Search

Your search keyword '"Discretionary access control"' showing total 597 results
Start Over Descriptor "Discretionary access control"
597 results on '"Discretionary access control"'

1. Secure Trusted Operating System Based on Microkernel Architecture

Author

Li, De Jian, Wang, Hui, Tang, Xiao Ke, Yang, Li Xin, Shen, Chong Fei, Xiao, Kun, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Yang, Xin-She, editor, Sherratt, Simon, editor, Dey, Nilanjan, editor, and Joshi, Amit, editor

Published
2022
Full Text
View/download PDF

4. A flexible fine-grained dynamic access control approach for cloud computing environment.

Author

Mehraj, Saima and Banday, M. Tariq

Subjects
*ACCESS control, *CLOUD computing, *ON-demand computing, *COMPUTER systems, *DYNAMICAL systems
Abstract

As a pioneering surge of ICT technologies, offering computing resources on-demand, the exceptional evolution of Cloud computing has not gone unnoticed by the IT world. At the same time, security stands as a most prior concern for this new progressive computing capability of on-demand services over the Internet. Hence, access control substantiates one of the fundamental conditions to fortify the information and Cloud system against illegitimate access among all the security requirements of Cloud computing. Although diverse access control models have been proposed and implemented for the Cloud computing paradigm, the models may fail to accomplish the dynamic and scalable requirements of the Cloud system adequately. Therefore, we propose a dynamic authorization system for a Cloud computing environment that employs the concept of role, task, and trustworthiness of the user. In this paper, a framework has been proposed that offers characteristics of both passive and active access control along with the trusted computing, thereby, blending the model into a more fine-grained and dynamic for the Cloud computing environment. Subsequently, the implementation of the propounded scheme is reported to provide the proof-of-concept. Additionally, the evaluation and use case scenario of the propounded system has been carried out to proclaim its effectiveness over other conventional models. [ABSTRACT FROM AUTHOR]

Published
2021
Full Text
View/download PDF

5. Introduction

Author

Heckman, Kristin E., Stech, Frank J., Thomas, Roshan K., Schmoker, Ben, Tsow, Alexander W., Jajodia, Sushil, Series editor, Heckman, Kristin E., Stech, Frank J., Thomas, Roshan K., Schmoker, Ben, and Tsow, Alexander W.

Published
2015
Full Text
View/download PDF

6. Enforcing Secure Data Sharing in Web Application Development Frameworks Like Django Through Information Flow Control

Author

Susheel, S., Narendra Kumar, N. V., Shyamasundar, R. K., Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Jajoda, Sushil, editor, and Mazumdar, Chandan, editor

Published
2015
Full Text
View/download PDF

7. Discretionary Information Flow Control for Interaction-Oriented Specifications

Author

Lluch Lafuente, Alberto, Nielson, Flemming, Nielson, Hanne Riis, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Martí-Oliet, Narciso, editor, Ölveczky, Peter Csaba, editor, and Talcott, Carolyn, editor

Published
2015
Full Text
View/download PDF

8. Design Patterns for Multiple Stakeholders in Social Computing

Author

Mehregan, Pooya, Fong, Philip W. L., Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Kobsa, Alfred, editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Weikum, Gerhard, editor, Atluri, Vijay, editor, and Pernul, Günther, editor

Published
2014
Full Text
View/download PDF

9. Controlling Data Dissemination

Author

Janicke, Helge, Sarrab, Mohamed, Aldabbas, Hamza, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Garcia-Alfaro, Joaquin, editor, Navarro-Arribas, Guillermo, editor, Cuppens-Boulahia, Nora, editor, and de Capitani di Vimercati, Sabrina, editor

Published
2012
Full Text
View/download PDF

11. Web Application Security Gateway with Java Non-blocking IO

Author

Luo, Zhenxing, Heilili, Nuermaimaiti, XU, Dawei, Zhao, Chen, Lin, Zuoquan, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Dough, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Etzion, Opher, editor, Kuflik, Tsvi, editor, and Motro, Amihai, editor

Published
2006
Full Text
View/download PDF

12. Covering Based Granular Computing for Conflict Analysis

Author

Zhu, William, Wang, Fei-Yue, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Dough, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Mehrotra, Sharad, editor, Zeng, Daniel D., editor, Chen, Hsinchun, editor, Thuraisingham, Bhavani, editor, and Wang, Fei-Yue, editor

Published
2006
Full Text
View/download PDF

13. A Security Access Control Mechanism for a Multi-layer Heterogeneous Storage Structure

Author

Ju, Shiguang, Hernández, Héctor J., Zhang, Lan, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Dough, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Li, Minglu, editor, Sun, Xian-He, editor, Deng, Qianni, editor, and Ni, Jun, editor

Published
2004
Full Text
View/download PDF

15. A Novel Approach to Role-Based Access Control

Author

Chae, Song-hwa, Kim, Wonil, Kim, Dong-kyoo, Goos, G., editor, Hartmanis, J., editor, van Leeuwen, J., editor, Sloot, Peter M. A., editor, Abramson, David, editor, Bogdanov, Alexander V., editor, Gorbachev, Yuriy E., editor, Dongarra, Jack J., editor, and Zomaya, Albert Y., editor

Published
2003
Full Text
View/download PDF

16. An extended access control mechanism exploiting data dependencies.

Author

Albertini, Davide, Carminati, Barbara, and Ferrari, Elena

Subjects
*QUERY languages (Computer science), *REVISION (Writing process), *FUNCTIONAL dependencies, *ACCESS control, *DATABASES
Abstract

In general, access control mechanisms in DBMSs ensure that users access only those portions of data for which they have authorizations, according to a predefined set of access control policies. However, it has been shown that access control mechanisms might be not enough. A clear example is the inference problem due to functional dependencies, which might allow a user to discover unauthorized data by exploiting authorized data. In this paper, we wish to investigate data dependencies (e.g., functional dependencies, foreign key constraints, and knowledge-based implications) from a different perspective. In particular, the aim was to investigate data dependencies as a mean for increasing the DBMS utility, that is, the number of queries that can be safely answered, rather than as channels for releasing sensitive data. We believe that, under given circumstances, this unauthorized release may give more benefits than issues. As such, we present a query rewriting technique capable of extending defined access control policies by exploiting data dependencies, in order to authorize unauthorized but inferable data. [ABSTRACT FROM AUTHOR]

Published
2017
Full Text
View/download PDF

22. KDP scheme of preliminary key distribution in discretionary security policy.

Author

Belim, S.

Abstract

A modification of the KDP scheme for the distribution of encryption keys is considered as applied to a distributed computer system with a discretionary security model. Limited access is specified as forbidden channels of data transmission. The scheme of preliminary key distribution is designed in such a way that it is impossible for forbidden channels to create a key-pair for the data exchange. An example of the construction of the proposed scheme is presented. [ABSTRACT FROM AUTHOR]

Published
2016
Full Text
View/download PDF

23. Secure Trusted Operating System Based on Microkernel Architecture

Author

Kun Xiao, Chong Fei Shen, Xiao Ke Tang, Li Xin Yang, Hui Wang, and De Jian Li

Subjects
Scheme (programming language), business.industry, Computer science, media_common.quotation_subject, computer.software_genre, Monolithic kernel, Discretionary access control, Software, Operating system, Isolation (database systems), Microkernel, business, Function (engineering), computer, Trusted operating system, media_common, computer.programming_language
Abstract

Currently, trusted execution environment technologies are widely used to enhance the security of connected devices such as mobile phones and tablets. The trusted operating system is the core component of a trusted execution environment solution, but the trusted operating system itself may face security challenges. The main reason is that the trusted operating system needs to provide different services for different application scenarios, which makes its function more complicated and further increases the code size. In most trusted execution environment solutions, the trusted operating system is based on Monolithic kernel architecture. This will inevitably face security issues such as software defects and lack of isolation between components. In this paper, we propose a scheme for design secure trusted operating system based on a microkernel architecture. In our scheme, we take the modified take-grant model as the system security model and design a discretionary access control mechanism based on the capability system. We implemented our secure trusted operating system on the i.MX6Q platform. The test results show that it works properly and meets the requirements of the GP TEE specifications.

Published
2021
Full Text
View/download PDF

24. Solid over the Interplanetary File System

Author

Christian Tschudin and Fabrizio Parrillo

Subjects
File system, Computer science, computer.internet_protocol, business.industry, Access control, Service-oriented architecture, Permission, computer.software_genre, Discretionary access control, Task (computing), Server, Operating system, Architecture, business, computer
Abstract

Solid is a moderate re-decentralization architecture for the Web. In Solid, applications fetch data from storage providers called “pods” which implement discretionary access control, permitting users to grant and revoke access rights and thus keeping control over their data. In this paper, we propose to apply an additional de-verticalization by introducing IPFS as a common backend for Solid pods, the goal being to prevent pod provider lock-in and permitting users to consider “self-poding” where the heavy persistency task is out-sourced to IPFS. We have implemented this Solid-over-IPFS architecture using the open-source “Community Solid Server” and successfully ran several Solid applications over IPFS.

Published
2021
Full Text
View/download PDF

25. A Scalable Role Mining Approach for Large Organizations

Author

Zohreh Raghebi, Haadi Jafarian, Farnoush Banaei-Kashani, and Masoumeh Abolfathi

Subjects
Discretionary access control, Flexibility (engineering), Computer science, business.industry, Distributed computing, Scalability, Role-based access control, Usability, Access control, business, Heuristics, Task (project management)
Abstract

Role-based access control (RBAC) model has gained significant attention in cybersecurity in recent years. RBAC restricts system access only to authorized users based on the roles and regulations within an organization. The flexibility and usability of this model have encouraged organizations to migrate from traditional discretionary access control (DAC) models to RBAC. However, this transition requires accomplishing a very challenging task called role mining in which users' roles are generated from the existing access control lists. Although various approaches have been proposed to address this NP-complete problem in the literature, they suffer either from low scalability such that their execution time increases exponentially with the input size, or they rely on fast heuristics with low optimality that generate too many roles. In this paper, we introduce a highly scalable yet optimal approach to tackle the role mining problem. To this end, we utilize a non-negative rank reduced matrix decomposition method to decompose a large-scale user-permission assignment into two constitutive components, i.e. the user-role and role-permission assignments. Then, we apply a thresholding technique to convert real-valued components into binary-valued factors. We employ various access control configurations and demonstrate that our proposed model is able to effectively discover the latent relationship behind the user-permission data even with large datasets.

Published
2021
Full Text
View/download PDF

26. A safe architecture for authorisation grant in healthcare ecosystems

Author

Marcos Gestal Pose, Rui Lebre, Carlos Costa, and Micael Pedrosa

Subjects
Authentication, 020205 medical informatics, business.industry, Computer science, Internet privacy, Context (language use), Cloud computing, 02 engineering and technology, Discretionary access control, Data access, Implied consent, Health care, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Smart card, business
Abstract

Recent regulations for security and privacy of personal data request new approaches in data access and retrieval processes. In the context of healthcare, the regulations point two types of consent to access sensitive personal medical data: explicit and implicit consent. This paper focus on explicit consent cases and presents an architecture where the patient grants on-demand access to private health records. The architecture is supported by a Discretionary Access Control model suited for cross-domain and cloud environments. Each resource belongs to a patient that has the power to grant or deny any access rights to users or groups of users. All the process is designed to be secure, from the authentication of the physician in the terminal until the communications between entities, passing by the physician’s terminal check by the patient. Furthermore, the security methods are discussed and evaluated. Finally, it is presented a summary of the developed work and the plans to apply in the future work.

Published
2020
Full Text
View/download PDF

27. Blockchain Platforms and Access Control Classification for IoT Systems

Author

Abdullah Alghamdi, Khalid Almarhabi, Adam Ibrahim Abdi, Fathy Eassa, and Kamal Jambi

Subjects
blockchain, Physics and Astronomy (miscellaneous), Computer science, General Mathematics, access control (AC), Access control, 02 engineering and technology, security, Computer security, computer.software_genre, privacy, AC classification, Discretionary access control, Central authority, 0202 electrical engineering, electronic engineering, information engineering, Computer Science (miscellaneous), business.industry, lcsh:Mathematics, 020206 networking & telecommunications, lcsh:QA1-939, Mandatory access control, Internet of Things (IoT), Chemistry (miscellaneous), Scalability, Table (database), 020201 artificial intelligence & image processing, Single point of failure, business, Internet of Things, computer
Abstract

The Internet of Things paradigm is growing rapidly. In fact, controlling this massive growth of IoT globally raises new security and privacy issues. The traditional access control mechanisms provide security to IoT systems such as DAC (discretionary access control) and mandatory access control (MAC). However, these mechanisms are based on central authority management, which raises some issues such as absence of scalability, single point of failure, and lack of privacy. Recently, the decentralized and immutable nature of blockchain technology integrated with access control can help to overcome privacy and security issues in the IoT. This paper presents a review of different access control mechanisms in IoT systems. We present a comparison table of reviewed access control mechanisms. The mechanisms’ scalability, distribution, security, user-centric, privacy and policy enforcing are compared. In addition, we provide access control classifications. Finally, we highlight challenges and future research directions in developing decentralized access control mechanisms for IoT systems.

Published
2020

28. Modeling Transformations of Information Links in the Cybersecurity Architecture of Systems Using Algorithms on Graphs and the 'Take-Grant' Formal Model

Author

Alexander Shumov

Subjects
business.industry, Computer science, Python (programming language), Computer security, computer.software_genre, Graph, Data modeling, Discretionary access control, Software modules, Software, Task analysis, Architecture, business, Algorithm, computer, computer.programming_language
Abstract

In this paper, the issue of modeling the transformations of information links in the architecture of cybersecurity of systems with discretionary access control on graphs using the formal "take-grant" model for the task of synthesizing the cybersecurity architecture is considered. For various initial conditions of the problem, reflecting the requirements for the final state of the structure of information links, modeling algorithms based on the Ford-Fulkerson theorem and methods for finding the smallest edge section of a graph are proposed. A software module has been created that implements the proposed algorithms in Python using the NetworkX library. Examples of the results of the created software module are given.

Published
2020
Full Text
View/download PDF

29. Strengthen Electronic Health Records System (EHR-S) Access-Control to Cope with GDPR Explicit Consent

Author

Paulo Bandiera-Paiva and Marcelo Antonio de Carvalho Junior

Subjects
020205 medical informatics, Computer science, Control (management), Medicine (miscellaneous), Health Informatics, Access control, 02 engineering and technology, Permission, Computer security, computer.software_genre, Health informatics, Discretionary access control, Health Information Management, Computer Systems, 0202 electrical engineering, electronic engineering, information engineering, Role-based access control, Electronic Health Records, Humans, Confidentiality, Computer Security, Informed Consent, business.industry, Service provider, business, computer, Information Systems
Abstract

Patient consent is currently a missing piece on Electronic Health Records System (EHR-S) access permission. The control is needed to ensure personal data as the property of the individual, not data controllers or health-care service providers. To cope with this need, in this article, an adaptation of existent Role-Based Access Control (RBAC), including patient-centric control, is described. The revisited feature of existing administrative and supporting RBAC functions allows exclusive control orchestrated by the patient as sole information owner, including the ability to encrypt their data for confidentiality purposes. The additions mimic a Discretionary Access Control (DAC) capability using existing user group membership to vet access over symmetric keys bind to patient's data via the associated PERMS matrix.

Published
2020
Full Text
View/download PDF

30. Developing and Assessing an Educational Game for Teaching Access Control

Author

Xiaohong Yuan, Patrickson Weanquoi, Jinsheng Xu, Elva J. Jones, and Jinghua Zhang

Subjects
Multimedia, Video game development, business.industry, Computer science, ComputingMilieux_PERSONALCOMPUTING, Access control, computer.software_genre, Adventure, Mandatory access control, Discretionary access control, Information sensitivity, Game design, business, computer, Access control list
Abstract

The protection of sensitive information in computer systems and networks from malicious manipulation is critical. As a key component in cybersecurity, access control is used to mitigate malicious access to sensitive information. To help students master the access control concepts, we developed a 2D educational game titled "Temple of Treasures" that aims to teach Discretionary Access Control (DAC), Access Control List (ACL) and Mandatory Access Control (MAC) in Unix/Linux Systems via a fun and interactive environment. The Unity3D game engine is used for game development and the game can be deployed to multiple platforms such as Windows, macOS, and web. Player information and in-game assessment data are saved on the cloud through GameSparks for analysis. The game story is centered around a group of adventurers in search of gold. The player is stuck in a temple and has to explore the temple for escape routes. The game has three levels, where level one focuses on DAC, level two focuses on ACL and the last level is for MAC. The player has to explore the temple and gain knowledge on targeted concepts to unlock the gate to the next level. Three in-game assessments have been implemented to provide immediate feedback for students. The UI Accessibility Plugin (UAP) is used to make the game accessible to visually impaired players. To scientifically measure the effectiveness of the game, we developed pre-test, post-test, survey, and focus group protocols. The game has been used in the Operating Systems class as a homework assignment at North Carolina A&T State University in spring 2020. This poster will present the game design and development process, the detailed evaluation plan, and our initial classroom experience. This portable and self-contained game will make it easy to share with other faculty engaged in cyber security teaching and research.

Published
2020
Full Text
View/download PDF

31. A Model-Driven Framework for Ensuring Role Based Access Control in IoT Devices

Author

Mariam Bisma, Muhammad Waseem Anwar, Farooque Azam, and Yawar Rasheed

Subjects
Discretionary access control, Order (exchange), business.industry, Process (engineering), Computer science, Distributed computing, Role-based access control, business, Automation, Variety (cybernetics), Metamodeling, Abstraction (linguistics)
Abstract

Ensuring security and privacy of IOT devices and the associated/ dependent complex and critical systems is certainly a major concern, especially after proliferation of IoT devices in variety of domains in current era. A considerable level of security can be achieved in these systems using the techniques of Role Based Access Control (RBAC). In contrast to Discretionary Access Control (DAC) where personal identity of the owner/ user matters, RBAC grants access permissions on the basis of roles of the user. Due to the inherent complexity associated with ensuring security in IoT devices and related systems/ services, a level of abstraction is required in the development process, in order to better understand and develop the system accordingly by integrating all the security aspects. This level of abstraction can be achieved by developing the system as per the concepts of Model Driven Development (MDD). In this paper, techniques of Model Driven Architecture (MDA)/ MDD has been used to propose such a Framework/ Meta-Model, which ensures RBAC in order to access the services associated with IoT devices. The proposed Meta-Model can be further extended for the model-based development and automation of such a system that ensure RBAC for IoT devices. Validity of proposed Meta-Model has been proved by creating an M1 level Instance Model of a real-world case study. Results prove, that the proposed Meta-Model is capable to be transformed into a reliable system that ensures RBAC in IoT devices.

Published
2020
Full Text
View/download PDF

32. Remote Access Control Model for MQTT Protocol

Author

Dmitrii I. Dikii

Subjects
Password, MQTT, Authentication, business.industry, Computer science, 010401 analytical chemistry, 020206 networking & telecommunications, Access control, 02 engineering and technology, Security policy, 01 natural sciences, 0104 chemical sciences, Discretionary access control, Service data unit, 0202 electrical engineering, electronic engineering, information engineering, business, Protocol (object-oriented programming), Computer network
Abstract

The author considers the Internet of Things security problems, namely, the organization of secure access control when using the MQTT protocol. Security mechanisms and methods that are employed or supported by the MQTT protocol have been analyzed. Thus, the protocol employs authentication by the login and password. In addition, it supports cryptographic processing over transferring data via the TLS protocol. Third-party services on OAuth protocol can be used for authentication. The authorization takes place by configuring the ACL-files or via third-party services and databases. The author suggests a device discretionary access control model of machine-to-machine interaction under the MQTT protocol, which is based on the HRU-model. The model entails six operators: the addition and deletion of a subject, the addition and deletion of an object, the addition and deletion of access privileges. The access control model is presented in a form of an access matrix and has three types of privileges: read, write, ownership. The model is composed in a way that makes it compatible with the protocol of a widespread version v3.1.1. The available types of messages in the MQTT protocol allow for the adjustment of access privileges. The author considered an algorithm with such a service data unit build that the unit could easily be distinguished in the message body. The implementation of the suggested model will lead to the minimization of administrator’s involvement due to the possibility for devices to determine access privileges to the information resource without human involvement. The author suggests recommendations for security policies, when organizing an informational exchange in accordance with the MQTT protocol.

Published
2020
Full Text
View/download PDF

33. Exploring the Access Control Policies of Web-Based Social Network

Author

Kaushal A. Shah and Devkishan Patel

Subjects
Discretionary access control, Social network, Computer science, business.industry, Internet privacy, Role-based access control, Trust management (information system), Web application, Access control, The Internet, Data breach, business
Abstract

The usage of the web based social networks is growing day by day. Our daily life has become dependent on the usage of these social networking applications (apps). These apps allow the people of different ages to share their ideas and remain connected to the people they like to connect with through the medium of internet. There are several web based social networking apps such as Instagram, Twitter, LinkedIn, and Facebook. Facebook has experienced the rapid growth in the number of users in last few years. The access control paradigm of Facebook is different from the way it is generally being provided. The access control is mainly defined through: Role based access control, Trust Management System, Discretionary Access Control. Web based social networks offer attractive means for interaction and communication; on the other hand they also raise privacy and security concerns. There are risks related to the privacy of the users attached to the usage of web based social networks as most of the users accept the privacy and access control policies of such apps without understanding the threat associated with the same. We try to explore some of the threats related to the privacy and access control of web based social network that helps the users to keep their profile safe and avoid any type of data breach.

Published
2020
Full Text
View/download PDF

34. An Adaptation of Context and Trust Aware Workflow Oriented Access Control for Remote Healthcare

Author

Tapalina Bhattasali, Nabendu Chaki, Khalid Saeed, and Rituparna Chaki

Subjects
Process management, Computer Networks and Communications, business.industry, Computer science, 020207 software engineering, Context (language use), Access control, 02 engineering and technology, Computer Graphics and Computer-Aided Design, Mandatory access control, Discretionary access control, Workflow, Artificial Intelligence, Remote healthcare, 0202 electrical engineering, electronic engineering, information engineering, Role-based access control, 020201 artificial intelligence & image processing, business, Adaptation (computer science), Software
Abstract

Traditional discretionary access control (DAC) or mandatory access control (MAC) is not quite effective for remote environment. General role-based access control (RBAC) also has its limitations to control access for applications like remote healthcare due to its static nature. Design of effective access control model is indeed a big challenge for such applications. Fine-grained access control logic capable of adapting changes based on run-time information needs to be considered to meet the requirements of remote healthcare scenarios. In this work, an adaptive access control model is proposed keeping in compliance with state–of-the-art scenario towards ensuring quality of context and trust relationship between owners and users. It focuses on inter-component relationship, where phases are executed either in online or in offline mode to avoid performance bottleneck. Adaptive binding is integrated with application specific workflows. Workflow net models for different scenarios of medical kiosk-based rural healthcare are analyzed to validate proposed access control logic at design time that can reduce the possibility of major faults at run time. Our proposed work supports formal analysis and verification using Workflow Petri Net Designer (WoPeD) tool. Comparative analysis shows how proposed access control model advances the state of art.

Published
2018
Full Text
View/download PDF

35. Multi-user permission strategy to access sensitive information

Author

Debasis Ghosh, Arunava Roy, and Dipankar Dasgupta

Subjects
Authentication, Information Systems and Management, Computer access control, Computer science, Control (management), 02 engineering and technology, Permission, Multi-user, Computer security, computer.software_genre, Computer Science Applications, Theoretical Computer Science, Discretionary access control, World Wide Web, 03 medical and health sciences, Information sensitivity, 0302 clinical medicine, Artificial Intelligence, Control and Systems Engineering, 020204 information systems, 030220 oncology & carcinogenesis, 0202 electrical engineering, electronic engineering, information engineering, Role-based access control, computer, Software
Abstract

A system and related methods for providing greater security and control over access to classified files and documents and other forms of sensitive information based upon a multi-user, multi-modality permission strategy centering on organizational structure, thereby making authentication strategy unpredictable so to significantly reduce the risk of exploitation. Based on the sensitivity or classification of the information being requested by a user, approvers are selected dynamically based on the work environment, e.g., mobility, use of the computing device seeking access, authentication factors under applicable environmental settings, access policy, and the like.

Published
2018
Full Text
View/download PDF

36. Interleaving tasks to improve performance: Users maximise the marginal rate of return

Author

Duggan, Geoffrey B., Johnson, Hilary, and Sørli, Petter

Subjects
*CODING theory, *RATE of return, *TECHNOLOGICAL innovations, *PERFORMANCE, *ACCESS control, *COMPUTER security
Abstract

Abstract: Technological developments have increased the opportunity for interleaving between tasks, leading to more interruptions and more choices for users. Three experiments tested the interleaving strategies of users completing simple office-based tasks while adjusting access control privileges to documents. Previous work predicted users would switch tasks to enable them to work on the task that produced the greatest current benefit—they would maximise the marginal rate of return. Results found that by interleaving between tasks users were able to focus on shorter tasks and that the interleaving decisions were consistent with a strategy of maximising the marginal rate of return. However, interruptions from access control tasks disrupted the processing involved in this task management and led to errors in task selection (Experiment 2) and task performance (Experiment 3). Task interleaving can therefore have costs in security contexts where errors can be catastrophic. Understanding which strategies maximise the marginal rate of return could predict users’ task management behaviour. [Copyright &y& Elsevier]

Published
2013
Full Text
View/download PDF

37. The Comparative Analysis of Main Access Control Technologies.

Author

Zhang, Su, Niu, Li, and Chen, Jing

Subjects
ACCESS control, COMPUTER security, INFORMATION storage & retrieval systems, COMPARATIVE studies, INFORMATION technology, COMPUTER software
Abstract

Abstract: Effective access control security design is an important precondition for the stable running of an information system. So it''s necessary to establish a well-designed security mechanism to ensure the security of the system. This paper analysis and compares the main access control theories. [Copyright &y& Elsevier]

Published
2012
Full Text
View/download PDF

38. Combining Discretionary Policy with Mandatory Information Flow in Operating Systems.

Author

Ziqing Mao, Ninghui Li, Hong Chen, and Xuxian Jiang

Subjects
ACCESS control, COMPUTER operating systems, CYBERTERRORISM, DATA flow computing, COMPUTER software, DATA security, LINUX operating systems, GOVERNMENT policy
Abstract

Discretionary Access Control (DAC) is the primary access control mechanism in today's major operating systems. It is, however, vulnerable to Trojan Horse attacks and attacks exploiting buggy software. We propose to combine the discretionary policy in DAC with the dynamic information flow techniques in MAC, therefore achieving the best of both worlds, that is, the DAC's easy-to-use discretionary policy specification and MAC's defense against threats caused by Trojan Horses and buggy programs. We propose the Information Flow Enhanced Discretionary Access Control (IFEDAC) model that implements this design philosophy. We describe our design of IFEDAC, and discuss its relationship with the Usable Mandatory Integrity Protection (UMIP) model proposed earlier by us. In addition, we analyze their security property and their relationships with other protection systems. We also describe our implementations of IFEDAC in Linux and the evaluation results and deployment experiences of the systems. [ABSTRACT FROM AUTHOR]

Published
2011
Full Text
View/download PDF

40. Practical Role-Based Access Control.

Author

Galante, Victoria

Subjects
*ACCESS control, *COMPUTER network security, *FILTERING software, *SURROGATE-based optimization, *COMPUTER systems
Abstract

This article presents access control from a general and a role-based perspective. The article's focus is role based Access Control from a practical vice a theoretical perspective. The article starts with some access control definitions and two secure access control models. Access control is then presented in context of an abstract model, as preface to an in-depth assessment of Role Based Access Control (RBAC). Several examples contrast RBAC and the simple access control model. The article does not portray RBAC as a panacea, optimal for all situations. Indeed, it is feely admitted that RBAC may be counterproductive in some instances. But the point is also made that RBAC, when properly implemented in an appropriate environment, can reward the organization with economic, security and accountability benefits. Surrogacy is discussed as an essential RBAC attribute and, in practical terms, as a means of drastically reducing authorization volume. Lastly, the article touches on converting from simpler forms of access control to the more complex RBAC. [ABSTRACT FROM AUTHOR]

Published
2009
Full Text
View/download PDF

41. A theory for comparing the expressive power of access control models.

Author

Tripunitara, Mahesh V. and Ninghui Li

Subjects
*ACCESS control, *THEORY, *COMPUTER simulation, *SECURITY systems, *COMPUTER security
Abstract

We present a theory for comparing the expressive power of access control models. The theory is based on simulations that preserve security properties. We perceive access control systems as state-transition systems and present two kinds of simulations, reductions and state-matching reductions. In applying the theory, we highlight four new results and discuss these results in the context of other results that can be inferred or are known. One result indicates that the access matrix scheme due to Harrison, Ruzzo and Ullman is limited in its expressive power when compared with a trust-management scheme, thereby formally establishing a conjecture from the literature. A second result is that a particular RBAC (Role-Based Access Control) scheme, ARBAC97, may be limited in its expressive power, thereby countering claims in the literature that RBAC is more expressive than DAC (Discretionary Access Control). A third result demonstrates that the ability to check for the absence of rights (in addition to the presence of rights) can cause a scheme to be more expressive. A fourth result is that a trust-management scheme is at least as expressive as RBAC with a particular administrative scheme (the URA97 component of ARBAC97). [ABSTRACT FROM AUTHOR]

Published
2007
Full Text
View/download PDF

42. A trusted access method in software-defined network

Author

Jing Liu, Yinong Chen, Yingxu Lai, and Diao Zipeng

Subjects
0209 industrial biotechnology, Computer access control, Computer science, business.industry, Network Access Device, 020206 networking & telecommunications, Access control, 02 engineering and technology, Trusted Network Connect, Computer security, computer.software_genre, Discretionary access control, 020901 industrial engineering & automation, Distributed System Security Architecture, Hardware and Architecture, Modeling and Simulation, Network Access Control, 0202 electrical engineering, electronic engineering, information engineering, Role-based access control, business, computer, Software, Computer network
Abstract

In software-defined networks (SDN), most controllers do not have an established control function for endpoint users and access terminals to access network, which may lead to many attacks. In order to address the problem of security check on access terminals, a secure trusted access method in SDN is designed and implemented in this paper. The method includes an access architecture design and a security access authentication protocol. The access architecture combines the characteristics of the trusted access technology and SDN architecture, and enhances the access security of SDN. The security access authentication protocol specifies the specific structure and implementation of data exchange in the access process. The architecture and protocol implemented in this paper can complete the credibility judgment of the access device and user's identification. Furthermore, it provides different trusted users with different network access permissions. Experiments show that the proposed access method is more secure than the access method that is based on IP address, MAC address and user identity authentication only, thus can effectively guarantee the access security of SDN.

Published
2017
Full Text
View/download PDF

43. Current Research and Open Problems in Attribute-Based Access Control

Author

Sylvia L. Osborn and Daniel Servos

Subjects
General Computer Science, Delegation, business.industry, Computer science, media_common.quotation_subject, 020206 networking & telecommunications, Access control, 02 engineering and technology, Computer security, computer.software_genre, Data science, Mandatory access control, Theoretical Computer Science, Discretionary access control, Taxonomy (general), Scale (social sciences), Scalability, 0202 electrical engineering, electronic engineering, information engineering, Role-based access control, 020201 artificial intelligence & image processing, business, computer, media_common
Abstract

Attribute-based access control (ABAC) is a promising alternative to traditional models of access control (i.e., discretionary access control (DAC), mandatory access control (MAC), and role-based access control (RBAC)) that is drawing attention in both recent academic literature and industry application. However, formalization of a foundational model of ABAC and large scale adoption is still in its infancy. The relatively recent emergence of ABAC still leaves a number of problems unexplored. Issues like delegation, administration, auditability, scalability, hierarchical representations, and the like, have been largely ignored or left to future work. This article provides a basic introduction to ABAC and a comprehensive review of recent research efforts toward developing formal models of ABAC. A taxonomy of ABAC research is presented and used to categorize and evaluate surveyed articles. Open problems are identified based on the shortcomings of the reviewed works and potential solutions discussed.

Published
2017
Full Text
View/download PDF

44. Designing Application Permission Models that Meet User Expectations

Author

Franziska Roesner

Subjects
Computer Networks and Communications, Computer science, business.industry, Principle of least privilege, Internet privacy, Authorization, Mobile computing, 020206 networking & telecommunications, Access control, 02 engineering and technology, Permission, User expectations, Computer security, computer.software_genre, Discretionary access control, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Electrical and Electronic Engineering, business, Law, computer, Explicit permission
Abstract

How should applications legitimately requiring access to sensitive resources to carry out their functionality be granted access to those resources? The answer to this question depends on users. This article introduces user-driven access control, an alternate permission model that adheres to the principle of least privilege while reducing the burden on users to make explicit permission decisions.

Published
2017
Full Text
View/download PDF

45. Database security - concepts, approaches, and challenges.

Author

Bertino, E. and Sandhu, R.

Abstract

As organizations increase their reliance on, possibly distributed, information systems for daily business, they become more vulnerable to security breaches even as they gain productivity and efficiency advantages. Though a number of techniques, such as encryption and electronic signatures, are currently available to protect data when transmitted across sites, a truly comprehensive approach for data protection must also include mechanisms for enforcing access control policies based on data contents, subject qualifications and characteristics, and other relevant contextual information, such as time. It is well understood today that the semantics of data must be taken into account in order to specify effective access control policies. Also, techniques for data integrity and availability specifically tailored to database systems must be adopted. In this respect, over the years, the database security community has developed a number of different techniques and approaches to assure data confidentiality, integrity, and availability. However, despite such advances, the database security area faces several new challenges. Factors such as the evolution of security concerns, the "disintermediation" of access to data, new computing paradigms and applications, such as grid-based computing and on-demand business, have introduced both new security requirements and new contexts in which to apply and possibly extend current approaches. In this paper, we first survey the most relevant concepts underlying the notion of database security and summarize the most well-known techniques. We focus on access control systems, on which a large body of research has been devoted, and describe the key access control models, namely, the discretionary and mandatory access control models, and the role-based access control (RBAC) model. We also discuss security for advanced data management systems, and cover topics such as access control for XML. We then discuss current challenges for database security and some preliminary approaches that address some of these challenges. [ABSTRACT FROM PUBLISHER]

Published
2005
Full Text
View/download PDF

46. On the Feasibility of Attribute-Based Access Control Policy Mining

Author

Ravi Sandhu, Shuvra Chakraborty, and Ram Krishnan

Subjects
021110 strategic, defence & security studies, business.industry, Computer science, General problem, 0211 other engineering and technologies, Authorization, Access control, Context (language use), 02 engineering and technology, Attribute-based access control, Computer security, computer.software_genre, Discretionary access control, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, State (computer science), business, computer
Abstract

As the technology of attribute-based access control (ABAC) matures and begins to supplant earlier models such as role-based or discretionary access control, it becomes necessary to convert from already deployed access control systems to ABAC. Several variations of this general problem can be defined, some of which have been studied by researchers. In particular the ABAC policy mining problem assumes that attribute values for various entities such as users and objects in the system are given, in addition to the authorization state, from which the ABAC policy needs to be discovered. In this paper, we formalize the ABAC RuleSet Existence problem in this context and develop an algorithm and complexity analysis for its solution. We further introduce the notion of ABAC RuleSet Infeasibility Correction along with an algorithm for its solution.

Published
2019
Full Text
View/download PDF

47. Towards Integrating Attribute-Based Access Control into Ontologies

Author

Besik Dundua and Mikheil Rukhaia

Subjects
Discretionary access control, World Wide Web, Focus (computing), business.industry, Computer science, Role-based access control, Access control, Ontology language, Ontology (information science), business, Semantic Web, Mandatory access control
Abstract

Access control is a security technique that specifies which users can access particular resources in a computing environment. Over the years, numerous access control models have been developed to address various aspects of computer security. In this paper, we focus on a modern approach, attribute-based access control (ABAC), which has been proposed in order to overcome limitations of traditional models: discretionary access control (DAC), mandatory access control (MAC) and role-based access control (RBAC). The work on integrating access control mechanisms in semantic web technologies is developing into two directions: (1) to use semantic web technologies for modeling and analyzing access control policies and (2) to protect knowledge encoded in an ontology. In this paper we focus on the first issue and investigate how ABAC can be integrated into ontology languages.

Published
2019
Full Text
View/download PDF

48. From Access Control Models to Access Control Metamodels: A Survey

Author

Nadine Kashmar, Mirna Atieh, and Mehdi Adda

Subjects
Discretionary access control, Computer science, business.industry, Distributed computing, Data integrity, Role-based access control, Information technology, Access control, business, Mandatory access control, Abstraction (linguistics), Metamodeling
Abstract

Access control (AC) is a computer security requirement used to control, in a computing environment, what the user can access, when and how. Policy administration is an essential feature of an AC system. As the number of computers are in hundreds of millions, and due to the different organization requirements, applications and needs, various AC models are presented in literature, such as: Discretionary Access Control (DAC), Mandatory Access Control (MAC), Role Based Access Control (RBAC), etc. These models are used to implement organizational policies that prevent the unauthorized disclosure of sensitive data, protecting the data integrity, and enabling secure access and sharing of information. Each AC model has its own methods for making AC decisions and policy enforcement. However, due to the diversity of AC models and the various concerns and restrictions, its essential to find AC metamodels with higher level of abstraction. Access control metamodels serve as a unifying framework for specifying any AC policy and should ease the migration from an AC model to another. This study reviews existing works on metamodels descriptions and representations. But, are the presented metamodels sufficient to handle the needed target of controlling access especially in the presence of the current information technologies? Do they encompass all features of other AC models? In this paper we are presenting a survey on AC metamodels.

Published
2019
Full Text
View/download PDF

49. The Design and Implementation of a Linux Kernel Module for File Descriptor Revocation

Author

Hari Nn and Arjun Tu

Subjects
Discretionary access control, Software_OPERATINGSYSTEMS, Confused deputy problem, Computer science, Privilege separation, File descriptor, Principle of least privilege, Operating system, Linux kernel, Privilege (computing), computer.software_genre, Access control list, computer
Abstract

Privilege separation systems that are implemented in applications such as Chromium and OpenSSH Dae- mon(SSHD) are complex, cumbersome because they have to be built on top of traditional Access Control List(ACL) systems. Properties such as least privilege operations along with effective solutions to problems that plague ACL based implementations, such as the Confused Deputy problem makes Capabilities much more capable when compared with the current Mandatory Access Control (MAC)/ Discretionary Access Control(DAC) systems in use within the POSIX systems for implementing privilege separated applications. While some work has been done on integrating a capability system into Linux, the final implementation provided solution for a specific subset of problems that a typical Capability based systems addresses. We provide a kernel module that enhances the Linux File Descriptors (FD) with revocation property, that while providing as a starting point for future refinements and improvements for creating a Capability system, also provides sufficient advantages to existing work flows that involves privilege separation.

Published
2019
Full Text
View/download PDF

50. Effective Security and Access Control Framework for Multilevel Organizations

Author

Ei Ei Moe and Mie Mie Su Thwin

Subjects
Computer science, business.industry, Data security, Access control, Computer security, computer.software_genre, Security controls, Mandatory access control, Discretionary access control, Need to know, Role-based access control, Multilevel security, business, computer
Abstract

In many organizations, it is vital to protect sensitive and confidential data in today’s digital world. For this case such information is made as an open database system; businesses can face legal or financial ramifications. According to the various nature and structures of the organizations, they may not have the same defense and interrelated communities which consist of military services, bank, and other intelligence organizations. All kinds of organizations must set policies to systematically and consistently categorize their data security from theft and threats. There are many types of access control mechanisms depending on the nature of organization such as mandatory access control (MAC), role-based access control (RBAC), and discretionary access control (DAC). This proposed framework focuses on the common threats that can face in the multilevel organizations, the security mechanisms to be considered, and how to secure a database. Multilevel security system allows users with different clearance levels, authorization, and need to know ability to process information in the same system. Moreover, the technical security controls such as user authentication, file access authorization, data encryption, and privacy controls for each user are applied for this framework. The proposed system will present the implementation of effective security framework for multilevel organizations using Strict Integrity Policy by labeling clearances levels to system’s users and classification levels to system’s stored data.

Published
2019
Full Text
View/download PDF

Catalog

Books, media, physical & digital resources
See catalog results