Global ETD Search

301	An Ontology-Based Approach to Attribute Management in ABAC Environment January 2014 (has links) abstract: Attribute Based Access Control (ABAC) mechanisms have been attracting a lot of interest from the research community in recent times. This is especially because of the flexibility and extensibility it provides by using attributes assigned to subjects as the basis for access control. ABAC enables an administrator of a server to enforce access policies on the data, services and other such resources fairly easily. It also accommodates new policies and changes to existing policies gracefully, thereby making it a potentially good mechanism for implementing access control in large systems, particularly in today's age of Cloud Computing. However management of the attributes in ABAC environment is an area that has been little touched upon. Having a mechanism to allow multiple ABAC based systems to share data and resources can go a long way in making ABAC scalable. At the same time each system should be able to specify their own attribute sets independently. In the research presented in this document a new mechanism is proposed that would enable users to share resources and data in a cloud environment using ABAC techniques in a distributed manner. The focus is mainly on decentralizing the access policy specifications for the shared data so that each data owner can specify the access policy independent of others. The concept of ontologies and semantic web is introduced in the ABAC paradigm that would help in giving a scalable structure to the attributes and also allow systems having different sets of attributes to communicate and share resources. / Dissertation/Thesis / M.S. Computer Science 2014 Computer science Attribute Based Access Control Attribute Based Encryption Cloud Computing Ontology Security
302	Objek-georiënteerde en rolgebaseerde verspreide inligtingsekerheid in 'n oop transaksieverwerking omgewing Van der Merwe, Jacobus 07 October 2014 (has links) M.Sc. (Computer Science) / Information is a valuable resource in any organisation and more and more organisations are realising this and want efficient means to protect it against disclosure, modification or destruction. Although relatively efficient security methods have been available almost as long as information databases, they all provide additional cost. This cost does not only involve money but also cost in terms of system performance and management of information security. Any new information security model must also provide better management of information security. In this dissertation we present a model that provides information security and aims to lower the technical skills required to manage information security using this approach. In any business organisation we can describe each employee's duties. Put in other words, we can say that each employee has a specific business role in the organisation. In organisations with many employees there are typically many employees that have more or less the same duties in the organisation. This means that employees can be grouped according to their business roles. We use an employee's role as a description of his/her duties in a business organisation. ' Each role needs resources to perform its duties in the organisation. In terms of computer systems, each role needs computer resources such as printers. Most roles need access to data files in the organisation's database but it is not desirable to give all roles access to all data files. It is obvious that roles have specific privileges and restrictions in terms of information resources. Information security can be achieved by identifying the business roles in an organisation and giving these roles only the privileges needed to fulfill their business function and then assigning these roles to people (users of the organisation's computer system). This is called role-based security. People's business functions are related, for example clerks and clerk-managers are related in the sense that a clerk-manager is a manager of clerks. Business roles are related in the same way. For an information security manager to assign roles to users it is important to see this relationship between roles. In this dissertation we present this relationship using a lattice graph which we call a role lattice. The main advantage of this is that it is eases information security management... Computers - Access control Data protection Computer security
303	Mutual authentication in electronic commerce transactions. Kisimov, Martin Valentinov 02 June 2008 (has links) Electronic commerce is a large and ever growing industry. Online transactions are returning ever-growing revenues to electronic merchants. The e-commerce industry is still facing a range of problems concerning the process of completion of online transactions. Such problems are connected to consumer fears dealing with the identity of online merchants, their security pre- cautions and methods for accepting online payments. This thesis develops and presents a Mutual Authentication Model (MAM), which addresses the problem of mutual authentication between online shoppers and merchants. The model combines existing technologies in the eld of cryp- tography, as well as the use of digital signatures and certi cates. This is done in a speci c manner as for the model to achieve mutual authentication between communicating parties, in an online transactions. The Mutual Authentication Model provides a process through which an online shopper can be quickly and transparently equipped with a digital identi cation, in the form of a digital certi cate of high trust, in order for this shopper to participate in an authen- ticated transaction within the MAM. A few of the advantages of the developed model include the prospect of decreased online credit fraud, as well as an increased rate of completed online transactions. / Prof. S.H. von Solms Data Encryption (computer science) computer network security computer access control electronic commerce security
304	Separation of Duty in Role Based Access Kugblenu, Francis M., Asim, Memon January 2007 (has links) In today’s business world, many organizations use Information Systems to many their sensitive and business critical information. The need to protect such a key component of the organization cannot be over emphasized. Access control has been found to be one of the effective ways of insuring that only authorized users have access to the information resources to perform their job function. Role Based Access Control has been found to be the access control mechanism that fits naturally with the organizational structure of businesses. Separation of duties is a security principle that has been used extensively to prevent conflict of interest, fraud and error control in organizations. In this thesis, we identify the various forms of separation of duties in role based access control systems. We also do a case study of the role based access control system in the banking application of a financial institution. Role Based Access Control System Separation of duty Case Study. Computer Sciences Datavetenskap (datalogi)
305	Implementation and evaluation of sensoring a user's position with React Native Falk, Daniel January 2017 (has links) Today, there are many different ways to handle physical access control. RFID cards and tags are still a major solution but during the last years the market have been focusing on taking advantage of the devices that most people always carry with them, such as smartphones, tablets or smartwatches. This thesis has been carried out together with the company BRP Systems. They develop and deliver business systems to mainly the fitness business. In their product suite there is an application for booking workout sessions at these facilities. In this thesis their booking application has been rebuilt as a prototype and the functionality of unlocking the door and checking into workout sessions has been added. The application has been developed in React Native for Android and has been implemented in three versions using different techniques to sensor the users position at the door. The techniques are iBeacon, GPS and QR code. The iBeacon- and GPS versions work by allowing the user to unlock the door when standing outside it. A local notification will be pushed if the application is in the background. The QR code version allows the user to scan a QR code at the door to unlock it. When the door has been unlocked the users can also check into their booked workout sessions. The system and the different versions have been tested at one of BRP Systems customers to evaluate the usability. The conclusion is that an application with high usability can be built with all tested techniques in React Native. For the system to be used several other factors such as security and maintenance has to be considered. The choice to use React Native might be of high risk since it is a relatively new framework relying on community developed libraries. Physical access control React Native iBeacon GPS QR code Software Engineering Programvaruteknik
306	User Behavior Trust Based Cloud Computing Access Control Model Jiangcheng, Qin January 2016 (has links) Context. With the development of computer software, hardware, and communication technologies, a new type of human-centered computing model, called Cloud Computing (CC) has been established as a commercial computer network service. However, the openness of CC brings huge security challenge to the identity-based access control system, as it not able to effectively prevent malicious users accessing; information security problems, system stability problems, and also the trust issues between cloud service users (CSUs) and cloud service providers (CSPs) are arising therefrom. User behavior trust (UBT) evaluation is a valid method to solve security dilemmas of identity-based access control system, but current studies of UBT based access control model is still not mature enough, existing the problems like UBT evaluation complexity, trust dynamic update efficiency, evaluation accuracy, etc. Objective. The aim of the study is to design and develop an improved UBT based CC access control model compare to the current state-of-art. Including an improved UBT evaluation method, able to reflect the user’s credibility according to the user’s interaction behavior, provides access control model with valid evidence to making access control decision; and a dynamic authorization control and re-allocation strategy, able to timely response to user’s malicious behavior during entire interaction process through real-time behavior trust evaluation. Timely updating CSUs trust value and re-allocating authority degree. Methods. This study presented a systematical literature review (SLR) to identify the working structure of UBT based access control model; summarize the CSUs’ behaviors that can be collected as UBT evaluation evidence; identify the attributes of trust that will affect the accuracy of UBT evaluation; and evaluated the current state-of-art of UBT based access control models and their potential advantages, opportunities, and weaknesses. Using the acquired knowledge, design a UBT based access control model, and adopt prototype method to simulate the performance of the model, in order to verify its validation, verify improvements, and limitations. Results. Through the SLR, two types of UBT based access control model working structures are identified and illustrated, essential elements are summarized, and a dynamic trust and access update module is described; 23 CSU’s behavior evidence items are identified and classified into three classes; four important trust attributes, influences, and corresponding countermeasures are identified and summarized; and eight current state-of-art of UBT based access control models are identified and evaluated. A Triple Dynamic Window based Access Control model (TDW) was designed and established as a prototype, the simulation result indicates the TDW model is well performed on the trust fraud problem and trust expiration problem. Conclusions. From the research results that we obtained from this study, we have identified several basic elements of UBT evaluation method, evaluated the current state-of-art UBT based access control models. Towards the weaknesses of trust fraud prevention and trust expiration problem, this paper designed a TDW based access control model. In comparing to the current state-of-art of UBT models, the TDW model has the following advantages, such as it is effectively preventing trust fraud problem with “slow rise” principle, able to timely response to malicious behavior by constantly aggravate punishment strategy (“rapid decrease” principle), effectively prevent malicious behavior and malicious user, and able to reflect the recent credibility of accessing user by expired trust update strategy and most recent trust calculation; finally, it has simple and customizable data structure, simple trust evaluation method, which has good scalability. User Behavior Trust Access Control Model Cloud Computing Security Triple Dynamic Window Computer Sciences Datavetenskap (datalogi)
307	Lokal Nätverkssäkerhet - experimentell studie av Microsoft Network Access Protection Petersson, Marcus, Hägg, David, Wiman, Christoffer January 2008 (has links) Den här rapporten beskriver en experimentell studie av Microsoft Network Protection (NAP) och är ämnad för att utvärdera hur mogen tekniken är för att implementeras i en aktiv nätverksmiljö. För att göra studien tog vi hjälp av gymnasieskolan John Bauer i Kalmar. Tester har utförts med DHCP-framtvingning och 802. 1x-framtvingning, dessa är två av NAPs fyra olika framtvingande funktioner. En mindre analys av skolans switchkonfigurationer och interna säkerhet har även gjorts på John Bauers begäran. Testerna har visat att DHCP-framtvingning är en bra och enkel lösning för John Bauers trådade klienter. NAP-funktionen 802. 1x- framtvingning var en större utmaning dock, och blev inte lyckad. Utbudet av information om NAP är än för knapphändig och vi anser därför att inte bara 802.1x framtvingning inte är redo för implementation, utan även framtvingning med DHCP. Network Access Control NAC Network Access Protection NAP 802.1x DHCP EAP Intern säkerhet Computer Engineering Datorteknik
308	Role based access control in a telecommunications operations and maintenance network / Rollbaserad behörighetskontroll i ett drift- och underhållssystem för telekommunikation Gunnarsson, Peter January 2005 (has links) Ericsson develops and builds mobile telecommunication networks. These networks consists of a large number of equipment. Each telecommunication company has a staff of administrators appointed to manage respective networks. In this thesis, we investigate the requirements for an access control model to manage the large number of permissions and equipment in telecommunication networks. Moreover, we show that the existing models do not satisfy the identified requirements. Therefore, we propose a novel RBAC model which is adapted for these conditions. We also investigate some of the most common used commercial tools for administrating RBAC, and evaluate their effectiveness in coping with our new proposed model. However, we find the existing tools limited, and thereby design and partly implement a RBAC managing system which is better suited to the requirements posed by our new model. Datalogi Role Based Access Control RBAC security authorization model administration tools Datalogi Computer Sciences Datavetenskap (datalogi)
309	Designing and comparing access control systems / Design, jämförelse och framtidsanalys av behörighetssystem Boberg, Hannes January 2016 (has links) Access control systems are an important concept in the area of computer security. In this master thesis different solutions are analyzed. The focus is on a tool called DW Access. DW Access is developed by Pdb Datasystem AB. A comparison was done that showed that DW Access is lacking some important functionality. After the comparison a base model for an access control system was designed. The new design includes concepts like relation- ships, replacements and time limited access. It also works for generic subjects and objects in the system. This design was later partly implemented in DW Access. The conclusions from this thesis work is that DW Access is a unique tool and there is a market for the application or similar applications. The new functionality was one step forward and the evaluation showed that the potential users liked the new concepts. But it is a very open area because of very unique requirements on the market. computer science computer security access control behörighetsstyrning datateknik datavetenskap datasäkerhet Computer Sciences Datavetenskap (datalogi)
310	Etude des politiques de sécurité pour les applications distribuées : le problème des dépendances transitives : modélisation, vérification et mise en oeuvre / Study of security policies for distributed applications : the problem of transitive dependencies Uttha, Worachet 26 September 2016 (has links) Le contrôle d’accès est un ingrédient fondamental de la sécurité des systèmes d’information. Depuis les années 70, les travaux dans ce domaine ont apporté des solutions aux problèmes de confidentialités des données personnelles avec applications à différents environnements. Parmi les modèles de contrôle d’accès, nous nous intéressons au modèle basé sur les organisations (OrBAC) et nous en proposons une extension adaptée aux contextes distribués tels que les services web. Cette extension est capable de gérer les demandes d’accès transitifs. Ce cas peut se produire quand un service doit appeler un autre service qui peut avoir besoin d’en invoquer à son tour un ou plusieurs autres pour satisfaire la demande initiale. Nous appelons D-OrBAC (Distributed Organisation Based Access Control), l'extension du modèle OrBAC avec une notion de procuration représentée par un graphe de délégation, qui nous permet de représenter les accords entre les différentes organisations impliquées dans la chaîne d’invocations de services, et de garder la trace des autorisations transitives. Nous proposons aussi une technique d’analyse basée sur Datalog permettant de simuler des scénarios d’exécution et de vérifier l’existence de situations non sécurisées. Nous utilisons ensuite des techniques de réécriture pour assurer que la politique de sécurité spécifiée via le modèle D-OrBAC respecte les propriétés importantes telles que terminaison et consistance. Enfin, nous implémentons pour un cas d’étude, le mécanisme d’évaluation des demandes d’accès selon la norme XACML afin de montrer que notre solution est capable de fournir à la fois la fonctionnalité désirée et la sécurité nécessaire pour le système. / The access control is a fundamental ingredient of computer security. Since the 70s, the research in this area has provided many solutions to the privacy issue of personal data with applications to different environments (operating systems, databases, etc.). Among many access control models, we are interested in the model based on organisations (OrBAC) and we propose an extension adapted to distributed environments such as web services. This extended model is able, in particular, to handle access transitive requests. This situation can occur when a service has to call another service that may need to invoke in turn one or more services to meet the initial demand.We call D-OrBAC (Distributed Organisation Based Access Control), the extension of OrBAC model with a notion of delegation represented by a delegation graph. This graph allows us to represent agreements between the different organisations involved in the chain of service invocations, and to keep track of transitive authorisations. We also propose an analytical technique based on Datalog that allows us to simulate execution of scenarios and to check for the existence of unsafe situations.Thereafter, we use rewriting techniques to ensure that the security policy specified via our D-OrBAC model complies with important properties such as termination and consistency. Finally, we implement for a case study, the mechanism of access request evaluations according to the XACML on the WSO2 Identity Server platform to show that our solution is able to provide both the desired functionality and the security for the system. Contrôle d’accès Vérification OrBAC Soa Xacml Access Control Verification OrBAC Soa Xacml 004

Search results