NDLTD Global ETD Search
  • Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 21
  • 4
  • 2
  • 2
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • Tagged with
  • 38
  • 24
  • 23
  • 17
  • 16
  • 14
  • 10
  • 9
  • 7
  • 7
  • 6
  • 6
  • 5
  • 4
  • 4
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.

Search results

Showing 31 to 38 of 38 (0.022 seconds)

Spelling suggestions: "subject:"rbc"" "subject:"rbcl""

31

Optimalizace tvorby rolí pomocí RBAC modelu

KLÍMA, Martin January 2017 (has links)
The aim of the thesis is to develop algorithm which will be able to optimize roles using RBAC model. The intent of the theoretical part is to analyze RBAC model and present current options which are available for role optimization. The practical part deals with development of algorithm which allows to optimize roles based on defined criteria from user. This algorithm is implemented in programming language Java and builds on Role Process Optimization Model (ROPM). In the last part is showed on example set of data how this algorithm works, step by step, with explanation of each step. Result of this algorithm is new RBAC model defined by user criteria. In this thesis are also listed different approach in role optimization, possible future development and concept of mapping RBAC model to mathematical and data-mining techniques.
32

Refined Access Control in a Distributed Environment / Finkornig åtkomstkontroll i en distribuerad miljö

Boström, Erik January 2002 (has links)
In the area of computer network security, standardization work has been conducted for several years. However, the sub area of access control and authorization has so far been left out of major standardizing. This thesis explores the ongoing standardization for access control and authorization. In addition, areas and techniques supporting access control are investigated. Access control in its basic forms is described to point out the building blocks that always have to be considered when an access policy is formulated. For readers previously unfamiliar with network security a number of basic concepts are presented. An overview of access control in public networks introduces new conditions and points out standards related to access control. None of the found standards fulfills all of our requirements at current date. The overview includes a comparison between competing products, which meet most of the stated conditions. In parallel with this report a prototype was developed. The purpose of the prototype was to depict how access control could be administered and to show the critical steps in formulating an access policy.
Informationsteknik
access control
PKI
VPN
X.509
RBAC
role-based access control
computer security
cryptography
Informationsteknik
Computer and Information Sciences
Data- och informationsvetenskap
33

Securing Multiprocessor Systems-on-Chip

Biswas, Arnab Kumar 16 August 2016 (has links) (PDF)
MHRD PhD scholarship / With Multiprocessor Systems-on-Chips (MPSoCs) pervading our lives, security issues are emerging as a serious problem and attacks against these systems are becoming more critical and sophisticated. We have designed and implemented different hardware based solutions to ensure security of an MPSoC. Security assisting modules can be implemented at different abstraction levels of an MPSoC design. We propose solutions both at circuit level and system level of abstractions. At the VLSI circuit level abstraction, we consider the problem of presence of noise voltage in input signal coming from outside world. This noise voltage disturbs the normal circuit operation inside a chip causing false logic reception. If the disturbance is caused intentionally the security of a chip may be compromised causing glitch/transient attack. We propose an input receiver with hysteresis characteristic that can work at voltage levels between 0.9V and 5V. The circuit can protect the MPSoC from glitch/transient attack. At the system level, we propose solutions targeting Network-on-Chip (NoC) as the on-chip communication medium. We survey the possible attack scenarios on present-day MPSoCs and investigate a new attack scenario, i.e., router attack targeted toward NoC enabled MPSoC. We propose different monitoring-based countermeasures against routing table-based router attack in an MPSoC having multiple Trusted Execution Environments (TEEs). Software attacks, the most common type of attacks, mainly exploit vulnerabilities like buffer overflow. This is possible if proper access control to memory is absent in the system. We propose four hardware based mechanisms to implement Role Based Access Control (RBAC) model in NoC based MPSoC.
Network-on-Chip (NoC)
Computer Security
Multiprocessor Systems-on-Chips (MPSoCs)
MP-SoC
Role Based Access Control (RBAC)
Role Based Shared Memory Access Control
MPSoC
Electronics Engineering
34

Increasing Efficiency and Scalability in AWS IAM by Leveraging an Entity-centric Attribute- & Role-based Access Control (EARBAC) Model

Karlsson, Rasmus, Jönrup, Pontus January 2023 (has links)
Cloud computing is becoming increasingly popular among all types of companies due to its inherent benefits. However, because of its infrastructure, it might be difficult to manage access rights between users and resources. To address these difficulties, Amazon Web Services (AWS) provides Identity and Access Management (IAM) and features that support the use of different access control models, for example, Role-based Access Control (RBAC) and Attribute-based Access Control (ABAC). Access control models are used for authorisation within systems to decide who gets access to what. Therefore, to determine what constitutes an efficient (the average time it takes to perform a task in AWS IAM) and secure access control model, a thorough study of background material and related work was conducted. Through this study, it was found that RBAC lacked scalability whilst ABAC lacked administrative capabilities. It was also found that flexibility and scalability were two important factors when designing access control models. Furthermore, by conducting a survey and designing an access control model for AWS through various iterations, a new access control model called Entity-centric Attribute- & Role-based Access Control (EARBAC) was developed. In an experiment comparing it with the RBAC model, the EARBAC model was found to be both efficient and secure, in addition to its flexibility and scalability. Furthermore, EARBAC was also found to be 27% faster than RBAC in AWS IAM. These results suggest that the model is useful when developing cloud infrastructures in AWS.
Cloud
Authorisation
Security
AWS
Amazon
RBAC
ABAC
EARBAC
Access Control
Access Control Model
Access Control Models
Principle of Least Privilege
Computer Sciences
Datavetenskap (datalogi)
35

Role Mining With Hierarchical Clustering and Binary Similarity Measures / Role mining med hierarkisk klustring och binära likhetsmått

Olsson, Magnus January 2023 (has links)
Role engineering, a critical task in role-based access control systems, is the process of identifying a complete set of roles that accurately reflect the structure of an organization. Role mining, a data-driven approach, utilizes data mining techniques on user-permission assignments represented as binary data to automatically derive these roles. However, relying solely on data-driven methods often leads to the generation of a large set of roles lacking interpretability. To address this limitation, this thesis presents a role mining algorithm, whose results can be viewed as an initial step in the role engineering process, in order to streamline the task of defining semantically meaningful roles, where human analysis is an inevitable post-processing step. The algorithm is based on hierarchical clustering analysis, and its main objective is identifying a sufficiently small set of roles that cover as large a proportion of the user-permission assignments as possible. To evaluate the performance of the algorithm, multiple real-world data sets representing diverse access control scenarios are utilized. The evaluation focuses on comparing various binary similarity measures, with the goal of determining the most suitable characteristics of a binary similarity measure to be used for role mining. The evaluation of different binary similarity measures provides insights into their effectiveness in achieving accurate role definitions to be used as a foundation for constructing meaningful roles. Ultimately, this research contributes to the advancement of role mining methodologies, facilitating improved access control systems that align with organizational needs and enhance security and efficiency. / Role engineering går ut på att identifiera en komplett uppsättning roller som återspeglar strukturen i en organisation och är en viktig uppgift när organisationer övergår till rollbaserad åtkomstkontroll. Role mining är en datadriven metod som använder data mining-tekniker på användarnas behörighetstilldelningar för att automatiskt härleda dessa roller. Dessa tilldelningar kan representeras som binär data. Att enbart förlita sig på datadrivna metoder leder dock ofta till att en stor uppsättning svårtolkade roller genereras. För att adressera denna begränsning har en role mining-algoritm utvecklas i det här arbetet. Genom att applicera algoritmen på den binära tilldelningsdatan kan de erhållna resultaten betraktas som ett inledande steg i role engineering-processen. Syftet är att effektivisera arbetet med att definiera semantiskt meningsfulla roller, där mänsklig analys är en oundviklig fas. Algoritmen är baserad på hierarkisk klustring och har som huvudsyfte att identifiera en lagom stor uppsättning roller som täcker så stor del av behörighetstilldelningarna som möjligt. För att utvärdera algoritmens prestanda appliceras den på flertalet datamängder insamlade från varierande verkliga åtkomstkontrollsystem. Utvärderingen fokuserar på att jämföra olika binära likhetsmått med målet att bestämma de mest lämpliga egenskaperna för ett binärt likhetsmått som ska användas för role mining. Utvärderingen av olika binära likhetsmått ger insikter i deras effektivitet att uppnå korrekta rolldefinitioner som kan användas som grund för att konstruera meningsfulla roller. Denna forskning bidrar till framsteg inom role mining och syftar till att underlätta övergången till rollbaserad åtkomstkontroll samt förbättra metoderna för att identifiera roller som överensstämmer med organisationsbehov och förbättrar säkerhet och effektivitet.
Access Control
RBAC
Role Engineering
Role Mining
Unsupervised Machine Learning
Hierarchical Clustering
Binary Similarity Measures
IAM
Rollbaserad åtkomstkontroll
Rollgranskning
Maskininlärning
Hierarkisk klustring
binära likhetsmått
Other Mathematics
Annan matematik
36

Um modelo de autorização contextual para o controle de acesso ao prontuário eletrônico do paciente em ambientes abertos e distribuídos. / A contextual authorization model for access control of electronic patient record in open distributed environments.

Motta, Gustavo Henrique Matos Bezerra 05 February 2004 (has links)
Os recentes avanços nas tecnologias de comunicação e computação viabilizaram o pronto acesso às informações do prontuário eletrônico do paciente (PEP). O potencial de difusão de informações clínicas resultante suscita preocupações acerca da priva-cidade do paciente e da confidencialidade de seus dados. As normas presentes na legislação dispõem que o conteúdo do prontuário deve ser sigiloso, não cabendo o acesso a ele sem a prévia autorização do paciente, salvo quando necessário para be-neficiá-lo. Este trabalho propõe o MACA, um modelo de autorização contextual para o controle de acesso baseado em papéis (CABP) que contempla requisitos de limita-ção de acesso ao PEP em ambientes abertos e distribuídos. O CABP regula o acesso dos usuários ao PEP com base nas funções (papéis) que eles exercem numa organi-zação. Uma autorização contextual usa informações ambientais disponíveis durante o acesso para decidir se um usuário tem o direito e a necessidade de acessar um re-curso do PEP. Isso confere ao MACA flexibilidade e poder expressivo para estabele-cer políticas de acesso ao PEP e políticas administrativas para o CABP que se adap-tam à diversidade ambiental e cultural das organizações de saúde. O MACA ainda permite que os componentes do PEP utilizem o CABP de forma transparente para o usuário final, tornando-o mais fácil de usar quando comparado a outros modelos de CABP. A arquitetura onde a implementação do MACA foi integrada adota o serviço de diretórios LDAP (Lightweight Directory Access Protocol), a linguagem de pro-gramação Java e os padrões CORBA Security Service e Resource Access Decision Fa-cility. Com esses padrões abertos e distribuídos, os componentes heterogêneos do PEP podem solicitar serviços de autenticação de usuário e de autorização de acesso de modo unificado e coerente a partir de múltiplas plataformas. A implementação do MACA ainda tem a vantagem de ser um software livre, de basear-se em componen-tes de software sem custos de licenciamento e de apresentar bom desempenho para as demandas de acesso estimadas. Por fim, a utilização rotineira do MACA no con-trole de acesso ao PEP do InCor-HC.FMUSP, por cerca de 2000 usuários, evidenciam a exeqüibilidade do modelo, da sua implementação e da sua aplicação prática em casos reais. / The recent advances in computing and communication technologies allowed ready access to the electronic patient record (EPR) information. High availability of clinical information raises concerns about patients privacy and data confidentiality of their data. The legal regulation mandates the confidentiality of EPR contents. Everyone has to be authorized by the patients to access their EPR, except when this access is necessary to provide care on their behalf. This work proposes MACA, a contextual authorization model for the role-based access control (RBAC) that considers the ac-cess restrictions requirements for the EPR in open and distributed environments. RBAC regulates user’s access to EPR based on organizational functions (roles). Con-textual authorizations use environmental information available at access time, like user/patient relationship, in order to decide whether a user is allowed to access an EPR resource. This gives flexibility and expressive power to MACA, allowing one to establish access policies for the EPR and administrative policies for the RBAC that considers the environmental and cultural diversity of healthcare organizations. MACA also allows EPR components to use RBAC transparently, making it more user friendly when compared with other RBAC models. The implementation of MACA architecture uses the LDAP (Lightweight Directory Access Protocol) directory server, the Java programming language and the standards CORBA Security Service and Re-source Access Decision Facility. Thus, heterogeneous EPR components can request user authentication and access authorization services in a unified and coherent way across multiple platforms. MACA implementation complies with free software pol-icy. It is based on software components without licensing costs and it offers good performance for the estimated access demand. Finally, the daily use of MACA to control the access of about 2000 users to the EPR at InCor-HC.FMUSP shows the feasibility of the model, of its implementation and the effectiveness of its practical application on real cases.
arquiteturas abertas e distribuídas
autorização contextual
contexto
contexts
contextual authorization
electronic patient record (EPR)
open and distributed architectures
role-based access control (RBAC)
security
segurança
37

Um modelo de autorização contextual para o controle de acesso ao prontuário eletrônico do paciente em ambientes abertos e distribuídos. / A contextual authorization model for access control of electronic patient record in open distributed environments.

Gustavo Henrique Matos Bezerra Motta 05 February 2004 (has links)
Os recentes avanços nas tecnologias de comunicação e computação viabilizaram o pronto acesso às informações do prontuário eletrônico do paciente (PEP). O potencial de difusão de informações clínicas resultante suscita preocupações acerca da priva-cidade do paciente e da confidencialidade de seus dados. As normas presentes na legislação dispõem que o conteúdo do prontuário deve ser sigiloso, não cabendo o acesso a ele sem a prévia autorização do paciente, salvo quando necessário para be-neficiá-lo. Este trabalho propõe o MACA, um modelo de autorização contextual para o controle de acesso baseado em papéis (CABP) que contempla requisitos de limita-ção de acesso ao PEP em ambientes abertos e distribuídos. O CABP regula o acesso dos usuários ao PEP com base nas funções (papéis) que eles exercem numa organi-zação. Uma autorização contextual usa informações ambientais disponíveis durante o acesso para decidir se um usuário tem o direito e a necessidade de acessar um re-curso do PEP. Isso confere ao MACA flexibilidade e poder expressivo para estabele-cer políticas de acesso ao PEP e políticas administrativas para o CABP que se adap-tam à diversidade ambiental e cultural das organizações de saúde. O MACA ainda permite que os componentes do PEP utilizem o CABP de forma transparente para o usuário final, tornando-o mais fácil de usar quando comparado a outros modelos de CABP. A arquitetura onde a implementação do MACA foi integrada adota o serviço de diretórios LDAP (Lightweight Directory Access Protocol), a linguagem de pro-gramação Java e os padrões CORBA Security Service e Resource Access Decision Fa-cility. Com esses padrões abertos e distribuídos, os componentes heterogêneos do PEP podem solicitar serviços de autenticação de usuário e de autorização de acesso de modo unificado e coerente a partir de múltiplas plataformas. A implementação do MACA ainda tem a vantagem de ser um software livre, de basear-se em componen-tes de software sem custos de licenciamento e de apresentar bom desempenho para as demandas de acesso estimadas. Por fim, a utilização rotineira do MACA no con-trole de acesso ao PEP do InCor-HC.FMUSP, por cerca de 2000 usuários, evidenciam a exeqüibilidade do modelo, da sua implementação e da sua aplicação prática em casos reais. / The recent advances in computing and communication technologies allowed ready access to the electronic patient record (EPR) information. High availability of clinical information raises concerns about patients privacy and data confidentiality of their data. The legal regulation mandates the confidentiality of EPR contents. Everyone has to be authorized by the patients to access their EPR, except when this access is necessary to provide care on their behalf. This work proposes MACA, a contextual authorization model for the role-based access control (RBAC) that considers the ac-cess restrictions requirements for the EPR in open and distributed environments. RBAC regulates user’s access to EPR based on organizational functions (roles). Con-textual authorizations use environmental information available at access time, like user/patient relationship, in order to decide whether a user is allowed to access an EPR resource. This gives flexibility and expressive power to MACA, allowing one to establish access policies for the EPR and administrative policies for the RBAC that considers the environmental and cultural diversity of healthcare organizations. MACA also allows EPR components to use RBAC transparently, making it more user friendly when compared with other RBAC models. The implementation of MACA architecture uses the LDAP (Lightweight Directory Access Protocol) directory server, the Java programming language and the standards CORBA Security Service and Re-source Access Decision Facility. Thus, heterogeneous EPR components can request user authentication and access authorization services in a unified and coherent way across multiple platforms. MACA implementation complies with free software pol-icy. It is based on software components without licensing costs and it offers good performance for the estimated access demand. Finally, the daily use of MACA to control the access of about 2000 users to the EPR at InCor-HC.FMUSP shows the feasibility of the model, of its implementation and the effectiveness of its practical application on real cases.
arquiteturas abertas e distribuídas
autorização contextual
contexto
segurança
contexts
contextual authorization
electronic patient record (EPR)
open and distributed architectures
role-based access control (RBAC)
security
38

Systém správy identit pro malé a střední firmy / Identity Management Solution for Small and Medium Businesses

MAXA, Karel January 2014 (has links)
The topic of this master's thesis is development of identity management solution for small and medium business. The thesis is divided into four major parts. The first part contains theoretical background as description of RBAC model or model with relationships between practically used objects (user identity, role, position, permission, account...). Analysis of functioning and needs of targeted organizations was carried out in the second part. The third part describes the design of the developed application. The fourth part discusses actual implementation of the application. The main outcome of the thesis is implemented application that can be deployed at thesis defined organizations. The application includes all the functionality required in the first phase of the project.

Page generated in 0.0486 seconds