Global ETD Search

441	Distributed data management with access control : social Networks and Data of the Web / Gestion de Données Distribuées avec Contrôle d’Accès : réseaux sociaux et données du Web Galland, Alban 28 September 2011 (has links) La masse d’information disponible sur leWeb s’accroit rapidement, sous l’afflux de données en provenance des utilisateurs et des compagnies. Ces données qu’ils souhaitent partager de façon controllée sur le réseau et quisont réparties sur de nombreuses machines et systèmes différents, ne sont rapidement plus gérables directement par des moyens humains. Nous introduisons WebdamExchange, un nouveau modèle de bases de connaissancesdistribuées, qui comprend des assertions au sujet des données, du contrôle d’accés et de la distribution. Ces assertions peuvent être échangées avec d’autres pairs, répliquées, interrogées et mises à jour, en gardant la trace de leur origine. La base de connaissance permet aussi de guider de façon automatique sa propre gestion. WebdamExchange est basé surWebdamLog, un nouveau langage de règles pour la gestion de données distribuées, qui associe formellement les règles déductives de Datalog avec négation et les règles actives de Datalog::. WebdamLog met l’accent sur la dynamicité et les interactions, caractéristiques du Web 2.0. Ce modèle procure à la fois un langage expressif pour la spécification de systèmes distribués complexes et un cadre formel pour l’étude de propriétés fondamentales de la distribution. Nous présentons aussi une implémentation de notre base de connaissance. Nous pensons que ces contributions formentune fondation solide pour surmonter les problèmes de gestion de données du Web, en particulier dans le cadre du contrôle d’accès. / The amount of information on the Web is spreading very rapidly. Users as well as companies bring data to the network and are willing to share with others. They quickly reach a situation where their information is hosted on many machines they own and on a large number of autonomous systems where they have accounts. Management of all this information is rapidly becoming beyond human expertise. We introduce WebdamExchange, a novel distributed knowledge-base model that includes logical statements for specifying information, access control, secrets, distribution, and knowledge about other peers. These statements can be communicated, replicated, queried, and updated, while keeping track of time and provenance. The resulting knowledge guides distributed data management. WebdamExchange model is based on WebdamLog, a new rule-based language for distributed data management that combines in a formal setting deductiverules as in Datalog with negation, (to specify intensional data) and active rules as in Datalog:: (for updates and communications). The model provides a novel setting with a strong emphasis on dynamicity and interactions(in a Web 2.0 style). Because the model is powerful, it provides a clean basis for the specification of complex distributed applications. Because it is simple, it provides a formal framework for studying many facets of the problem such as distribution, concurrency, and expressivity in the context of distributed autonomous peers. We also discuss an implementation of a proof-of-concept system that handles all the components of the knowledge base and experiments with a lighter system designed for smartphones. We believe that these contributions are a good foundation to overcome theproblems of Web data management, in particular with respect to access control. Distribution Contrôle d’Accès Réseaux Sociaux Gestion de Données du We Datalog Distribué Distribution Access Control Social Network Web Data Management Distributed Datalog
442	Docházkový a přístupový systém a jeho využití v podnikové praxi / Usage of Attendance and Access control system in company Šimek, Jan January 2014 (has links) The thesis deals with the problems of attendance and access systems and their importance in the company. The main aim is to clarify the present topic both to IT consultants and the public in an attempt to show the role of its own system, its implementation and operation in corporate practice. The work is divided into two main parts. The first part describes the historical development of monitoring attendance both from the point of view of the paper version and its successive software solution, as well as in respect of the hardware. Next, we give the legislative requirements and restrictions for monitoring and recording of the attendance of employees, the main source being the Labour Code itself and the Office for Personal Data Protection. After that, updated current attendance and access systems are introduced. The second part contains the actual procedure of selection and deployment of a particular attendance system, its configuration and operation. The process is described in detail in the thesis supplement. Emphasis is placed above all on clarity and easy understanding of the present topic, its impacts and benefit of its use. The main contribution of this work is the unification of views on the present subject matter, a comprehensive view of the system and its important role as an independent system co-operating with other software and hardware resources in the company.
443	Application of active rules to support database integrity constraints and view management Visavapattamawon, Suwanna 01 January 2001 (has links) The project demonstrates the enforcement of integrity constraints in both the conventional and active database systems. The project implements a more complex user-defined constraint, a complicated view and more detailed database auditing on the active database system. Database management Databases -- Computer networks Computers -- Access control Management information systems Databases and Information Systems
444	Authenticated query processing in the cloud Xu, Cheng 19 February 2019 (has links) With recent advances in data-as-a-service (DaaS) and cloud computing, outsourcing data to the cloud has become a common practice. In a typical scenario, the data owner (DO) outsources the data and delegates the query processing service to a service provider (SP). However, as the SP is often an untrusted third party, the integrity of the query results cannot be guaranteed and is thus imperative to be authenticated. To tackle this issue, a typical approach is letting the SP provide a cryptographic proof, which can be used to verify the soundness and completeness of the query results by the clients. Despite extensive research on authenticated query processing for outsourced databases, existing techniques have only considered limited query types. They fail to address a variety of needs demanded by enterprise customers such as supporting aggregate queries over set-valued data, enforcing fine-grained access control, and using distributed computing paradigms. In this dissertation, we take the first step to comprehensively investigate the authenticated query processing in the cloud that fulfills the aforementioned requirements. Security analysis and performance evaluation show that the proposed solutions and techniques are robust and efficient under a wide range of system settings.
445	Aplikace pro zabezpečení Linuxového serveru pomocí technologie SELinux / SELinux application for Linux server security Jirka, Michal January 2008 (has links) This work is engaged in access control mechanism in GNU/Linux operating systems. At first discretionary and mandatory access control are compared and examine basic technologies based on mandatory access control. More closely is focused on project SELinux, whose generation of new rules is explained. Within the thesis is made application for logging evaluation and for writing new Type Enforcement rules.
446	Statická analýza počítačových sítí / Static Analysis of Computer Networks Hozza, Tomáš January 2012 (has links) Some problems in configurations of network devices are difficult to identify. Access control lists present an important part of many configurations. Conflicts among rules of an access control list can cause holes in security policy or quality of service. In this paper we focus on identifying and classifying conflicts among rules of an access control list. Discovering all possible types of conflicts is not a trivial task. We present optimized algorithm for complete access control list analysis using tries, based on existing research by Baboescu and Varghese. The tool for detecting conflicts among access control list rules of one given Cisco, HP or Juniper device using tries based algorithm has been implemented. Bit vectors in tries use WAH compression method to reduce memory consumption. Implemented tool was tested for correctness and performance. The hypothesis that this solution would make the analysis of access lists significantly faster has been proven.
447	Applied Cryptographic Access Control for Untrusted Cloud Storage / Contrôle d'accès cryptographique appliqué pour le stockage cloud méfiant Contiu, Stefan 13 November 2019 (has links) Les clouds publics permettent de stocker et de partager des données à faible coût et haute disponibilité. Néanmoins, les avantages, les fournisseurs de cloud sont contournés de manière récurrente par des utilisateurs malveillants exposant des contenus utilisateurs sensibles. Face au manque de garanties de sécurité, les utilisateurs peuvent imposer une sécurité de bout-en-bout en chiffrant les données avant de les stocker à distance.Les mécanismes de contrôle d’accès filtrent les utilisateurs autorisés à produire ou à utiliser les données distantes. Au fur et à mesure que les données sont chiffrées, le contrôle d’accès est effectué de manière cryptographique, indépendamment du stockage en nuage. La gestion des clés cryptographiques régule l’accès des utilisateurs, tandis que des techniques de rechiffrement sont utilisées pour les mises à jour de clés. Une gestion des clés permet souvent d’arbitrer entre le temps de calcul et l’empreinte de stockage, tandis que les techniques de rechiffrement arbitrent entre les garanties de sécurité et la rapidité. Dans le cas de très volumineuses et dynamiques charges de travail spécifiques sur le cloud, un contrôle d’accès cryptographique même performant est généralement inefficace.Cette thèse propose une intégration minimale des environnements d’exécution de confiance (TEE) pour obtenir un contrôle d’accès efficace. En utilisant TEE, nous modifions les hypothèses des schémas de distribution de clés traditionnels, en dérivant deux schémas, un confidentiel et un anonyme, permettant à la fois d’obtenir une latence informatique supportable en même temps qu’une faible empreinte de stockage. La réactivité pour les utilisateurs finaux peut être encore optimisée par le recours à des techniques de partitionnement et d’indexation. De plus, nous proposons une méthode légère de rechiffrement des données en ne traitant que des parties des données dans TEE directement chez le fournisseur. Nous réalisons une mise en œuvre et une évaluation complètes en utilisant Intel Software Guard Extensions (SGX) comme TEE. Les résultats de l’analyse comparative montrent que nos systèmes de gestion de clés et de rechiffrement accroissent l’état de la technique de plusieurs ordres de grandeur. / Public clouds enable storing and sharing data with efficient cost and high availability. Nevertheless the benefits, cloud providers are recurrently breached by malicious users exposing sensitive user content. To mitigate the lack of security guarantees, users can impose end-to-end security by encrypting the data before remotely storing it.Access control mechanisms specify the users who are allowed to produce or consume the re-mote data. As data is encrypted, access control is performed cryptogrpahically, concealed from the cloud storage. Cryptographic key management is used for regulating user access while re-encryption techniques are used for key updates. State-of-the-art key management often trades computational time for storage footprint, while re-encryption techniques exchange great security guarantees for speed. In the context of very large and highly dynamic cloud specific workloads,state-of-the-art cryptographic access control is generally inefficient.This thesis proposes a minimal integration of Trusted Execution Environments (TEE) to achieve efficient access control. Leveraging TEE, we perform a change in assumptions of traditional key distribution schemes, deriving a confidential and an anonymous scheme, both achieving efficient computational latency and low storage footprint. End-users servicing time is further optimized by partitioning and indexing techniques. In addition, we propose a lightweight data re-encryption method by processing only portions of the data in TEE directly at the provider side. We carry out a comprehensive implementation and evaluation using Intel Software Guard Extensions (SGX) as TEE. Benchmarking results highlight that our key management and re-encryption schemes can be few orders of magnitude better than state-of-the-art. Sécurité Intimité Cloud Espace de stockage Contrôle d'accès Confidentialité Anonymat Security Privacy Cloud Storage Access control Confidentiality Anonymity
448	Gestion du contrôle de la diffusion des données d’entreprises et politiques de contrôles d’accès / Access control policies and companies data transmission management Bertrand, Yoann 22 March 2017 (has links) Cette thèse traite des problèmes de fuite de données accidentelles au sein des entreprises. Ces fuites peuvent être dues à l’utilisation conjointe de politiques de Contrôle d’Accès (CA) et de Contrôle de Transmission (CT). De plus, l’utilisation conjointe de ces deux types de politique génère plusieurs problèmes pour les personnes ayant la charge de créer et maintenir ces politiques. Parmi ces problèmes, nous pouvons citer des problèmes de généricité des modèles existants, de cohérence entre les règles de CA et de CT ainsi que des problèmes de densité, d’adaptabilité, d’interopérabilité et de réactivité. Dans cette thèse, nous proposons en premier lieu un méta-modèle pour prendre en compte la plupart des modèles de CA utilisés dans les entreprises. Nous proposons ensuite la génération cohérente et semi-automatique des politiques de CT à partir de politiques de CA existantes pour répondre au problème de cohérence. De plus, différentes fonctionnalités sont proposées pour résoudre les problèmes de densité, d’adaptabilité et d’interopérabilité. Afin de valider la pertinence de notre solution, nous proposons une étude (type questionnaire) auprès d’experts sécurité et d’administrateurs. Cette étude révèle des informations sur la taille des politiques gérées, la pénibilité à les définir ou encore l’utilité des fonctionnalités proposées pour résoudre les problèmes précédents. Enfin, nous testons notre preuve de concept sur des données aléatoires et réelles en prenant en compte les performances et la réactivité, validant ainsi que notre solution répond bien aux problèmes soulevés. / The main objective of this thesis is to solve the problem of unintentional data leakage within companies. These leaks can be caused by the use of both Access Control (AC) and Transmission Control (TC) policies. Moreover, using both AC and TC can lead to many problems for the security experts and the administrators that are in charge of the definition and maintenance of such policies. Among these problems, we can underline the genericity problem of existing models, the coherence problem between AC and TC rules and problems such as density, adaptability, interoperability and reactivity. In this thesis, we first define a meta-model to take into account the main AC models that are used within companies. We also propose a coherent and semi-automatic generation of TC policies based on existing AC to tackle the coherence problem. Moreover, several mechanisms have been proposed to tackle complexity, adaptability and interoperability issues. In order to validate the relevance of our solution, we have first conducted a survey among security experts and administrators. This survey has highlighted several information regarding the policies’ size and density, the tiresomeness of having to define them and the interest for several functionalities that can cover the aforementioned problems. Finally, our solution has been tested on stochastically generated and real policies in order to take performances and reactivity under consideration. Results of these tests have validated that our solution covers the underlined problems. Sécurité Informatique Contrôle d'accès Contrôle de transmission Sécurité des données Fuites de données IT security Access control Transmission control Data security Data leakage
449	Untersuchung von MAC-Implementationen Nentwig, Markus 13 February 2018 (has links) Benutzerbestimmte Zugriffskontrolle ist an vielen Stellen schwer zu beschränken und zu administrieren. Der Ansatz der systembestimmten Zugriffskontrolle - Mandatory Access Control - gibt die Verantwortung an das System ab und gibt Benutzern deutlich weniger Rechte. Diese Arbeit vergleicht zwei Vertreter, welche Mandatory Access Control umsetzen, einerseits das Linux Security Module Framework und andererseits das FreeBSD MAC Framework, zudem werden die wichtigsten Policy Vertreter angegeben. Auf beiden Seiten finden sich ähnliche Ansätze wie die Umsetzung als Kernelmodul und vor allem generische Fähigkeiten, allerdings sind die implementierten Funktionalitäten unter FreeBSD im Detail oft besser durchdacht oder auch ausgereifter. info:eu-repo/classification/ddc/000 ddc:000
450	Securing Safebook : Secure Data Access Control and Key Management for Safebook Ali, Waqas Liaqat January 2013 (has links) Online social networks have become a fast and efficient way of sharing information and experiences. Over the past few years the trend of using social networks has drastically increased with an enormous amount of users’ private contents injected into the providers’ data centers. This has raised concerns about how the users’ contents are protected and how the privacy of users is preserved by the service providers. Moreover, current social networks have been subject to much criticism over their privacy settings and access control mechanism. The providers own the users’ contents and these contents are subject to potential misuse. Many socially engineered attacks have exposed user contents due to the lack of sufficient privacy and access control. These security and privacy threats are addressed by Project Safebook, a distributed peer-to-peer online social networking solution leveraging real life trust. By design Safebook decentralizes data storage and thus the control over user content is no longer in the service provider’s hands. Moreover, Safebook uses an anonymous routing technique to ensure communication privacy between different users. This thesis project addresses privacy aware data management for Safebook users and a data access control solution to preserve users’ data privacy and visibility utilizing a peer to peer paradigm. The solution focuses on three sub-problems: (1) preserving the user’s ownership of user data, (2) providing an access control scheme which supports fine grained access rights, and (3) secure key management. In our proposed system, the user profile is defined over a collection of small data artifacts. An artifact is the smallest logical entity of a profile. An artifact could be a user’s status tweak, text comment, photo album metadata, or multimedia contents. These artifacts are then logically arranged to form a hierarchical tree, call the User Profile Hierarchy. The root of the profile hierarchy is the only entry point exposed by Safebook from where the complete user profile can be traversed. The visibility of portions of the user profile can be defined by exposing a subset of profile hierarchy. This requires limiting access to child artifacts, by encrypting the connectivity information with specific access keys. Each artifact is associated with a dynamic access chain, which is an encrypted string and contains the information regarding the child nodes. A dynamic access chain is generated using a stream cipher, where each child’s unique identifier is encrypted with its specific access key and concatenated to form the dynamic access chain. The decryption process will reveal only those child artifacts whose access keys are shared. The access keys are managed in a hierarchical manner over the profile hierarchy. Child artifacts inherit the parent’s access key or their access key can be overridden with a new key. In this way, fine grained access rights can be achieved over a user’s artifacts. Remote users can detect changes in a specific branch of a profile hierarchy and fetch new artifacts through our proposed profile hierarchy update service. On top of the proposed access control scheme, any social networking abstraction (such as groups, circles, badges, etc.) can be easily implemented. / Online sociala nätverk har blivit ett snabbt och effektivt sätt att dela information och erfarenheter. Under de senaste åren har trenden med att använda sociala nätverk har ökat drastiskt med en enorm mängd av användarnas privata innehåll injiceras in i leverantörernas datacenter. Detta har väckt farhågor om hur användarnas innehåll skyddas och hur användarnas integritet bevaras av tjänsteleverantörerna. Dessutom har nuvarande sociala nätverk varit föremål för mycket kritik över sina sekretessinställningar och åtkomstkontroll. Leverantörerna äger användarnas innehåll och dessa innehåll är föremål för potentiellt missbruk. Många socialt konstruerade attacker har utsatt användarnas innehåll på grund av bristen på tillräcklig integritet och åtkomstkontroll. Dessa säkerhets-och privatliv hot hanteras av Project Safebook, en distribuerad peer-to-peer sociala nätverk online-lösning utnyttja verkliga livet förtroende. Genom design Safebook decentralizes datalagring och därmed kontrollen över användarens innehåll är inte längre i tjänsteleverantörens händer. Dessutom använder Safebook en anonym routing teknik för att säkerställa kommunikationen sekretess mellan olika användare. Detta examensarbete behandlar sekretess medvetna datahantering för Safebook användare och åtkomstkontroll lösning för att bevara användarnas integritet och synlighet använder en peer to peer paradigm. Lösningen fokuserar på tre delproblem: (1) bevara användarens ägande av användardata, (2) att tillhandahålla ett system för åtkomstkontroll som stöder finkorniga åtkomsträttigheter, samt (3) säkra nyckelhantering. I vårt föreslagna systemet, användaren profilen som definieras över en samling av små data-artefakter. En artefakt är det minsta logisk enhet i en profil. En artefakt kan vara en användares status tweak, text kommentar, fotoalbum metadata, eller multimedieinnehåll. Dessa artefakter då är logiskt ordnade att bilda ett hierarkiskt träd, ring Användarprofil Hierarki. Roten till profilen hierarkin är den enda inkörsporten exponeras genom Safebook varifrån hela användarprofil kan passeras. Synligheten av delar av användarprofilen kan definieras genom att exponera en delmängd av profilen hierarki. Detta kräver att begränsa tillgången till barn artefakter, genom att kryptera uppkopplingen informationen med särskilda snabbtangenter. Varje artefakt är associerad med en dynamisk tillgång kedja, som är en krypterad sträng och innehåller information om de underordnade noder. En dynamisk tillgång kedjan genereras med hjälp av en ström chiffer, där varje barns unika identifierare är krypterad med dess specifika tillgången knapp och sammanfogas för att bilda den dynamiska tillgång kedjan. Dekrypteringsprocessen avslöjar endast de barn artefakter vars tillgång nycklar delas. De snabbtangenter hanteras på ett hierarkiskt sätt över profilen hierarkin. Barn artefakter ärva föräldrarnas tillgång nyckel eller deras åtkomstnyckeln kan åsidosättas med en ny nyckel. På detta sätt kan finkorniga åtkomsträttigheter uppnås över en användares artefakter. Fjärranvändare kan upptäcka förändringar i en viss gren av en profil hierarki och hämta nya artefakter genom vår föreslagna profil hierarki uppdateringstjänst. Ovanpå den föreslagna åtkomstkontroll system kan alla sociala nätverk abstraktion (t.ex. grupper, cirklar, märken, osv.) lätt genomföras. User Privacy Access Control Distributed Social Networks Key Management Användarnas Privatliv Atkomstkontroll Distribuerade Sociala Nätverk Nyckelhantering Communication Systems Kommunikationssystem

Search results