On Specifying and Enforcing Access Control of Web Services Based Workflows

Chen, Yun-Chih

11 August 2009

Web services have become the de facto standards as components for quickly building a business process that satisfies the business goal of an organization. Nowadays, Web services have found its way into describing the functions of automatic tasks as well as manual tasks. An important part in the specification of a business process, especially for manual tasks, is the access control. This thesis considers both types of tasks involved in a Web services-based process with its corresponding access control problem and proposes a selection approach for choosing the performer for each task so as to satisfy all access control constraints. Based on the role-based access control model, we focus on two types of access control: separation of duties (SoD) and binding of duties (BoD). Both role-level and participant-level of SoDs and of BoDs that need to be dynamically enforced and these constraints are considered in this thesis. The proposed performer selection approach is evaluated by a workflow scenario and is shown to have the highest chance of satisfying all predefined access control constraints when compared to other methods.

Web Services

Access Control

Web Service Selection

Composability

Eine Einführung in SELinux

Winkler, Marcus

25 January 2007

SELinux ist eine Erweiterung für das Betriebssystem Linux, deren Einsatz eine Erhöhung der Systemsicherheit verspricht. Dieses Tutorial stellt einige der Grundlagen und Mechanismen von SELinux vor. Es gibt einen Einblick in Nutzung und Konfiguration. / SELinux is an extension to the Linux operating system. It promises an increase in system security. This tutorial introduces some of the principles and mechanisms of SELinux. It provides insight into its usage and configuration.

mandatory access control

security

ddc:000

Computersicherheit

LINUX

SELinux

Design, Testing and Implementation of a New Authentication Method Using Multiple Devices

Cetin, Cagri

01 January 2015

Authentication protocols are very common mechanisms to confirm the legitimacy of someone’s or something’s identity in digital and physical systems. This thesis presents a new and robust authentication method based on users’ multiple devices. Due to the popularity of mobile devices, users are becoming more likely to have more than one device (e.g., smartwatch, smartphone, laptop, tablet, smart-car, smart-ring, etc.). The authentication system presented here takes advantage of these multiple devices to implement authentication mechanisms. In particular, the system requires the devices to collaborate with each other in order for the authentication to succeed. This new authentication protocol is robust against theft-based attacks on single device; an attacker would need to steal multiple devices in order to compromise the authentication system. The new authentication protocol comprises an authenticator and at least two user devices, where the user devices are associated with each other. To perform an authentication on a user device, the user needs to respond a challenge by using his/her associated device. After describing how this authentication protocol works, this thesis will discuss three different versions of the protocol that have been implemented. In the first implementation, the authentication process is performed by using two smartphones. Also, as a challenge, a QR code is used. In the second implementation, instead of using a QR code, NFC technology is used for challenge transmission. In the last implementation, the usability with different platforms is exposed. Instead of using smartphones, a laptop computer and a smartphone combination is used. Furthermore, the authentication protocol has been verified by using an automated protocol-verification tool to check whether the protocol satisfies authenticity and secrecy properties. Finally, these implementations are tested and analyzed to demonstrate the performance variations over different versions of the protocol.

access control

Authentication protocols

mobile devices

security

verification

Computer Sciences

An empty promise of freedom of information? : assessing the legislative and judicial protection of the right of access of government information in China

Chen, Yongxi, 陳詠熙

January 2013

This thesis assesses and explains the effectiveness of the legal regime for government transparency in China, with a focus on the legislative and judicial protection of citizens’ right of access to information (ATI), through a combination of normative doctrinal analysis and empirical investigation. In 2007, China promulgated the Regulation on Open Government Information (ROGI),which implicitly created a general and legally enforceable ATI right, thereby establishing a regime akin to the freedom of information (FOI) regimes that prevail in many countries worldwide. However, this nascent regime appears to have had mixed, and rather confusing, effects. Existent assessments of the regime’s effectiveness have concentrated either on the ROGI text or on data concerning bureaucratic performance and the extra-legal factors affecting that performance, but have failed to consider sufficiently the perplexities and peculiarities of the Chinese legal system that bear heavily on the ROGI’s operation. This thesis constitutes an attempt to make both substantive and methodological contributions to research in this field. The thesis is organized into three main areas. First, it analyses the relation between the ruling Communist Party’s policies and the making of local and national transparency legislation. It finds that the legislative endorsement of an ATI right resulted from several of the Party’s reform goals, which include not only the facilitation of economic prosperity and social progress but also the fostering of government accountability and public participation. These goals, although with respective limitations, overlap with the values underlying FOI law. Second, it examines the labyrinth of Chinese laws, regulations and other legal norms that regulate the disclosure of government information, particularly the ROGI and Law on Guarding State Secrets, and evaluates them against international best practice standards on FOI law. It finds that the overall legislative framework lags behind international standards, largely because it fails to stipulate a presumption of disclosure and contains multi-layered restrictions on access, thereby leaving administrative organs with an enormous degree of discretion. Third, it reviews 169 judicial decisions collected through methods specially designed to ensure their representativeness. It distils the major trends in the interpretations made and rules set by the courts and finds that, by placing restrictions on access to court, imposing a need test, failing to scrutinize state secret claims, deferring to administrative discretion in applying exemptions and avoiding injunctive relief, the courts have further reduced the normative scope of the ATI right. It argues that this inadequate judicial protection is caused not by limitations on judicial power with respect to that right, but primarily by the abandonment of duty on the part of most courts, which have either misapplied the law or deviated from the guiding cases and legal doctrine that maintain the coherence of laws and judicial autonomy. Owing to the combined effect of a weak legislative framework and largely impotent judicial protection, the ATI right has been virtually deprived of its function to enable the citizenry to monitor and check the government. It has also failed to fulfil its potential in protecting citizens’ personal and property rights. In this regard, China’s ATI right falls far short of a genuine right to freedom of information. These findings provide a necessary basis for a more accurate assessment of China’s open government information regime and a more perceptive comparison of this peculiarly Chinese regime with the FOI regimes of other countries. They also shed new light on the operation of judicial review in China. Furthermore, they indicate the barriers that must be overcome in future reforms to achieve a genuine FOI environment and highlight the interconnectedness of any such reform measures. / published_or_final_version / Law / Doctoral / Doctor of Philosophy

Security models for authorization, delegation and accountability

Lui, W. C., 雷永祥.

January 2005

published_or_final_version / abstract / Computer Science / Doctoral / Doctor of Philosophy

Delegation of authority.

Computers - Access control.

Computer security.

Cryptography.

AN INDOOR GEO-FENCING BASED ACCESS CONTROL SYSTEM FOR WIRELESS NETWORKS

Rahimi, Hossein

31 July 2013

Use of wireless network information for indoor positioning has been an area of interest since wireless networks became very popular. On the other hand, the market started to grow in variety and production volumes leading to a variety of devices with many different hardware and software combinations. In the field of indoor positioning, most of the existing technologies are dependent on additional hardware and/or infrastructure, which increases the cost and requirements for both users and providers. This thesis investigates possible methods of coupling indoor geo-fencing with access control including authentication, identification, and registration in a system. Moreover, various techniques are studied in order to improve the robustness and security of such a system. The focus of these studies is to improve the proposed system in such a way that gives it the ability to operate properly in noisy, heterogeneous, and less controlled environments where the presence of attackers is highly probable. To achieve this, a classification based geo-fencing approach using Received Signal Strength Indicator (RSSI) has been employed so that accurate geo-fencing is coupled with secure communication and computing. Experimental results show that considerable positioning accuracy has been achieved while providing high security measures for communication and transactions. Favouring diversity and generic design, the proposed implementation does not mandate users to undergo any system software modification or adding new hardware components.

Wireless sensor network development for urban environments

Boers, Nicholas M.

Unknown Date

No description available.

wireless sensor networks

interference

classification

simulation

medium access control

Security Issues in Heterogeneous Data Federations

Leighton, Gregory

Unknown Date

No description available.

data security

XML

database theory

access control

data privacy

A formal protection model of security in distributed systems

Benson, Glenn Stuart

08 1900

No description available.

Data protection

Computers Access control

Grupinio darbo procesai paskirstytose redakcinėse sistemose / Groupware processes in distributed editorial sistems

Šimkevičius, Tomas

28 May 2005

This paper analyses different systems of and concepts to editorial system processes management. On this analysis a new approach in the field of triple (user-group-role) based access control and message/step based workflow for editorial systems. Used technologies in and basic concepts of access control and workflows methods are presented and discussed based on their impact towards software development.

Informatics Engineering

Teisių sistemos

workflows

Access control

Darbų srautai