Global ETD Search

21	Trusted data path protecting shared data in virtualized distributed systems Kong, Jiantao 20 January 2010 (has links) When sharing data across multiple sites, service applications should not be trusted automatically. Services that are suspected of faulty, erroneous, or malicious behaviors, or that run on systems that may be compromised, should not be able to gain access to protected data or entrusted with the same data access rights as others. This thesis proposes a context flow model that controls the information flow in a distributed system. Each service application along with its surrounding context in a distributed system is treated as a controllable principal. This thesis defines a trust-based access control model that controls the information exchange between these principals. An online monitoring framework is used to evaluate the trustworthiness of the service applications and the underlining systems. An external communication interception runtime framework enforces trust-based access control transparently for the entire system. Trusted data path Context flow control Trust-based access control Attribute based access control Security and privacy Data protection Access control
22	Attribute-based encryption : robust and efficient constructions Rouselakis, Ioannis 26 September 2013 (has links) Attribute-based encryption is a promising cryptographic primitive that allows users to encrypt data according to specific policies on the credentials of the recipients. For example, a user might want to store data in a public server such that only subscribers with credentials of specific forms are allowed to access them. Encrypting the data once for each party is not only impractical but also raises important privacy issues. Therefore, it would be beneficial to be able to encrypt only once for all desired parties. This is achievable by attribute-based encryption schemes, which come into several types and are applicable to a wide range of settings. Several attribute-based encryption schemes have been proposed and studied with a wide range of characteristics. For example, initial constructions proved to be significantly more challenging than constructing traditional public-key encryption systems and they imposed restrictions on the expressiveness of the Boolean formulas used during encryption. For several proposed schemes the total number of attributes was fixed during setup, while others allowed any string to be used as attribute ("large universe" constructions), but with considerable weaker security guarantees. Furthermore, these first constructions, although polynomial time, were impractical for wide deployment. This thesis is motivated by two main goals for ABE schemes: robustness and efficiency. For robustness, we propose a novel construction that achieves strong security guarantees and at the same time augments the capabilities of previous schemes. More specifically, we adapt existing techniques to achieve leakage-resilient ABE schemes with augmented robustness features making no compromises on security. For the second direction, our goal is to create practical schemes with as many features as possible, such as "large universe" and multi-authority settings. We showcase these claims with working implementations, benchmarks, and comparisons to previous constructions. Finally, these constructions lead us to new directions that we propose and intend to investigate further. / text Cryptography Public-key encryption Attribute-based encryption Large universe Leakage-resilience Multi-authority Ciphertext-policy Key-policy
23	Analyzing the Economic Benefit of Woodland Caribou Conservation in Alberta Harper, Dana L Unknown Date No description available. Species at Risk Woodland Caribou Stated Preference Contingent Valuation Attribute Based Choice Conditional Logit Random Parameters Logit Cost Benefit Analysis
24	Uma abordagem escalável para controle de acesso muitos para muitos em redes centradas de informação Silva, Rafael Hansen da January 2016 (has links) Um dos principais desafios em Redes Centradas em Informação (ICN) é como prover controle de acesso à publicação e recuperação de conteúdos. Apesar das potencialidades, as soluções existentes, geralmente, consideram um único usuário agindo como publicador. Ao lidar com múltiplos publicadores, elas podem levar a uma explosão combinatória de chaves criptográficas. As soluções projetadas visando a múltiplos publicadores, por sua vez, dependem de arquiteturas de redes específicas e/ou de mudanças nessas para operar. Nesta dissertação é proposta uma solução, apoiada em criptografia baseada em atributos, para controle de acesso a conteúdos. Nessa solução, o modelo de segurança é voltado a grupos de compartilhamento seguro, nos quais todos os usuários membros podem publicar e consumir conteúdos. Diferente de trabalhos anteriores, a solução proposta mantém o número de chaves proporcional ao de membros nos grupos e pode ser empregada em qualquer arquitetura ICN de forma gradual. A proposta é avaliada quanto ao custo de operação, à quantidade de chaves necessárias e à eficiência na disseminação de conteúdos. Em comparação às soluções existentes, ela oferece maior flexibilidade no controle de acesso, sem aumentar a complexidade do gerenciamento de chaves e sem causar sobrecustos significativos à rede. / One of the main challenges in Information-Centric Networking (ICN) is providing access control to content publication and retrieval. In spite of the potentialities, existing solutions often consider a single user acting as publisher. When dealing with multiple publishers, they may lead to a combinatorial explosion of cryptographic keys. Those solutions that focus on multiple publishers, on the other hand, rely on specific network architectures and/or changes to operate. In this dissertation, it is proposed a solution, supported by attribute-based encryption, for content access control. In this solution, the security model is focused on secure content distribution groups, in which any member user can publish to and retrieve from. Unlike previous work, the proposed solution keeps the number of cryptographic keys proportional to the number of group members, and may even be adopted gradually in any ICN architecture. The proposed solution is evaluated with respect to the overhead it imposes, number of required keys, and efficiency in the content dissemination. In contrast to existing solutions, it offers higher access control flexibility, without increasing key management process complexity and without causing significant network overhead. Redes : Computadores Gerencia : Redes : Computadores Information-centric networking Access control Many-to-many publication and retrival Attribute-based encryption
25	Uma abordagem escalável para controle de acesso muitos para muitos em redes centradas de informação Silva, Rafael Hansen da January 2016 (has links) Um dos principais desafios em Redes Centradas em Informação (ICN) é como prover controle de acesso à publicação e recuperação de conteúdos. Apesar das potencialidades, as soluções existentes, geralmente, consideram um único usuário agindo como publicador. Ao lidar com múltiplos publicadores, elas podem levar a uma explosão combinatória de chaves criptográficas. As soluções projetadas visando a múltiplos publicadores, por sua vez, dependem de arquiteturas de redes específicas e/ou de mudanças nessas para operar. Nesta dissertação é proposta uma solução, apoiada em criptografia baseada em atributos, para controle de acesso a conteúdos. Nessa solução, o modelo de segurança é voltado a grupos de compartilhamento seguro, nos quais todos os usuários membros podem publicar e consumir conteúdos. Diferente de trabalhos anteriores, a solução proposta mantém o número de chaves proporcional ao de membros nos grupos e pode ser empregada em qualquer arquitetura ICN de forma gradual. A proposta é avaliada quanto ao custo de operação, à quantidade de chaves necessárias e à eficiência na disseminação de conteúdos. Em comparação às soluções existentes, ela oferece maior flexibilidade no controle de acesso, sem aumentar a complexidade do gerenciamento de chaves e sem causar sobrecustos significativos à rede. / One of the main challenges in Information-Centric Networking (ICN) is providing access control to content publication and retrieval. In spite of the potentialities, existing solutions often consider a single user acting as publisher. When dealing with multiple publishers, they may lead to a combinatorial explosion of cryptographic keys. Those solutions that focus on multiple publishers, on the other hand, rely on specific network architectures and/or changes to operate. In this dissertation, it is proposed a solution, supported by attribute-based encryption, for content access control. In this solution, the security model is focused on secure content distribution groups, in which any member user can publish to and retrieve from. Unlike previous work, the proposed solution keeps the number of cryptographic keys proportional to the number of group members, and may even be adopted gradually in any ICN architecture. The proposed solution is evaluated with respect to the overhead it imposes, number of required keys, and efficiency in the content dissemination. In contrast to existing solutions, it offers higher access control flexibility, without increasing key management process complexity and without causing significant network overhead. Redes : Computadores Gerencia : Redes : Computadores Information-centric networking Access control Many-to-many publication and retrival Attribute-based encryption
26	Integration of Attribute-Based Encryption and IoT: An IoT Security Architecture Elbanna, Ziyad January 2023 (has links) Services relying on internet of things (IoTs) are increasing day by day. IoT makes use of internet services like network connectivity and computing capability to transform everyday objects into smart things that can interact with users, and the environment to achieve a purpose they are designed for. IoT nodes are memory, and energy constrained devices that acquire information from the surrounding environment, those nodes cannot handle complex data processing and heavy security tasks alone, thus, in most cases a framework is required for processing, storing, and securing data. The framework can be cloud-based, a publish/subscribe broker, or edge computing based. As services relying on IoT are increasing enormously nowadays, data security and privacy are becoming concerns. Security concerns arise from the fact that most IoT data are stored unencrypted on untrusted third-party clouds, which results in many issues like data theft, data manipulation, and unauthorized disclosure. While some of the solutions provide frameworks that store data in encrypted forms, coarse-grained encryption provides less specific access policies to the users accessing data. A more secure control method applies fine-grained access control, and is known as attribute-based encryption (ABE). This research aims to enhance the privacy and the security of the data stored in an IoT middleware named network smart objects (NOS) and extend its functionality by proposing a new IoT security architecture using an efficient ABE scheme known as key-policy attribute-based encryption (KP-ABE) along with an efficient key revocation mechanism based on proxy re-encryption (PRE). Design science research (DSR) was used to facilitate the solution. To establish the knowledge base, a previous case study was reviewed to explicate the problem and the requirements to the artefact were elicited from research documents. The artefact was designed and then demonstrated in a practical experiment by means of Ubuntu operating system (OS). Finally, the artefact’s requirements were evaluated by applying a computer simulation on the Ubuntu OS. The result of the research is a model artefact of an IoT security architecture which is based on ABE. The model prescribes the components and the architectural structure of the IoT system. The IoT system consists of four entities: data producers, data consumers, NOS, and the TA. The model prescribes the new components needed to implement KP-ABE and PRE modules. First, data is transferred from data producers to NOS through secure hypertext transfer protocol (HTTPS), then the data is periodically processed and analyzed to obtain a uniform representation and add useful metadata regarding security, privacy, and data-quality. After that, the data is encrypted by KP-ABE using users’ attributes. PRE takes place when a decryption key is compromised, then the ciphertext is re-encrypted to prevent it’s disclosure. The evaluation results show that the proposed model improved the data retrieval time of the previous middleware by 32% and the re-encryption time by 87%. Finally, the author discusses the limitations of the proposed model and highlights directions for future research. Internet of things Attribute based encryption Fine-grained access control Key revocation Proxy re-encryption Computer Sciences Datavetenskap (datalogi)
27	A Dynamic Attribute-Based Load Shedding and Data Recovery Scheme for Data Stream Management Systems Ahuja, Amit 29 June 2006 (has links) (PDF) Data streams being transmitted over a network channel with capacity less than the data rate of the data streams is very common when using network channels such as dial-up, low bandwidth wireless links. Not only does this lower capacity creates delays but also causes sequential network problems such as packet losses, network congestion, errors in data packets giving rise to other problems and creating a cycle of problems hard to break out from. In this thesis, we present a new approach for shedding the less informative attribute data from a data stream with a fixed schema to maintain a data rate lesser than the network channels capacity. A scheme for shedding attributes, instead of tuples, becomes imperative in stream data where the data for one of the attributes remains relatively constant or changes less frequently compared to the data for the other attributes. In such a data stream management system, shedding a complete tuple would lead to shedding of some informative-attribute data along with the less informative-attribute data in the tuple, whereas shedding of the less informative-attribute data would cause only the less informative data to be dropped. In this thesis, we deal with two major problems in load shedding: the intra-stream load shedding and the inter-stream load shedding problems. The intra-stream load shedding problem deals with shedding of the less informative attributes when a single data stream with the data rate greater than the channel capacity has to be transmitted to the destination over the channel. The inter-stream load shedding problem refers to shedding of attributes among different streams when more than one stream has to be transferred to the destination over a channel with the channel capacity less than the combined data rate of all the streams to be transmitted. As a solution to the inter-stream or intra-stream load shedding problem, we apply our load shedding schema approach to determine a ranking amongst the attributes on a singe data stream or multiple data streams with the least informative attribute(s) being ranked the highest. The amount of data to be shed to maintain the data rate below the capacity is calculated dynamically, which means that the amount of data to be shed changes with any change in the channel capacity or any change in the data rate. Using these two pieces of information, a load shedding schema describing the attributes to be shed is generated. The load shedding schema is generated dynamically, which means that the load shedding schema is updated with any change in (i) the rankings of attributes that capture the rate of change on the values of each attribute, (ii) channel capacity, and (iii) data rate even after load shedding has been invoked. The load shedding schema is updated using our load shedding schema re-evaluation algorithm, which adapts to the data stream characteristics and follows the attribute data variation curve of the data stream. Since data dropped at the source may be of interest to the user at the destination, we also propose a recovery module which can be invoked to recover attribute data already shed. The recovery module maintains the minimal amount of information about data already shed for recovery purpose. Preliminary experimental results have shown that recovery accuracy ranges from 90% to 99%, which requires only 5% to 33% and 4.88% to 50% of the dropped data to be stored for weather reports and stock exchanges, respectively. Storing of recovery information imposes storage and processing burden on the source site, and our recovery method aims at satisfactory recovery accuracy while imposing minimal burden on the source site. Our load shedding approach, which achieves a high performance in reducing the data stream load, (i) handles wide range of data streams in different application domains (such as weather, stocks, and network performance, etc.), (ii) is dynamic in nature, which means that the load shedding scheme adjusts the amount of data to be shed and which attribute data to be shed according to the current load and network capacity, and (iii) provides a data recovery mechanism that is capable to recover any shedded attribute data with recovery accuracy up to 90% with very low burden on the source site and 99% with a higher burden on some stream data. To the best of our knowledge, the dynamic load shedding scheme we propose is the first one in the literature to shed attributes, instead of tuples, along with providing a recovery mechanism in a data stream management system. Our load shedding approach is unique since it is not a static load shedding schema, which is less appealing in an ever-changing (sensor) network environment, and is not based on queries, but works on the general characteristics of the data stream under consideration instead. data stream load shedding dynamic load shedding shed data recovery amit ahuja attribute based data stream management systems Computer Sciences
28	A SYSTEMATIC REVIEW OF ATTRIBUTE-BASED ENCRYPTION FOR SECURE DATA SHARING IN IoT ENVIRONMENT. Onwumere, Faith Nnenna January 2023 (has links) Internet of Things (IoT) refers to a network of global and interrelated computing devices that connects humans and machines. It connects anything that has access to the internet and creates an avenue for data and information exchange. Devices within the IoT environment are embedded with processors, sensors and communication hardware that helps these devices collate data, analyze data (when needed), and transfer data amongst themselves. Even with the existence of IoT in making things easier for users and with the introduction of newer variants of IoT, several security and privacy challenges are introduced. In the rapidly evolving landscape of the Internet of Things (IoT), ensuring secure data sharing has become a critical concern. Attribute-based encryption (ABE) has emerged as a promising cryptographic technique for addressing security challenges in IoT environments. Attribute-Based Encryption (ABE) is a cryptographic method that provides public key encryption and access control based on attributes allocated. ABE can be used to encrypt data transmitted between IoT devices and the cloud. In situations where several devices have to interact with each other (e.g., smart home interacting with the user’s hospital IoT system), an intranet of things is formed, and these data is stored in the cloud. ABE can serve as a secure means of transmitting this data since these devices already possess unique attributes that can grant users access control. In this thesis, we aim to present a systematic review of the Attribute-Based Encryption techniques specifically designed for secure data sharing in IoT environments. The objective of this review is to analyze and synthesize existing research, identify trends, and highlight key findings in the field. Therefore, the document survey is chosen as the research strategy. PRISMA framework is followed in searching the eligible literature in 5 databases (Springer, ACM Digital library, Google Scholar, IEEE, Research Gate, Research Square, and Science Direct), with a final set of 30 articles retrieved from ACM Digital Library, IEEE, and Science Direct, all included for analysis. The results show insights on the several ABE approaches used in implementing a secure data sharing framework with access control (which involves enforcing policies that help data owners determine who can and cannot access their data), data privacy (which involves measures taken to ensure that confidentiality, integrity, and availability of any shared data), and data security (which involves practices that help protect any form of shared data from unauthorized access, tamper, or disclosure) in IoT devices. IoT ABE Attribute-based Encryption CP-ABE KP-ABE Internet of Things Cryptography Smart Devices Information Systems
29	Design and implementation of an attribute-based authorization management system Mohan, Apurva 05 April 2011 (has links) The proposed research is in the area of attribute-based authorization systems. We address two specific research problems in this area. First, evaluating authorization policies in multi-authority systems where there are multiple stakeholders in the disclosure of sensitive data. The research proposes to consider all the relevant policies related to authorization in real time upon the receipt of an access request and to resolve any differences that these individual policies may have in authorization. Second, to enable a lot of entities to participate in the authorization process by asserting attributes on behalf of the principal accessing resources. Since it is required that these asserted attributes be trusted by the authorization system, it is necessary that these entities are themselves trusted by the authorization system. Two frameworks are proposed to address these issues. In the first contribution a dynamic authorization system is proposed which provides conflict detection and resolution among applicable policies in a multi-authority system. The authorization system is dynamic in nature and considers the context of an access request to adapt its policy selection, execution and conflict handling based on the access environment. Efficient indexing techniques are used to increase the speed of authorization policy loading and evaluation. In the second contribution, we propose a framework for service providers to evaluate trust in entities asserting on behalf of service users in real time upon receipt of an access request. This trust evaluation is done based on a reputation system model, which is designed to protect itself against known attacks on reputation systems. Policy-based systems Reputation systems XACML Trust metrics Attribute-based systems Authorization systems Computer security Data protection Computers Access control Software protection
30	Contrôle d’Accès Sécurisé dans l’Info-Nuage Mobile (Secure Access Control in Mobile Cloud) Baseri, Yaser 11 1900 (has links) No description available. Contrôle d'accès Services basés sur la localisation Info-nuage mobile Chiffrement basé sur les attributs Access Control Mobile Cloud Attribute-Based Encryption Location-Based Services Theology / Théologie (UMI : 0469)

Search results