Your search keyword '"access-control"' showing total 7 results

1. AuthCheck: Program-State Analysis for Access-Control Vulnerabilities

Author

Piskachev, Goran, Petrasch, Tobias, Späth, Johannes, Bodden, Eric, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Sekerinski, Emil, editor, Moreira, Nelma, editor, Oliveira, José N., editor, Ratiu, Daniel, editor, Guidotti, Riccardo, editor, Farrell, Marie, editor, Luckcuck, Matt, editor, Marmsoler, Diego, editor, Campos, José, editor, Astarte, Troy, editor, Gonnord, Laure, editor, Cerone, Antonio, editor, Couto, Luis, editor, Dongol, Brijesh, editor, Kutrib, Martin, editor, Monteiro, Pedro, editor, and Delmas, David, editor

Published

2020

2. Evaluation of a policy enforcement solution in telemedicine with offline use cases.

Author

Szabó, Zoltán

Subjects

ACCESS control, EDGE computing, INTERNET of things, TELEMEDICINE

Abstract

The emerging popularity of telemedicine solutions brought an alarming problem due to the lack of proper access control solutions. With the inclusion of multi-tiered, heterogeneous infrastructures containing Internet of things and edge computing elements, the severity and complexity of the problem became even more alarming, calling for an established access control framework and methodology. The goal of the research is to define a possible solution with a focus on native cloud integration, possible deployment at multiple points along the path of the healthcare data, and adaptation of the fast healthcare interoperability resources standard. In this paper, the importance of this issue in offline use cases is presented and the effectiveness of the proposed solution is evaluated. [ABSTRACT FROM AUTHOR]

Published

2022

3. Generalized Access Control of Synchronous Communication

Author

Serban, Constantin, Minsky, Naftaly, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Sudan, Madhu, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Dough, Series editor, Vardi, Moshe Y., Series editor, Weikum, Gerhard, Series editor, van Steen, Maarten, editor, and Henning, Michi, editor

Published

2006

4. A Survey on Blockchain-based IoMT Systems: Towards Scalability

Author

Seyed Farhad Aghili, Amirhossein Adavoudi Jolfaei, and Dave Singelée

Subjects

blockchain, Technology, Blockchain, General Computer Science, Computer science, media_common.quotation_subject, Internet of Things, Wireless communication, Wearable computer, Cloud computing, THINGS, Internet of Medical Things (IoMT), security, DATA-SECURITY, Domain (software engineering), Engineering, cloud, General Materials Science, Quality (business), INTERNET, SCALABLE BLOCKCHAIN, scalability, media_common, IOT, Science & Technology, Computer Science, Information Systems, CHALLENGES, business.industry, General Engineering, healthcare, Engineering, Electrical & Electronic, Benchmarking, ENABLING TECHNOLOGIES, Blockchains, FRAMEWORK, ELECTRONIC HEALTH RECORDS, TK1-9971, Risk analysis (engineering), Scalability, Computer Science, Medical services, Telecommunications, The Internet, Electrical engineering. Electronics. Nuclear engineering, ACCESS-CONTROL, business

Abstract

Recently, blockchain-based Internet of Medical Things (IoMT) has started to receive more attention in the healthcare domain as it not only improves the care quality using real-time and continuous monitoring but also minimizes the cost of care. However, there is a clear trend to include many entities in IoMT systems, such as IoMT sensor nodes, IoT wearable medical devices, patients, healthcare centers, and insurance companies. This makes it challenging to design a blockchain framework for these systems where scalability is a most critical factor in blockchain technology. Motivated by this observation, in this survey we review the state-of-the-art in blockchain-IoMT systems. Comparison and analysis of such systems prove that there is a substantial gap, which is the negligence of scalability. In this survey, we discuss several approaches proposed in the literature to improve the scalability of blockchain technology, and thus overcoming the above mentioned research gap. These approaches include on-chain and off-chain techniques, based on which we give recommendations and directions to facilitate designing a scalable blockchain-based IoMT system. We also recommended that a designer considers the well-known trilemma along with the various dimensions of a scalable blockchain system to prevent sacrificing security and decentralization as well. Moreover, we raise several research questions regarding benchmarking; addressing these questions could help designers determining the existing bottlenecks, leading to a scalable blockchain.

Published

2021

5. Model-based Analysis of Java EE Web Security Configurations

Author

Salvador Martínez, Valerio Cosentino, Jordi Cabot, IMT Atlantique (IMT Atlantique), Institut Mines-Télécom [Paris] (IMT), Laboratoire d'Informatique de Nantes Atlantique (LINA), Mines Nantes (Mines Nantes)-Université de Nantes (UN)-Centre National de la Recherche Scientifique (CNRS), Modeling Technologies for Software Production, Operation, and Evolution (ATLANMOD), Mines Nantes (Mines Nantes)-Université de Nantes (UN)-Centre National de la Recherche Scientifique (CNRS)-Mines Nantes (Mines Nantes)-Université de Nantes (UN)-Centre National de la Recherche Scientifique (CNRS)-Département informatique - EMN, Mines Nantes (Mines Nantes)-Inria Rennes – Bretagne Atlantique, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria), IMT Atlantique Bretagne-Pays de la Loire (IMT Atlantique), Centre National de la Recherche Scientifique (CNRS)-Mines Nantes (Mines Nantes)-Université de Nantes (UN), and Centre National de la Recherche Scientifique (CNRS)-Mines Nantes (Mines Nantes)-Université de Nantes (UN)-Centre National de la Recherche Scientifique (CNRS)-Mines Nantes (Mines Nantes)-Université de Nantes (UN)-Département informatique - EMN

Subjects

Cloud computing security, Computer science, business.industry, 020207 software engineering, 02 engineering and technology, Reverse-engineering, [INFO.INFO-SE]Computer Science [cs]/Software Engineering [cs.SE], Computer security model, Computer security, computer.software_genre, Web application security, Security testing, Security information and event management, Security service, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Security through obscurity, Security, Network security policy, business, computer, Access-control

Abstract

International audience; The widespread use of Java EE web applications as a means to provide distributed services to remote clients imposes strong security requirements, so that the resources managed by these applications remain protected from unauthorized disclosures and manipulations. For this purpose, the Java EE framework provides developers with mechanisms to define access-control policies. Unfortunately , the variety and complexity of the provided security configuration mechanisms cause the definition and manipulation of a security policy to be complex and error prone. As security requirements are not static, and thus, implemented policies must be changed and reviewed often, discovering and representing the policy at an appropriate abstraction level to enable their understanding and reenginering appears as a critical requirement. To tackle this problem, this paper presents a (model-based) approach aimed to help security experts to visualize, (automatically) analyse and manipulate web security policies.

Published

2016

6. Model-Driven Integration and Analysis of Access-control Policies in Multi-layer Information Systems

Author

Jordi Cabot, Nora Cuppens-Boulahia, Salvador Martínez, Frédéric Cuppens, Joaquin Garcia-Alfaro, Modeling Technologies for Software Production, Operation, and Evolution (ATLANMOD), Laboratoire d'Informatique de Nantes Atlantique (LINA), Mines Nantes (Mines Nantes)-Université de Nantes (UN)-Centre National de la Recherche Scientifique (CNRS)-Mines Nantes (Mines Nantes)-Université de Nantes (UN)-Centre National de la Recherche Scientifique (CNRS)-Département informatique - EMN, Mines Nantes (Mines Nantes)-Inria Rennes – Bretagne Atlantique, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria), Mines Nantes (Mines Nantes)-Université de Nantes (UN)-Centre National de la Recherche Scientifique (CNRS), Mines Nantes (Mines Nantes), Département Réseaux et Services de Télécommunications (TSP - RST), Institut Mines-Télécom [Paris] (IMT)-Télécom SudParis (TSP), Département Logique des Usages, Sciences sociales et Sciences de l'Information (LUSSI), Université européenne de Bretagne - European University of Brittany (UEB)-Télécom Bretagne-Institut Mines-Télécom [Paris] (IMT), Laboratoire des sciences et techniques de l'information, de la communication et de la connaissance (Lab-STICC), Université européenne de Bretagne - European University of Brittany (UEB)-École Nationale d'Ingénieurs de Brest (ENIB)-Université de Bretagne Sud (UBS)-Université de Brest (UBO)-Télécom Bretagne-Institut Brestois du Numérique et des Mathématiques (IBNM), Université de Brest (UBO)-École Nationale Supérieure de Techniques Avancées Bretagne (ENSTA Bretagne)-Institut Mines-Télécom [Paris] (IMT)-Centre National de la Recherche Scientifique (CNRS), Lab-STICC_TB_CID_SFIIS, Université de Brest (UBO)-École Nationale Supérieure de Techniques Avancées Bretagne (ENSTA Bretagne)-Institut Mines-Télécom [Paris] (IMT)-Centre National de la Recherche Scientifique (CNRS)-Université européenne de Bretagne - European University of Brittany (UEB)-École Nationale d'Ingénieurs de Brest (ENIB)-Université de Bretagne Sud (UBS)-Université de Brest (UBO)-Télécom Bretagne-Institut Brestois du Numérique et des Mathématiques (IBNM), Hannes Federrath, Dieter Gollmann, TC 11, Centre National de la Recherche Scientifique (CNRS)-Mines Nantes (Mines Nantes)-Université de Nantes (UN)-Centre National de la Recherche Scientifique (CNRS)-Mines Nantes (Mines Nantes)-Université de Nantes (UN)-Département informatique - EMN, Centre National de la Recherche Scientifique (CNRS)-Mines Nantes (Mines Nantes)-Université de Nantes (UN), Département Réseaux et Services de Télécommunications (RST), École Nationale d'Ingénieurs de Brest (ENIB)-Université de Bretagne Sud (UBS)-Université de Brest (UBO)-Télécom Bretagne-Institut Brestois du Numérique et des Mathématiques (IBNM), Université de Brest (UBO)-Université européenne de Bretagne - European University of Brittany (UEB)-École Nationale Supérieure de Techniques Avancées Bretagne (ENSTA Bretagne)-Institut Mines-Télécom [Paris] (IMT)-Centre National de la Recherche Scientifique (CNRS), and Université de Brest (UBO)-Université européenne de Bretagne - European University of Brittany (UEB)-École Nationale Supérieure de Techniques Avancées Bretagne (ENSTA Bretagne)-Institut Mines-Télécom [Paris] (IMT)-Centre National de la Recherche Scientifique (CNRS)-École Nationale d'Ingénieurs de Brest (ENIB)-Université de Bretagne Sud (UBS)-Université de Brest (UBO)-Télécom Bretagne-Institut Brestois du Numérique et des Mathématiques (IBNM)

Subjects

access-control, Cloud computing security, Computer science, [INFO.INFO-SE]Computer Science [cs]/Software Engineering [cs.SE], Computer security model, Asset (computer security), Computer security, computer.software_genre, Security testing, Security information and event management, Security service, Information security standards, Security, Security convergence, Model-driven engineering, computer

Abstract

Part 2: Web Security; International audience; Security is a critical concern for any information system. Security properties such as confidentiality, integrity and availability need to be enforced in order to make systems safe. In complex environments, where information systems are composed of a number of heterogeneous subsystems, each must participate in their achievement. Therefore, security integration mechanisms are needed in order to 1) achieve the global security goal and 2) facilitate the analysis of the security status of the whole system. For the specific case of access-control, access-control policies may be found in several components (databases, networks and applications) all, supposedly, working together in order to meet the high level security property. In this work we propose an integration mechanism for access-control policies to enable the analysis of the system security. We rely on model-driven technologies and the XACML standard to achieve this goal.

Published

2015

7. Automatic reconstruction and analysis of security policies from deployed security components

Author

Martínez, Salvador, Laboratoire d'Informatique de Nantes Atlantique (LINA), Centre National de la Recherche Scientifique (CNRS)-Mines Nantes (Mines Nantes)-Université de Nantes (UN), Modeling Technologies for Software Production, Operation, and Evolution (ATLANMOD), Centre National de la Recherche Scientifique (CNRS)-Mines Nantes (Mines Nantes)-Université de Nantes (UN)-Centre National de la Recherche Scientifique (CNRS)-Mines Nantes (Mines Nantes)-Université de Nantes (UN)-Département informatique - EMN, Mines Nantes (Mines Nantes)-Inria Rennes – Bretagne Atlantique, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria), Ecole des Mines de Nantes, Frédéric Cuppens, Mines Nantes (Mines Nantes)-Université de Nantes (UN)-Centre National de la Recherche Scientifique (CNRS), and Mines Nantes (Mines Nantes)-Université de Nantes (UN)-Centre National de la Recherche Scientifique (CNRS)-Mines Nantes (Mines Nantes)-Université de Nantes (UN)-Centre National de la Recherche Scientifique (CNRS)-Département informatique - EMN

Subjects

Access-Control, Sûreté, Security, Contrôle d’accès, [INFO.INFO-SY]Computer Science [cs]/Systems and Control [cs.SY], Reverse-engineering, Ingénierie dirigée par les modèles, Rétro-ingénierie, Model-driven

Abstract

Security is a critical concern for any information system. Security properties such as confidentiality, integrity and availability need to be enforced in order to make systems safe. In complex environments, where information systems are composed by a number of heterogeneous subsystems, each subsystem plays a key role in the global system security. For the specific case of access-control, access-control policies may be found in several components (databases, networksand applications) all, supposedly, working together. Nevertheless since most times these policies have been manually implemented and/or evolved separately they easily become inconsistent. In this context, discovering and understanding which security policies are actually being enforced by the information system comes out as a critical necessity. The main challenge to solve is bridging the gap between the vendor-dependent security features and a higher-level representation that express these policies in a way that abstracts from the specificities of concrete system components, and thus, it´s easier to understand and reason with. This high-level representation would also allow us to implement all evolution/refactoring/manipulation operations on the security policies in a reusable way. In this work we propose such a reverse engineering and integration mechanism for access-control policies. We rely on model-driven technologies to achieve this goal.; La sécurité est une préoccupation essentielle pour tout système d’information. Propriétés de sécurité telles que la confidentialité, l’intégrité et la disponibilité doivent être appliquées afin de rendre les systèmes sures. Dans les environnements complexes, où les systèmes d’information sont composés par un certain nombre de sous-systèmes hétérogènes, chaque sous-système joue un rôle clé dans la sécurité globale du système. Dans le cas spécifique du contrôle d’accès, politiques de contrôle d’accès peuvent être trouvées dans différents composants (bases de données, réseaux, etc.), ces derniers étant sensés travailler ensemble. Néanmoins , puisque la plupart de ces politiques ont été mises en œuvre manuellement et / ou évolué séparément ils deviennent facilement incompatibles. Dans ce contexte, la découverte et compréhension des politiques de sécurité appliquées par le système d’information devient une nécessité critique. Le principal défi à résoudre est de combler le fossé entre les caractéristiques de sécurité dépendant du fournisseur et une représentation de plus haut niveau que exprime ces politiques d’une manière faisant abstraction des spécificités de composants concrètes, et donc, plus facile à comprendre et à raisonner avec. Cette représentation de haut niveau nous permettrait également de mettre en œuvre tous les opérations de évolution / refactoring / manipulation sur les politiques de sécurité d’une manière réutilisable. Dans ce travail, nous proposons un tel mécanisme de rétro-ingénierie et d’intégration des politiques de contrôle d’accès. Nous comptons sur les technologies de l’ingénierie dirigée par les modèles pour atteindre cet objectif .

Published

2014