You searched for subject:(Access Control).
Showing records 1 – 30 of
926 total matches.
◁ [1] [2] [3] [4] [5] … [31] ▶
1.
Peixoto, Rafael Pinto.
Traceability-based access recommendation.
Degree: 2012, Instituto Politécnico do Porto
URL: http://www.rcaap.pt/detail.jsp?id=oai:recipp.ipp.pt:10400.22/2831 
► Devido à grande quantidade de dados disponíveis na Internet, um dos maiores desafios no mundo virtual é recomendar informação aos seus utilizadores. Por outro lado,…
(more)
▼ Devido à grande quantidade de dados disponíveis na Internet, um dos maiores desafios
no mundo virtual é recomendar informação aos seus utilizadores. Por outro lado, esta
grande quantidade de dados pode ser útil para melhorar recomendações se for anotada
e interligada por dados de proveniência.
Neste trabalho é abordada a temática de recomendação de (alteração de) permissões
acesso sobre recursos ao seu proprietário, ao invés da recomendação do próprio recurso
a um potencial consumidor/leitor. Para permitir a recomendação de acessos a um determinado
recurso, independentemente do domínio onde o mesmo se encontra alojado,
é essencial a utilização de sistemas de controlo de acessos distribuídos, mecanismos de
rastreamento de recursos e recomendação independentes do domínio.
Assim sendo, o principal objectivo desta tese é utilizar informação de rastreamento de
acções realizadas sobre recursos (i.e. informação que relaciona recursos e utilizadores
através da Web independentemente do domínio de rede) e utiliza-la para permitir a
recomendação de privilégios de acesso a esses recursos por outros utilizadores. Ao longo
do desenvolvimento da tese resultaram as seguintes contribuições:
A análise do estado da arte de recomendação e de sistemas de recomendação
potencialmente utilizáveis na recomendação de privilégios (secção 2.3);
A análise do estado da arte de mecanismos de rastreamento e proveniência de
informação (secção 2.2);
A proposta de um sistema de recomendação de privilégios de acesso independente
do domínio e a sua integração no sistema de controlo de acessos proposto anteriormente
(secção 3.1);
Levantamento, análise e especificação da informação relativa a privilégios de acesso,
para ser utilizada no sistema de recomendação (secção 2.1);
A especificação da informação resultante do rastreamento de acções para ser utilizada
na recomendação de privilégios de acesso (secção 4.1.1);
A especificação da informação de feedback resultante do sistema de recomendação
de acessos e sua reutilização no sistema de recomendação(secção 4.1.3);
A especificação, implementação e integração do sistema de recomendação de privilégios
de acesso na plataforma já existente (secção 4.2 e secção 4.3);
Realização de experiências de avaliação ao sistema de recomendação de privilégios,
bem como a análise dos resultados obtidos (secção 5).
Due to the large amount of available data in the internet, one of the biggest challenges in
the virtual world is to recommend information to the user. On the other hand this large
amount of data can be useful to improve recommendations if it is semantically described
and inter-related. To describe and relate this information, provenance information is
fundamental.
Several resources are not totally recommendable but can be recommended a speci c
type of access to them. So the cross-domain information provenance, cross-domain
access control and cross-domain access recommendation are leading keys to improve
cross-domain recommendation.
The main goal of this thesis work is to use automatic traceability information of…
Advisors/Committee Members: Bettencourt, Nuno Miguel Gomes, Silva, Nuno Alexandre Pinto da.
Subjects/Keywords: Traceability; Access policy recommendation; Access control
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Peixoto, R. P. (2012). Traceability-based access recommendation. (Thesis). Instituto Politécnico do Porto. Retrieved from http://www.rcaap.pt/detail.jsp?id=oai:recipp.ipp.pt:10400.22/2831
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Peixoto, Rafael Pinto. “Traceability-based access recommendation.” 2012. Thesis, Instituto Politécnico do Porto. Accessed March 23, 2019.
http://www.rcaap.pt/detail.jsp?id=oai:recipp.ipp.pt:10400.22/2831.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Peixoto, Rafael Pinto. “Traceability-based access recommendation.” 2012. Web. 23 Mar 2019.
Vancouver:
Peixoto RP. Traceability-based access recommendation. [Internet] [Thesis]. Instituto Politécnico do Porto; 2012. [cited 2019 Mar 23].
Available from: http://www.rcaap.pt/detail.jsp?id=oai:recipp.ipp.pt:10400.22/2831.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Peixoto RP. Traceability-based access recommendation. [Thesis]. Instituto Politécnico do Porto; 2012. Available from: http://www.rcaap.pt/detail.jsp?id=oai:recipp.ipp.pt:10400.22/2831
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
University of Pretoria
2.
Padayachee, Keshnee.
An
aspect-oriented approach towards enhancing optimistic access
control with usage control.
Degree: Computer Science, 2010, University of Pretoria
URL: http://hdl.handle.net/2263/26683
► With the advent of agile programming, lightweight software processes are being favoured over the highly formalised approaches of the 80s and 90s, where the emphasis…
(more)
▼ With the advent of agile programming, lightweight
software processes are being favoured over the highly formalised
approaches of the 80s and 90s, where the emphasis is on "people,
not processes". Likewise,
access control may benefit from a less
prescriptive approach and an increasing reliance on users to behave
ethically. These ideals correlate with optimistic
access controls.
However, such controls alone may not be adequate as they are
retrospective rather proactive. Optimistic
access controls may
benefit from the stricter enforcement offered by usage
control. The
latter enables finer-grained
control over the usage of digital
objects than do traditional
access control policies and models, as
trust management concerns are also taken into consideration. This
thesis investigates the possibility of enhancing optimistic
access
controls with usage
control to ensure that users conduct themselves
in a trustworthy manner. Since this kind of approach towards
access
control has limited applicability, the present study investigates
contextualising this approach within a mixed-initiative
access
control framework. A mixed-initiative
access control framework
involves combining a minimum of two
access control models where the
request to information is mediated by a mixture of
access policy
enforcement agents. In order for this type of integration to be
successful, a software development approach was considered that
allows for the seamless augmentation of traditional
access control
with optimistic
access control enhanced with usage
control, namely
the aspect-oriented approach. The aspect-oriented paradigm can
facilitate the implementation of additional security features to
legacy systems without modifying existing code. This study
therefore evaluates the aspect-oriented approach in terms of
implementing security concerns. It is evidently difficult to
implement
access control and in dynamic environments preconfigured
access control policies may often change dramatically, depending on
the context. In unpredicted circumstances, users who are denied
access could often have prevented a catastrophe had they been
allowed
access. The costs of implementing and maintaining complex
preconfigured
access control policies sometimes far outweigh the
benefits. Optimistic controls are retrospective and allow users to
exceed their normal privileges. However, if a user accesses
information unethically, the consequences could be disastrous.
Therefore it is proposed that optimistic
access control be enhanced
with some form of usage
control, which may prevent the user from
engaging in risky behaviour. An initiative towards including
security in the earlier phases of the software life cycle is
gaining momentum, as it is much easier to design with security from
the onset than to use the penetrate-and-patch approach.
Unfortunately, incorporating security into software development
takes time and developers tend to focus more on the features of the
software application. The aspect-oriented paradigm can facilitate
the implementation of additional security…
Advisors/Committee Members: Prof J H P Eloff (advisor).
Subjects/Keywords: Aspect-oriented programming; Usage
control; Access
control; Optimistic
access control;
UCTD
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Padayachee, K. (2010). An
aspect-oriented approach towards enhancing optimistic access
control with usage control. (Doctoral Dissertation). University of Pretoria. Retrieved from http://hdl.handle.net/2263/26683
Chicago Manual of Style (16th Edition):
Padayachee, Keshnee. “An
aspect-oriented approach towards enhancing optimistic access
control with usage control.” 2010. Doctoral Dissertation, University of Pretoria. Accessed March 23, 2019.
http://hdl.handle.net/2263/26683.
MLA Handbook (7th Edition):
Padayachee, Keshnee. “An
aspect-oriented approach towards enhancing optimistic access
control with usage control.” 2010. Web. 23 Mar 2019.
Vancouver:
Padayachee K. An
aspect-oriented approach towards enhancing optimistic access
control with usage control. [Internet] [Doctoral dissertation]. University of Pretoria; 2010. [cited 2019 Mar 23].
Available from: http://hdl.handle.net/2263/26683.
Council of Science Editors:
Padayachee K. An
aspect-oriented approach towards enhancing optimistic access
control with usage control. [Doctoral Dissertation]. University of Pretoria; 2010. Available from: http://hdl.handle.net/2263/26683
University of Pretoria
3.
[No author].
An aspect-oriented approach towards enhancing
optimistic access control with usage control
.
Degree: 2010, University of Pretoria
URL: http://upetd.up.ac.za/thesis/available/etd-07262010-142652/
► With the advent of agile programming, lightweight software processes are being favoured over the highly formalised approaches of the 80s and 90s, where the emphasis…
(more)
▼ With the advent of agile programming, lightweight
software processes are being favoured over the highly formalised
approaches of the 80s and 90s, where the emphasis is on "people,
not processes". Likewise,
access control may benefit from a less
prescriptive approach and an increasing reliance on users to behave
ethically. These ideals correlate with optimistic
access controls.
However, such controls alone may not be adequate as they are
retrospective rather proactive. Optimistic
access controls may
benefit from the stricter enforcement offered by usage
control. The
latter enables finer-grained
control over the usage of digital
objects than do traditional
access control policies and models, as
trust management concerns are also taken into consideration. This
thesis investigates the possibility of enhancing optimistic
access
controls with usage
control to ensure that users conduct themselves
in a trustworthy manner. Since this kind of approach towards
access
control has limited applicability, the present study investigates
contextualising this approach within a mixed-initiative
access
control framework. A mixed-initiative
access control framework
involves combining a minimum of two
access control models where the
request to information is mediated by a mixture of
access policy
enforcement agents. In order for this type of integration to be
successful, a software development approach was considered that
allows for the seamless augmentation of traditional
access control
with optimistic
access control enhanced with usage
control, namely
the aspect-oriented approach. The aspect-oriented paradigm can
facilitate the implementation of additional security features to
legacy systems without modifying existing code. This study
therefore evaluates the aspect-oriented approach in terms of
implementing security concerns. It is evidently difficult to
implement
access control and in dynamic environments preconfigured
access control policies may often change dramatically, depending on
the context. In unpredicted circumstances, users who are denied
access could often have prevented a catastrophe had they been
allowed
access. The costs of implementing and maintaining complex
preconfigured
access control policies sometimes far outweigh the
benefits. Optimistic controls are retrospective and allow users to
exceed their normal privileges. However, if a user accesses
information unethically, the consequences could be disastrous.
Therefore it is proposed that optimistic
access control be enhanced
with some form of usage
control, which may prevent the user from
engaging in risky behaviour. An initiative towards including
security in the earlier phases of the software life cycle is
gaining momentum, as it is much easier to design with security from
the onset than to use the penetrate-and-patch approach.
Unfortunately, incorporating security into software development
takes time and developers tend to focus more on the features of the
software application. The aspect-oriented paradigm can facilitate
the implementation of additional security…
Advisors/Committee Members: Prof J H P Eloff (advisor).
Subjects/Keywords: Aspect-oriented programming;
Usage control;
Access control;
Optimistic access control;
UCTD
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
author], [. (2010). An aspect-oriented approach towards enhancing
optimistic access control with usage control
. (Doctoral Dissertation). University of Pretoria. Retrieved from http://upetd.up.ac.za/thesis/available/etd-07262010-142652/
Chicago Manual of Style (16th Edition):
author], [No. “An aspect-oriented approach towards enhancing
optimistic access control with usage control
.” 2010. Doctoral Dissertation, University of Pretoria. Accessed March 23, 2019.
http://upetd.up.ac.za/thesis/available/etd-07262010-142652/.
MLA Handbook (7th Edition):
author], [No. “An aspect-oriented approach towards enhancing
optimistic access control with usage control
.” 2010. Web. 23 Mar 2019.
Vancouver:
author] [. An aspect-oriented approach towards enhancing
optimistic access control with usage control
. [Internet] [Doctoral dissertation]. University of Pretoria; 2010. [cited 2019 Mar 23].
Available from: http://upetd.up.ac.za/thesis/available/etd-07262010-142652/.
Council of Science Editors:
author] [. An aspect-oriented approach towards enhancing
optimistic access control with usage control
. [Doctoral Dissertation]. University of Pretoria; 2010. Available from: http://upetd.up.ac.za/thesis/available/etd-07262010-142652/
University of Utah
4.
Jana, Suman.
On fast and accurate detection of unauthorized wireless access points using clock skews.
Degree: MS;, Computing (School of);, 2009, University of Utah
URL: http://content.lib.utah.edu/cdm/singleitem/collection/etd2/id/1504/rec/837
► We explore the use of clock skew of a wireless local area network access point (AP) as its fingerprint to detect unauthorized APs quickly and…
(more)
▼ We explore the use of clock skew of a wireless local area network access point (AP) as its fingerprint to detect unauthorized APs quickly and accurately. The main goal behind using clock skews is to overcome one of the major limitations of existing solutions - the inability to effectively detect Medium Access Control (MAC) address spoofing. We calculate the clock skew of an AP from the IEEE 802.11 Time Synchronization Function (TSF) timestamps sent out in the beacon/probe response frames. We use two different methods for this purpose - one based on linear programming and the other based on least square fit. We supplement these methods with a heuristic for differentiating original packets from those sent by the fake APs. We collect TSF timestamp data from several APs in three different residential settings. Using our measurement data as well as data obtained from a large conference setting, we find that clock skews remain consistent over time for the same AP but vary significantly across APs. Furthermore, we improve the resolution of received timestamp of the frames and show that with this enhancement our methodology can find clock skews very quickly, using 50-100 packets in most of the cases. We also discuss and quantify the impact of various external factors including temperature variation, virtualization, clock source selection and NTP synchronization on clock skews. Our results indicate that the use of clock skews appears to be an efficient and robust method for detecting fake APs in wireless local area networks.
Subjects/Keywords: Wireless LANs; Medium Access Control
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Jana, S. (2009). On fast and accurate detection of unauthorized wireless access points using clock skews. (Masters Thesis). University of Utah. Retrieved from http://content.lib.utah.edu/cdm/singleitem/collection/etd2/id/1504/rec/837
Chicago Manual of Style (16th Edition):
Jana, Suman. “On fast and accurate detection of unauthorized wireless access points using clock skews.” 2009. Masters Thesis, University of Utah. Accessed March 23, 2019.
http://content.lib.utah.edu/cdm/singleitem/collection/etd2/id/1504/rec/837.
MLA Handbook (7th Edition):
Jana, Suman. “On fast and accurate detection of unauthorized wireless access points using clock skews.” 2009. Web. 23 Mar 2019.
Vancouver:
Jana S. On fast and accurate detection of unauthorized wireless access points using clock skews. [Internet] [Masters thesis]. University of Utah; 2009. [cited 2019 Mar 23].
Available from: http://content.lib.utah.edu/cdm/singleitem/collection/etd2/id/1504/rec/837.
Council of Science Editors:
Jana S. On fast and accurate detection of unauthorized wireless access points using clock skews. [Masters Thesis]. University of Utah; 2009. Available from: http://content.lib.utah.edu/cdm/singleitem/collection/etd2/id/1504/rec/837
University of Ontario Institute of Technology
5.
Sharghigoorabi, Mohammadhassan.
Access control obligation specification and enforcement using behavior pattern language.
Degree: 2018, University of Ontario Institute of Technology
URL: http://hdl.handle.net/10155/908
► Increasing the use of Internet-based devices offers novel opportunities for users to access and share resources anywhere and anytime so that such a collaborative environment…
(more)
▼ Increasing the use of Internet-based devices offers novel opportunities for users
to
access and share resources anywhere and anytime so that such a collaborative
environment complicates the design of an accountable resource
access control system.
Relying on only predefined
access control policies based on an entity's attributes,
as in traditional
access control solutions, cannot provide enough flexibility to apply
continuous adjustments in order to adapt to any kind of operative run time conditions.
The limited scope and precision of the existing policy-based
access control solutions
have put considerable limitations on adequately satisfying the challenging security
aspects of the IT enterprises.
In this research, we focus on the obligatory behavior that can play an important
role in
access control to protect resources and services of a typical system. Since
traditional
access control is performed only once before the resource is accessed by
the
subject, the
access control system is unable to
control the fulfillment of obligation
while the
access is in progress. Practically, such a requirement is implemented in
hard-coded and proprietary ways. Consequently, the lack of sophisticated means
for specification and enforcement of obligation in
access control system decreases its
flexibility and may also lead to the security breach in sensitive environments.
We provide a descriptive language that is capable of defining a variety of complex
behavior patterns based on a sequence of user actions. Such a description can be used
to specify different elements of the obligation in order to attach to a policy language,
and it is also used to generate queries for behavior matching purposes.
Moreover, we propose a behavior pattern matching framework to approve the
fulfillment of the obligation by looking into the audit logs. However, this method is
extremely inadequate for ongoing obligations. Therefore, we proposed a compliance
engine by utilizing complex event processing in order to make a decision to revoke
or continue the
access in a timely manner. We implemented both frameworks that
can be used to approve the obligation fulfillment as well as to evaluate the expressive
power and complexity of our proposed language.
Advisors/Committee Members: Liscano, Ramiro.
Subjects/Keywords: Access control; Obligation; Behavior; Language
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Sharghigoorabi, M. (2018). Access control obligation specification and enforcement using behavior pattern language. (Thesis). University of Ontario Institute of Technology. Retrieved from http://hdl.handle.net/10155/908
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Sharghigoorabi, Mohammadhassan. “Access control obligation specification and enforcement using behavior pattern language.” 2018. Thesis, University of Ontario Institute of Technology. Accessed March 23, 2019.
http://hdl.handle.net/10155/908.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Sharghigoorabi, Mohammadhassan. “Access control obligation specification and enforcement using behavior pattern language.” 2018. Web. 23 Mar 2019.
Vancouver:
Sharghigoorabi M. Access control obligation specification and enforcement using behavior pattern language. [Internet] [Thesis]. University of Ontario Institute of Technology; 2018. [cited 2019 Mar 23].
Available from: http://hdl.handle.net/10155/908.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Sharghigoorabi M. Access control obligation specification and enforcement using behavior pattern language. [Thesis]. University of Ontario Institute of Technology; 2018. Available from: http://hdl.handle.net/10155/908
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
6.
Surampudi, Srinivasa Rao.
Adaptive Slot Adaptive Frame Medium Access Control
Protocol for Human Tracking; -.
Degree: Electrical and communication engineering, 2012, Jawaharlal Nehru Technological University, Hyderabad
URL: http://shodhganga.inflibnet.ac.in/handle/10603/19022
► Radio Frequency Identification (RFID) technology has a number of applications in day to day affairs, especially when security is of main concern. Human activity tracking…
(more)
▼ Radio Frequency Identification (RFID) technology
has a number of applications in day to day affairs, especially when
security is of main concern. Human activity tracking is one such
important application where security is of prime concern. In a
secured environment where RFID based human tracking newlinesystem
is incorporated, one would possibly come across a situation of not
being able to discriminate two or more persons carrying RFID tags
because of sudden increase in the population and haphazard
movement. newlineIn this connection, fast identification and
enumeration of number of tags present in an area under surveillance
is one of the major issues faced by security personnel. newline It
is in this context, we provide a basic feasible solution which
would ensure collision avoidance of RFID tags in a dense and
haphazard environment. We call this technique as Adaptive Slot
Adaptive Frame newline(ASAF) ALOHA protocol .
newline
References p. 107-116
Advisors/Committee Members: Rajan, E G.
Subjects/Keywords: Access; Adaptive; Adaptive; Control; Protocol
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Surampudi, S. R. (2012). Adaptive Slot Adaptive Frame Medium Access Control
Protocol for Human Tracking; -. (Thesis). Jawaharlal Nehru Technological University, Hyderabad. Retrieved from http://shodhganga.inflibnet.ac.in/handle/10603/19022
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Surampudi, Srinivasa Rao. “Adaptive Slot Adaptive Frame Medium Access Control
Protocol for Human Tracking; -.” 2012. Thesis, Jawaharlal Nehru Technological University, Hyderabad. Accessed March 23, 2019.
http://shodhganga.inflibnet.ac.in/handle/10603/19022.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Surampudi, Srinivasa Rao. “Adaptive Slot Adaptive Frame Medium Access Control
Protocol for Human Tracking; -.” 2012. Web. 23 Mar 2019.
Vancouver:
Surampudi SR. Adaptive Slot Adaptive Frame Medium Access Control
Protocol for Human Tracking; -. [Internet] [Thesis]. Jawaharlal Nehru Technological University, Hyderabad; 2012. [cited 2019 Mar 23].
Available from: http://shodhganga.inflibnet.ac.in/handle/10603/19022.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Surampudi SR. Adaptive Slot Adaptive Frame Medium Access Control
Protocol for Human Tracking; -. [Thesis]. Jawaharlal Nehru Technological University, Hyderabad; 2012. Available from: http://shodhganga.inflibnet.ac.in/handle/10603/19022
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
7.
Surampudi, Srinivasa Rao.
Adaptive Slot Adaptive Frame Medium Access Control
Protocol for Human Tracking; -.
Degree: Electrical and communication engineering, 2013, Jawaharlal Nehru Technological University, Hyderabad
URL: http://shodhganga.inflibnet.ac.in/handle/10603/19096
► Radio Frequency Identification (RFID) technology has a number of applications in day to day affairs, especially when security is of main concern. Human activity tracking…
(more)
▼ Radio Frequency Identification (RFID) technology
has a number of applications in day to day affairs, especially when
security is of main concern. Human activity tracking is one such
important application where security is of prime concern. In a
secured environment where RFID based human tracking newlinesystem
is incorporated, one would possibly ome across a situation of not
being able to discriminate two or more persons carrying RFID tags
because of sudden increase in the population and haphazard
movement. newlineIn this connection, fast identification and
enumeration of number of tags present in an area under surveillance
is one of the major issues faced by security personnel.
newline
References p. 107 -115 appendixp.
116-118
Advisors/Committee Members: Rajan, E G, Kishore, K Lal.
Subjects/Keywords: Access; Adaptive; Control; Frame
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Surampudi, S. R. (2013). Adaptive Slot Adaptive Frame Medium Access Control
Protocol for Human Tracking; -. (Thesis). Jawaharlal Nehru Technological University, Hyderabad. Retrieved from http://shodhganga.inflibnet.ac.in/handle/10603/19096
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Surampudi, Srinivasa Rao. “Adaptive Slot Adaptive Frame Medium Access Control
Protocol for Human Tracking; -.” 2013. Thesis, Jawaharlal Nehru Technological University, Hyderabad. Accessed March 23, 2019.
http://shodhganga.inflibnet.ac.in/handle/10603/19096.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Surampudi, Srinivasa Rao. “Adaptive Slot Adaptive Frame Medium Access Control
Protocol for Human Tracking; -.” 2013. Web. 23 Mar 2019.
Vancouver:
Surampudi SR. Adaptive Slot Adaptive Frame Medium Access Control
Protocol for Human Tracking; -. [Internet] [Thesis]. Jawaharlal Nehru Technological University, Hyderabad; 2013. [cited 2019 Mar 23].
Available from: http://shodhganga.inflibnet.ac.in/handle/10603/19096.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Surampudi SR. Adaptive Slot Adaptive Frame Medium Access Control
Protocol for Human Tracking; -. [Thesis]. Jawaharlal Nehru Technological University, Hyderabad; 2013. Available from: http://shodhganga.inflibnet.ac.in/handle/10603/19096
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
8.
Kuninobu, Shigeta.
Security assurance methods for access control systems using static analysis : 静的解析を用いたアクセス制御システムのセキュリティ保証技術に関する研究; セイテキ カイセキ オ モチイタ アクセス セイギョ システム ノ セキュリティ ホショウ ギジュツ ニ カンスル ケンキュウ.
Degree: Nara Institute of Science and Technology / 奈良先端科学技術大学院大学
URL: http://hdl.handle.net/10061/3019
Subjects/Keywords: Access control
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Kuninobu, S. (n.d.). Security assurance methods for access control systems using static analysis : 静的解析を用いたアクセス制御システムのセキュリティ保証技術に関する研究; セイテキ カイセキ オ モチイタ アクセス セイギョ システム ノ セキュリティ ホショウ ギジュツ ニ カンスル ケンキュウ. (Thesis). Nara Institute of Science and Technology / 奈良先端科学技術大学院大学. Retrieved from http://hdl.handle.net/10061/3019
Note: this citation may be lacking information needed for this citation format:
No year of publication.
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Kuninobu, Shigeta. “Security assurance methods for access control systems using static analysis : 静的解析を用いたアクセス制御システムのセキュリティ保証技術に関する研究; セイテキ カイセキ オ モチイタ アクセス セイギョ システム ノ セキュリティ ホショウ ギジュツ ニ カンスル ケンキュウ.” Thesis, Nara Institute of Science and Technology / 奈良先端科学技術大学院大学. Accessed March 23, 2019.
http://hdl.handle.net/10061/3019.
Note: this citation may be lacking information needed for this citation format:
No year of publication.
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Kuninobu, Shigeta. “Security assurance methods for access control systems using static analysis : 静的解析を用いたアクセス制御システムのセキュリティ保証技術に関する研究; セイテキ カイセキ オ モチイタ アクセス セイギョ システム ノ セキュリティ ホショウ ギジュツ ニ カンスル ケンキュウ.” Web. 23 Mar 2019.
Note: this citation may be lacking information needed for this citation format:
No year of publication.
Vancouver:
Kuninobu S. Security assurance methods for access control systems using static analysis : 静的解析を用いたアクセス制御システムのセキュリティ保証技術に関する研究; セイテキ カイセキ オ モチイタ アクセス セイギョ システム ノ セキュリティ ホショウ ギジュツ ニ カンスル ケンキュウ. [Internet] [Thesis]. Nara Institute of Science and Technology / 奈良先端科学技術大学院大学; [cited 2019 Mar 23].
Available from: http://hdl.handle.net/10061/3019.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
No year of publication.
Council of Science Editors:
Kuninobu S. Security assurance methods for access control systems using static analysis : 静的解析を用いたアクセス制御システムのセキュリティ保証技術に関する研究; セイテキ カイセキ オ モチイタ アクセス セイギョ システム ノ セキュリティ ホショウ ギジュツ ニ カンスル ケンキュウ. [Thesis]. Nara Institute of Science and Technology / 奈良先端科学技術大学院大学; Available from: http://hdl.handle.net/10061/3019
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
No year of publication.
9.
Nitta, Naoya.
Security verification of programs with stack inspection : スタック検査機能を持つプログラムに対するセキュリティ検証; スタック ケンサ キノウ オ モツ プログラム ニ タイスル セキュリティ ケンショウ.
Degree: Nara Institute of Science and Technology / 奈良先端科学技術大学院大学
URL: http://hdl.handle.net/10061/2933
Subjects/Keywords: access control
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Nitta, N. (n.d.). Security verification of programs with stack inspection : スタック検査機能を持つプログラムに対するセキュリティ検証; スタック ケンサ キノウ オ モツ プログラム ニ タイスル セキュリティ ケンショウ. (Thesis). Nara Institute of Science and Technology / 奈良先端科学技術大学院大学. Retrieved from http://hdl.handle.net/10061/2933
Note: this citation may be lacking information needed for this citation format:
No year of publication.
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Nitta, Naoya. “Security verification of programs with stack inspection : スタック検査機能を持つプログラムに対するセキュリティ検証; スタック ケンサ キノウ オ モツ プログラム ニ タイスル セキュリティ ケンショウ.” Thesis, Nara Institute of Science and Technology / 奈良先端科学技術大学院大学. Accessed March 23, 2019.
http://hdl.handle.net/10061/2933.
Note: this citation may be lacking information needed for this citation format:
No year of publication.
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Nitta, Naoya. “Security verification of programs with stack inspection : スタック検査機能を持つプログラムに対するセキュリティ検証; スタック ケンサ キノウ オ モツ プログラム ニ タイスル セキュリティ ケンショウ.” Web. 23 Mar 2019.
Note: this citation may be lacking information needed for this citation format:
No year of publication.
Vancouver:
Nitta N. Security verification of programs with stack inspection : スタック検査機能を持つプログラムに対するセキュリティ検証; スタック ケンサ キノウ オ モツ プログラム ニ タイスル セキュリティ ケンショウ. [Internet] [Thesis]. Nara Institute of Science and Technology / 奈良先端科学技術大学院大学; [cited 2019 Mar 23].
Available from: http://hdl.handle.net/10061/2933.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
No year of publication.
Council of Science Editors:
Nitta N. Security verification of programs with stack inspection : スタック検査機能を持つプログラムに対するセキュリティ検証; スタック ケンサ キノウ オ モツ プログラム ニ タイスル セキュリティ ケンショウ. [Thesis]. Nara Institute of Science and Technology / 奈良先端科学技術大学院大学; Available from: http://hdl.handle.net/10061/2933
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
No year of publication.
Queens University
10.
Ashtaiwi, Abduladhim.
MIMO-aware Medium Access Control in IEEE 802.11 Networks
.
Degree: Electrical and Computer Engineering, 2009, Queens University
URL: http://hdl.handle.net/1974/1675
► Wireless Mesh Networks (WMNs) are dynamically self-organized and self-configured, where the nodes in the network automatically establish an ad hoc network and maintain mesh connectivity.…
(more)
▼ Wireless Mesh Networks (WMNs) are dynamically self-organized and self-configured, where the nodes in the network automatically establish an ad hoc network and maintain mesh connectivity. These properties make WMNs a key technology for next generation wireless networking. However, supporting Quality of Service (QoS) to enable multimedia services is still one of the major issues in next-generation WMNs.
In distributed systems like WMNs, the Medium Access Control (MAC) layer is considered very important in the IEEE 802.11-based wireless networks, as it supports many crucial operational functions. Hence, QoS support in WMNs can be enhanced through the efficient cross-layer design of MAC protocols that utilizes advanced physical layer technologies viz Multiple-Input Multiple-Output (MIMO) with its multiple spatial channels that are capable of simultaneous receive or transmit streams. MIMO has become a very attractive technology in providing support for different QoS requirements.
In this thesis we propose a novel QoS MIMO-aware MAC Protocol (QMMP). QMMP is a MAC protocol framework that exploits the MIMO system gains to boost QoS support. The proposed MAC framework includes the following components. The first component enables concurrent sharing of the increased MIMO bandwidth, i.e., instead of allocating all the spatial channels to one connection, connections can concurrently share the increase bandwidth via splitting the spatial channels. The second component reduces the medium access collisions problem. In distributed systems like WMNs, medium access collisions have a noticeably negative impact on resource (bandwidth) utilization as they leave the bandwidth unutilized for a long time. To address this problem, we propose a spatial channels sharing scheme during medium contention period. The third component boosts the bandwidth utilization during data transmission. We propose resource management schemes that adapt the physical data rate and the aggregation frame length according to the instantaneous channel quality. Then we propose a QoS-aware bandwidth provisioning mechanism that performs effective bandwidth distribution to further boost QoS support.
Subjects/Keywords: Wireless LANs;
Medium Access Control
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Ashtaiwi, A. (2009). MIMO-aware Medium Access Control in IEEE 802.11 Networks
. (Thesis). Queens University. Retrieved from http://hdl.handle.net/1974/1675
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Ashtaiwi, Abduladhim. “MIMO-aware Medium Access Control in IEEE 802.11 Networks
.” 2009. Thesis, Queens University. Accessed March 23, 2019.
http://hdl.handle.net/1974/1675.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Ashtaiwi, Abduladhim. “MIMO-aware Medium Access Control in IEEE 802.11 Networks
.” 2009. Web. 23 Mar 2019.
Vancouver:
Ashtaiwi A. MIMO-aware Medium Access Control in IEEE 802.11 Networks
. [Internet] [Thesis]. Queens University; 2009. [cited 2019 Mar 23].
Available from: http://hdl.handle.net/1974/1675.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Ashtaiwi A. MIMO-aware Medium Access Control in IEEE 802.11 Networks
. [Thesis]. Queens University; 2009. Available from: http://hdl.handle.net/1974/1675
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Penn State University
11.
Luo, Bo.
XML ACCESS CONTROL IN NATIVE AND RDBMS-SUPPORTED XML
DATABASES.
Degree: PhD, Information Sciences and Technology, 2008, Penn State University
URL: https://etda.libraries.psu.edu/catalog/8523
► As the eXtensible Markup Language (XML) has emerged as the de facto standard for storing and exchanging information in the Internet Age, the needs for…
(more)
▼ As the eXtensible Markup Language (XML) has emerged as
the de facto standard for storing and exchanging information in the
Internet Age, the needs for efficient yet secure access of XML data
naturally arise. It becomes increasingly important to be able to
tailor information in XML data for various users and applications,
while preserving confidentiality. In this dissertation, we ask how
fine-grained XML access control can be supported when underlying
(XML or relational) DBMS does not provide any security features for
XML data. We first present deep set operators for XML as an
extension of conventional set operators, and use them to
algebraically describe XML access control. We introduce a general
framework to capture design principles and operations of existing
XML access control mechanisms across centralized and distributed
environments. In the native XML environment (XDB), we advocate an
efficient, view-free, Non-deterministic Finite Automata (NFA) based
access control enforcement mechanism, called QFilter. It supports
fine-grained XML access control and works independently from the
underlying XML engine, thus provides great flexibility. In
RDBMS-supported XML database systems (XRDB), we first introduce
object and operation equivalency as a bridge between relational and
XML data models. Then we present theoretical results on how one can
(or cannot) support fine-grained XML access control using
relational access control features. We also show implementation
choices and the required security features from underlying RDBMS.
Finally, we implement our approach and exhibit its superior
performance against native XML DBMS.
Subjects/Keywords: XML; Information Security; Access Control
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Luo, B. (2008). XML ACCESS CONTROL IN NATIVE AND RDBMS-SUPPORTED XML
DATABASES. (Doctoral Dissertation). Penn State University. Retrieved from https://etda.libraries.psu.edu/catalog/8523
Chicago Manual of Style (16th Edition):
Luo, Bo. “XML ACCESS CONTROL IN NATIVE AND RDBMS-SUPPORTED XML
DATABASES.” 2008. Doctoral Dissertation, Penn State University. Accessed March 23, 2019.
https://etda.libraries.psu.edu/catalog/8523.
MLA Handbook (7th Edition):
Luo, Bo. “XML ACCESS CONTROL IN NATIVE AND RDBMS-SUPPORTED XML
DATABASES.” 2008. Web. 23 Mar 2019.
Vancouver:
Luo B. XML ACCESS CONTROL IN NATIVE AND RDBMS-SUPPORTED XML
DATABASES. [Internet] [Doctoral dissertation]. Penn State University; 2008. [cited 2019 Mar 23].
Available from: https://etda.libraries.psu.edu/catalog/8523.
Council of Science Editors:
Luo B. XML ACCESS CONTROL IN NATIVE AND RDBMS-SUPPORTED XML
DATABASES. [Doctoral Dissertation]. Penn State University; 2008. Available from: https://etda.libraries.psu.edu/catalog/8523
University of Saskatchewan
12.
Jamsrandorj, Tom 1983-.
DECENTRALIZED ACCESS CONTROL USING THE BLOCKCHAIN.
Degree: 2017, University of Saskatchewan
URL: http://hdl.handle.net/10388/8087
► To effectively participate in modern collaborations, member organizations should be able to share digital resources with various partners, while ensuring their digital resources are protected…
(more)
▼ To effectively participate in modern collaborations, member organizations should be able to share digital resources with various partners, while ensuring their digital resources are protected from inappropriate
access. In the existing literature, a substantial amount of research on centralized
access control in the context of a single organization has been carried out. However, research on decentralized
access control in a collaborative environment is scarce. To advance research in this area, I implemented a prototype of a decentralized
access control system, which supports transparency, auditability, immutability, and equality in a collaboration environment, using the Multichain blockchain platform, RESTful web services, and Java programming language. The prototype was developed to evaluate two primary metrics: average response time and throughput. To achieve this, I carried out a number of experiments to measure both metrics on a Local Area Network (LAN) and on Amazon Web Services (AWS) under 84 different experimental conditions. The LAN setup provides a baseline for system performance under optimal conditions, while the cloud infrastructure represents a real-world use case. With low-system loads (comprising one to thirty concurrent clients and a single server running the system), the LAN setup outperformed the AWS setup by a factor of 2.5 based on throughput. On the other hand, when the system load is significantly increased, with more servers running the system, the AWS and LAN setups showed only a marginal difference in their performance. This demonstrates the potential to horizontally scale the decentralized
access control system using blockchain on cloud infrastructure.
Advisors/Committee Members: Dinh, Anh, Vassileva, Julita, Greer, Jim.
Subjects/Keywords: Decentralized access control; blockchain
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Jamsrandorj, T. 1. (2017). DECENTRALIZED ACCESS CONTROL USING THE BLOCKCHAIN. (Thesis). University of Saskatchewan. Retrieved from http://hdl.handle.net/10388/8087
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Jamsrandorj, Tom 1983-. “DECENTRALIZED ACCESS CONTROL USING THE BLOCKCHAIN.” 2017. Thesis, University of Saskatchewan. Accessed March 23, 2019.
http://hdl.handle.net/10388/8087.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Jamsrandorj, Tom 1983-. “DECENTRALIZED ACCESS CONTROL USING THE BLOCKCHAIN.” 2017. Web. 23 Mar 2019.
Vancouver:
Jamsrandorj T1. DECENTRALIZED ACCESS CONTROL USING THE BLOCKCHAIN. [Internet] [Thesis]. University of Saskatchewan; 2017. [cited 2019 Mar 23].
Available from: http://hdl.handle.net/10388/8087.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Jamsrandorj T1. DECENTRALIZED ACCESS CONTROL USING THE BLOCKCHAIN. [Thesis]. University of Saskatchewan; 2017. Available from: http://hdl.handle.net/10388/8087
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
University of Victoria
13.
Habibi, Ryan.
Consent based privacy for eHealth systems.
Degree: Department of Computer Science, 2018, University of Victoria
URL: https://dspace.library.uvic.ca//handle/1828/10010
► Access to Personal Health Information (PHI) is a valuable part of the modern health care model. Timely access to relevant PHI assists care providers in…
(more)
▼ Access to Personal Health Information (PHI) is a valuable part of the modern health care model. Timely
access to relevant PHI assists care providers in making clinical decisions and ensure that patients receive the highest quality of care. PHI is highly sensitive and unauthorized disclosure of PHI has potential to lead to social, economic, or even physical harm to the patient. Traditional electronic health (eHealth) tools are designed for the needs of care providers and are insufficient for the needs of patients. Our research goal is to investigate the requirements of electronic health care systems which place patient health and privacy above all other concerns.
Control of secure resources is a well established area of research in which many techniques such as cryptography,
access control, authentication, and organizational policy can be combined to maintain the confidentiality and integrity of data.
Access control is the dominant data owner facing privacy
control. To better understand this domain we conducted a scoping literature review to rapidly map the key concepts underpinning patient facing
access controls in eHealth systems. We present the analysis of that corpus as well as a set of identified requirements. Based on the identified requirements we developed Circle of Health based
Access Control (CoHBAC), a patient centered
access control model. We then performed a second scoping review to extend our research beyond just
access controls, which are insufficient to provide reasonable privacy alone. The second review yielded a larger, more comprehensive, set of sixty five requirements for patient centered privacy systems. We refined CoHBAC into Privacy Centered
Access Control (PCAC) to meet the needs of our second set of requirements. Using the conceptual model of accountability that emerged from the reviewed literature we present the identified requirements organized into the Patient Centered Privacy Framework. We applied our framework to the Canadian health care context to demonstrate its applicability.
Advisors/Committee Members: Damian, Daniela (supervisor).
Subjects/Keywords: Access Control; eHealth; Consent; Privacy
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Habibi, R. (2018). Consent based privacy for eHealth systems. (Masters Thesis). University of Victoria. Retrieved from https://dspace.library.uvic.ca//handle/1828/10010
Chicago Manual of Style (16th Edition):
Habibi, Ryan. “Consent based privacy for eHealth systems.” 2018. Masters Thesis, University of Victoria. Accessed March 23, 2019.
https://dspace.library.uvic.ca//handle/1828/10010.
MLA Handbook (7th Edition):
Habibi, Ryan. “Consent based privacy for eHealth systems.” 2018. Web. 23 Mar 2019.
Vancouver:
Habibi R. Consent based privacy for eHealth systems. [Internet] [Masters thesis]. University of Victoria; 2018. [cited 2019 Mar 23].
Available from: https://dspace.library.uvic.ca//handle/1828/10010.
Council of Science Editors:
Habibi R. Consent based privacy for eHealth systems. [Masters Thesis]. University of Victoria; 2018. Available from: https://dspace.library.uvic.ca//handle/1828/10010
Universidade Nova
14.
Pires, Mário Rui Dias.
A type system for access control in an object-oriented language.
Degree: 2009, Universidade Nova
URL: http://www.rcaap.pt/detail.jsp?id=oai:run.unl.pt:10362/2308
► Trabalho apresentado no âmbito do Mestrado em Engenharia Informática, como requisito parcial para obtenção do grau de Mestre em Engenharia Informática
The need for a…
(more)
▼ Trabalho apresentado no âmbito do Mestrado em Engenharia Informática, como requisito parcial para obtenção do grau de Mestre em Engenharia Informática
The need for a security system to ensure the integrity of protected data leads to the development of access control systems, whose purpose is to prevent access to protected information or resources by unauthorized individuals. In this thesis, we develop and formalize a type and effect system that verifies the access control to objects in a simplified object-oriented language.
Traditionally, access control is done only at run-time, using dynamic techniques, such as access control lists, that perform run-time verifications for credentials and privileges. However, these techniques increase the total execution time of an operation, potentially breaking system
requirements such as usability or response time.
Static approaches, based on static analysis or type systems, reduce the amount of run-time checks by doing some of those checks during compile-time, preventing the occurrence of errors before running the program and offering formal proofs of system correctness.
The type system developed in this dissertation deals with the dynamic delegation of authorizations to access objects. An authorization includes the identification of the protected object
and its access policy and is considered by the type system as a first class value. As such, object types are extended with policies that reflect the current privilege associated with the object, and typing an expression can produce an effect on policies. We name this new type as user type and the respective value as user view, which contain the object’s reference and a policy to access the object.
We consider privileges over objects to be the methods that can be invoked. So, a policy
states what methods are available to be called. When typing a method call by an user view, we are able to verify if it was authorized, that is, if the current policy says that the method is available. This mechanism allows the removal of common security specifications from class
declarations, as visibility modifiers (public, private).
Furthermore, we present a soundness result for our type system. We also implemented a
typechecking algorithm for our type system, resulting in a tool to verify the integrity of protected objects in a system designed in the defined programming language.
This work was supported by a CITI research grant
Advisors/Committee Members: Caires, Luís.
Subjects/Keywords: Security; Access control; Type system
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Pires, M. R. D. (2009). A type system for access control in an object-oriented language. (Thesis). Universidade Nova. Retrieved from http://www.rcaap.pt/detail.jsp?id=oai:run.unl.pt:10362/2308
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Pires, Mário Rui Dias. “A type system for access control in an object-oriented language.” 2009. Thesis, Universidade Nova. Accessed March 23, 2019.
http://www.rcaap.pt/detail.jsp?id=oai:run.unl.pt:10362/2308.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Pires, Mário Rui Dias. “A type system for access control in an object-oriented language.” 2009. Web. 23 Mar 2019.
Vancouver:
Pires MRD. A type system for access control in an object-oriented language. [Internet] [Thesis]. Universidade Nova; 2009. [cited 2019 Mar 23].
Available from: http://www.rcaap.pt/detail.jsp?id=oai:run.unl.pt:10362/2308.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Pires MRD. A type system for access control in an object-oriented language. [Thesis]. Universidade Nova; 2009. Available from: http://www.rcaap.pt/detail.jsp?id=oai:run.unl.pt:10362/2308
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
University of Waterloo
15.
Cai, Lin.
Design and Analysis of Medium Access Control Protocols for Broadband Wireless Networks.
Degree: 2009, University of Waterloo
URL: http://hdl.handle.net/10012/4882
► The next-generation wireless networks are expected to integrate diverse network architectures and various wireless access technologies to provide a robust solution for ubiquitous broadband wireless…
(more)
▼ The next-generation wireless networks are expected to integrate diverse network architectures and various wireless access technologies to provide a robust solution for ubiquitous broadband wireless access, such as wireless local area networks (WLANs), Ultra-Wideband (UWB), and millimeter-wave (mmWave) based wireless personal area networks (WPANs), etc. To enhance the spectral efficiency and link reliability, smart antenna systems have been proposed as a promising candidate for future broadband access networks. To effectively exploit the increased capabilities of the emerging wireless networks, the different network characteristics and the underlying physical layer features need to be considered in the medium access control (MAC) design, which plays a critical role in providing efficient and fair resource sharing among multiple users.
In this thesis, we comprehensively investigate the MAC design in both single- and multi-hop broadband wireless networks, with and without infrastructure support. We first develop mathematical models to identify the performance bottlenecks and constraints in the design and operation of existing MAC. We then use a cross-layer approach to mitigate the identified bottleneck problems. Finally, by evaluating the performance of the proposed protocols with analytical models and extensive simulations, we determine the optimal protocol parameters to maximize the network performance.
In specific, a generic analytical framework is developed for capacity study of an IEEE 802.11 WLAN in support of non-persistent asymmetric traffic flows. The analysis can be applied for effective admission control to guarantee the quality of service (QoS) performance of multimedia applications. As the access point (AP) becomes the bottleneck in an infrastructure based WLAN, we explore the multiple-input multiple-output (MIMO) capability in the future IEEE 802.11n WLANs and propose a MIMO-aware multi-user (MU) MAC. By exploiting the multi-user degree of freedom in a MIMO system to allow the AP to communicate with multiple users in the downlink simultaneously, the proposed MU MAC can minimize the AP-bottleneck effect and significantly improve the network capacity. Other enhanced MAC mechanisms, e.g., frame aggregation and bidirectional transmissions, are also studied.
Furthermore, different from a narrowband system where simultaneous transmissions by nearby neighbors collide with each other, wideband system can support multiple concurrent transmissions if the multi-user interference can be properly managed. Taking advantage of the salient features of UWB and mmWave communications, we propose an exclusive region (ER) based MAC protocol to exploit the spatial multiplexing gain of centralized UWB and mmWave based wireless networks. Moreover, instead of studying the asymptotic capacity bounds of arbitrary networks which may be too loose to be useful in realistic networks, we derive the expected capacity or transport capacity of UWB and mmWave based networks with random topology. The analysis reveals the main…
Subjects/Keywords: Medium Access Control; Wireless Networks
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Cai, L. (2009). Design and Analysis of Medium Access Control Protocols for Broadband Wireless Networks. (Thesis). University of Waterloo. Retrieved from http://hdl.handle.net/10012/4882
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Cai, Lin. “Design and Analysis of Medium Access Control Protocols for Broadband Wireless Networks.” 2009. Thesis, University of Waterloo. Accessed March 23, 2019.
http://hdl.handle.net/10012/4882.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Cai, Lin. “Design and Analysis of Medium Access Control Protocols for Broadband Wireless Networks.” 2009. Web. 23 Mar 2019.
Vancouver:
Cai L. Design and Analysis of Medium Access Control Protocols for Broadband Wireless Networks. [Internet] [Thesis]. University of Waterloo; 2009. [cited 2019 Mar 23].
Available from: http://hdl.handle.net/10012/4882.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Cai L. Design and Analysis of Medium Access Control Protocols for Broadband Wireless Networks. [Thesis]. University of Waterloo; 2009. Available from: http://hdl.handle.net/10012/4882
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
University of Waterloo
16.
Krishnan, Vivek.
Relating Declarative Semantics and Usability in Access Control.
Degree: 2012, University of Waterloo
URL: http://hdl.handle.net/10012/6893
► This thesis addresses the problem of usability in the context of administration of access control systems. We seek to relate the notion of declarative semantics,…
(more)
▼ This thesis addresses the problem of usability in the context of administration of access control systems. We seek to relate the notion of declarative semantics, a recurring theme in research in access control, with usability. We adopt the concrete context of POSIX ACLs and the traditional interface for it that comprises two utilities getfacl and setfacl. POSIX ACLs are the de facto standard to which POSIX conformant systems such as Linux and OpenBSD adhere. The natural semantics of getfacl and setfacl is operational. By operational we mean that the semantics of these are speci ed procedurally. We have designed and implemented an alternate interface that we call askfacl whose natural semantics is declarative. Declarative semantics means "what you see is what it is."
We also discuss our design of askfacl and articulate the following thesis that underlies our work: If the natural semantics of the interface for ACLs is declarative, then a user is able to more quickly, accurately and confidently, inspect and edit ACLs than if the semantics is operational. To validate our thesis we conducted a between participant human-subject usability study with 42 participants. The results of our study measurably demonstrate the goodness of declarative semantics in access control.
Subjects/Keywords: Usability; Security; Access Control
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Krishnan, V. (2012). Relating Declarative Semantics and Usability in Access Control. (Thesis). University of Waterloo. Retrieved from http://hdl.handle.net/10012/6893
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Krishnan, Vivek. “Relating Declarative Semantics and Usability in Access Control.” 2012. Thesis, University of Waterloo. Accessed March 23, 2019.
http://hdl.handle.net/10012/6893.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Krishnan, Vivek. “Relating Declarative Semantics and Usability in Access Control.” 2012. Web. 23 Mar 2019.
Vancouver:
Krishnan V. Relating Declarative Semantics and Usability in Access Control. [Internet] [Thesis]. University of Waterloo; 2012. [cited 2019 Mar 23].
Available from: http://hdl.handle.net/10012/6893.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Krishnan V. Relating Declarative Semantics and Usability in Access Control. [Thesis]. University of Waterloo; 2012. Available from: http://hdl.handle.net/10012/6893
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
University of Waterloo
17.
Wu, Zhiping.
Data Structures for Fast Access Control in ECM Systems.
Degree: 2014, University of Waterloo
URL: http://hdl.handle.net/10012/8614
► While many access control models have been proposed, little work has been done on the efficiency of access control systems. Because the access control sub-system…
(more)
▼ While many access control models have been proposed, little work has been done on the efficiency of access control systems. Because the access control sub-system of an Enterprise Content Management (ECM) system may be a bottleneck, we investigate the representation of permissions to improve its efficiency. Observing that there are many browsing-oriented permission request queries, we choose to implement a subject-oriented representation (i.e., maintaining a permission list for each subject). Additionally, we notice that with breadth-first ID numbering we may encounter many contiguous IDs under one object (e.g., folder) .
To optimize the efficiency taking into account the above two characteristics, this thesis presents a space-efficient data structure specifically tailored for representing permission lists in ECM systems. Besides the space efficiency, checking, granting or revocation of a permission is very fast using our data structure. It also supports fast union of two or more permission lists (determining the effective permissions inherited from users' groups). In addition, our data structure is scalable to support any increase in the number of objects and subjects.
We evaluate our representation by comparing it against the bitmap based representation and a hash table based representation while using random ID numbering and breadth-first numbering, respectively. Our experimental tests on both synthetic and real-world data show that the hash table outperforms our representation for regular permission queries (i.e., querying permissions on a single object each time) as well as browsing-oriented queries with random ID numbering. However, our tests also show that 1) our representation supports faster browsing-oriented queries with breadth-first ID numbering applied while consuming only half the space when compared to the hash table based representation, and 2) our representation is much more space and time efficient than the bitmap based representation for our application.
Subjects/Keywords: Access Control; ECM System
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Wu, Z. (2014). Data Structures for Fast Access Control in ECM Systems. (Thesis). University of Waterloo. Retrieved from http://hdl.handle.net/10012/8614
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Wu, Zhiping. “Data Structures for Fast Access Control in ECM Systems.” 2014. Thesis, University of Waterloo. Accessed March 23, 2019.
http://hdl.handle.net/10012/8614.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Wu, Zhiping. “Data Structures for Fast Access Control in ECM Systems.” 2014. Web. 23 Mar 2019.
Vancouver:
Wu Z. Data Structures for Fast Access Control in ECM Systems. [Internet] [Thesis]. University of Waterloo; 2014. [cited 2019 Mar 23].
Available from: http://hdl.handle.net/10012/8614.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Wu Z. Data Structures for Fast Access Control in ECM Systems. [Thesis]. University of Waterloo; 2014. Available from: http://hdl.handle.net/10012/8614
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Linköping University
18.
Huang, Qing.
An extension to the Android access control framework.
Degree: Computer and Information Science, 2011, Linköping University
URL: http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-73064
► Several nice hardware functionalities located at the low level of operating system onmobile phones could be utilized in a better way if they are…
(more)
▼ Several nice hardware functionalities located at the low level of operating system onmobile phones could be utilized in a better way if they are available to applicationdevelopers. With their help, developers are able to bring overall user experienceto a new level in terms of developing novel applications. For instance, one of thosehardware functionalities, SIM-card authentication is able to offer stronger andmore convenient way of authentication when compared to the traditional approach.Replacing the username-password combination with the SIM-card authentication,users are freed from memorizing passwords. However, since normally those kindsof functionalities are locked up at the low level, they are only accessible by a fewusers who have been given privileged access rights. To let the normal applicationsbe benefiting as well, they need to be made accessible at the application level. Onthe one hand, as we see the benefit it will bring to us, there is a clear intentionto open it up, however, on the other hand, there is also a limitation resultingfrom their security-critical nature that needs to be placed when accessing whichis restricting the access to trusted third parties. Our investigation is based on the Android platform. The problem that we havediscovered is the existing security mechanism in Android is not able to satisfy everyregards of requirements we mentioned above when exposing SIM-card authenticationfunctionality. Hence, our requirement on enhancing the access control modelof Android comes naturally. In order to better suit the needs, we proposed a solutionWhite lists & Domains (WITDOM) to improve its current situation in thethesis. The proposed solution is an extension to the existing access control modelin Android that allows alternative ways to specify access controls therefore complementingthe existing Android security mechanisms. We have both designedand implemented the solution and the result shows that with the service that weprovided, critical functionalities, such as APIs for the low-level hardware functionalitycan retain the same level of protection however in the meanwhile, with moreflexible protection mechanism.
Subjects/Keywords: Android security; access control
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Huang, Q. (2011). An extension to the Android access control framework. (Thesis). Linköping University. Retrieved from http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-73064
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Huang, Qing. “An extension to the Android access control framework.” 2011. Thesis, Linköping University. Accessed March 23, 2019.
http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-73064.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Huang, Qing. “An extension to the Android access control framework.” 2011. Web. 23 Mar 2019.
Vancouver:
Huang Q. An extension to the Android access control framework. [Internet] [Thesis]. Linköping University; 2011. [cited 2019 Mar 23].
Available from: http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-73064.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Huang Q. An extension to the Android access control framework. [Thesis]. Linköping University; 2011. Available from: http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-73064
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Delft University of Technology
19.
Steenstra, C.T.
Designing a privacy aware infrastructure for an Inclusive Enterprise at IBM:.
Degree: 2016, Delft University of Technology
URL: http://resolver.tudelft.nl/uuid:e0704a99-6b12-4fc0-8310-c7cbabfe5a8d
► The widespread adoption of computer technologies fundamentally re-shaped the way companies operate. A deluge of systems and applications now support the daily activities of employees…
(more)
▼ The widespread adoption of computer technologies fundamentally re-shaped the way companies operate. A deluge of systems and applications now support the daily activities of employees and managers alike, thus increasing the amount, value, and sensibleness of available data. This abundance of data provides new opportunities for applications development, where more and more data is shared and reused to enable new functionalities, to unlock novel insights about the enterprise or its personnel, or to improve on aspects such as employee engagement, productivity or sociability. At the same time, data sharing poses new challenges. Data is often used for purposes that are different from the original design, and there is a pervasive need to ensure compliance with the relevant laws and third party policies. What is more, employees might find the increased use of personal data undesirable, and therefore demand proper transparency and
control over their personal data.
This works tackles the technical challenges that come with the sharing and usage of personal data by enterprise-class applications, and provides a framework for privacy aware data sharing. In a literature survey we investigate several disciplines related to privacy,
access control management, and provenance in computer systems, to determine the current state of the art and practice. The study provides the conceptual underpinning for a novel data model that facilitates a privacy aware way for applications to share data while still providing transparency, simplicity and
control to users. The model is then implemented in a new enterprise-class platform, a multi-tenant Software-as-a-Service (SaaS) provider that centralises privacy and consent management related functionalities. The model and framework are then validated through interviews with IBM employees having different roles within the organisation. The quality of the resulting implementation is validated by means of a set of scalability tests, with the goal of demonstrating the actual suitability of the proposed solution in a realistic enterprise context.
Advisors/Committee Members: Bozzon, A., Sips, R..
Subjects/Keywords: privacy; access control; authorization; infrastructure
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Steenstra, C. T. (2016). Designing a privacy aware infrastructure for an Inclusive Enterprise at IBM:. (Masters Thesis). Delft University of Technology. Retrieved from http://resolver.tudelft.nl/uuid:e0704a99-6b12-4fc0-8310-c7cbabfe5a8d
Chicago Manual of Style (16th Edition):
Steenstra, C T. “Designing a privacy aware infrastructure for an Inclusive Enterprise at IBM:.” 2016. Masters Thesis, Delft University of Technology. Accessed March 23, 2019.
http://resolver.tudelft.nl/uuid:e0704a99-6b12-4fc0-8310-c7cbabfe5a8d.
MLA Handbook (7th Edition):
Steenstra, C T. “Designing a privacy aware infrastructure for an Inclusive Enterprise at IBM:.” 2016. Web. 23 Mar 2019.
Vancouver:
Steenstra CT. Designing a privacy aware infrastructure for an Inclusive Enterprise at IBM:. [Internet] [Masters thesis]. Delft University of Technology; 2016. [cited 2019 Mar 23].
Available from: http://resolver.tudelft.nl/uuid:e0704a99-6b12-4fc0-8310-c7cbabfe5a8d.
Council of Science Editors:
Steenstra CT. Designing a privacy aware infrastructure for an Inclusive Enterprise at IBM:. [Masters Thesis]. Delft University of Technology; 2016. Available from: http://resolver.tudelft.nl/uuid:e0704a99-6b12-4fc0-8310-c7cbabfe5a8d
University of Johannesburg
20.
Von Solms, Johan Sebastiaan.
MOFAC : model for fine grained access control.
Degree: 2014, University of Johannesburg
URL: http://hdl.handle.net/10210/12035
► M.Sc. (Computer Science)
Computer security is a key component in any computer system. Traditionally computers were not connected to one another. This centralized configuration made…
(more)
▼ M.Sc. (Computer Science)
Computer security is a key component in any computer system. Traditionally computers were not connected to one another. This centralized configuration made the implementation of computer security a relatively easy task. The closed nature of the system limited the number of unknown factors that could cause security breaches. The users and their access rights were generally well defined and the system was protected from outside threats through simple, yet effective control measures. The evolution of network environments changed the computer environment and in effect also computer security. It became more difficult to implement protection measures because the nature of the environment changed from closed to open. New defenses had to be developed for security issues like unknown parameters, increased points of attack, unknown paths of information etc. Businesses and the general public today depend on network systems and no person can ignore these and other related security problems. The widespread publicity of attacks, and better customer awareness on security issues, created a need for new solutions for computer security. Security organisations, businesses and universities are addressing these problems through the development of security standards and security solutions.Today computer systems are becoming more "safe" through new products such as encryption and decryption algorithms, single-sign on password facilities, biometrics systems, smart cards, firewalls etc. Another important security consideration is Access Control. Access Control is responsible for controlling the actions of users to resources.
Subjects/Keywords: Computers - Access control; Computer security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Von Solms, J. S. (2014). MOFAC : model for fine grained access control. (Thesis). University of Johannesburg. Retrieved from http://hdl.handle.net/10210/12035
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Von Solms, Johan Sebastiaan. “MOFAC : model for fine grained access control.” 2014. Thesis, University of Johannesburg. Accessed March 23, 2019.
http://hdl.handle.net/10210/12035.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Von Solms, Johan Sebastiaan. “MOFAC : model for fine grained access control.” 2014. Web. 23 Mar 2019.
Vancouver:
Von Solms JS. MOFAC : model for fine grained access control. [Internet] [Thesis]. University of Johannesburg; 2014. [cited 2019 Mar 23].
Available from: http://hdl.handle.net/10210/12035.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Von Solms JS. MOFAC : model for fine grained access control. [Thesis]. University of Johannesburg; 2014. Available from: http://hdl.handle.net/10210/12035
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
University of Johannesburg
21.
Edwards, Norman Godfrey.
Die ontwikkeling en implementering van 'n formele model vir logiese toegangsbeheer in rekenaarstelsels.
Degree: 2014, University of Johannesburg
URL: http://hdl.handle.net/10210/9810
► M.Com. (Computer Science)
The area covered in this study is that of logical security models. A logical security model refers to the formal representation of…
(more)
▼ M.Com. (Computer Science)
The area covered in this study is that of logical security models. A logical security model refers to the formal representation of a security policy which allows the subsequent movement of rights between subjects and objects in a system. The best way to illustrate the goal of this study, is with the following abstract from the submitted article, which originated from this study. 'The original protection graph rewriting grammar used to simulate the different operations of the Take/Grant model is reviewed. The productions of the PGR-grammar is then expanded, by adding a new context which is based on the different security classes found in the Bell Grid LaPadula model [14].' The first goal of this study was to take the Take/Grant security -model and expand it. This expansion included the concept of assigning a different security class to each subject and object in the model. This concept was derived from the Bell and LaPadula model as discussed in chapter 2 of this study. The next goal that was defined, was to expand the PGR-grammar of [28], so that it would also be able to simulate .the operations of this expanded Take/Grant model. The .PGR-grammar consisted of different permitting and forbidding node and edge contexts. This PGR-grammar was expanded by adding an additional context to the formal representation. This expansion is explained in detail in chapter 5 of this study. The third goal was to take the expansions, mentioned above, and implement them in a computer system. This computer system had to make use of an expert. system in order to reach certain conclusions. Each of the operations of the Take/Grant model must be evaluated, to determine whether that rule can be applied or not. The use of the expert system is explained in chapters 6 and 7 of this study. This study consists out of eight chapters in the following order. Chapter 2 starts of with an introduction of some of the most important logical security models. This chapter gives the reader background knowledge of the different models available, which is essential for the rest of the study. This chapter, however, does not discuss the Take/Grant model in detail. This is done in chapter 3 of the study. In this chapter the Take Grant model is discussed as a major input to this study. The Send Receive model is also discussed as a variation of the Take/Grant model. In the last section of the chapter a comparison is drawn between these two models. Chapter 4 formalizes the Take/Grant model. The protection graph rewriting grammar (PGR-grammar), which is used to simulate the different operations of the Take/Grant model, is introduced...
Subjects/Keywords: Computers - Access control; Data protection
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Edwards, N. G. (2014). Die ontwikkeling en implementering van 'n formele model vir logiese toegangsbeheer in rekenaarstelsels. (Thesis). University of Johannesburg. Retrieved from http://hdl.handle.net/10210/9810
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Edwards, Norman Godfrey. “Die ontwikkeling en implementering van 'n formele model vir logiese toegangsbeheer in rekenaarstelsels.” 2014. Thesis, University of Johannesburg. Accessed March 23, 2019.
http://hdl.handle.net/10210/9810.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Edwards, Norman Godfrey. “Die ontwikkeling en implementering van 'n formele model vir logiese toegangsbeheer in rekenaarstelsels.” 2014. Web. 23 Mar 2019.
Vancouver:
Edwards NG. Die ontwikkeling en implementering van 'n formele model vir logiese toegangsbeheer in rekenaarstelsels. [Internet] [Thesis]. University of Johannesburg; 2014. [cited 2019 Mar 23].
Available from: http://hdl.handle.net/10210/9810.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Edwards NG. Die ontwikkeling en implementering van 'n formele model vir logiese toegangsbeheer in rekenaarstelsels. [Thesis]. University of Johannesburg; 2014. Available from: http://hdl.handle.net/10210/9810
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
University of Southern California
22.
Subramanian, Sonia.
Development and study of access control models for semantic
networks.
Degree: MS, Computer Science, 2009, University of Southern California
URL: http://digitallibrary.usc.edu/cdm/compoundobject/collection/p15799coll127/id/253064/rec/1916
► This work focuses on developing a feasible access control mechanism for Semantic Networks. As the amount of information grows in quantity, it requires becoming machine…
(more)
▼ This work focuses on developing a feasible
access
control mechanism for Semantic Networks. As the amount of
information grows in quantity, it requires becoming machine
processable in order to handle this growth and use the information.
To achieve the goal, semantics are added to the information,
resulting in semantic networks and the semantic web. In order to be
able to use this medium for data and information of all privilege
levels, it is necessary to develop
access control models that are
flexible, cater to the growth of the network, be efficient and be
aware of the semantics of the network. A model with these features,
based on a prior model, was developed and studied in this thesis.
This work was done at the Distributed Scalable Systems Division, at
the Information Sciences Institute at Marina Del Rey,
California.
Advisors/Committee Members: Neches, Robert (Committee Chair), Neuman, Clifford (Committee Member), Maheswaran, Rajiv T. (Committee Member).
Subjects/Keywords: access control; semantic networks
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Subramanian, S. (2009). Development and study of access control models for semantic
networks. (Masters Thesis). University of Southern California. Retrieved from http://digitallibrary.usc.edu/cdm/compoundobject/collection/p15799coll127/id/253064/rec/1916
Chicago Manual of Style (16th Edition):
Subramanian, Sonia. “Development and study of access control models for semantic
networks.” 2009. Masters Thesis, University of Southern California. Accessed March 23, 2019.
http://digitallibrary.usc.edu/cdm/compoundobject/collection/p15799coll127/id/253064/rec/1916.
MLA Handbook (7th Edition):
Subramanian, Sonia. “Development and study of access control models for semantic
networks.” 2009. Web. 23 Mar 2019.
Vancouver:
Subramanian S. Development and study of access control models for semantic
networks. [Internet] [Masters thesis]. University of Southern California; 2009. [cited 2019 Mar 23].
Available from: http://digitallibrary.usc.edu/cdm/compoundobject/collection/p15799coll127/id/253064/rec/1916.
Council of Science Editors:
Subramanian S. Development and study of access control models for semantic
networks. [Masters Thesis]. University of Southern California; 2009. Available from: http://digitallibrary.usc.edu/cdm/compoundobject/collection/p15799coll127/id/253064/rec/1916
California State University – Sacramento
23.
Kaja, Krishna Chaitanya.
Security policy implementation using graph database.
Degree: MS, Computer Science, 2019, California State University – Sacramento
URL: http://hdl.handle.net/10211.3/207824
► Extensible Access Control Markup Language (XACML) is an access control policy language. Typically, an XACML policy has configurable standard extension points to define new functions,…
(more)
▼ Extensible
Access Control Markup Language (XACML) is an
access control policy language. Typically, an XACML policy has configurable standard extension points to define new functions, data types and the ways to combine them as a single unit. With this language, we can query whether a given action can be performed, and the result will be interpreted accordingly. Thus, the response includes an answer about the request with a result of ???Permit??? or ???Deny.???
This project uses a graph database approach for XACML implementation, specifically, using Neo4j. The data in Neo4j is stored using a graph structure using nodes and arcs. This project consists of two components. Firstly, the system parses XACML policies, handles conflicts, and stores the results in the Neo4j graph database. Secondly, once a user submits an XACML request, the system parses the XACML request file to produce a Cypher query and query the graph database. The query result is then wrapped into an XACML response file and sent back to the user.
Advisors/Committee Members: Jin, Ying.
Subjects/Keywords: XACML; Graph database; Access control
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Kaja, K. C. (2019). Security policy implementation using graph database. (Masters Thesis). California State University – Sacramento. Retrieved from http://hdl.handle.net/10211.3/207824
Chicago Manual of Style (16th Edition):
Kaja, Krishna Chaitanya. “Security policy implementation using graph database.” 2019. Masters Thesis, California State University – Sacramento. Accessed March 23, 2019.
http://hdl.handle.net/10211.3/207824.
MLA Handbook (7th Edition):
Kaja, Krishna Chaitanya. “Security policy implementation using graph database.” 2019. Web. 23 Mar 2019.
Vancouver:
Kaja KC. Security policy implementation using graph database. [Internet] [Masters thesis]. California State University – Sacramento; 2019. [cited 2019 Mar 23].
Available from: http://hdl.handle.net/10211.3/207824.
Council of Science Editors:
Kaja KC. Security policy implementation using graph database. [Masters Thesis]. California State University – Sacramento; 2019. Available from: http://hdl.handle.net/10211.3/207824
University of Saskatchewan
24.
Monir, Samiul 1989-.
A Lightweight Attribute-Based Access Control System for IoT.
Degree: 2016, University of Saskatchewan
URL: http://hdl.handle.net/10388/7556
► The evolution of the Internet of things (IoT) has made a significant impact on our daily and professional life. Home and office automation are now…
(more)
▼ The evolution of the Internet of things (IoT) has made a significant impact on our daily and professional life. Home and office automation are now even easier with the implementation of IoT. Multiple sensors are connected to monitor the production line, or to
control an unmanned environment is now a reality. Sensors are now smart enough to sense an environment and also communicate over the Internet. That is why, implementing an IoT system within the production line, hospitals, office space, or at home could be beneficial as a human can interact over the Internet at any time to know the environment. 61% of International Data
Corporation (IDC) surveyed organizations are actively pursuing IoT initiatives, and 6.8% of the average IT budgets is also being allocated to IoT initiatives. However, the security risks are still unknown, and 34% of
respondents pointed out that data safety is their primary concern [1].
IoT sensors are being open to the users with portable/mobile devices. These mobile devices have enough computational power and make it di cult to track down who is using the data or resources. That is why this research focuses on proposing a dynamic
access control system for portable devices in IoT environment. The proposed architecture evaluates user context information from mobile devices and calculates trust value by matching with de ned policies to mitigate IoT risks. The cloud application acts as a trust module or gatekeeper that provides the authorization
access to READ, WRITE, and
control the IoT sensor.
The goal of this thesis is to offer an
access control system that is dynamic, flexible, and lightweight. This proposed
access control architecture can secure IoT sensors as well as protect sensor data. A prototype of the working model of the cloud, mobile application, and sensors is developed to prove the concept and evaluated against automated generated web requests to measure the response time and performance overhead. The results show that the proposed system requires less interaction time than the state-of-the-art methods.
Advisors/Committee Members: Deters, Ralph, Wahid, Khan A, Roy, Chanchal, Vassileva, Julita.
Subjects/Keywords: IoT; Access Control; Security; Attribute-based Access Control
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Monir, S. 1. (2016). A Lightweight Attribute-Based Access Control System for IoT. (Thesis). University of Saskatchewan. Retrieved from http://hdl.handle.net/10388/7556
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Monir, Samiul 1989-. “A Lightweight Attribute-Based Access Control System for IoT.” 2016. Thesis, University of Saskatchewan. Accessed March 23, 2019.
http://hdl.handle.net/10388/7556.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Monir, Samiul 1989-. “A Lightweight Attribute-Based Access Control System for IoT.” 2016. Web. 23 Mar 2019.
Vancouver:
Monir S1. A Lightweight Attribute-Based Access Control System for IoT. [Internet] [Thesis]. University of Saskatchewan; 2016. [cited 2019 Mar 23].
Available from: http://hdl.handle.net/10388/7556.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Monir S1. A Lightweight Attribute-Based Access Control System for IoT. [Thesis]. University of Saskatchewan; 2016. Available from: http://hdl.handle.net/10388/7556
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
University of Johannesburg
25.
Louwrens, Cecil Petrus.
Single sign-on in heterogeneous computer environments.
Degree: 2012, University of Johannesburg
URL: http://hdl.handle.net/10210/7051
► M.Sc.
The aim of this dissertation (referred to as thesis in the rest of the document) is to investigate the concept of Single Sign-on (SSO)…
(more)
▼ M.Sc.
The aim of this dissertation (referred to as thesis in the rest of the document) is to investigate the concept of Single Sign-on (SSO) in heterogeneous computing environments and to provide guidelines and reference frameworks for the selection and successful implementation of SSO solutions. In doing so. it also provides an overview of the basic types of SSO, Secure Single Sign-on (SSSO) solutions, enabling technologies, as well as products currently available. Chapter 1 introduces the sign-on problem, the purpose and organization of the thesis and terminology and abbreviations used. The crux of the sign-on problem is that users are required to sign on to multiple systems, developed at different times and based on different technologies, each with its own set of signon procedures and passwords. This inevitably leads to frustration, loss of productivity and weakened security. Users frequently resort to writing down passwords or using trivial password that can easily be guessed. In Chapter 2 the concepts of Single Sign-on and a special subset of SSO, Secure Single Sign-on are defined. Five types of SSO solutions are identified, namely: Synchronization, Scripting, Proxies and Trusted Hosts. Trusted Authentication Server and Hybrid solutions. Of the available types of solutions, only Trusted Authentication Server and Hybrid solutions can provide Secure Single Sign-on if properly implemented. The security services for SSSO are identified as authentication, authorization, integrity, confidentiality, non-repudiation, security management and cryptographic services. Additional SSSO concepts, as well as the vulnerabilities, obstacles and pitfalls to introducing SSO solutions are discussed. Chapter 3 provides an overview of the most important SSO enabling technologies. The following technologies are discussed: OSF DCE, SESAME, Kerberos, DSSA/SPX, TESS, NetSp, Secure Tokens, GSS-API and Public key Cryptography. Chapter 4 discusses the Open Software Foundation's (OSF) Distributed Computing Environment (DCE). OSF DCE is one of the two open standards for distributed processing which are having a major influence on the development of single sign-on solutions and forms the basis of many existing SSO products. DCE is not a SSO product. but consists of specifications and software. The goal of DCE is to turn a computer network into a single, coherent computing engine. It is considered to be one of the fundamental building blocks for SSO solutions in the future. In Chapter 5 SESAME is discussed in some detail as another major enabling technology for SSO. Secure European System for Applications in a Multi-vendor Environment (SESAME) is an architecture that implements a model for the provision of security services within open systems developed by the European Computer Manufacturers Association (ECMA). The architecture was developed and implemented on a trial basis, by Bull, ICL and Siemens-Nixdorf in an initiative supported by the European Commission. Chapter 6 presents a list of 49 commercial SSO products currently available,…
Subjects/Keywords: Computers - Access control.; Computers - Access control - Passwords.; Single sign-on.
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Louwrens, C. P. (2012). Single sign-on in heterogeneous computer environments. (Thesis). University of Johannesburg. Retrieved from http://hdl.handle.net/10210/7051
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Louwrens, Cecil Petrus. “Single sign-on in heterogeneous computer environments.” 2012. Thesis, University of Johannesburg. Accessed March 23, 2019.
http://hdl.handle.net/10210/7051.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Louwrens, Cecil Petrus. “Single sign-on in heterogeneous computer environments.” 2012. Web. 23 Mar 2019.
Vancouver:
Louwrens CP. Single sign-on in heterogeneous computer environments. [Internet] [Thesis]. University of Johannesburg; 2012. [cited 2019 Mar 23].
Available from: http://hdl.handle.net/10210/7051.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Louwrens CP. Single sign-on in heterogeneous computer environments. [Thesis]. University of Johannesburg; 2012. Available from: http://hdl.handle.net/10210/7051
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Georgia Tech
26.
Kong, Jiantao.
Trusted data path
protecting shared data in virtualized distributed systems.
Degree: PhD, Computing, 2010, Georgia Tech
URL: http://hdl.handle.net/1853/33820
► When sharing data across multiple sites, service applications should not be trusted automatically. Services that are suspected of faulty, erroneous, or malicious behaviors, or that…
(more)
▼ When sharing data across multiple sites, service applications should not be trusted automatically. Services that are suspected of faulty, erroneous, or malicious behaviors, or that run on systems that may be compromised, should not be able to gain
access to protected data or entrusted with the same data
access rights as others. This thesis proposes a context flow model that controls the information flow in a distributed system. Each service application along with its surrounding context in a distributed system is treated as a controllable principal. This thesis defines a trust-based
access control model that controls the information exchange between these principals. An online monitoring framework is used to evaluate the trustworthiness of the service applications and the underlining systems. An external communication interception runtime framework enforces trust-based
access control transparently for the entire system.
Advisors/Committee Members: Karsten Schwan (Committee Chair), Douglas M. Blough (Committee Member), Greg Eisenhauer (Committee Member), Mustaque Ahamad (Committee Member), Wenke Lee (Committee Member).
Subjects/Keywords: Trusted data path; Context flow control; Trust-based access control; Attribute based access control; Security and privacy; Data protection; Access control
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Kong, J. (2010). Trusted data path
protecting shared data in virtualized distributed systems. (Doctoral Dissertation). Georgia Tech. Retrieved from http://hdl.handle.net/1853/33820
Chicago Manual of Style (16th Edition):
Kong, Jiantao. “Trusted data path
protecting shared data in virtualized distributed systems.” 2010. Doctoral Dissertation, Georgia Tech. Accessed March 23, 2019.
http://hdl.handle.net/1853/33820.
MLA Handbook (7th Edition):
Kong, Jiantao. “Trusted data path
protecting shared data in virtualized distributed systems.” 2010. Web. 23 Mar 2019.
Vancouver:
Kong J. Trusted data path
protecting shared data in virtualized distributed systems. [Internet] [Doctoral dissertation]. Georgia Tech; 2010. [cited 2019 Mar 23].
Available from: http://hdl.handle.net/1853/33820.
Council of Science Editors:
Kong J. Trusted data path
protecting shared data in virtualized distributed systems. [Doctoral Dissertation]. Georgia Tech; 2010. Available from: http://hdl.handle.net/1853/33820
University of Utah
27.
Joseph, Jithu.
Cenet – capability enabled networking: towards least-privileged networking.
Degree: MSin Computer Science, School of Computing, 2015, University of Utah
URL: http://content.lib.utah.edu/cdm/singleitem/collection/etd3/id/3990/rec/409
► In today's IP networks, any host can send packets to any other host irrespective of whether the recipient is interested in communicating with the sender…
(more)
▼ In today's IP networks, any host can send packets to any other host irrespective of whether the recipient is interested in communicating with the sender or not. The downside of this openness is that every host is vulnerable to an attack by any other host. We ob- serve that this unrestricted network access (network ambient authority) from compromised systems is also a main reason for data exfiltration attacks within corporate networks. We address this issue using the network version of capability based access control. We bring the idea of capabilities and capability-based access control to the domain of networking. CeNet provides policy driven, fine-grained network level access control enforced in the core of the network (and not at the end-hosts) thereby removing network ambient authority. Thus CeNet is able to limit the scope of spread of an attack from a compromised host to other hosts in the network. We built a capability-enabled SDN network where communication privileges of an endpoint are limited according to its function in the network. Network capabilities can be passed between hosts, thereby allowing a delegation-oriented security policy to be realized. We believe that this base functionality can pave the way for the realization of sophisticated security policies within an enterprise network. Further we built a policy manager that is able to realize Role-Based Access Control (RBAC) policy based network access control using capability operations. We also look at some of the results of formal analysis of capability propagation models in the context of networks.
Subjects/Keywords: Access control in SDN; Capability based access control; Network access control; Network security; Security; Software defined networks
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Joseph, J. (2015). Cenet – capability enabled networking: towards least-privileged networking. (Masters Thesis). University of Utah. Retrieved from http://content.lib.utah.edu/cdm/singleitem/collection/etd3/id/3990/rec/409
Chicago Manual of Style (16th Edition):
Joseph, Jithu. “Cenet – capability enabled networking: towards least-privileged networking.” 2015. Masters Thesis, University of Utah. Accessed March 23, 2019.
http://content.lib.utah.edu/cdm/singleitem/collection/etd3/id/3990/rec/409.
MLA Handbook (7th Edition):
Joseph, Jithu. “Cenet – capability enabled networking: towards least-privileged networking.” 2015. Web. 23 Mar 2019.
Vancouver:
Joseph J. Cenet – capability enabled networking: towards least-privileged networking. [Internet] [Masters thesis]. University of Utah; 2015. [cited 2019 Mar 23].
Available from: http://content.lib.utah.edu/cdm/singleitem/collection/etd3/id/3990/rec/409.
Council of Science Editors:
Joseph J. Cenet – capability enabled networking: towards least-privileged networking. [Masters Thesis]. University of Utah; 2015. Available from: http://content.lib.utah.edu/cdm/singleitem/collection/etd3/id/3990/rec/409
Rochester Institute of Technology
28.
Alshehri, Suhair.
Toward Effective Access Control Using Attributes and Pseudoroles.
Degree: PhD, Computer Science (GCCIS), 2014, Rochester Institute of Technology
URL: https://scholarworks.rit.edu/theses/7938
► Sharing of information is fundamental to modern computing environments across many application domains. Such information sharing, however, raises security and privacy concerns that require…
(more)
▼ Sharing of information is fundamental to modern computing environments across many application domains. Such information sharing, however, raises security and privacy concerns that require effective
access control to prevent unauthorized
access and ensure compliance with various laws and regulations. Current approaches such as Role-Based
Access Control (RBAC), and Attribute-Based
Access Control (ABAC) and their variants are inadequate. Although it provides simple administration of
access control and user revocation and permission review, RBAC demands complex initial role engineering and makes
access control static. ABAC, on the other hand, simplifies initial security setup and enables flexible
access control, but increases the complexity of managing privileges, user revocation and user permissions review. These limitations of RBAC and ABAC have thus motivated research into the development of newer models that use attributes and policies while preserving RBAC's advantages.
This dissertation explores the role of attributes – characteristics of entities in the system – in achieving effective
access control. The first contribution of this dissertation is the design and development of a secure
access system using Ciphertext-Policy Attribute-Based Encryption (CP-ABE). The second contribution is the design and validation of a two-step
access control approach, the BiLayer
Access Control (BLAC) model. The first layer in BLAC checks whether subjects making
access requests have the right BLAC pseudoroles – a pseudorole is a predefined subset of a
subject's static attributes. If requesting subjects hold the right pseudoroles, the second layer checks rule(s) within associated BLAC policies for further constraints on
access. BLAC thus makes use of attributes effectively while preserving RBAC's advantages. The dissertation's third contribution is the design and definition of an evaluation framework for time complexity analysis, and uses this framework to compare BLAC model with RBAC and ABAC. The fourth contribution is the design and construction of a generic
access control threat model, and applying it to assess the effectiveness of BLAC, RBAC and ABAC in mitigating insider threats.
Advisors/Committee Members: Rajendra K. Raj, Stanisław P. Radziszowski, Carol Romanowski.
Subjects/Keywords: Access control; Attribute-based access control; Fine-grained access control; Information security; Role-based security; Security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Alshehri, S. (2014). Toward Effective Access Control Using Attributes and Pseudoroles. (Doctoral Dissertation). Rochester Institute of Technology. Retrieved from https://scholarworks.rit.edu/theses/7938
Chicago Manual of Style (16th Edition):
Alshehri, Suhair. “Toward Effective Access Control Using Attributes and Pseudoroles.” 2014. Doctoral Dissertation, Rochester Institute of Technology. Accessed March 23, 2019.
https://scholarworks.rit.edu/theses/7938.
MLA Handbook (7th Edition):
Alshehri, Suhair. “Toward Effective Access Control Using Attributes and Pseudoroles.” 2014. Web. 23 Mar 2019.
Vancouver:
Alshehri S. Toward Effective Access Control Using Attributes and Pseudoroles. [Internet] [Doctoral dissertation]. Rochester Institute of Technology; 2014. [cited 2019 Mar 23].
Available from: https://scholarworks.rit.edu/theses/7938.
Council of Science Editors:
Alshehri S. Toward Effective Access Control Using Attributes and Pseudoroles. [Doctoral Dissertation]. Rochester Institute of Technology; 2014. Available from: https://scholarworks.rit.edu/theses/7938
Delft University of Technology
29.
Spiele, P.A.
Role Based Access Control Heineken Netherlands:.
Degree: 2009, Delft University of Technology
URL: http://resolver.tudelft.nl/uuid:d348ecc7-10a3-4517-9c88-934d3778bf8d
► The administration of users and their related permissions in the IT environment is a complex and expensive task. The growing number and variety of applications,…
(more)
▼ The administration of users and their related permissions in the IT environment is a complex and expensive task. The growing number and variety of applications, combined with the manual administration of related permissions results in an enormous administrative burden and lack of
control. An effect of this situation is the accumulation of permissions by the employees, causing significant security risks.
The implementation of Identity and
Access Management (IAM) provides a solution for this undesired situation. Heineken Netherlands therefore initiated the IAM-project. Business drives for this IAM-project are; business facilitation, cost containment, operational efficiency, risk management, governance, and regulatory compliance. The identity management part of IAM focuses on the question who the user is, the
access management part focuses on what the user is allowed to do. The use of Role Based
Access Control (RBAC) for the realization of
access management is common practice. Roles in such a role model can be seen as an abstraction of the user-permission relationship.
The creation of a role model proved to be the major hurdle for the implementation of RBAC. For this purpose the RBAC-project was initiated at Heineken Netherlands, resulting in this report. The project started with the analysis of existing literature and best practices, resulting in a new RBAC terminology and the selection of four approaches for the design of a role model. Furthermore, the Heineken organization was analyzed, resulting in nine perspectives of which three were selected to form the foundations of the roles. Heineken preferred a hybrid approach for the design of the role model; however, a methodology for a hybrid approach was not yet described in literature before. Therefore a hybrid methodology was designed, containing seven steps to create the role model. As a part of the hybrid methodology, a new optimization algorithm was also introduced. The project continued with the customization of the hybrid methodology by incorporating the selected approaches and perspectives, resulting in the final Heineken Methodology. The validation of the Heineken methodology was done by conducting a pilot project at the Accounts Receivable Department of the Financial Shared Services Center.
In conclusion, the RBAC-project provided a well founded, customized, and validated Heineken methodology to design the desired companywide role model. To my knowledge this is the first described study which implements a truly hybrid approach making use of a newly developed terminology and optimization algorithm. The implementation of the Heineken methodology within the pilot area resulted in a role model with 8 roles for 64 employees, reducing the number of assignments by 70%. This low number of roles and assignments enhances the
control and maintainability of the role model and
access management in general. The role model is now fully implemented as part of the IAM-project of Heineken Netherlands.
Advisors/Committee Members: Dietz, J.L.G..
Subjects/Keywords: IAM; RBAC; Heineken; Role based access control; Identity and Access Management
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Spiele, P. A. (2009). Role Based Access Control Heineken Netherlands:. (Masters Thesis). Delft University of Technology. Retrieved from http://resolver.tudelft.nl/uuid:d348ecc7-10a3-4517-9c88-934d3778bf8d
Chicago Manual of Style (16th Edition):
Spiele, P A. “Role Based Access Control Heineken Netherlands:.” 2009. Masters Thesis, Delft University of Technology. Accessed March 23, 2019.
http://resolver.tudelft.nl/uuid:d348ecc7-10a3-4517-9c88-934d3778bf8d.
MLA Handbook (7th Edition):
Spiele, P A. “Role Based Access Control Heineken Netherlands:.” 2009. Web. 23 Mar 2019.
Vancouver:
Spiele PA. Role Based Access Control Heineken Netherlands:. [Internet] [Masters thesis]. Delft University of Technology; 2009. [cited 2019 Mar 23].
Available from: http://resolver.tudelft.nl/uuid:d348ecc7-10a3-4517-9c88-934d3778bf8d.
Council of Science Editors:
Spiele PA. Role Based Access Control Heineken Netherlands:. [Masters Thesis]. Delft University of Technology; 2009. Available from: http://resolver.tudelft.nl/uuid:d348ecc7-10a3-4517-9c88-934d3778bf8d
University of Notre Dame
30.
Timothy Everett Wright.
Privacy and Integrity in Collaborative, Virtual
Environments</h1>.
Degree: PhD, Computer Science and Engineering, 2009, University of Notre Dame
URL: https://curate.nd.edu/show/jq085h75x6k
► Collaborative, virtual environments (CVEs) leverage desktop virtual reality technologies to enable multiple, simultaneous participants to interact and work together. As immersive, multimedia-oriented systems, CVEs…
(more)
▼ Collaborative, virtual environments (CVEs)
leverage desktop virtual reality technologies to enable multiple,
simultaneous participants to interact and work together. As
immersive, multimedia-oriented systems, CVEs typically represent
participants as avatars and operate in a variety of areas
including, but not limited to: entertainment, commerce, education,
and research. Success of endeavors within these areas requires
privacy and integrity for both participant activities and the
objects upon which participants act. Security mechanisms, however,
are often limited in scope and functionality, or lacking entirely.
In response, this dissertation investigates and develops controls
to protect the privacy and integrity of activities and objects
within CVEs. We begin with a survey of 16 technologies that may be
used to build a CVE. We then examine two of these technologies
further, Croquet and Pro ject Wonderland, giving consideration to
their respective architectures, strengths, and weaknesses.
Continuing with Wonderland, we design and implement a full
discretionary
access control solution called WonderDAC. Finally, we
carry out a realistic demonstration of Wonderland/WonderDAC with a
small number of human participants.
Advisors/Committee Members: Thomas Blantz, Committee Chair, Nitesh Chawla, Committee Member, Gregory Madey, Committee Member, Kevin Bowyer, Committee Member, Hossein Hakimzadeh, Committee Member, Michael Niemier, Committee Member.
Subjects/Keywords: virtual reality; access control; discretionary access; collaborative virtual environment; information security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Wright, T. E. (2009). Privacy and Integrity in Collaborative, Virtual
Environments</h1>. (Doctoral Dissertation). University of Notre Dame. Retrieved from https://curate.nd.edu/show/jq085h75x6k
Chicago Manual of Style (16th Edition):
Wright, Timothy Everett. “Privacy and Integrity in Collaborative, Virtual
Environments</h1>.” 2009. Doctoral Dissertation, University of Notre Dame. Accessed March 23, 2019.
https://curate.nd.edu/show/jq085h75x6k.
MLA Handbook (7th Edition):
Wright, Timothy Everett. “Privacy and Integrity in Collaborative, Virtual
Environments</h1>.” 2009. Web. 23 Mar 2019.
Vancouver:
Wright TE. Privacy and Integrity in Collaborative, Virtual
Environments</h1>. [Internet] [Doctoral dissertation]. University of Notre Dame; 2009. [cited 2019 Mar 23].
Available from: https://curate.nd.edu/show/jq085h75x6k.
Council of Science Editors:
Wright TE. Privacy and Integrity in Collaborative, Virtual
Environments</h1>. [Doctoral Dissertation]. University of Notre Dame; 2009. Available from: https://curate.nd.edu/show/jq085h75x6k
◁ [1] [2] [3] [4] [5] … [31] ▶
. 
Open Access Theses and Dissertations