Federated Access Management for Collaborative Environments

January 2016

abstract: Access control has been historically recognized as an effective technique for ensuring that computer systems preserve important security properties. Recently, attribute-based access control (ABAC) has emerged as a new paradigm to provide access mediation by leveraging the concept of attributes: observable properties that become relevant under a certain security context and are exhibited by the entities normally involved in the mediation process, namely, end-users and protected resources. Also recently, independently-run organizations from the private and public sectors have recognized the benefits of engaging in multi-disciplinary research collaborations that involve sharing sensitive proprietary resources such as scientific data, networking capabilities and computation time and have recognized ABAC as the paradigm that suits their needs for restricting the way such resources are to be shared with each other. In such a setting, a robust yet flexible access mediation scheme is crucial to guarantee participants are granted access to such resources in a safe and secure manner. However, no consensus exists either in the literature with respect to a formal model that clearly defines the way the components depicted in ABAC should interact with each other, so that the rigorous study of security properties to be effectively pursued. This dissertation proposes an approach tailored to provide a well-defined and formal definition of ABAC, including a description on how attributes exhibited by different independent organizations are to be leveraged for mediating access to shared resources, by allowing for collaborating parties to engage in federations for the specification, discovery, evaluation and communication of attributes, policies, and access mediation decisions. In addition, a software assurance framework is introduced to support the correct construction of enforcement mechanisms implementing our approach by leveraging validation and verification techniques based on software assertions, namely, design by contract (DBC) and behavioral interface specification languages (BISL). Finally, this dissertation also proposes a distributed trust framework that allows for exchanging recommendations on the perceived reputations of members of our proposed federations, in such a way that the level of trust of previously-unknown participants can be properly assessed for the purposes of access mediation. / Dissertation/Thesis / Doctoral Dissertation Computer Science 2016

Computer science

Access control

Attribute

Collaborations

Derivation

Federation

Sharing

Hierarchické modelování plánovacích problémů / Hierarchical Modeling of Planning Problems

Dvořák, Tomáš

January 2016

Automated planning is a task to find a sequence of actions leading from an initial state to a desired goal state. There is a lot of formal models for planning problems modeling. The class of hierarchical formal models is one of them. In this thesis we will propose a hierarchical model, called GramPlan, based on attribute grammars. We will present some methods to reduce classical STRIPS formalism to GramPlan and we will prove the correctness of this reduction. Also we will present reduction of the FlowOpt workflow model to GramPlan and we will prove it's correctness. We will desing a couple of verification methods for attribute grammars and we will show these methods are equivalent. Powered by TCPDF (www.tcpdf.org)

Do I care or do I not? : an empirical assessment of decision heuristics in discrete choice experiments

Heidenreich, Sebastian

January 2016

Discrete choice experiments (DCEs) are widely used across economic disciplines to value multi-attribute commodities. DCEs ask survey-respondents to choose between mutually exclusive hypothetical alternatives that are described by a set of common attributes. The analysis of DCE data assumes that respondents consider and trade all attributes before making these choices. However, several studies show that many respondents ignore attributes. Respondents might choose not to consider all attributes to simplify choices or as a preference, because some attributes are not important to them. However, empirical approaches that account for attribute non-consideration only assume simplifying choice behaviour. This thesis shows that this assumption may lead to misleading welfare conclusions and therefore suboptimal policy advice. The analysis explores 'why' attribute are ignored using statistical analysis or by asking respondents. Both approaches are commonly used to identify attribute non-consideration in DCEs. However, the results of this thesis suggest that respondents struggle to recall ignored attributes and their reasons for non-consideration unless attributes are ignored due to non-valuation. This questions the validity of approaches in the literature that rely on respondents' ability to reflect on their decision rule. Further analysis explores how the complexity of choices affects the probability that respondents do not consider all attributes. The results show that attribute consideration first increases and then decreases with complexity. This raises questions about the optimal design complexity of DCEs. The overall findings of the thesis challenge the applicability of current approaches that account for attribute non-consideration in DCEs to policy analysis and emphasis the need for further research in this area.

338.4

VHITS: Vertical Handoff Initiation and Target Selection in a Heterogeneous Wireless Network

Kaleem, Faisal

28 March 2012

Global connectivity, for anyone, at anyplace, at anytime, to provide high-speed, high-quality, and reliable communication channels for mobile devices, is now becoming a reality. The credit mainly goes to the recent technological advances in wireless communications comprised of a wide range of technologies, services, and applications to fulfill the particular needs of end-users in different deployment scenarios (Wi-Fi, WiMAX, and 3G/4G cellular systems). In such a heterogeneous wireless environment, one of the key ingredients to provide efficient ubiquitous computing with guaranteed quality and continuity of service is the design of intelligent handoff algorithms. Traditional single-metric handoff decision algorithms, such as Received Signal Strength (RSS) based, are not efficient and intelligent enough to minimize the number of unnecessary handoffs, decision delays, and call-dropping and/or blocking probabilities. This research presented a novel approach for the design and implementation of a multi-criteria vertical handoff algorithm for heterogeneous wireless networks. Several parallel Fuzzy Logic Controllers were utilized in combination with different types of ranking algorithms and metric weighting schemes to implement two major modules: the first module estimated the necessity of handoff, and the other module was developed to select the best network as the target of handoff. Simulations based on different traffic classes, utilizing various types of wireless networks were carried out by implementing a wireless test-bed inspired by the concept of Rudimentary Network Emulator (RUNE). Simulation results indicated that the proposed scheme provided better performance in terms of minimizing the unnecessary handoffs, call dropping, and call blocking and handoff blocking probabilities. When subjected to Conversational traffic and compared against the RSS-based reference algorithm, the proposed scheme, utilizing the FTOPSIS ranking algorithm, was able to reduce the average outage probability of MSs moving with high speeds by 17%, new call blocking probability by 22%, the handoff blocking probability by 16%, and the average handoff rate by 40%. The significant reduction in the resulted handoff rate provides MS with efficient power consumption, and more available battery life. These percentages indicated a higher probability of guaranteed session continuity and quality of the currently utilized service, resulting in higher user satisfaction levels.

Heterogeneous Wireless Networks

Fuzzy Logic

Multi-Attribute Decision Making

Handoff

A Top-Down Policy Engineering Framework for Attribute-Based Access Control

Narouei, Masoud

05 1900

The purpose of this study is to propose a top-down policy engineering framework for attribute-based access control (ABAC) that aims to automatically extract ACPs from requirement specifications documents, and then, using the extracted policies, build or update an ABAC model. We specify a procedure that consists of three main components: 1) ACP sentence identification, 2) policy element extraction, and 3) ABAC model creation and update. ACP sentence identification processes unrestricted natural language documents and identify the sentences that carry ACP content. We propose and compare three different methodologies from different disciplines, namely deep recurrent neural networks (RNN-based), biological immune system (BIS-based), and a combination of multiple natural language processing techniques (PMI-based) in order to identify the proper methodology for extracting ACP sentences from irrelevant text. Our evaluation results improve the state-of-the-art by a margin of 5% F1-Measure. To aid future research, we also introduce a new dataset that includes 5000 sentences from real-world policy documents. ABAC policy extraction extracts ACP elements such as subject, object, and action from the identified ACPs. We use semantic roles and correctly identify ACP elements with an average F1 score of 75%, which bests the previous work by 15%. Furthermore, as SRL tools are often trained on publicly available corpora such as Wall Street Journal, we investigate the idea of improving SRL performance using domain-related knowledge. We utilize domain adaptation and semi-supervised learning techniques and improve the SRL performance by 2% using only a small amount of access control data. The third component, ABAC model creation and update, builds a new ABAC model or updates an existing one using the extracted ACP elements. For this purpose, we present an efficient methodology based on a particle swarm optimization algorithm for solving ABAC policy mining with minimal perturbation. Experimental results demonstrate that the proposed methodology generates much less complex policies than previous works using the same realistic case studies. Furthermore, we perform experiments on how to find an ABAC state as similar as possible to both the existing state and the optimal state. Part of the data utilized in this study was collected from the University of North Texas Policy Office, as well as policy documents from the university of North Texas Health Science Center, for the school years 2015-2016 through 2016-2017.

Attribute-based Access Control

Policy Engineering

Access Control Policy

The Abacus: A New Approach to Authorization

Siebach, Jacob Aaron Jess

09 August 2021

The purpose of this thesis is to investigate the implementation of digital authorization for computer systems, specifically how to implement an efficient and secure authorization engine that uses policies and attributes to calculate authorization. The architecture for the authorization engine is discussed, the efficiency of the engine is characterized by various tests, and the security model is reviewed against other presently existing models. The resulting efforts showed an increase in efficiency of almost two orders of magnitude, along with a reduction in the amount of processing power required to run the engine. The main focus of the work is how to provide precise, performant authorization using policies and attributes in a way that does not require the authorization engine to break domain boundaries by directly accessing data stores. Specifically, by pushing attributes from source domains into the authorization service, domains do not require the authorization service to have access to the data stores of the domain, nor is the authorization service required to have credentials to access data via APIs. This model also allows for a significant reduction in data motion as attributes need only be sent over the network once (when the attribute changes) as opposed to every time that the engine needs the attribute or every time that an attribute cache needs to be refreshed, resulting in a more secure way to store attributes for authorization purposes.

authorization

RBAC

ABAC

domain-driven design

attribute-based authorization

Engineering

Attributes that influence generation-Y consumers in their choice of Smartphone

Jainarain, Raven

23 February 2013

Smartphone adoption is occurring at an exponential rate with a user base far exceeding that of traditional mobile phones. Previous literature has identified various points of usage across demographics such as age, gender, income and nationality, however little of this is with regards to Smartphone attributes. Furthermore, generational change has provided a gravitational shift in the application of marketing techniques, as Generation-Y is a generation unlike any other, where traditional techniques are more hit and miss than targeted. A deeper understanding as to how antecedent decision-making is performed via the influence of Smartphone attributes upon Generation-Y’s choice of those phones is required. This research assists in the filling of these gaps by presenting findings in a holistic view of Generation-Y’s Smartphone attribute preferences as well as perceptions among South African business users. This paper seeks to add insight by unpacking the needs of the Generation that will soon be the largest consumer group in history - Generation-Y. Self Explicated Conjoint Analysis provides insights into attribute ranking and level of influence of specific attributes. Factor analysis extracts the salient factors of influence by Generation-Y consumers when choosing a Smartphone. Further to this, managerial implications, future work and limitations of this study for theory and practice are presented. / Dissertation (MBA)--University of Pretoria, 2012. / Gordon Institute of Business Science (GIBS) / unrestricted

UCTD

Attribute

Smartphone

Self explicated conjoint analysis

Branding

Generation Y

Tourists' preferences of souvenir design based on expressive attributes: a cross-cultural perspective

Ying Li (9467957)

16 December 2020

<div> <div> <div> <p>This study investigates the expressive design attributes of souvenir design preferred by tourists by comparing and contrasting preferences and perceptions of tourists from two different cultural groups. The study used a conjoint design to allow respondents to rank their preferences of sampled souvenirs which represents various expressive design attributes of souvenirs. This study uses conjoint analysis to test the relationship between those expressive attributes and tourists’ perceived value and purchase intention. The results showed that the three expressive attributes, namely Makers’ Mark attribute, Iconofetish attribute, and Relational attribute impact American and Chinese tourists perceived values of souvenirs and purchase intentions. The part-worth utility score indicates that comparatively speaking, American tourists prefer souvenirs with a dominant makers’ mark and those that are connected to the local place or local people. On the other hand, Chinese tourists prefer souvenirs with a domestic iconofetish feature. This study highlights the relationship between the four perceived value – perceived functional value, perceived emotional value, perceived social value, and perceived novelty value – and the purchase intention, using Spearman’s correlation. These results contribute to the literature of souvenir design. The culturally based preferences between the US and Chinese tourists allow designers and retailers to create and design souvenirs based on their preferred expressive attributes. </p> </div> </div> </div>

Tourism Management

Souvenir

Cross-culture

Expressive attribute

Conjoint analysis

Visualization of Conceptual Data with Methods of Formal Concept Analysis

Kriegel, Francesco

27 September 2013

Draft and proof of an algorithm computing incremental changes within a labeled layouted concept lattice upon insertion or removal of an attribute column in the underlying formal context. Furthermore some implementational details and mathematical background knowledge are presented.:1 Introduction 1.1 Acknowledgements 1.2 Supporting University: TU Dresden, Institute for Algebra 1.3 Supporting Corporation: SAP AG, Research Center Dresden 1.4 Research Project: CUBIST 1.5 Task Description und Structure of the Diploma Thesis I Mathematical Details 2 Fundamentals of Formal Concept Analysis 2.1 Concepts and Concept Lattice 2.2 Visualizations of Concept Lattices 2.2.1 Transitive Closure and Transitive Reduction 2.2.2 Neighborhood Relation 2.2.3 Line Diagram 2.2.4 Concept Diagram 2.2.5 Vertical Hybridization 2.2.6 Omitting the top and bottom concept node 2.2.7 Actions on Concept Diagrams 2.2.8 Metrics on Concept Diagrams 2.2.9 Heatmaps for Concept Diagrams 2.2.10 Biplots of Concept Diagrams 2.2.11 Seeds Selection 2.3 Apposition of Contexts 3 Incremental Updates for Concept Diagrams 3.1 Insertion & Removal of a single Attribute Column 3.1.1 Updating the Concepts 3.1.2 Structural Remarks 3.1.3 Updating the Order 3.1.4 Updating the Neighborhood 3.1.5 Updating the Concept Labels 3.1.6 Updating the Reducibility 3.1.7 Updating the Arrows 3.1.8 Updating the Seed Vectors 3.1.9 Complete IFOX Algorithm 3.1.10 An Example: Stepwise Construction of FCD(3) 3.2 Setting & Deleting a single cross 4 Iterative Exploration of Concept Lattices 4.1 Iceberg Lattices 4.2 Alpha Iceberg Lattices 4.3 Partly selections 4.3.1 Example with EMAGE data 4.4 Overview on Pruning & Interaction Techniques II Implementation Details 5 Requirement Analysis 5.1 Introduction 5.2 User-Level Requirements for Graphs 5.2.1 Select 5.2.2 Explore 5.2.3 Reconfigure 5.2.4 Encode 5.2.5 Abstract/Elaborate 5.2.6 Filter 5.2.7 Connect 5.2.8 Animate 5.3 Low-Level Requirements for Graphs 5.3.1 Panel 5.3.2 Node and Edge 5.3.3 Interface 5.3.4 Algorithm 5.4 Mapping of Low-Level Requirements to User-Level Requirements 5.5 Specific Visualization Requirements for Lattices 5.5.1 Lattice Zoom/Recursive Lattices/Partly Nested Lattices 5.5.2 Planarity 5.5.3 Labels 5.5.4 Selection of Ideals, Filters and Intervalls 5.5.5 Restricted Moving of Elements 5.5.6 Layout Algorithms 5.5.7 Additional Feature: Three Dimensions and Rotation 5.5.8 Additional Feature: Nesting 6 FCAFOX Framework for Formal Concept Analysis in JAVA 6.1 Architecture A Appendix A.1 Synonym Lexicon A.2 Galois Connections & Galois Lattices A.3 Fault Tolerance Extensions to Formal Concept Analysis / Entwurf und Beweis eines Algorithmus zur Berechnung inkrementeller Änderungen in einem beschrifteten dargestellten Begriffsverband beim Einfügen oder Entfernen einer Merkmalsspalte im zugrundeliegenden formalen Kontext. Weiterhin sind einige Details zur Implementation sowie zum mathematischen Hintergrundwissen dargestellt.:1 Introduction 1.1 Acknowledgements 1.2 Supporting University: TU Dresden, Institute for Algebra 1.3 Supporting Corporation: SAP AG, Research Center Dresden 1.4 Research Project: CUBIST 1.5 Task Description und Structure of the Diploma Thesis I Mathematical Details 2 Fundamentals of Formal Concept Analysis 2.1 Concepts and Concept Lattice 2.2 Visualizations of Concept Lattices 2.2.1 Transitive Closure and Transitive Reduction 2.2.2 Neighborhood Relation 2.2.3 Line Diagram 2.2.4 Concept Diagram 2.2.5 Vertical Hybridization 2.2.6 Omitting the top and bottom concept node 2.2.7 Actions on Concept Diagrams 2.2.8 Metrics on Concept Diagrams 2.2.9 Heatmaps for Concept Diagrams 2.2.10 Biplots of Concept Diagrams 2.2.11 Seeds Selection 2.3 Apposition of Contexts 3 Incremental Updates for Concept Diagrams 3.1 Insertion & Removal of a single Attribute Column 3.1.1 Updating the Concepts 3.1.2 Structural Remarks 3.1.3 Updating the Order 3.1.4 Updating the Neighborhood 3.1.5 Updating the Concept Labels 3.1.6 Updating the Reducibility 3.1.7 Updating the Arrows 3.1.8 Updating the Seed Vectors 3.1.9 Complete IFOX Algorithm 3.1.10 An Example: Stepwise Construction of FCD(3) 3.2 Setting & Deleting a single cross 4 Iterative Exploration of Concept Lattices 4.1 Iceberg Lattices 4.2 Alpha Iceberg Lattices 4.3 Partly selections 4.3.1 Example with EMAGE data 4.4 Overview on Pruning & Interaction Techniques II Implementation Details 5 Requirement Analysis 5.1 Introduction 5.2 User-Level Requirements for Graphs 5.2.1 Select 5.2.2 Explore 5.2.3 Reconfigure 5.2.4 Encode 5.2.5 Abstract/Elaborate 5.2.6 Filter 5.2.7 Connect 5.2.8 Animate 5.3 Low-Level Requirements for Graphs 5.3.1 Panel 5.3.2 Node and Edge 5.3.3 Interface 5.3.4 Algorithm 5.4 Mapping of Low-Level Requirements to User-Level Requirements 5.5 Specific Visualization Requirements for Lattices 5.5.1 Lattice Zoom/Recursive Lattices/Partly Nested Lattices 5.5.2 Planarity 5.5.3 Labels 5.5.4 Selection of Ideals, Filters and Intervalls 5.5.5 Restricted Moving of Elements 5.5.6 Layout Algorithms 5.5.7 Additional Feature: Three Dimensions and Rotation 5.5.8 Additional Feature: Nesting 6 FCAFOX Framework for Formal Concept Analysis in JAVA 6.1 Architecture A Appendix A.1 Synonym Lexicon A.2 Galois Connections & Galois Lattices A.3 Fault Tolerance Extensions to Formal Concept Analysis

info:eu-repo/classification/ddc/510

ddc:510

BackFlip: A Principled Approach to Online Attribute Verification

Daley, Devlin R.

12 August 2010

As traditional interactions in the real-word move online, services that require verified personal information from web users will increase. We propose an architecture for the verification of web user attributes without the use of cryptographic-based credentials. In this architecture, service providers are delegated a user's ability to directly contact a certifying party and retrieve attribute data. We demonstrate that this approach is simple for both developers and users, can be applied to existing Internet facilities and sufficiently secure for typical web use cases.

thesis

digital identity

delegation

attribute verification

Computer Sciences