A model for the dynamic delegation of authorization rights in a secure workflow management system.

Venter, Karin

04 June 2008

Businesses are continually striving to become more efficient. In an effort to achieve optimal efficiency, many companies have been forced to re-evaluate the efficiency of their business processes. Consequently, the term “business process re-engineering” (BPR) has been given to the activity of restructuring organizational policies and methods for conducting business. The refinement of business processes is the primary motivation behind the development of automated work- flow systems that ensure the secure and efficient flow of information between activities and participants that constitute the business process. A workflow is an automated business process that comprises a number of related tasks. When these tasks are executed in a systematic way, they contribute to the fulfilment of some goal. The order in which workflow tasks execute is of great significance because these tasks are typically dependent on each other. A workflow management system (WFMS) is responsible for scheduling the systematic execution of workflow tasks whilst considering the dependencies that exist between them. Businesses are realizing the necessity of information management in the functioning and general management of a company. They are recognizing the important role that information security has to play in ensuring that accurate information that is relevant is gathered, applied and maintained to enhance the company’s service to its customers. In a workflow context, information security primarily involves the implementation of access control security mechanisms. These mechanisms help ensure that task dependencies are coordinated and that tasks are performed by authorized subjects only. In doing so, they also assist in the maintenance of object integrity. TheWorkflow Authorization Model (WAM) was developed by Atluri and Huang [AH96b, HA99] with the specific intention of addressing the security requirements of workflow environments. It primarily addresses the granting and revoking of authorizations in a WFMS. TheWAM satisfies most criteria that are required of an optimal access control model. These criteria are the enforcement of separation of duties, the handling of temporal constraints, a role-based application and the synchronization of workflow with authorization flow. Some of these conditions cannot be met through pure role-based access control (RBAC) mechanisms. This dissertation addresses the delegation of task authorizations within a work- flow process by subject roles in the organizational structure. In doing this, a role may have the authority to delegate responsibility for task execution to another individual in a role set. This individual may potentially belong to a role other than the role explicitly authorized to perform the task in question. The proposed model will work within the constraints that are enforced by the WAM. Therefore, the WAM will play a part in determining whether delegation may be approved. This implies that the delegation model may not override any dynamically defined security constraints. The Delegation Authorization Model (DAM) proposed assists in distributing workloads amongst subject roles within an organization, by allowing subjects to delegate task responsibilities to other subjects according to restrictions imposed by security policies. As yet, this area of research has not received much attention. / Prof. M.S. Olivier

delegation of authority

workflow

computer security

computer access control

A prototype design for RBAC in a workflow environment

Cholewka, Damian Grzegorz

13 February 2012

M.Sc. / Role-based access control (RBAC) associates roles with privileges and users with roles. These associations are, however, static in that changes are infrequent and explicit. In certain instances this does not reflect business requirements. Access to an object should be based not only on the identity of the object and the user, but also on the actual task that must be performed. Context-sensitive access control meets the requirements in that it also considers the actual task, i.e. the context of the work to be done, when deciding whether an access should be granted or not. Workflow technology provides an appropriate environment for establishing the context of work. This dissertation discusses the implementation of a context-sensitive access control mechanism within a workflow environment. Although the prototype represents scaled-down workflow functionality, it illustrates the concept of context-sensitive access control. Access control was traditionally aimed at physically controlling access to a computer terminal. Large doors were put in place and time was divided between users who needed to work on a terminal. Today, however, physical means of restraining access have to a large extent given way to logical controls. Current access control mechanisms frequently burden the end-users with unnecessary security-related tasks. A user may, for example, be expected to assume a specific role at the beginning of a session, resulting in unnecessary multi-logons. Alternatively, users can automatically play the most senior role that they can hold and consequently receive the permissions associated with that role. The user is therefore trusted to implement the security policy and not misuse granted privileges. It is also possible for an end-user to bypass security functionality inadvertently- end-users do not always remember to do the correct thing. End-users are furthermore not necessarily adequately educated in security principles and may thus regard security-related tasks as hampering the tasks that they regard as being more important.

Data protection

Workflow

Computer security

Computer access control

The Role of Computer and Internet Access in Business Students' Acceptance of E-Learning Technology

Henderson, Ronda Baskerville

05 August 2005

This study was based on previous research that investigated the disparity or gap between those who have access to computers and the Internet and those who do not (Hoffman and Novak, 1998; NTIA, 1999b; Carey, Chisholm and Irwin, 2002; Vail, 2003 Zeliff, 2004; Glenn, 2005). The Technology Acceptance Model developed by Davis, Bagozzi, and Warshaw (1989) was used to investigate whether computer and Internet access influenced the acceptance of e-learning technology tools such as Blackboard and the Internet. Of the studies conducted concerning adoption of these technologies, a limited number have addressed the extent to which college students accept these tools. The majority of these studies failed to consider computer access as a factor regarding computer technology acceptance. The E-Learning Technology Acceptance (ETA) survey instrument was administered to business students at two universities in North Carolina. Hierarchical regression was performed to test whether or not computer and Internet access explained variance above and beyond race and socioeconomic status. Regression analysis revealed that computer and Internet access affected the degree to which students expect Blackboard and the Internet to be easy to use. As a result, creating a technology assessment to be utilized by e-learning educators and students to measure the level of computer and Internet access was recommended. The analyses also revealed that computer and Internet access significantly impacted students' attitude toward using Blackboard and the Internet. Improving the level of technology access should be addressed to promote positive attitudes regarding e-learning tools. Additional findings revealed that socioeconomic status and race did influence computer ownership. A suggestion for educators is to explore initiatives that assist low income and minority students with obtaining home computers. Finally, the findings suggested that closing the digital divide is not enough to ensure technology acceptance of students. The researcher proposed that digital inclusion should be the goal of our society. Recommendations for further research suggested by the researcher included investigating other variables that may influence technology acceptance and computer and Internet access. / Ph. D.

digital divide

e-learning

technology acceptance

Internet access

computer access

Virtual Dynamic Tunnel: A Target-Agnostic Assistive User Interface Algorithm for Head-Operated Input Devices

Blackmon, Ferrol R

11 November 2010

Today the effective use of computers (e.g. those with Internet browsers and graphical interfaces) involves the use of some sort of cursor control like what a mouse provides. However, a standard mouse is not always the best option for all users. There are currently many devices available to provide alternative computer access. These devices may be divided into categories: brain-computer interfaces (BCI), mouth-based controls, camera-based controls, and head-tilt controls. There is no single solution as each device and application has to be tailored to each user's unique preferences and abilities. Furthermore, each device category has certain strengths and weaknesses that need to be considered when making an effective match between a user and a device. One problem that remains is that these alternative input devices do not perform as well when compared to standard mouse devices. To help with this, assistive user interface techniques can be employed. While research shows that these techniques help, most require that modifications be made to the user interfaces or that a user's intended target be known beforehand by the host computer. In this research, a novel target-agnostic assistive user interface algorithm intended to improve usage performance for both head-operated and standard mouse devices is designed, implemented (as a mouse device driver and in host computer software) and experimentally evaluated. In addition, a new wireless head-operated input device requiring no special host computer hardware, is designed, built and evaluated. It was found that the Virtual Dynamic Tunnel algorithm improved performance for a standard mouse in straight tunnel trials and that nearly 60% of users would be willing to use the head-tilt mouse as a hands-free option for cursor control.

Assistive interfaces

Hands-free computer access

Human-computer interaction

Computer Sciences

A Study of Employee Unauthorized Computer Access Intention ¢w An Integration of Neutralization, Differential Association and Containment Theory

Wang, Yu-ching

17 August 2012

Unauthorized computer access by employees is the most common hacking behavior in every company. Hence, it is necessary to first understand why an employee engages to commit it and then find effective methods of prevention to reduce the crime rate. Many studies on computer hacking has discussed the reasons for the behavior, for example: neutralization theory, differential association theory and containment theory. However, those theories and perspectives were adopted independently in past research. In this study, we combine those perspectives and create an integrated model to explain the employee¡¦s intention to commit unauthorized computer access. Data collected from 351employees in Taiwan confirmed our hypotheses and were tested against the research model. The results support the theoretical model in explaining how neutralization theory and containment theory may affect an employee¡¦s intention to commit unauthorized computer access. Finally, we found that neutralization is the most important factor to take into account when organizations develop and implement security policies or education which can decrease employees¡¦ intentions to commit unauthorized computer access.

Differential Association Theory

Neutralization Theory

Unauthorized Computer Access

Containment Theory

Computer Hacking

Mutual authentication in electronic commerce transactions.

Kisimov, Martin Valentinov

02 June 2008

Electronic commerce is a large and ever growing industry. Online transactions are returning ever-growing revenues to electronic merchants. The e-commerce industry is still facing a range of problems concerning the process of completion of online transactions. Such problems are connected to consumer fears dealing with the identity of online merchants, their security pre- cautions and methods for accepting online payments. This thesis develops and presents a Mutual Authentication Model (MAM), which addresses the problem of mutual authentication between online shoppers and merchants. The model combines existing technologies in the eld of cryp- tography, as well as the use of digital signatures and certi cates. This is done in a speci c manner as for the model to achieve mutual authentication between communicating parties, in an online transactions. The Mutual Authentication Model provides a process through which an online shopper can be quickly and transparently equipped with a digital identi cation, in the form of a digital certi cate of high trust, in order for this shopper to participate in an authen- ticated transaction within the MAM. A few of the advantages of the developed model include the prospect of decreased online credit fraud, as well as an increased rate of completed online transactions. / Prof. S.H. von Solms

Data Encryption (computer science)

computer network security

computer access control

electronic commerce security

The use of a virtual machine as an access control mechanism in a relational database management system.

Van Staden, Wynand Johannes

04 June 2008

This dissertation considers the use of a virtual machine as an access control mechanism in a relational database management system. Such a mechanism may prove to be more flexible than the normal access control mechanism that forms part of a relational database management system. The background information provided in this text (required to clearly comprehend the issues that are related to the virtual machine and its language) introduces databases, security and security mechanisms in relational database management systems. Finally, an existing implementation of a virtual machine that is used as a pseudo access control mechanism is provided. This mechanism is used to examine data that travels across a electronic communications network. Subsequently, the language of the virtual machine is chiefly considered, since it is this language which will determine the power and flexibility that the virtual machine offers. The capabilities of the language is illustrated by showing how it can be used to implement selected access control policies. Furthermore it is shown that the language can be used to access data stored in relations in a safe manner, and that the addition of the programs to the DAC model does not cause a significant increase in the management of a decentralised access control model. Following the proposed language it is obvious that the architecture of the ìnewî access control subsystem is also important since this architecture determines where the virtual machine fits in to the access control mechanism as a whole. Other extensions to the access control subsystem which are important for the functioning of the new access control subsystem are also reected upon. Finally, before concluding, the dissertation aims to provide general considerations that have to be taken into account for any potential implementation of the virtual machine. Aspects such as the runtime support system, data types and capabilities for extensions are taken into consideration. By examining all of the previous aspects, the access control language and programs, the virtual machine and the extensions to the access control subsystem, it is shown that the virtual machine and the language offered in this text provides the capability of implementing all the basic access control policies that can normally be provided. Additionally it can equip the database administrator with a tool to implement even more complex policies which can not be handled in a simple manner by the normal access control system. Additionally it is shown that using the virtual machine does not mean that certain complex policies have to be implemented on an application level. It is also shown that the new and extended access control subsystem does not significantly alter the way in which access control is managed in a relational database management system. / Prof. M.S. Olivier

database management

relational databases

computer security

virtual computer systems

computer access control

Perceptions of Older Veterans with Visual Impairments Regarding Computer Access Training and Quality of Life

DuBosque, Richard Stanborough

11 May 2013

The widespread integration of the computer into the mainstream of daily life presents a challenge to various sectors of society, and the incorporation of this technology into the realm of the older individual with visual impairments is a relatively uncharted field of study. This study was undertaken to acquire the perceptions of the impact of the training and issuance of the access of technology upon participants’ quality of life. The study adopted a qualitative research approach employing phenomenological, descriptive, and cross-case components in order to understand the experience of older (over 40) veterans who were legally blind, had completed Computer Access Technology (CATS) training, and had been issued assistive technology. The 9 respondents were selected from veterans who had been through the CATS program and were known to the researcher in an attempt to maximize the range of ages, military experience, and origin of vision loss. This study employed semi-structured interviews that were recorded and later transcribed verbatim. Through content analysis, the participants’ responses, originally in 20 categories, were consolidated into 3 categories, which correlated to the questions of this study. During this process, an emergent category, “Background and History of the Participants,” evolved, resulting in a total of 4 categories. The categories reflected the background and history of participants, the impact of blind rehabilitation, current computer usage in daily tasks, and participants’ comments and recommendations. The results demonstrated that the CATS training had a profound impact on the participants upon their return to their homes. The impact included the restored ability to communicate with family and friends, the development of new interests and abilities, the re-establishment of self-worth, a sense of independence, and the feeling of being normal and not a “freak.” 7 of the 9 participants had already returned for additional CATS training during the research process. Of the remaining 2, 1 received on-the-job training, and the final participant would consider returning if his vision deteriorated. Various participants had returned or remained in the workforce, and others performed volunteer work. 6 envision further study through correspondence courses, more CATS training or on their own.

veteran

computer access training

access technology

and blind rehabilitation

visually impaired

blind

Efficient computational approach to identifying overlapping documents in large digital collections

Monostori, Krisztian, 1975-

January 2002

Abstract not available

Data structures (Computer science)

Data mining

Computer algorithms

Computer network resources

The use of computers among secondary school educators in the Western Cape Central Metropole

Naicker, Visvanathan

January 2010

Philosophiae Doctor - PhD / The use of computers in the classroom could allow both educators and learners to achieve new capabilities. There are underlying factors, however, that are obstructing the adoption rate of computer use for instructional purposes in schools. The study focused on these problems with a view to determining which critical success factors promote a higher adoption rate of computer usage in education. This study derived its theoretical framework from various technology adoption and educational models Methodology: The nature of the study required a . Furthermore, it investigated ways in which computer technology could enhance learning. mixed methods approach to be employed, making use of both quantitative and qualitative data. Two questionnaires, one for the educators and one for the principals of the schools were hand-delivered to 60 secondary schools. Exploratory factor analysis and various internal consistency measures were used to assess and analyse the data.Conclusion: Educationists and policy-makers must include all principals and educators when technological innovations are introduced into schools. All these role-players need to be cognisant of the implications if innovations are not appropriately implemented. Including the use of computers in educator training programs is important so that pre-service educators can see the benefits of using the computer in their own teaching. / South Africa

Computers

Educator attitude

Educator pedagogy

Educator support

Educator - computer access

Educator theories and beliefs

Secondary schools

Educator - computer training

Adoption