . . . . . . . . . . . 80 6.2.1. Quality Smell Repository . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 6.2.2. Quality Smell Calculation Repository . . . . . . . . . . . . . . . . . . . . 85 6.3. Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 6.4. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88 7. A Quality Smell Catalogue for Android Applications 89 7.1. Quality Smell Catalogue Schema . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 7.2. Acquiring Quality Smells . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 7.3. Structure-Based Quality Smells—A Detailed Example . . . . . . . . . . . . . . . 92 7.3.1. The Pattern Language . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 7.3.2. Quality Smell: Interruption from Background . . . . . . . . . . . . . . . 93 7.4. Quality Smells for Android Applications . . . . . . . . . . . . . . . . . . . . . . 96 7.4.1. Quality Smell: Data Transmission Without Compression . . . . . . . . . 96 7.4.2. Quality Smell: Dropped Data . . . . . . . . . . . . . . . . . . . . . . . . 98 7.4.3. Quality Smell: Durable WakeLock . . . . . . . . . . . . . . . . . . . . . 98 7.4.4. Quality Smell: Internal Use of Getters/Setters . . . . . . . . . . . . . . . 99 7.4.5. Quality Smell: No Low Memory Resolver . . . . . . . . . . . . . . . . . 101 7.4.6. Quality Smell: Rigid AlarmManager . . . . . . . . . . . . . . . . . . . . 101 7.4.7. Quality Smell: Unclosed Closeable . . . . . . . . . . . . . . . . . . . . . 102 7.4.8. Quality Smell: Untouchable . . . . . . . . . . . . . . . . . . . . . . . . . 103 7.5. Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 8. Role-Based Co-Refactoring in Multi-Language Development Environments 105 8.1. Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 8.2. Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 8.3. Dependency Knowledge Base . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 8.3.1. Categories of Model Dependencies . . . . . . . . . . . . . . . . . . . . . 108 8.3.2. When to Determine Model Dependencies . . . . . . . . . . . . . . . . . 110 8.3.3. How to Determine Model Dependencies . . . . . . . . . . . . . . . . . . 111 8.4. Co-Refactoring Knowledge Base . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 8.4.1. Specifying Coupled Refactorings with Co-Refactoring Speci cations . . 114 8.4.2. Specifying Bindings for Co-Refactorings . . . . . . . . . . . . . . . . . . 116 8.4.3. Determination of Co-Refactoring Speci cations . . . . . . . . . . . . . . 118 8.5. Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118 8.6. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119 9. Refactory: An Eclipse Tool For Quality-Aware Refactoring and Co-Refactoring 121 9.1. Refactoring Framework . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122 9.1.1. Role Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122 9.1.2. Refactoring Speci cation . . . . . . . . . . . . . . . . . . . . . . . . . . . 124 9.1.3. Role Model Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126 9.1.4. Refactoring Composition . . . . . . . . . . . . . . . . . . . . . . . . . . . 128 9.1.5. Custom Refactoring Extensions . . . . . . . . . . . . . . . . . . . . . . . 129 9.1.6. Pre- and Post-conditions . . . . . . . . . . . . . . . . . . . . . . . . . . . 129 9.1.7. Integration Into the Eclipse Refactoring Framework . . . . . . . . . . . . 130 9.2. Quality Smell Framework . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134 9.3. Co-Refactoring Framework . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137 9.3.1. Concrete Syntax of a CoRefSpec . . . . . . . . . . . . . . . . . . . . . . . 138 9.3.2. Expression Evaluation by Using an Expression Language . . . . . . . . . 138 9.3.3. UI and Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140 9.4. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141 10. Evaluation 143 10.1. Case Study: Reuse of Generic Refactorings in many DSLs . . . . . . . . . . . . . 143 10.1.1. Threats to validity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143 10.1.2. Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144 10.1.3. Experience Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146 10.2. Case Study: Suggestion of Valid Role Mappings . . . . . . . . . . . . . . . . . . 147 10.2.1. Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147 10.2.2. Evaluation and Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . 151 10.3. Proof of Concept: Co-Refactoring OWL and Ecore Models . . . . . . . . . . . . 155 10.3.1. Coupled OWL-Ecore Refactorings . . . . . . . . . . . . . . . . . . . . . 156 10.3.2. Realisation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157 10.3.3. Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160 11. Summary, Conclusion and Outlook 161 11.1. Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161 11.2. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163 11.3. Outlook . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166 Appendix 169 A. List of Role Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169 B. Comparison to Role Feature Model . . . . . . . . . . . . . . . . . . . . . . . . . 171 C. Complete List of Role Mappings . . . . . . . . . . . . . . . . . . . . . . . . . . . 173 D. List of all IncPL Patterns for Detecting Quality Smells . . . . . . . . . . . . . . . 176 E. Post-Processor of the Extract CompositeState refactoring for UML State Machines 183 F. Speci cation of the Conference Language . . . . . . . . . . . . . . . . . . . . . . 185 List of Abbreviations 187 Bibliography 191 info:eu-repo/classification/ddc/000 ddc:000
65	A Combined Formal Model for Relational Context-Dependent Roles (Extended) Kühn, Thomas, Böhme, Stephan, Götz, Sebastian, Aßmann, Uwe 17 September 2015 (has links) Role-based modeling has been investigated for over 35 years as a promising paradigm to model complex, dynamic systems. Although current software systems are characterized by increasing complexity and context-dependence, all this research had almost no influence on current software development practice, still being discussed in recent literature. One reason for this is the lack of a coherent, comprehensive, readily applicable notion of roles. Researchers focused either on relational roles or context-dependent roles rather then combining both natures. Currently, there is no role-based modeling language sufficiently incorporating both the relational and context-dependent nature of roles together with the various proposed constraints. Hence, this paper formalizes a full-fledged role-based modeling language supporting both natures. To show its sufficiency and adequacy, a real world example is employed. info:eu-repo/classification/ddc/004 ddc:004
66	Design and Implementation of Role-based Architectural Event Modules Rohde, Frank 21 June 2016 (has links) This diploma thesis attempts to improve the language-support for coping with the problem of negative emergence in dynamic Systems-of-Systems (SoS). Negative emergence is understood to be the emergence of unintended behaviour among constituent systems of a SoS in response to certain changes to the composition of constituent systems in the SoS. The architecture description language (ADL) "EventArch 2.0" approaches this problem by allowing the SoS-manager to define certain rules to manipulate the original behaviour of certain constituent systems at certain critical points of execution of the SoS to prevent unintended behaviour ("coordination rules"). This thesis approaches a solution to the following problem: to prevent the introduction of unintended behaviour through overly- or underly-restrictive coordination rules, more- or less-restrictive variants of a coordination rule would have to be applied to the SoS depending on the current composition of constituent systems in the SoS. This thesis has the goal to approach this problem by devising a mechanism to dynamically exchange a coordination rule depending on the current composition of constituent systems in the SoS. To achieve that goal, the ADL "EventArch 2.0" is extended to support the dynamic application of a coordination rule to a System-of-Systems. The dynamic application is achieved by connecting coordinators and constituent systems at runtime. As a special characteristic, each coordinator is dedicated to a specific constituent system and is responsible for achieving compliance of that system with respect to a specific coordination rule. It is shown that this architectural setup can be nicely modeled using concepts from the field of "role-based modeling". The solution does therefore employ concepts that are central to the "role-based modeling"-approach: "Role", "Base", and "Compartment". The applicability of the extended language to practical coordination-problems is shown by applying it to a constructed use case in the field of energy-efficient computing.:1 Introduction 1 1.1 Motivation and Problem Statement 1 1.2 Overview 2 2 Background 4 2.1 System of Systems 4 2.2 EventArch 2.0 8 2.2.1 Concepts 8 2.2.2 Implementation 10 2.2.3 Diagrams 15 2.3 Role-based Modeling 19 2.4 Coupling Strategies 22 3 Related Work 25 3.1 Requirements 25 3.2 Features 28 3.3 OT/J 29 3.4 Other Role-based Languages 31 3.5 Areas of Improvement 35 3.5.1 OT/J 35 3.5.2 Other Role-based Languages 40 4 Concepts of EventArch 3.0 45 4.1 Base, Role, and Compartment 45 4.2 Dynamic Composite AEM and Role-Binder 46 4.3 Inner Roles and Atomic Block 48 4.4 Diagrams 49 5 Internal Design of EventArch 3.0 55 5.1 Implementation of the Concepts 55 5.1.1 Base, Role, and Compartment 56 5.1.2 Dynamic Composite AEM and Role-Binder 58 5.1.3 Inner Roles and Atomic Block 60 5.1.4 Other Concepts 62 5.2 Further Discussion and Design Alternatives 63 6 Evaluation of EventArch 3.0 66 6.1 Advantages 66 6.2 Disadvantages 74 6.3 Reflections on the Fulfillment of the Requirements 77 6.4 Use case 81 6.5 Application to the Example Use case 83 6.5.1 Presentation of the implementation 83 6.5.2 Advantages shown by the implementation 90 7 Conclusion 93 7.1 Future Work 95 8 Appendix 99 8.1 Additional Source-Code 99 8.1.1 OT/J source-code 99 8.1.2 “State”-coordination rule 105 8.2 Internal Design of EventArch 2.0 109 8.2.1 Abstract 109 8.2.2 Detailed 116 8.3 Grammar of EventArch 3.0 . 123 8.4 EventArch 3.0 Diagrams 126 Bibliography 134 / Die vorliegende Diplomarbeit ist mit der Verbesserung der Sprachunterstützung zur Vermeidung negativer Emergenz in dynamischen Systems-of-Systems (SoS) befasst. Negative Emergenz wird dabei als unerwünschtes Verhalten von an einem SoS beteiligten Systemen verstanden, welches auf Grund von Änderungen in der Zusammensetzung des SoS (d.h. auf Grund des Eintritts oder Austritts von konstituierenden Systemen) aufgetreten ist. Die Architekturbeschreibungssprache "EventArch 2.0" unterstützt den SoS-manager bei der Lösung dieses Problems durch die Möglichkeit das Verhalten der beteiligten Systeme in bestimmten Ausführungsmomenten durch die Definition von Koordinationsregeln zu manipulieren und auf diesem Wege das Auftreten negativer Emergenz zu vermeiden. Die Diplomarbeit ist ein Beitrag zur Lösung des folgenden Problems: Um die Einführung von unerwünschtem Verhalten durch übermäßig- oder unzureichend restriktive Koordinationsregeln zu verhindern, müssten unterschiedliche Varianten einer Koordinationsregel, die sich im Grade ihrer Restriktivität unterscheiden, auf das SoS angewendet werden. Diese Anwendung müßte in Abhängigkeit der aktuellen Zusammensetzung des SoS aus konstituierenden Systemen erfolgen. In der vorliegenden Diplomarbeit wird eine Möglichkeit entwickelt um eine Koordinationsregel zur Laufzeit in Abhängigkeit der aktuellen Zusammensetzung des SoS aus konstituierenden Systemen auszutauschen. Sie leistet damit einen Beitrag zur Lösung des vorgenannten Problems. In der Arbeit wird die Architekturbeschreibungssprache "EventArch 2.0" um die Möglichkeit des dynamischen Austausches von Koordinationsregeln erweitert. Dabei werden Koordinationsregeln angewendet durch die gezielte Verbindung von Koordinatoren und konstituierenden Systemen. Die Besonderheit des Ansatzes besteht darin, dass jedem konstituierenden System ein persönlicher Koordinator zugeordnet wird, d.h. ein Koordinator der ausschließlich für die Anpassung des Verhaltens des jeweiligen Systems an eine bestimmte Koordinationsregel verantwortlich ist. In der Arbeit wird gezeigt, dass dieser architektonische Ansatz durch zentrale Konzepte des Modellierungsansatzes "rollenbasierte Modellierung" modelliert werden kann. In der entwickelten Spracherweiterung werden daher die Konzepte "Rolle", "Basis" und "Compartment" verwendet. Die Anwendbarkeit der erweiterten Sprache, wird durch deren Anwendung auf einen konstruierten Anwendungsfall aus dem Bereich der Energie-effizienten Berechnung gezeigt.:1 Introduction 1 1.1 Motivation and Problem Statement 1 1.2 Overview 2 2 Background 4 2.1 System of Systems 4 2.2 EventArch 2.0 8 2.2.1 Concepts 8 2.2.2 Implementation 10 2.2.3 Diagrams 15 2.3 Role-based Modeling 19 2.4 Coupling Strategies 22 3 Related Work 25 3.1 Requirements 25 3.2 Features 28 3.3 OT/J 29 3.4 Other Role-based Languages 31 3.5 Areas of Improvement 35 3.5.1 OT/J 35 3.5.2 Other Role-based Languages 40 4 Concepts of EventArch 3.0 45 4.1 Base, Role, and Compartment 45 4.2 Dynamic Composite AEM and Role-Binder 46 4.3 Inner Roles and Atomic Block 48 4.4 Diagrams 49 5 Internal Design of EventArch 3.0 55 5.1 Implementation of the Concepts 55 5.1.1 Base, Role, and Compartment 56 5.1.2 Dynamic Composite AEM and Role-Binder 58 5.1.3 Inner Roles and Atomic Block 60 5.1.4 Other Concepts 62 5.2 Further Discussion and Design Alternatives 63 6 Evaluation of EventArch 3.0 66 6.1 Advantages 66 6.2 Disadvantages 74 6.3 Reflections on the Fulfillment of the Requirements 77 6.4 Use case 81 6.5 Application to the Example Use case 83 6.5.1 Presentation of the implementation 83 6.5.2 Advantages shown by the implementation 90 7 Conclusion 93 7.1 Future Work 95 8 Appendix 99 8.1 Additional Source-Code 99 8.1.1 OT/J source-code 99 8.1.2 “State”-coordination rule 105 8.2 Internal Design of EventArch 2.0 109 8.2.1 Abstract 109 8.2.2 Detailed 116 8.3 Grammar of EventArch 3.0 . 123 8.4 EventArch 3.0 Diagrams 126 Bibliography 134 info:eu-repo/classification/ddc/004 ddc:004 Emergenz; Koordination; Rolle
67	DESIGN OF CROWD-SCALE MULTI-PARTY TELEPRESENCE SYSTEM WITH DISTRIBUTED MULTIPOINT CONTROL UNIT BASED ON PEER TO PEER NETWORK Hossain, Md Amjad 02 December 2020 (has links) No description available. Computer Science Peer to peer video conferencing P2P Network Multiparty Telepresence Crowd-Scale Multipoint Control Unit Distributed MCU Role-based stream prioritization GAncestor ZePoP Leader Election overcrowding stream collection and distribution tree
68	Semantic and Role-Based Access Control for Data Grid Systems Muppavarapu, Vineela 11 December 2009 (has links) No description available. Computer Science Data Grid role-based access control semantic-based access control Storage Resource Broker Shibboleth ontology
69	主管部屬關係認同理論邏輯關係網絡之驗證 / Validation of the nomological network of supervisor-subordinate relational identification 顏上雲 Unknown Date (has links) 人際互動是組織運作的基礎，但有關人際層次的認同研究過去時常被忽略，Sluss與Ashforth（2007）即提出一關係認同的理論架構試圖解釋關係認同如何形成。然而，此關係認同架構僅為一理論性的論述，過去尚未有研究針對其中的角色認定與個人認定構念發展量表，測量三類關係認同的工具也有所缺乏，其理論架構尚待檢驗。據此，本研究的目的為根據Sluss與Ashforth（2007）提出之關係認同理論，以主管部屬關係出發，驗證此理論的邏輯關係網絡（nomological network）。本研究主要分兩部份進行，第一部份參考Hinkin（1998）建議的量表編製步驟，撰寫部屬對主管之角色認定、個人認定評價，以及三類關係認同題項並進行此量表的信效度檢驗與修正；第二部份則檢驗部屬對主管的角色認定與個人認定之正、負向評價結果，和其與關係認同、關係不認同以及關係矛盾認同之間的關聯；此外，亦檢驗此三類關係認同與結果變項之間的關係。在樣本部分，本研究請205位台灣醫療院所的基層護理人員針對自身與護理長之間的主管部屬關係進行評估，分析結果指出Sluss與Ashforth（2007）的關係認同理論可以獲得初步驗證。本研究的貢獻除了在於補足對角色認定、個人認定，以及三類關係認同構念的測量，並且對Sluss與Ashforth（2007）的關係認同理論的邏輯關係網絡證據進行檢驗，使我們對於關係認同的形成有更多理解。 / Interpersonal interaction is the foundation of organization operations, but the study of identification in interpersonal level has often been ignored. Sluss and Ashforth (2007) proposed the relational identification framework to explain how the relational identification forms. However, this framework is still in conceptual debate, and no researcher has developed the scale for measuring the role-based identity and person-based identity construct yet. Moreover, the scale of three types of relational identification, the relational identification, relational disidentification, and ambivalent relational identification, are also not well-developed. Therefore, the purpose of this study is focus on supervisor-subordinate relationship, and validate the nomological network of Sluss and Ashforth’s relational identification theory. First, based on the suggestion of Hinkin (1998), this study generated items to measure the valence of role-based and person-based identity, and three types of relational identification. Second, after testing the reliability and validity of these scales, this study tested the connection between subordinates’ positive/negative valence of role-based and person-based identity, and the three types of relational identification outcome. Furthermore, this study examines the relationships between three types of relational identification and criterion variables. Current study samples 205 registered first-line nurses from hospitals in Taiwan and asks them to evaluate their supervisor-subordinate relationship with head nurses. The result shows that there are some initial validation evidences for the relational identification framework. The contributions and limitations of this study, and the suggestions for future relational identification research are discussed. 主管部屬關係角色認定個人認定關係認同關係不認同關係矛盾認同 supervisor-subordinate relationship role-based identity person-based identity relational identification relational disidentification ambivalent relational identification
70	應用剖面導向技術研製網路應用程式之可設定式細緻化存取控管林經緯, Lin,Ching Wei Unknown Date (has links) 存取控管(Access Control)是網路應用程式(Web Applications)安全防護中的核心課題。貫徹存取控管的程式碼往往必須嵌入到應用系統的各個模組中，具有橫跨(cross-cutting)的特性，卻也因此常常造成系統中反覆出現類似的程式碼以及不同需求的程式碼夾雜不清的現象。所以學界業界紛紛提出了許多可設定式(configurable)的存取控管機制來解決此一問題。但這些機制都著重在一般功能性(function-level)的存取控管，對於較細緻化(fine-grained)的資料存取(data-level)控管，並未提供設定式的控管方式，還是得透過程式化(programmatic)的方式處理，所以仍然有程式橫跨性的問題。最近興起的剖面導向程式設計(Aspect-Oriented Programming)基於關注分離的原則(Separation of Concerns)，針對像安全橫跨性的需求，倡議在原有的物件或函式模組外，另以剖面作為這些橫跨性需求的模組單位，既可集中開發又可依規則將安全程式碼整合至系統的各個模組。因此本研究將以AOP技術來設計與製作一套可設定式的細緻化存取控管服務與工具。 / Security is attracting more and more concerns in the development of Web applications. However, it is not easy to derive a robust security implementation for Web applications. The principle difficulty in designing security such as access control into an application system is that it is a concern that permeates through all the different modules of a system. As a result, security concerns in an application are often implemented with scattered and tangled code, which is not only error-prone but also makes it difficult to verify its correctness and perform the needed maintenance. Aspect-Oriented Programming (AOP) is a relative new design method that allows a programmer to isolate some of the code that crosscuts his program modules into a separate module, and thus realizes the concept of Separation of Concerns. AOP offers significant advantages to programming over traditional OO techniques in implementing crosscutting concerns such as access control. In this thesis, we define an XML schema for specifying fine-grained access control rules for Web applications in a configuration file and devise an aspect-oriented implementation scheme. Specifically, we develop an aspect synthesis tool that generates concrete access control aspects automatically from access control rules. These aspects, after woven into the base application, will enforce proper access control in a highly modular manner. As a result, we get a configurable implementation of access control that is not only adaptive but also effective. 網路應用程式宣告式存取控管機制以角色為基礎之存取控管資料層次存取控管剖面導向程式設計 web applications data-level access control Role-based access control MVC Aspect-oriented programming

Search results