Global ETD Search

11	Le fondement du recours à la force à la lumière des conflits impliquant l'Irak en 1991 et 2003 : entre autorisation et légitime défense / The basis for the use of force in light for conflicts involving Iraq in 1991 and 2003 : between authorization and legitimate defense Ketari, Leïla 28 September 2011 (has links) Les conflits récents qui ont impliqué l’Irak en 1990 et2003 sont deux conflits menés essentiellement par les Etats-Unis contre l’Irak. Si le premier se fonde, en dépit du droit de légitime défense collective, sur une autorisation du Conseil de sécurité, conformément à une interprétation évolutive de la Charte, le second repose sur des interprétations extensives de la Charte : l’autorisation implicite et la légitime défensepréventive et anticipatoire destinées à éradiquer une menace. Cette recherche tente d’analyserles arguments invoqués en allant jusqu’au bout du raisonnement américain qui s’appuie sur lastratégie de sécurité nationale pour agir dans l’ordre international. Au-delà de la confrontationdu conflit de 2003 aux nouvelles théories tendant à élargir l’autorisation et la légitime défenseet à réhabiliter de vieux concepts de "guerre juste" ou d’"autoprotection" en vigueur auXIXème siècle, c’est leur impact sur le principe de l’interdiction du recours à la force qui aété analysé. Ces nouvelles théories ne sont ni acceptées de lege lata, ni acceptables de legeferanda. Le principe de l’interdiction du recours à la force n’a donc subi aucune brèche. Aulieu d’accepter ces théories, c’est à travers le renforcement de l’action de l’ONU (ses organespolitiques et judiciaires) qu’il faudrait rechercher un moyen d’agir en cas de menace. / The recent conflicts that involved Iraq in 1990 and 2003 are both conflicts fought primarily by the United States of America against Iraq. If the first is based, despite theright of collective self-defense, on an authorization of the Security Council, in accordancewith an evolutionary interpretation of the Charter, the second is based on a liberal interpretation of the Charter: the implied authorization and preventive and anticipatory self defense to eradicate a threat This research attempts to analyze the arguments put forward bythoroughly vetting the United States of America’s rationale based on its national securitystrategy to act in the international order. Beyond exploring the relationship of the 2003conflict to the new theories which attempt to extend the authorization and self-defense and therehabilitation of old concepts of "just war" or "auto-protection" in force in the NineteenthCentury, the impact of these new theories on the principle of the prohibition of the use offorce was also analyzed. These same theories are neither accepted as lege lata nor acceptableas lege ferenda. Accordingly, the principle of the prohibition of the use of force has in no waybeen breached. Instead of accepting these theories, a way to deal with threats should besought through the strengthening of the role of the UN (both its political and judiciaryorgans). Autorisation de recourir à la force Autorisation implicite Autorisation a posteriori Guerre du Golfe (1990 et 2003) Authorization to use force Implicit authorization Ex post facto authorization Gulf war (1990 et 2003)
12	Role-Based Access Control Administration of Security Policies and Policy Conflict Resolution in Distributed Systems Kibwage, Stephen Sakawa 01 February 2015 (has links) Security models using access control policies have over the years improved from Role-based access control (RBAC) to newer models which have added some features like support for distributed systems and solving problems in older security policy models such as identifying policy conflicts. Access control policies based on hierarchical roles provide more flexibility in controlling system resources for users. The policies allow for granularity when extended to have both allow and deny permissions as well as weighted priority attribute for the rules in the policies. Such flexibility allows administrators to succinctly specify access for their system resources but also prone to conflict. This study found that conflicts in access control policies were still a problem even in recent literature. There have been successful attempts at using algorithms to identify the conflicts. However, the conflicts were only identified but not resolved or averted and system administrators still had to resolve the policy conflicts manually. This study proposed a weighted attribute administration model (WAAM) containing values that feed the calculation of a weighted priority attribute. The values are tied to the user, hierarchical role, and secured objects in a security model to ease their administration and are included in the expression of the access control policy. This study also suggested a weighted attribute algorithm (WAA) using these values to resolve any conflicts in the access control policies. The proposed solution was demonstrated in a simulation that combined the WAAM and WAA. The simulation's database used WAAM and had data records for access control policies, some of which had conflicts. The simulation then showed that WAA could both identify and resolve access control policy (ACP) conflicts while providing results in sub-second time. The WAA is extensible so implementing systems can extend WAA to meet specialized needs. This study shows that ACP conflicts can be identified and resolved during authorization of a user into a system. authorization conflict policies resolution roles security Computer Sciences Computer Security
13	建立一個以服務多代理者系統為主的公鑰匙架構 / Building a Public Key Infrastructure for Multi-Agent Systems 唐朝緯, Chao-Wei Tang Unknown Date (has links) 代理者（Agent）是一個自主性的軟體程式，可以幫助代表人類在網際網路上從事各種的電子化服務（E-Service）。由於目前多代理者系統缺少了安全管理的機制，以致於目前為止代理者代表人類在網上從事活動的行為還不被大家接受。因此，我們提出了一套以代理者為導向的公鑰匙架構（Agent-Oriented Public Key Infrastructure, APKI），各式各樣的數位憑證被產生、儲存、註銷及驗證，以滿足不同存取控制的需求。例如，代理者的認證是以代理者身份憑證為基礎，而授權的部分則以授權憑證或屬性憑證來做驗證。透過這些數位憑證，我們可以在虛擬網路上的代理者之間建立一條信任路徑，一個安全的電子化服務的實際應用範例將會以此架構實作及呈現出來，以驗證我們所提架構的可行性。 / Agent is autonomous software that mediates e-service for human on the Internet. The acceptance of agent-mediated e-service (AMES) is very slow for the lacking of security management infrastructure for multi-agent system. Therefore we proposed an agent-oriented public key infrastructure (APKI) for multi-agent e-service. In this APKI, a taxonomy of digital certificates are generated, stored, verified, and revoked to satisfy different access and delegation control purposes. Agent identity certificate was designed for agent’s authentication whereas attributed and agent authorization certificates were proposed for agent’s authorization and delegation. Using these digital certificates, we establish agent trust relationships on the cyberspace. A trusted agent-mediated e-service scenario will be shown to demonstrate the feasibility of our APKI. Public Key Infrastructure Multi-Agent Systems Security Authentication Authorization
14	THE PROGRAM PATHING TRUST MODEL FOR CRITICAL SYSTEM PROCESS AUTHORIZATION Dahlberg, Robert 27 April 2011 (has links) Since computers are relied upon to run critical infrastructures – from nuclear power plants to electronic battlefield simulations – the concept of a “trusted” or tamperproof system has become even more important. Some applications have become so critical that it is imperative that they run as intended, without interference. The consequences of these systems not running as intended could be catastrophic. This research offers a solution for a key element for protecting these critical servers – validating process invocation sequences. The purpose of this research is to increase operating system security by detecting, validating, and enforcing process invocation sequences within a critical system. If the processes on a critical system are not those that are intended to run or support the critical system, or if a system is able to run processes in an unauthorized sequence, then the system is compromised and cannot be trusted. This research uses a computational theory approach to create a framework for a solution for the process invocation sequence problem. Using the Program Pathing Trust Model, a solution capable of identifying both valid and invalid process invocation sequences is developed. Security Authorization Program Pathing Process invocation Invocation sequence Engineering
15	On the Design and Testing of Authorization Systems Sharifi, Alireza January 2013 (has links) Authorization deals with the speciﬁcation and management of accesses principals have to resources. In the design of an authorization system, sometimes we just implement the accessenforcement without having a precise semantics for it. In this dissertation we show that, there exists a precise semantics that improves the efﬁciency of access-enforcement over the accessenforcement without precise semantics. We present an algorithm to produce an Access Control List (ACL), in a particular authorization system for version control syatems called gitolite, and we compare the implementation of our algorithm against the implementation that is already being used. As another design problem, we consider least-restrictive enforcement of the Chinese Wall security policy. We show that there exists a least-restrictive enforcement of the Chinese Wall Security Policy. Our approach to proving the thesis is by construction; we present an enforcement that is least-restrictive. We also prove that such an enforcement mechanism cannot be subjectindependent. We also propose a methodology that tests the implementation of an authorization system to check whether it has properties of interest. The properties may be considered to be held in the design of an authorization system, but they are not held in the implementation. We show that there exist authorization systems that do not have the properties of interest. Authorization Systems Design
16	Design and implementation of a Hadoop-based secure cloud computing architecture Cheng, Sheng-Lun 31 January 2011 (has links) The goal in this research is to design and implement a secure Hadoop cluster. The cloud computing is a type of network computing, where most data is transmitted through network. To develop a secure cloud architecture, we need to validate users first, and guarantee transmitting data against stealing and falsification. In case of someone steals the data, he is still hard to know content. Therefore, we focus on the following points: I. Authorization¡G First, we investigate the user authorization problem in Hadoop system, and then, propose two solutions: SOCKS Authorization and Service Level Authorization. SOCKS Authorization is a external authorization in Hadoop System, and uses username/password to identify users. Service Level Authorization is a new authorization mechanism in Hadoop 0.20. This mechanism to ensure clients connecting to a particular Hadoop service have the necessary, pre-configured, permissions and are authorized to access the given service. II. Transmission Encryption¡G To keep important data, such as Block ID, Job ID, username, etc, away from exposedness in non-trusted networks, we examine Hadoop transmissions in practice, and point out possible security problems. Subsequently, we use IPSec to implement transmission encryption and packet verification for Hadoop. III. Architecture Design¡G Based on the implementation framework of Hadoop mentioned above, we propose a secure architecture of Hadoop cluster to solve the security problems. In addition, we also evaluate the performances of HDFS and MapRduce in this architecture. IPSec SOCKS Authorization Architecture Design Hadoop cloud computing
17	Design and Implementation of an Authentication and Authorization Framework for a Nomadic Service Delivery System Das, Devaraj 12 1900 (has links) Internet has changed our lives. It has made the true distributed computing paradigm a reality. It has opened up a lot of opportunities both in the research domain and in business domain. One can now think of developing software and make it available to the large community of users. Hyper Text Transfer Protocol (HTTP), which was originally developed for the purpose of requesting/transferring content (text, images, etc.), is now a standard for remotely invoking services and getting back results. The wireless technologies have also matured. 802.11 is the existing standard for wireless communication in a LAN environment. Today, even the small computers like the Personal Digital Assistants (PDA) is wireless enabled. This makes access to information and computing significantly much more convenient. Hotspot! server has been designed to provide connectivity and services in public places (called hotspots). It acts as a wireless Network Access Server (NAS) to users who want to obtain connectivity and services at public places. We believe that the primary applications that have importance and relevance in public places are Internet Access, and specific context-based or location specific services. These services are deployed by Internet Service Providers. Secure access is one of the primary concerns in public networks. We designed, developed and tested a framework for secure access to HTTP-based services through the Hotspot! server. Internet Access is a special case of a HTTP-based Proxy service. Computer and Information Science Network Security Authentication and Authorization Nomadic Service Delivery
18	Programų sistemos vartotojų teisių valdymo modelis ir jo tyrimas / The software system users authorization management model development and research Janulevičius, Kęstutis 31 May 2006 (has links) In security engineering and computer security, authorization, is a part of the operating system that protects computer resources by only allowing those resources to be used by resource consumers that have been granted authority to use them. Resources include individual files or items data, computer programs, computer devices and functionality provided by computer applications. Examples of consumers are computer users, computer programs and other devices on the computer. Authorization process makes use of the authentication process to identify consumers. When a consumer tries to use a resource, the authorization process checks that the consumer has been granted permission to use that resource. Permissions are generally defined by the computer's system administrator in some types of "security policy application", such as an access control list or a capability, on the basis of the "principle of least privilege": consumers should only be granted permissions they need to do their jobs. Older and single user operating systems often had weak or non-existent authentication and authorization systems. "Anonymous consumers" or "guests", are consumers that have not been required to authenticate. They often have very few permissions. On a distributed system, it is often desirable to grant access without requiring a unique identity. Familiar examples of authorization tokens include keys and tickets: they grant access without proving identity. Informatics Engineering Informacinės technologijos Information technologies Authorization Autorizacija
19	On the Design and Testing of Authorization Systems Sharifi, Alireza January 2013 (has links) Authorization deals with the speciﬁcation and management of accesses principals have to resources. In the design of an authorization system, sometimes we just implement the accessenforcement without having a precise semantics for it. In this dissertation we show that, there exists a precise semantics that improves the efﬁciency of access-enforcement over the accessenforcement without precise semantics. We present an algorithm to produce an Access Control List (ACL), in a particular authorization system for version control syatems called gitolite, and we compare the implementation of our algorithm against the implementation that is already being used. As another design problem, we consider least-restrictive enforcement of the Chinese Wall security policy. We show that there exists a least-restrictive enforcement of the Chinese Wall Security Policy. Our approach to proving the thesis is by construction; we present an enforcement that is least-restrictive. We also prove that such an enforcement mechanism cannot be subjectindependent. We also propose a methodology that tests the implementation of an authorization system to check whether it has properties of interest. The properties may be considered to be held in the design of an authorization system, but they are not held in the implementation. We show that there exist authorization systems that do not have the properties of interest. Authorization Systems Design
20	AN INDOOR GEO-FENCING BASED ACCESS CONTROL SYSTEM FOR WIRELESS NETWORKS Rahimi, Hossein 31 July 2013 (has links) Use of wireless network information for indoor positioning has been an area of interest since wireless networks became very popular. On the other hand, the market started to grow in variety and production volumes leading to a variety of devices with many different hardware and software combinations. In the field of indoor positioning, most of the existing technologies are dependent on additional hardware and/or infrastructure, which increases the cost and requirements for both users and providers. This thesis investigates possible methods of coupling indoor geo-fencing with access control including authentication, identification, and registration in a system. Moreover, various techniques are studied in order to improve the robustness and security of such a system. The focus of these studies is to improve the proposed system in such a way that gives it the ability to operate properly in noisy, heterogeneous, and less controlled environments where the presence of attackers is highly probable. To achieve this, a classification based geo-fencing approach using Received Signal Strength Indicator (RSSI) has been employed so that accurate geo-fencing is coupled with secure communication and computing. Experimental results show that considerable positioning accuracy has been achieved while providing high security measures for communication and transactions. Favouring diversity and generic design, the proposed implementation does not mandate users to undergo any system software modification or adding new hardware components.

Search results