Spelling suggestions: "subject:"rolebased access"" "subject:"role.based access""
1 |
A Flexible Role-Based Delegation Model and Its Application in Healthcare InformationSystemLiu, Zidong 27 November 2013 (has links)
No description available.
|
2 |
Role based access control in a telecommunications operations and maintenance network / Rollbaserad behörighetskontroll i ett drift- och underhållssystem för telekommunikationGunnarsson, Peter January 2005 (has links)
<p>Ericsson develops and builds mobile telecommunication networks. These networks consists of a large number of equipment. Each telecommunication company has a staff of administrators appointed to manage respective networks. </p><p>In this thesis, we investigate the requirements for an access control model to manage the large number of permissions and equipment in telecommunication networks. Moreover, we show that the existing models do not satisfy the identified requirements. Therefore, we propose a novel RBAC model which is adapted for these conditions. </p><p>We also investigate some of the most common used commercial tools for administrating RBAC, and evaluate their effectiveness in coping with our new proposed model. However, we find the existing tools limited, and thereby design and partly implement a RBAC managing system which is better suited to the requirements posed by our new model.</p>
|
3 |
The Continuum Architecture: Towards Enabling Chaotic Ubiquitous ComputingDragoi, Octavian Andrei January 2005 (has links)
Interactions in the style of the ubiquitous computing paradigm are possible today, but only in handcrafted environments within one administrative and technological realm. This thesis describes an architecture (called Continuum), a design that realises the architecture, and a proof-of-concept implementation that brings ubiquitous computing to chaotic environments. Essentially, Continuum enables an ecology at the edge of the network, between users, competing service providers from overlapping administrative domains, competing internet service providers, content providers, and software developers that want to add value to the user experience. Continuum makes the ubiquitous computing functionality orthogonal to other application logic. Existing web applications are augmented for ubiquitous computing with functionality that is dynamically compiled and injected by a middleware proxy into the web pages requested by a web browser at the user?s mobile device. This enables adaptability to environment variability, manageability without user involvement, and expansibility without changes to the mobile. The middleware manipulates self-contained software units with precise functionality (called <i>frames</i>), which help the user interact with contextual services in conjunction with the data to which they are attached. The middleware and frame design explicitly incorporates the possibility of discrepancies between the assumptions of ubiquitous-computing software developers and field realities: multiple administrative domains, unavailable service, unavailable software, and missing contextual information. A framework for discovery and authorisation addresses the chaos inherent to the paradigm through the notion of <i>role assertions</i> acquired dynamically by the user. Each assertion represents service access credentials and contains bootstrapping points for service discovery on behalf of the holding user. A proof-of-concept prototype validates the design, and implements several frames that demonstrate general functionality, including driving discovery queries over multiple service discovery protocols and making equivalences between service types, across discovery protocols.
|
4 |
The Continuum Architecture: Towards Enabling Chaotic Ubiquitous ComputingDragoi, Octavian Andrei January 2005 (has links)
Interactions in the style of the ubiquitous computing paradigm are possible today, but only in handcrafted environments within one administrative and technological realm. This thesis describes an architecture (called Continuum), a design that realises the architecture, and a proof-of-concept implementation that brings ubiquitous computing to chaotic environments. Essentially, Continuum enables an ecology at the edge of the network, between users, competing service providers from overlapping administrative domains, competing internet service providers, content providers, and software developers that want to add value to the user experience. Continuum makes the ubiquitous computing functionality orthogonal to other application logic. Existing web applications are augmented for ubiquitous computing with functionality that is dynamically compiled and injected by a middleware proxy into the web pages requested by a web browser at the user?s mobile device. This enables adaptability to environment variability, manageability without user involvement, and expansibility without changes to the mobile. The middleware manipulates self-contained software units with precise functionality (called <i>frames</i>), which help the user interact with contextual services in conjunction with the data to which they are attached. The middleware and frame design explicitly incorporates the possibility of discrepancies between the assumptions of ubiquitous-computing software developers and field realities: multiple administrative domains, unavailable service, unavailable software, and missing contextual information. A framework for discovery and authorisation addresses the chaos inherent to the paradigm through the notion of <i>role assertions</i> acquired dynamically by the user. Each assertion represents service access credentials and contains bootstrapping points for service discovery on behalf of the holding user. A proof-of-concept prototype validates the design, and implements several frames that demonstrate general functionality, including driving discovery queries over multiple service discovery protocols and making equivalences between service types, across discovery protocols.
|
5 |
A Statistically Rigorous Evaluation of the Cascade Bloom Filter for Distributed Access Enforcement in Role-Based Access Control (RBAC) SystemsZitouni, Toufik January 2010 (has links)
We consider the distributed access enforcement problem for Role-Based
Access Control (RBAC) systems. Such enforcement has become important
with RBAC’s increasing adoption, and the proliferation of data that
needs to be protected. Our particular interest is in the evaluation of a
new data structure that has recently been proposed for enforcement: the
Cascade Bloom Filter. The Cascade Bloom Filter is an extension of the
Bloom filter, and provides for time- and space-efficient encodings of
sets. We compare the Cascade Bloom Filter to the Bloom Filter, and
another approach called Authorization Recycling that has been proposed
for distributed access enforcement in RBAC. One of the challenges we
address is the lack of a benchmark: we propose and justify a benchmark
for the assessment. Also, we adopt a statistically rigorous approach for
empirical assessment from recent work. We present our results for time-
and space-efficiency based on our benchmark. We demonstrate that, of the
three data structures that we consider, the Cascade Bloom Filter scales the
best with the number of RBAC sessions from the standpoints of time- and
space-efficiency.
|
6 |
A Statistically Rigorous Evaluation of the Cascade Bloom Filter for Distributed Access Enforcement in Role-Based Access Control (RBAC) SystemsZitouni, Toufik January 2010 (has links)
We consider the distributed access enforcement problem for Role-Based
Access Control (RBAC) systems. Such enforcement has become important
with RBAC’s increasing adoption, and the proliferation of data that
needs to be protected. Our particular interest is in the evaluation of a
new data structure that has recently been proposed for enforcement: the
Cascade Bloom Filter. The Cascade Bloom Filter is an extension of the
Bloom filter, and provides for time- and space-efficient encodings of
sets. We compare the Cascade Bloom Filter to the Bloom Filter, and
another approach called Authorization Recycling that has been proposed
for distributed access enforcement in RBAC. One of the challenges we
address is the lack of a benchmark: we propose and justify a benchmark
for the assessment. Also, we adopt a statistically rigorous approach for
empirical assessment from recent work. We present our results for time-
and space-efficiency based on our benchmark. We demonstrate that, of the
three data structures that we consider, the Cascade Bloom Filter scales the
best with the number of RBAC sessions from the standpoints of time- and
space-efficiency.
|
7 |
Access management in electronic commerce systemWang, Hua January 2004 (has links)
The definition of Electronic commerce is the use of electronic transmission mediums to engage in the exchange, including buying and selling, of products and services requiring transportation, either physically or digitally, from location to location. Electronic commerce systems, including mobile e-commerce, are widely used since 1990. The number of world-wide Internet users tripled between 1993 and 1995 to 60 million, and by 2000 there were 250 million users. More than one hundred countries have Internet access. Electronic commerce, especial mobile e-commerce systems, allows their users to access a large set of traditional (for example, voice communications) and contemporary (for example, e-shop) services without being tethered to one particular physical location. With the increasing use of electronic service systems for security sensitive application (for example, e-shop) that can be expected in the future, the provision of secure services becomes more important. The dynamic mobile environment is incompatible with static security services. Electronic service access across multiple service domains, and the traditional access mechanisms rely on cross-domain authentication using roaming agreements starting home location. Cross-domain authentication involves many complicated authentication activities when the roam path is long. This limits future electronic commerce applications. Normally, there are three participants in an electronic service. These are users, service providers, and services. Some services bind users and service providers as well as services such as flight services; other services do not bind any participants, for instance by using cash in shopping services, everyone can use cash to buy anything in shops. Hence, depending on which parts are bound, there are different kinds of electronic services. However, there is no scheme to provide a solution for all kinds of electronic services. Users have to change service systems if they want to apply different kind of electronic services on the Internet. From the consumer's point of view, users often prefer to have a total solution for all kinds of service problems, some degree of anonymity with no unnecessary cross authentications and a clear statement of account when shopping over the Internet. There are some suggested solutions for electronic service systems, but the solutions are neither total solution for all kinds of services nor have some degree of anonymity with a clear statement of account. In our work, we build a bridge between existing technologies and electronic service theory such as e-payment, security and so on. We aim to provide a foundation for the improvement of technology to aid electronic service application. As validation, several technologies for electronic service system design have been enhanced and improved in this project. To fix the problems mentioned above, we extend our idea to a ticket based access service system. The user in the above electronic service system has to pay when s/he obtains service. S/He can pay by traditional cash (physical cash), check, credit or electronic cash. The best way to pay money for goods or services on the Internet is using electronic cash. Consumers, when shopping over the Internet, often prefer to have a high level of anonymity with important things and a low level with general one. The ideal system needs to provide some degree of anonymity for consumers so that they cannot be traced by banks. There are a number of proposals for electronic cash systems. All of them are either too large to manage or lack flexibility in providing anonymity. Therefore, they are not suitable solutions for electronic payment in the future. We propose a secure, scalable anonymity and practical payment protocol for Internet purchases. The protocol uses electronic cash for payment transactions. In this new protocol, from the viewpoint of banks, consumers can improve anonymity if they are worried about disclosure of their identities. An agent, namely anonymity provider agent provides a higher anonymous certificate and improves the security of the consumers. The agent will certify re-encrypted data after verifying the validity of the content from consumers, but with no private information of the consumers required. With this new method, each consumer can get the required anonymity level. Electronic service systems involve various subsystems such as service systems, payment systems, and management systems. Users and service providers are widely distributed and use heterogeneous catalog systems. They are rapidly increasing in dynamic environments. The management of these service systems will be very complex. Whether systems are successful or not depends on the quality of their management. To simplify the management of e-commerce systems \cite{Sandhu97}, we discuss role based access control management. We define roles and permissions in the subsystems. For example, there are roles TELLER, AUDITOR, MANAGER and permissions teller (account operation), audit operation, managerial decision in a bank system. Permissions are assigned to roles such as permission teller is assigned to role TELLER. People (users) employed in the bank are granted roles to perform associated duties. However, there are conflicts between various roles as well as between various permissions. These conflicts may cause serious security problems with the bank system. For instance, if permissions teller and audit operation are assigned to a role, then a person with this role will have too much privilege to break the security of the bank system. Therefore, the organizing of relationships between users and roles, roles and permissions currently requires further development. Role based access control (RBAC) has been widely used in database management and operating systems. In 1993, the National Institute of Standards and Technology (NIST) developed prototype implementations, sponsored external research, and published formal RBAC models. Since then, many RBAC practical applications have been implemented, because RBAC has many advantages such as reducing administration cost and complexity. However, there are some problems which may arise in RBAC management. One is related to authorization granting process. For example, when a role is granted to a user, this role may conflict with other roles of the user or together with this role; the user may have or derive a high level of authority. Another is related to authorization revocation. For instance, when a role is revoked from a user, the user may still have the role. To solve these problems, we present an authorization granting algorithm, and weak revocation and strong revocation algorithms that are based on relational algebra. The algorithms check conflicts and therefore help allocate the roles and permissions without compromising the security in RBAC. We describe the applications of the new algorithms with an anonymity scalable payment scheme. In summary, this thesis has made the following major contributions in electronic service systems: 1. A ticket based global solution for electronic commerce systems; A ticket based solution is designed for different kinds of e-services. Tickets provide a flexible mechanism and users can check charges at anytime. 2. Untraceable electronic cash system; An untraceable e-cash system is developed, in which the bank involvement in the payment transaction between a user and a receiver is eliminated. Users remain anonymous, unless she/he spends a coin more than once. 3. A self-scalable anonymity electronic payment system; In this payment system, from the viewpoint of banks, consumers can improve anonymity if they are worried about disclosure of their identities. Each consumer can get the required anonymity level. 4. Using RBAC to manage electronic payment system; The basic structure of RBAC is reviewed. The challenge problems in the management of RBAC with electronic payment systems are analysed and how to use RBAC to manage electronic payment system is proposed. 5. The investigation of recovery algorithms for conflicting problems in user-role assignments and permission-role assignments. Formal authorization allocation algorithms for role-based access control have developed. The formal approaches are based on relational structure, and relational algebra and are used to check conflicting problems between roles and between permissions.
|
8 |
Separation of Duty in Role Based AccessKugblenu, Francis M., Asim, Memon January 2007 (has links)
In today’s business world, many organizations use Information Systems to many their sensitive and business critical information. The need to protect such a key component of the organization cannot be over emphasized. Access control has been found to be one of the effective ways of insuring that only authorized users have access to the information resources to perform their job function. Role Based Access Control has been found to be the access control mechanism that fits naturally with the organizational structure of businesses. Separation of duties is a security principle that has been used extensively to prevent conflict of interest, fraud and error control in organizations. In this thesis, we identify the various forms of separation of duties in role based access control systems. We also do a case study of the role based access control system in the banking application of a financial institution.
|
9 |
Role based access control in a telecommunications operations and maintenance network / Rollbaserad behörighetskontroll i ett drift- och underhållssystem för telekommunikationGunnarsson, Peter January 2005 (has links)
Ericsson develops and builds mobile telecommunication networks. These networks consists of a large number of equipment. Each telecommunication company has a staff of administrators appointed to manage respective networks. In this thesis, we investigate the requirements for an access control model to manage the large number of permissions and equipment in telecommunication networks. Moreover, we show that the existing models do not satisfy the identified requirements. Therefore, we propose a novel RBAC model which is adapted for these conditions. We also investigate some of the most common used commercial tools for administrating RBAC, and evaluate their effectiveness in coping with our new proposed model. However, we find the existing tools limited, and thereby design and partly implement a RBAC managing system which is better suited to the requirements posed by our new model.
|
10 |
Model kontrole pristupa u Smart Grid sistemima / Access control model in Smart Grid systemsRosić Daniela 22 September 2017 (has links)
<p>U tezi je analiziran problem kontrole pristupa u Smart Grid sistemima. Formalno je specificiran model kontrole pristupa za Smart Grid koji je zasnovan na unapređenju i proširenju RBAC modela i koji je usklađen sa aktuelnim zahtevima u elektroenergetskoj industriji. Postavljena je softverska arhitektura predloženog modela kontrole pristupa, čija je prototipska implementacija zatim integrisana u simuliranom Smart Grid okruženju.</p> / <p>This thesis discusses the challenges related to access control in Smart<br />Grid systems. A formal model for access control in the Smart Grid is<br />specified, extending the role-based access control (RBAC) model to be<br />in accordance with the existing security requirement in the power industry.<br />Based on the proposed access control model, software architecture was<br />developed and its prototype implementation is integrated in a Smart Grid<br />simulated environment.</p>
|
Page generated in 0.0617 seconds