You searched for subject:(Access Control).
Showing records 1 – 30 of
1070 total matches.
◁ [1] [2] [3] [4] [5] … [36] ▶
Rutgers University
1.
Badar, Nazia, 1983-.
Towards automatic configuration of access control.
Degree: PhD, Business and Science, 2016, Rutgers University
URL: https://rucore.libraries.rutgers.edu/rutgers-lib/51547/ 
► Access control provide means to implement organizational security policies to both of its physical and electronic resources. To date, several access control mechanisms, including Role…
(more)
▼ Access control provide means to implement organizational security policies to both of its physical and electronic resources. To date, several
access control mechanisms, including Role Based
Access Control (RBAC) and Discretionary
Access Control (DAC) have been proposed. Regardless of which security mechanism an organization adopts, once the system variables such as policies, roles, and authorizations are defined, continuous configuration management of these systems become necessary in order to ensure that the behavior of implemented system matches with the expected system behavior. In recent years, configuration errors in
access control system have emerged as one of the key causes of system failure. Traditional
access control system lacks the ability to anticipate potential configuration errors. Therefore, these systems fail to gracefully react to this problem. Configuration errors often occur either in the form of false positive or false negative authorizations. It is not trivial to manually identify such misconfigurations, and moreover, existingmethods of analyzing system configuration are not efficient in detectingmisconfigurations. Therefore, there is an acute need of better ways for automatic configuration of
access control systems. This dissertation aims at developing efficient and automatic methodologies and tools for
access control configuration management that are based on data mining technologies. Specifically, it addresses the following three research issues. The first research problem is based on using risk estimates for configuration management. There exist a number of situations in which specific user permission assignments based on the security policy cannot be a priori decidable. These may include emergency and disaster management situations where
access to critical information is expected because of the need to share, and in some cases, because of the responsibility to provide information. This dissertation has proposed novel methodologies for dynamic computation of risk in such situations where preventing an
access to a resource has more deleterious effect than granting it, if the underlying risk is low. Moreover, it has developed a model that facilitates risk-based
access control in both DAC and RBAC cases. Also, in case of RBAC, it has developed a method to determine situational role for a user. Computational experiments performed on both synthetic and benchmark real datasets, even in the presence of noise, confirms the viability of the proposed approaches. The second issue is to investigate the configuration management problems that arise as a result of changes within a system or due to requests from users from collaborating organizations that do not have explicit
access to resources. This dissertation has proposed to exploit attribute semantics of users to (semi)automate security configuration and management, and has proposed a methodology to derive credential requirements for roles having permission to
access requested object, based on local
access control…
Advisors/Committee Members: Atluri, Vijay (chair).
Subjects/Keywords: Computers – Access control; Computer networks – Access control
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Badar, Nazia, 1. (2016). Towards automatic configuration of access control. (Doctoral Dissertation). Rutgers University. Retrieved from https://rucore.libraries.rutgers.edu/rutgers-lib/51547/
Chicago Manual of Style (16th Edition):
Badar, Nazia, 1983-. “Towards automatic configuration of access control.” 2016. Doctoral Dissertation, Rutgers University. Accessed March 01, 2021.
https://rucore.libraries.rutgers.edu/rutgers-lib/51547/.
MLA Handbook (7th Edition):
Badar, Nazia, 1983-. “Towards automatic configuration of access control.” 2016. Web. 01 Mar 2021.
Vancouver:
Badar, Nazia 1. Towards automatic configuration of access control. [Internet] [Doctoral dissertation]. Rutgers University; 2016. [cited 2021 Mar 01].
Available from: https://rucore.libraries.rutgers.edu/rutgers-lib/51547/.
Council of Science Editors:
Badar, Nazia 1. Towards automatic configuration of access control. [Doctoral Dissertation]. Rutgers University; 2016. Available from: https://rucore.libraries.rutgers.edu/rutgers-lib/51547/
2.
Peixoto, Rafael Pinto.
Traceability-based access recommendation.
Degree: 2012, Instituto Politécnico do Porto
URL: http://www.rcaap.pt/detail.jsp?id=oai:recipp.ipp.pt:10400.22/2831
► Devido à grande quantidade de dados disponíveis na Internet, um dos maiores desafios no mundo virtual é recomendar informação aos seus utilizadores. Por outro lado,…
(more)
▼ Devido à grande quantidade de dados disponíveis na Internet, um dos maiores desafios
no mundo virtual é recomendar informação aos seus utilizadores. Por outro lado, esta
grande quantidade de dados pode ser útil para melhorar recomendações se for anotada
e interligada por dados de proveniência.
Neste trabalho é abordada a temática de recomendação de (alteração de) permissões
acesso sobre recursos ao seu proprietário, ao invés da recomendação do próprio recurso
a um potencial consumidor/leitor. Para permitir a recomendação de acessos a um determinado
recurso, independentemente do domínio onde o mesmo se encontra alojado,
é essencial a utilização de sistemas de controlo de acessos distribuídos, mecanismos de
rastreamento de recursos e recomendação independentes do domínio.
Assim sendo, o principal objectivo desta tese é utilizar informação de rastreamento de
acções realizadas sobre recursos (i.e. informação que relaciona recursos e utilizadores
através da Web independentemente do domínio de rede) e utiliza-la para permitir a
recomendação de privilégios de acesso a esses recursos por outros utilizadores. Ao longo
do desenvolvimento da tese resultaram as seguintes contribuições:
A análise do estado da arte de recomendação e de sistemas de recomendação
potencialmente utilizáveis na recomendação de privilégios (secção 2.3);
A análise do estado da arte de mecanismos de rastreamento e proveniência de
informação (secção 2.2);
A proposta de um sistema de recomendação de privilégios de acesso independente
do domínio e a sua integração no sistema de controlo de acessos proposto anteriormente
(secção 3.1);
Levantamento, análise e especificação da informação relativa a privilégios de acesso,
para ser utilizada no sistema de recomendação (secção 2.1);
A especificação da informação resultante do rastreamento de acções para ser utilizada
na recomendação de privilégios de acesso (secção 4.1.1);
A especificação da informação de feedback resultante do sistema de recomendação
de acessos e sua reutilização no sistema de recomendação(secção 4.1.3);
A especificação, implementação e integração do sistema de recomendação de privilégios
de acesso na plataforma já existente (secção 4.2 e secção 4.3);
Realização de experiências de avaliação ao sistema de recomendação de privilégios,
bem como a análise dos resultados obtidos (secção 5).
Due to the large amount of available data in the internet, one of the biggest challenges in
the virtual world is to recommend information to the user. On the other hand this large
amount of data can be useful to improve recommendations if it is semantically described
and inter-related. To describe and relate this information, provenance information is
fundamental.
Several resources are not totally recommendable but can be recommended a speci c
type of access to them. So the cross-domain information provenance, cross-domain
access control and cross-domain access recommendation are leading keys to improve
cross-domain recommendation.
The main goal of this thesis work is to use automatic traceability information of…
Advisors/Committee Members: Bettencourt, Nuno Miguel Gomes, Silva, Nuno Alexandre Pinto da.
Subjects/Keywords: Traceability; Access policy recommendation; Access control
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Peixoto, R. P. (2012). Traceability-based access recommendation. (Thesis). Instituto Politécnico do Porto. Retrieved from http://www.rcaap.pt/detail.jsp?id=oai:recipp.ipp.pt:10400.22/2831
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Peixoto, Rafael Pinto. “Traceability-based access recommendation.” 2012. Thesis, Instituto Politécnico do Porto. Accessed March 01, 2021.
http://www.rcaap.pt/detail.jsp?id=oai:recipp.ipp.pt:10400.22/2831.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Peixoto, Rafael Pinto. “Traceability-based access recommendation.” 2012. Web. 01 Mar 2021.
Vancouver:
Peixoto RP. Traceability-based access recommendation. [Internet] [Thesis]. Instituto Politécnico do Porto; 2012. [cited 2021 Mar 01].
Available from: http://www.rcaap.pt/detail.jsp?id=oai:recipp.ipp.pt:10400.22/2831.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Peixoto RP. Traceability-based access recommendation. [Thesis]. Instituto Politécnico do Porto; 2012. Available from: http://www.rcaap.pt/detail.jsp?id=oai:recipp.ipp.pt:10400.22/2831
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
University of Pretoria
3.
[No author].
An aspect-oriented approach towards enhancing
optimistic access control with usage control
.
Degree: 2010, University of Pretoria
URL: http://upetd.up.ac.za/thesis/available/etd-07262010-142652/
► With the advent of agile programming, lightweight software processes are being favoured over the highly formalised approaches of the 80s and 90s, where the emphasis…
(more)
▼ With the advent of agile programming, lightweight
software processes are being favoured over the highly formalised
approaches of the 80s and 90s, where the emphasis is on "people,
not processes". Likewise,
access control may benefit from a less
prescriptive approach and an increasing reliance on users to behave
ethically. These ideals correlate with optimistic
access controls.
However, such controls alone may not be adequate as they are
retrospective rather proactive. Optimistic
access controls may
benefit from the stricter enforcement offered by usage
control. The
latter enables finer-grained
control over the usage of digital
objects than do traditional
access control policies and models, as
trust management concerns are also taken into consideration. This
thesis investigates the possibility of enhancing optimistic
access
controls with usage
control to ensure that users conduct themselves
in a trustworthy manner. Since this kind of approach towards
access
control has limited applicability, the present study investigates
contextualising this approach within a mixed-initiative
access
control framework. A mixed-initiative
access control framework
involves combining a minimum of two
access control models where the
request to information is mediated by a mixture of
access policy
enforcement agents. In order for this type of integration to be
successful, a software development approach was considered that
allows for the seamless augmentation of traditional
access control
with optimistic
access control enhanced with usage
control, namely
the aspect-oriented approach. The aspect-oriented paradigm can
facilitate the implementation of additional security features to
legacy systems without modifying existing code. This study
therefore evaluates the aspect-oriented approach in terms of
implementing security concerns. It is evidently difficult to
implement
access control and in dynamic environments preconfigured
access control policies may often change dramatically, depending on
the context. In unpredicted circumstances, users who are denied
access could often have prevented a catastrophe had they been
allowed
access. The costs of implementing and maintaining complex
preconfigured
access control policies sometimes far outweigh the
benefits. Optimistic controls are retrospective and allow users to
exceed their normal privileges. However, if a user accesses
information unethically, the consequences could be disastrous.
Therefore it is proposed that optimistic
access control be enhanced
with some form of usage
control, which may prevent the user from
engaging in risky behaviour. An initiative towards including
security in the earlier phases of the software life cycle is
gaining momentum, as it is much easier to design with security from
the onset than to use the penetrate-and-patch approach.
Unfortunately, incorporating security into software development
takes time and developers tend to focus more on the features of the
software application. The aspect-oriented paradigm can facilitate
the implementation of additional security…
Advisors/Committee Members: Prof J H P Eloff (advisor).
Subjects/Keywords: Aspect-oriented programming;
Usage control;
Access control;
Optimistic access control;
UCTD
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
author], [. (2010). An aspect-oriented approach towards enhancing
optimistic access control with usage control
. (Doctoral Dissertation). University of Pretoria. Retrieved from http://upetd.up.ac.za/thesis/available/etd-07262010-142652/
Chicago Manual of Style (16th Edition):
author], [No. “An aspect-oriented approach towards enhancing
optimistic access control with usage control
.” 2010. Doctoral Dissertation, University of Pretoria. Accessed March 01, 2021.
http://upetd.up.ac.za/thesis/available/etd-07262010-142652/.
MLA Handbook (7th Edition):
author], [No. “An aspect-oriented approach towards enhancing
optimistic access control with usage control
.” 2010. Web. 01 Mar 2021.
Vancouver:
author] [. An aspect-oriented approach towards enhancing
optimistic access control with usage control
. [Internet] [Doctoral dissertation]. University of Pretoria; 2010. [cited 2021 Mar 01].
Available from: http://upetd.up.ac.za/thesis/available/etd-07262010-142652/.
Council of Science Editors:
author] [. An aspect-oriented approach towards enhancing
optimistic access control with usage control
. [Doctoral Dissertation]. University of Pretoria; 2010. Available from: http://upetd.up.ac.za/thesis/available/etd-07262010-142652/
University of Pretoria
4.
Padayachee, Keshnee.
An
aspect-oriented approach towards enhancing optimistic access
control with usage control.
Degree: Computer Science, 2010, University of Pretoria
URL: http://hdl.handle.net/2263/26683
► With the advent of agile programming, lightweight software processes are being favoured over the highly formalised approaches of the 80s and 90s, where the emphasis…
(more)
▼ With the advent of agile programming, lightweight
software processes are being favoured over the highly formalised
approaches of the 80s and 90s, where the emphasis is on "people,
not processes". Likewise,
access control may benefit from a less
prescriptive approach and an increasing reliance on users to behave
ethically. These ideals correlate with optimistic
access controls.
However, such controls alone may not be adequate as they are
retrospective rather proactive. Optimistic
access controls may
benefit from the stricter enforcement offered by usage
control. The
latter enables finer-grained
control over the usage of digital
objects than do traditional
access control policies and models, as
trust management concerns are also taken into consideration. This
thesis investigates the possibility of enhancing optimistic
access
controls with usage
control to ensure that users conduct themselves
in a trustworthy manner. Since this kind of approach towards
access
control has limited applicability, the present study investigates
contextualising this approach within a mixed-initiative
access
control framework. A mixed-initiative
access control framework
involves combining a minimum of two
access control models where the
request to information is mediated by a mixture of
access policy
enforcement agents. In order for this type of integration to be
successful, a software development approach was considered that
allows for the seamless augmentation of traditional
access control
with optimistic
access control enhanced with usage
control, namely
the aspect-oriented approach. The aspect-oriented paradigm can
facilitate the implementation of additional security features to
legacy systems without modifying existing code. This study
therefore evaluates the aspect-oriented approach in terms of
implementing security concerns. It is evidently difficult to
implement
access control and in dynamic environments preconfigured
access control policies may often change dramatically, depending on
the context. In unpredicted circumstances, users who are denied
access could often have prevented a catastrophe had they been
allowed
access. The costs of implementing and maintaining complex
preconfigured
access control policies sometimes far outweigh the
benefits. Optimistic controls are retrospective and allow users to
exceed their normal privileges. However, if a user accesses
information unethically, the consequences could be disastrous.
Therefore it is proposed that optimistic
access control be enhanced
with some form of usage
control, which may prevent the user from
engaging in risky behaviour. An initiative towards including
security in the earlier phases of the software life cycle is
gaining momentum, as it is much easier to design with security from
the onset than to use the penetrate-and-patch approach.
Unfortunately, incorporating security into software development
takes time and developers tend to focus more on the features of the
software application. The aspect-oriented paradigm can facilitate
the implementation of additional security…
Advisors/Committee Members: Prof J H P Eloff (advisor).
Subjects/Keywords: Aspect-oriented programming; Usage
control; Access
control; Optimistic
access control;
UCTD
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Padayachee, K. (2010). An
aspect-oriented approach towards enhancing optimistic access
control with usage control. (Doctoral Dissertation). University of Pretoria. Retrieved from http://hdl.handle.net/2263/26683
Chicago Manual of Style (16th Edition):
Padayachee, Keshnee. “An
aspect-oriented approach towards enhancing optimistic access
control with usage control.” 2010. Doctoral Dissertation, University of Pretoria. Accessed March 01, 2021.
http://hdl.handle.net/2263/26683.
MLA Handbook (7th Edition):
Padayachee, Keshnee. “An
aspect-oriented approach towards enhancing optimistic access
control with usage control.” 2010. Web. 01 Mar 2021.
Vancouver:
Padayachee K. An
aspect-oriented approach towards enhancing optimistic access
control with usage control. [Internet] [Doctoral dissertation]. University of Pretoria; 2010. [cited 2021 Mar 01].
Available from: http://hdl.handle.net/2263/26683.
Council of Science Editors:
Padayachee K. An
aspect-oriented approach towards enhancing optimistic access
control with usage control. [Doctoral Dissertation]. University of Pretoria; 2010. Available from: http://hdl.handle.net/2263/26683
5.
Kuninobu, Shigeta.
Security assurance methods for access control systems using static analysis : 静的解析を用いたアクセス制御システムのセキュリティ保証技術に関する研究; セイテキ カイセキ オ モチイタ アクセス セイギョ システム ノ セキュリティ ホショウ ギジュツ ニ カンスル ケンキュウ.
Degree: Nara Institute of Science and Technology / 奈良先端科学技術大学院大学
URL: http://hdl.handle.net/10061/3019
Subjects/Keywords: Access control
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Kuninobu, S. (n.d.). Security assurance methods for access control systems using static analysis : 静的解析を用いたアクセス制御システムのセキュリティ保証技術に関する研究; セイテキ カイセキ オ モチイタ アクセス セイギョ システム ノ セキュリティ ホショウ ギジュツ ニ カンスル ケンキュウ. (Thesis). Nara Institute of Science and Technology / 奈良先端科学技術大学院大学. Retrieved from http://hdl.handle.net/10061/3019
Note: this citation may be lacking information needed for this citation format:
No year of publication.
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Kuninobu, Shigeta. “Security assurance methods for access control systems using static analysis : 静的解析を用いたアクセス制御システムのセキュリティ保証技術に関する研究; セイテキ カイセキ オ モチイタ アクセス セイギョ システム ノ セキュリティ ホショウ ギジュツ ニ カンスル ケンキュウ.” Thesis, Nara Institute of Science and Technology / 奈良先端科学技術大学院大学. Accessed March 01, 2021.
http://hdl.handle.net/10061/3019.
Note: this citation may be lacking information needed for this citation format:
No year of publication.
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Kuninobu, Shigeta. “Security assurance methods for access control systems using static analysis : 静的解析を用いたアクセス制御システムのセキュリティ保証技術に関する研究; セイテキ カイセキ オ モチイタ アクセス セイギョ システム ノ セキュリティ ホショウ ギジュツ ニ カンスル ケンキュウ.” Web. 01 Mar 2021.
Note: this citation may be lacking information needed for this citation format:
No year of publication.
Vancouver:
Kuninobu S. Security assurance methods for access control systems using static analysis : 静的解析を用いたアクセス制御システムのセキュリティ保証技術に関する研究; セイテキ カイセキ オ モチイタ アクセス セイギョ システム ノ セキュリティ ホショウ ギジュツ ニ カンスル ケンキュウ. [Internet] [Thesis]. Nara Institute of Science and Technology / 奈良先端科学技術大学院大学; [cited 2021 Mar 01].
Available from: http://hdl.handle.net/10061/3019.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
No year of publication.
Council of Science Editors:
Kuninobu S. Security assurance methods for access control systems using static analysis : 静的解析を用いたアクセス制御システムのセキュリティ保証技術に関する研究; セイテキ カイセキ オ モチイタ アクセス セイギョ システム ノ セキュリティ ホショウ ギジュツ ニ カンスル ケンキュウ. [Thesis]. Nara Institute of Science and Technology / 奈良先端科学技術大学院大学; Available from: http://hdl.handle.net/10061/3019
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
No year of publication.
6.
Nitta, Naoya.
Security verification of programs with stack inspection : スタック検査機能を持つプログラムに対するセキュリティ検証; スタック ケンサ キノウ オ モツ プログラム ニ タイスル セキュリティ ケンショウ.
Degree: Nara Institute of Science and Technology / 奈良先端科学技術大学院大学
URL: http://hdl.handle.net/10061/2933
Subjects/Keywords: access control
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Nitta, N. (n.d.). Security verification of programs with stack inspection : スタック検査機能を持つプログラムに対するセキュリティ検証; スタック ケンサ キノウ オ モツ プログラム ニ タイスル セキュリティ ケンショウ. (Thesis). Nara Institute of Science and Technology / 奈良先端科学技術大学院大学. Retrieved from http://hdl.handle.net/10061/2933
Note: this citation may be lacking information needed for this citation format:
No year of publication.
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Nitta, Naoya. “Security verification of programs with stack inspection : スタック検査機能を持つプログラムに対するセキュリティ検証; スタック ケンサ キノウ オ モツ プログラム ニ タイスル セキュリティ ケンショウ.” Thesis, Nara Institute of Science and Technology / 奈良先端科学技術大学院大学. Accessed March 01, 2021.
http://hdl.handle.net/10061/2933.
Note: this citation may be lacking information needed for this citation format:
No year of publication.
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Nitta, Naoya. “Security verification of programs with stack inspection : スタック検査機能を持つプログラムに対するセキュリティ検証; スタック ケンサ キノウ オ モツ プログラム ニ タイスル セキュリティ ケンショウ.” Web. 01 Mar 2021.
Note: this citation may be lacking information needed for this citation format:
No year of publication.
Vancouver:
Nitta N. Security verification of programs with stack inspection : スタック検査機能を持つプログラムに対するセキュリティ検証; スタック ケンサ キノウ オ モツ プログラム ニ タイスル セキュリティ ケンショウ. [Internet] [Thesis]. Nara Institute of Science and Technology / 奈良先端科学技術大学院大学; [cited 2021 Mar 01].
Available from: http://hdl.handle.net/10061/2933.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
No year of publication.
Council of Science Editors:
Nitta N. Security verification of programs with stack inspection : スタック検査機能を持つプログラムに対するセキュリティ検証; スタック ケンサ キノウ オ モツ プログラム ニ タイスル セキュリティ ケンショウ. [Thesis]. Nara Institute of Science and Technology / 奈良先端科学技術大学院大学; Available from: http://hdl.handle.net/10061/2933
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
No year of publication.
University of Utah
7.
Jana, Suman.
On fast and accurate detection of unauthorized wireless access points using clock skews.
Degree: MS;, Computing (School of);, 2009, University of Utah
URL: http://content.lib.utah.edu/cdm/singleitem/collection/etd2/id/1504/rec/837
► We explore the use of clock skew of a wireless local area network access point (AP) as its fingerprint to detect unauthorized APs quickly and…
(more)
▼ We explore the use of clock skew of a wireless local area network access point (AP) as its fingerprint to detect unauthorized APs quickly and accurately. The main goal behind using clock skews is to overcome one of the major limitations of existing solutions - the inability to effectively detect Medium Access Control (MAC) address spoofing. We calculate the clock skew of an AP from the IEEE 802.11 Time Synchronization Function (TSF) timestamps sent out in the beacon/probe response frames. We use two different methods for this purpose - one based on linear programming and the other based on least square fit. We supplement these methods with a heuristic for differentiating original packets from those sent by the fake APs. We collect TSF timestamp data from several APs in three different residential settings. Using our measurement data as well as data obtained from a large conference setting, we find that clock skews remain consistent over time for the same AP but vary significantly across APs. Furthermore, we improve the resolution of received timestamp of the frames and show that with this enhancement our methodology can find clock skews very quickly, using 50-100 packets in most of the cases. We also discuss and quantify the impact of various external factors including temperature variation, virtualization, clock source selection and NTP synchronization on clock skews. Our results indicate that the use of clock skews appears to be an efficient and robust method for detecting fake APs in wireless local area networks.
Subjects/Keywords: Wireless LANs; Medium Access Control
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Jana, S. (2009). On fast and accurate detection of unauthorized wireless access points using clock skews. (Masters Thesis). University of Utah. Retrieved from http://content.lib.utah.edu/cdm/singleitem/collection/etd2/id/1504/rec/837
Chicago Manual of Style (16th Edition):
Jana, Suman. “On fast and accurate detection of unauthorized wireless access points using clock skews.” 2009. Masters Thesis, University of Utah. Accessed March 01, 2021.
http://content.lib.utah.edu/cdm/singleitem/collection/etd2/id/1504/rec/837.
MLA Handbook (7th Edition):
Jana, Suman. “On fast and accurate detection of unauthorized wireless access points using clock skews.” 2009. Web. 01 Mar 2021.
Vancouver:
Jana S. On fast and accurate detection of unauthorized wireless access points using clock skews. [Internet] [Masters thesis]. University of Utah; 2009. [cited 2021 Mar 01].
Available from: http://content.lib.utah.edu/cdm/singleitem/collection/etd2/id/1504/rec/837.
Council of Science Editors:
Jana S. On fast and accurate detection of unauthorized wireless access points using clock skews. [Masters Thesis]. University of Utah; 2009. Available from: http://content.lib.utah.edu/cdm/singleitem/collection/etd2/id/1504/rec/837
Royal Holloway, University of London
8.
Farley, Naomi.
On key assignment schemes and cryptographic enforcement mechanisms for information flow policies.
Degree: PhD, 2018, Royal Holloway, University of London
URL: https://pure.royalholloway.ac.uk/portal/en/publications/on-key-assignment-schemes-and-cryptographic-enforcement-mechanisms-for-information-flow-policies(9d010b23-5cd4-472b-bebc-dbf05cd0eb57).html
;
https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.792874
► Access control policies specify permissible interactions between users and system resources, and are typically enforced by trusted components. Third parties (e.g. cloud servers) may not…
(more)
▼ Access control policies specify permissible interactions between users and system resources, and are typically enforced by trusted components. Third parties (e.g. cloud servers) may not be trusted to correctly enforce a policy, in which case cryptographic enforcement schemes (CESs) may be used. In this thesis, we consider the cryptographic enforcement of (read-only) information flow policies, which model hierarchies of security labels. For example, a symmetric key can be associated with each security label and used to encrypt associated objects. Users authorised for many labels may need to be issued many keys, which may be undesirable, particularly when user storage is limited. A key assignment scheme (KAS) allows a trusted entity to generate a 'small' secret for each user, from which all required keys can be derived. Key derivation may also rely on additional public information, which can be large and expensive to maintain. In this thesis, we propose three symmetric KASs that eliminate public derivation information. Our first KAS is based on partitioning the policy hierarchy into chains, which permits very efficient key derivation. We show how to construct a chain partition that minimises the cryptographic material required both in total and by any one user. We then show that working with trees, rather than chains, further reduces the material distributed to users and that tree partitions are quicker to find than chain partitions. We then design a space-efficient KAS that imposes a logarithmic bound on derivation cost. In the worst case, user material may be larger than in prior schemes; we therefore design heuristic approaches and provide experimental evidence that the resulting schemes compare favourably to existing schemes. Finally, we provide a definitional framework for CESs for read-only information flow policies, using which CESs can be proven correct and secure, and which helps identify limitations of primitives in CESs.
Subjects/Keywords: Cryptography; Access Control; key management
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Farley, N. (2018). On key assignment schemes and cryptographic enforcement mechanisms for information flow policies. (Doctoral Dissertation). Royal Holloway, University of London. Retrieved from https://pure.royalholloway.ac.uk/portal/en/publications/on-key-assignment-schemes-and-cryptographic-enforcement-mechanisms-for-information-flow-policies(9d010b23-5cd4-472b-bebc-dbf05cd0eb57).html ; https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.792874
Chicago Manual of Style (16th Edition):
Farley, Naomi. “On key assignment schemes and cryptographic enforcement mechanisms for information flow policies.” 2018. Doctoral Dissertation, Royal Holloway, University of London. Accessed March 01, 2021.
https://pure.royalholloway.ac.uk/portal/en/publications/on-key-assignment-schemes-and-cryptographic-enforcement-mechanisms-for-information-flow-policies(9d010b23-5cd4-472b-bebc-dbf05cd0eb57).html ; https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.792874.
MLA Handbook (7th Edition):
Farley, Naomi. “On key assignment schemes and cryptographic enforcement mechanisms for information flow policies.” 2018. Web. 01 Mar 2021.
Vancouver:
Farley N. On key assignment schemes and cryptographic enforcement mechanisms for information flow policies. [Internet] [Doctoral dissertation]. Royal Holloway, University of London; 2018. [cited 2021 Mar 01].
Available from: https://pure.royalholloway.ac.uk/portal/en/publications/on-key-assignment-schemes-and-cryptographic-enforcement-mechanisms-for-information-flow-policies(9d010b23-5cd4-472b-bebc-dbf05cd0eb57).html ; https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.792874.
Council of Science Editors:
Farley N. On key assignment schemes and cryptographic enforcement mechanisms for information flow policies. [Doctoral Dissertation]. Royal Holloway, University of London; 2018. Available from: https://pure.royalholloway.ac.uk/portal/en/publications/on-key-assignment-schemes-and-cryptographic-enforcement-mechanisms-for-information-flow-policies(9d010b23-5cd4-472b-bebc-dbf05cd0eb57).html ; https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.792874
9.
Surampudi, Srinivasa Rao.
Adaptive Slot Adaptive Frame Medium Access Control
Protocol for Human Tracking; -.
Degree: Electrical and communication engineering, 2012, Jawaharlal Nehru Technological University, Hyderabad
URL: http://shodhganga.inflibnet.ac.in/handle/10603/19022
► Radio Frequency Identification (RFID) technology has a number of applications in day to day affairs, especially when security is of main concern. Human activity tracking…
(more)
▼ Radio Frequency Identification (RFID) technology
has a number of applications in day to day affairs, especially when
security is of main concern. Human activity tracking is one such
important application where security is of prime concern. In a
secured environment where RFID based human tracking newlinesystem
is incorporated, one would possibly come across a situation of not
being able to discriminate two or more persons carrying RFID tags
because of sudden increase in the population and haphazard
movement. newlineIn this connection, fast identification and
enumeration of number of tags present in an area under surveillance
is one of the major issues faced by security personnel. newline It
is in this context, we provide a basic feasible solution which
would ensure collision avoidance of RFID tags in a dense and
haphazard environment. We call this technique as Adaptive Slot
Adaptive Frame newline(ASAF) ALOHA protocol .
newline
References p. 107-116
Advisors/Committee Members: Rajan, E G.
Subjects/Keywords: Access; Adaptive; Adaptive; Control; Protocol
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Surampudi, S. R. (2012). Adaptive Slot Adaptive Frame Medium Access Control
Protocol for Human Tracking; -. (Thesis). Jawaharlal Nehru Technological University, Hyderabad. Retrieved from http://shodhganga.inflibnet.ac.in/handle/10603/19022
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Surampudi, Srinivasa Rao. “Adaptive Slot Adaptive Frame Medium Access Control
Protocol for Human Tracking; -.” 2012. Thesis, Jawaharlal Nehru Technological University, Hyderabad. Accessed March 01, 2021.
http://shodhganga.inflibnet.ac.in/handle/10603/19022.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Surampudi, Srinivasa Rao. “Adaptive Slot Adaptive Frame Medium Access Control
Protocol for Human Tracking; -.” 2012. Web. 01 Mar 2021.
Vancouver:
Surampudi SR. Adaptive Slot Adaptive Frame Medium Access Control
Protocol for Human Tracking; -. [Internet] [Thesis]. Jawaharlal Nehru Technological University, Hyderabad; 2012. [cited 2021 Mar 01].
Available from: http://shodhganga.inflibnet.ac.in/handle/10603/19022.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Surampudi SR. Adaptive Slot Adaptive Frame Medium Access Control
Protocol for Human Tracking; -. [Thesis]. Jawaharlal Nehru Technological University, Hyderabad; 2012. Available from: http://shodhganga.inflibnet.ac.in/handle/10603/19022
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
10.
Surampudi, Srinivasa Rao.
Adaptive Slot Adaptive Frame Medium Access Control
Protocol for Human Tracking; -.
Degree: Electrical and communication engineering, 2013, Jawaharlal Nehru Technological University, Hyderabad
URL: http://shodhganga.inflibnet.ac.in/handle/10603/19096
► Radio Frequency Identification (RFID) technology has a number of applications in day to day affairs, especially when security is of main concern. Human activity tracking…
(more)
▼ Radio Frequency Identification (RFID) technology
has a number of applications in day to day affairs, especially when
security is of main concern. Human activity tracking is one such
important application where security is of prime concern. In a
secured environment where RFID based human tracking newlinesystem
is incorporated, one would possibly ome across a situation of not
being able to discriminate two or more persons carrying RFID tags
because of sudden increase in the population and haphazard
movement. newlineIn this connection, fast identification and
enumeration of number of tags present in an area under surveillance
is one of the major issues faced by security personnel.
newline
References p. 107 -115 appendixp.
116-118
Advisors/Committee Members: Rajan, E G, Kishore, K Lal.
Subjects/Keywords: Access; Adaptive; Control; Frame
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Surampudi, S. R. (2013). Adaptive Slot Adaptive Frame Medium Access Control
Protocol for Human Tracking; -. (Thesis). Jawaharlal Nehru Technological University, Hyderabad. Retrieved from http://shodhganga.inflibnet.ac.in/handle/10603/19096
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Surampudi, Srinivasa Rao. “Adaptive Slot Adaptive Frame Medium Access Control
Protocol for Human Tracking; -.” 2013. Thesis, Jawaharlal Nehru Technological University, Hyderabad. Accessed March 01, 2021.
http://shodhganga.inflibnet.ac.in/handle/10603/19096.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Surampudi, Srinivasa Rao. “Adaptive Slot Adaptive Frame Medium Access Control
Protocol for Human Tracking; -.” 2013. Web. 01 Mar 2021.
Vancouver:
Surampudi SR. Adaptive Slot Adaptive Frame Medium Access Control
Protocol for Human Tracking; -. [Internet] [Thesis]. Jawaharlal Nehru Technological University, Hyderabad; 2013. [cited 2021 Mar 01].
Available from: http://shodhganga.inflibnet.ac.in/handle/10603/19096.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Surampudi SR. Adaptive Slot Adaptive Frame Medium Access Control
Protocol for Human Tracking; -. [Thesis]. Jawaharlal Nehru Technological University, Hyderabad; 2013. Available from: http://shodhganga.inflibnet.ac.in/handle/10603/19096
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
University of Waterloo
11.
Wu, Zhiping.
Data Structures for Fast Access Control in ECM Systems.
Degree: 2014, University of Waterloo
URL: http://hdl.handle.net/10012/8614
► While many access control models have been proposed, little work has been done on the efficiency of access control systems. Because the access control sub-system…
(more)
▼ While many access control models have been proposed, little work has been done on the efficiency of access control systems. Because the access control sub-system of an Enterprise Content Management (ECM) system may be a bottleneck, we investigate the representation of permissions to improve its efficiency. Observing that there are many browsing-oriented permission request queries, we choose to implement a subject-oriented representation (i.e., maintaining a permission list for each subject). Additionally, we notice that with breadth-first ID numbering we may encounter many contiguous IDs under one object (e.g., folder) .
To optimize the efficiency taking into account the above two characteristics, this thesis presents a space-efficient data structure specifically tailored for representing permission lists in ECM systems. Besides the space efficiency, checking, granting or revocation of a permission is very fast using our data structure. It also supports fast union of two or more permission lists (determining the effective permissions inherited from users' groups). In addition, our data structure is scalable to support any increase in the number of objects and subjects.
We evaluate our representation by comparing it against the bitmap based representation and a hash table based representation while using random ID numbering and breadth-first numbering, respectively. Our experimental tests on both synthetic and real-world data show that the hash table outperforms our representation for regular permission queries (i.e., querying permissions on a single object each time) as well as browsing-oriented queries with random ID numbering. However, our tests also show that 1) our representation supports faster browsing-oriented queries with breadth-first ID numbering applied while consuming only half the space when compared to the hash table based representation, and 2) our representation is much more space and time efficient than the bitmap based representation for our application.
Subjects/Keywords: Access Control; ECM System
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Wu, Z. (2014). Data Structures for Fast Access Control in ECM Systems. (Thesis). University of Waterloo. Retrieved from http://hdl.handle.net/10012/8614
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Wu, Zhiping. “Data Structures for Fast Access Control in ECM Systems.” 2014. Thesis, University of Waterloo. Accessed March 01, 2021.
http://hdl.handle.net/10012/8614.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Wu, Zhiping. “Data Structures for Fast Access Control in ECM Systems.” 2014. Web. 01 Mar 2021.
Vancouver:
Wu Z. Data Structures for Fast Access Control in ECM Systems. [Internet] [Thesis]. University of Waterloo; 2014. [cited 2021 Mar 01].
Available from: http://hdl.handle.net/10012/8614.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Wu Z. Data Structures for Fast Access Control in ECM Systems. [Thesis]. University of Waterloo; 2014. Available from: http://hdl.handle.net/10012/8614
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
University of Johannesburg
12.
Von Solms, Johan Sebastiaan.
MOFAC : model for fine grained access control.
Degree: 2014, University of Johannesburg
URL: http://hdl.handle.net/10210/12035
► M.Sc. (Computer Science)
Computer security is a key component in any computer system. Traditionally computers were not connected to one another. This centralized configuration made…
(more)
▼ M.Sc. (Computer Science)
Computer security is a key component in any computer system. Traditionally computers were not connected to one another. This centralized configuration made the implementation of computer security a relatively easy task. The closed nature of the system limited the number of unknown factors that could cause security breaches. The users and their access rights were generally well defined and the system was protected from outside threats through simple, yet effective control measures. The evolution of network environments changed the computer environment and in effect also computer security. It became more difficult to implement protection measures because the nature of the environment changed from closed to open. New defenses had to be developed for security issues like unknown parameters, increased points of attack, unknown paths of information etc. Businesses and the general public today depend on network systems and no person can ignore these and other related security problems. The widespread publicity of attacks, and better customer awareness on security issues, created a need for new solutions for computer security. Security organisations, businesses and universities are addressing these problems through the development of security standards and security solutions.Today computer systems are becoming more "safe" through new products such as encryption and decryption algorithms, single-sign on password facilities, biometrics systems, smart cards, firewalls etc. Another important security consideration is Access Control. Access Control is responsible for controlling the actions of users to resources.
Subjects/Keywords: Computers - Access control; Computer security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Von Solms, J. S. (2014). MOFAC : model for fine grained access control. (Thesis). University of Johannesburg. Retrieved from http://hdl.handle.net/10210/12035
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Von Solms, Johan Sebastiaan. “MOFAC : model for fine grained access control.” 2014. Thesis, University of Johannesburg. Accessed March 01, 2021.
http://hdl.handle.net/10210/12035.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Von Solms, Johan Sebastiaan. “MOFAC : model for fine grained access control.” 2014. Web. 01 Mar 2021.
Vancouver:
Von Solms JS. MOFAC : model for fine grained access control. [Internet] [Thesis]. University of Johannesburg; 2014. [cited 2021 Mar 01].
Available from: http://hdl.handle.net/10210/12035.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Von Solms JS. MOFAC : model for fine grained access control. [Thesis]. University of Johannesburg; 2014. Available from: http://hdl.handle.net/10210/12035
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
University of Johannesburg
13.
Edwards, Norman Godfrey.
Die ontwikkeling en implementering van 'n formele model vir logiese toegangsbeheer in rekenaarstelsels.
Degree: 2014, University of Johannesburg
URL: http://hdl.handle.net/10210/9810
► M.Com. (Computer Science)
The area covered in this study is that of logical security models. A logical security model refers to the formal representation of…
(more)
▼ M.Com. (Computer Science)
The area covered in this study is that of logical security models. A logical security model refers to the formal representation of a security policy which allows the subsequent movement of rights between subjects and objects in a system. The best way to illustrate the goal of this study, is with the following abstract from the submitted article, which originated from this study. 'The original protection graph rewriting grammar used to simulate the different operations of the Take/Grant model is reviewed. The productions of the PGR-grammar is then expanded, by adding a new context which is based on the different security classes found in the Bell Grid LaPadula model [14].' The first goal of this study was to take the Take/Grant security -model and expand it. This expansion included the concept of assigning a different security class to each subject and object in the model. This concept was derived from the Bell and LaPadula model as discussed in chapter 2 of this study. The next goal that was defined, was to expand the PGR-grammar of [28], so that it would also be able to simulate .the operations of this expanded Take/Grant model. The .PGR-grammar consisted of different permitting and forbidding node and edge contexts. This PGR-grammar was expanded by adding an additional context to the formal representation. This expansion is explained in detail in chapter 5 of this study. The third goal was to take the expansions, mentioned above, and implement them in a computer system. This computer system had to make use of an expert. system in order to reach certain conclusions. Each of the operations of the Take/Grant model must be evaluated, to determine whether that rule can be applied or not. The use of the expert system is explained in chapters 6 and 7 of this study. This study consists out of eight chapters in the following order. Chapter 2 starts of with an introduction of some of the most important logical security models. This chapter gives the reader background knowledge of the different models available, which is essential for the rest of the study. This chapter, however, does not discuss the Take/Grant model in detail. This is done in chapter 3 of the study. In this chapter the Take Grant model is discussed as a major input to this study. The Send Receive model is also discussed as a variation of the Take/Grant model. In the last section of the chapter a comparison is drawn between these two models. Chapter 4 formalizes the Take/Grant model. The protection graph rewriting grammar (PGR-grammar), which is used to simulate the different operations of the Take/Grant model, is introduced...
Subjects/Keywords: Computers - Access control; Data protection
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Edwards, N. G. (2014). Die ontwikkeling en implementering van 'n formele model vir logiese toegangsbeheer in rekenaarstelsels. (Thesis). University of Johannesburg. Retrieved from http://hdl.handle.net/10210/9810
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Edwards, Norman Godfrey. “Die ontwikkeling en implementering van 'n formele model vir logiese toegangsbeheer in rekenaarstelsels.” 2014. Thesis, University of Johannesburg. Accessed March 01, 2021.
http://hdl.handle.net/10210/9810.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Edwards, Norman Godfrey. “Die ontwikkeling en implementering van 'n formele model vir logiese toegangsbeheer in rekenaarstelsels.” 2014. Web. 01 Mar 2021.
Vancouver:
Edwards NG. Die ontwikkeling en implementering van 'n formele model vir logiese toegangsbeheer in rekenaarstelsels. [Internet] [Thesis]. University of Johannesburg; 2014. [cited 2021 Mar 01].
Available from: http://hdl.handle.net/10210/9810.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Edwards NG. Die ontwikkeling en implementering van 'n formele model vir logiese toegangsbeheer in rekenaarstelsels. [Thesis]. University of Johannesburg; 2014. Available from: http://hdl.handle.net/10210/9810
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Universidade Nova
14.
Pires, Mário Rui Dias.
A type system for access control in an object-oriented language.
Degree: 2009, Universidade Nova
URL: http://www.rcaap.pt/detail.jsp?id=oai:run.unl.pt:10362/2308
► Trabalho apresentado no âmbito do Mestrado em Engenharia Informática, como requisito parcial para obtenção do grau de Mestre em Engenharia Informática
The need for a…
(more)
▼ Trabalho apresentado no âmbito do Mestrado em Engenharia Informática, como requisito parcial para obtenção do grau de Mestre em Engenharia Informática
The need for a security system to ensure the integrity of protected data leads to the development of access control systems, whose purpose is to prevent access to protected information or resources by unauthorized individuals. In this thesis, we develop and formalize a type and effect system that verifies the access control to objects in a simplified object-oriented language.
Traditionally, access control is done only at run-time, using dynamic techniques, such as access control lists, that perform run-time verifications for credentials and privileges. However, these techniques increase the total execution time of an operation, potentially breaking system
requirements such as usability or response time.
Static approaches, based on static analysis or type systems, reduce the amount of run-time checks by doing some of those checks during compile-time, preventing the occurrence of errors before running the program and offering formal proofs of system correctness.
The type system developed in this dissertation deals with the dynamic delegation of authorizations to access objects. An authorization includes the identification of the protected object
and its access policy and is considered by the type system as a first class value. As such, object types are extended with policies that reflect the current privilege associated with the object, and typing an expression can produce an effect on policies. We name this new type as user type and the respective value as user view, which contain the object’s reference and a policy to access the object.
We consider privileges over objects to be the methods that can be invoked. So, a policy
states what methods are available to be called. When typing a method call by an user view, we are able to verify if it was authorized, that is, if the current policy says that the method is available. This mechanism allows the removal of common security specifications from class
declarations, as visibility modifiers (public, private).
Furthermore, we present a soundness result for our type system. We also implemented a
typechecking algorithm for our type system, resulting in a tool to verify the integrity of protected objects in a system designed in the defined programming language.
This work was supported by a CITI research grant
Advisors/Committee Members: Caires, Luís.
Subjects/Keywords: Security; Access control; Type system
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Pires, M. R. D. (2009). A type system for access control in an object-oriented language. (Thesis). Universidade Nova. Retrieved from http://www.rcaap.pt/detail.jsp?id=oai:run.unl.pt:10362/2308
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Pires, Mário Rui Dias. “A type system for access control in an object-oriented language.” 2009. Thesis, Universidade Nova. Accessed March 01, 2021.
http://www.rcaap.pt/detail.jsp?id=oai:run.unl.pt:10362/2308.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Pires, Mário Rui Dias. “A type system for access control in an object-oriented language.” 2009. Web. 01 Mar 2021.
Vancouver:
Pires MRD. A type system for access control in an object-oriented language. [Internet] [Thesis]. Universidade Nova; 2009. [cited 2021 Mar 01].
Available from: http://www.rcaap.pt/detail.jsp?id=oai:run.unl.pt:10362/2308.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Pires MRD. A type system for access control in an object-oriented language. [Thesis]. Universidade Nova; 2009. Available from: http://www.rcaap.pt/detail.jsp?id=oai:run.unl.pt:10362/2308
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Linköping University
15.
Huang, Qing.
An extension to the Android access control framework.
Degree: Computer and Information Science, 2011, Linköping University
URL: http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-73064
► Several nice hardware functionalities located at the low level of operating system onmobile phones could be utilized in a better way if they are…
(more)
▼ Several nice hardware functionalities located at the low level of operating system onmobile phones could be utilized in a better way if they are available to applicationdevelopers. With their help, developers are able to bring overall user experienceto a new level in terms of developing novel applications. For instance, one of thosehardware functionalities, SIM-card authentication is able to offer stronger andmore convenient way of authentication when compared to the traditional approach.Replacing the username-password combination with the SIM-card authentication,users are freed from memorizing passwords. However, since normally those kindsof functionalities are locked up at the low level, they are only accessible by a fewusers who have been given privileged access rights. To let the normal applicationsbe benefiting as well, they need to be made accessible at the application level. Onthe one hand, as we see the benefit it will bring to us, there is a clear intentionto open it up, however, on the other hand, there is also a limitation resultingfrom their security-critical nature that needs to be placed when accessing whichis restricting the access to trusted third parties.
Our investigation is based on the Android platform. The problem that we havediscovered is the existing security mechanism in Android is not able to satisfy everyregards of requirements we mentioned above when exposing SIM-card authenticationfunctionality. Hence, our requirement on enhancing the access control modelof Android comes naturally. In order to better suit the needs, we proposed a solutionWhite lists & Domains (WITDOM) to improve its current situation in thethesis. The proposed solution is an extension to the existing access control modelin Android that allows alternative ways to specify access controls therefore complementingthe existing Android security mechanisms. We have both designedand implemented the solution and the result shows that with the service that weprovided, critical functionalities, such as APIs for the low-level hardware functionalitycan retain the same level of protection however in the meanwhile, with moreflexible protection mechanism.
Subjects/Keywords: Android security; access control
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Huang, Q. (2011). An extension to the Android access control framework. (Thesis). Linköping University. Retrieved from http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-73064
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Huang, Qing. “An extension to the Android access control framework.” 2011. Thesis, Linköping University. Accessed March 01, 2021.
http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-73064.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Huang, Qing. “An extension to the Android access control framework.” 2011. Web. 01 Mar 2021.
Vancouver:
Huang Q. An extension to the Android access control framework. [Internet] [Thesis]. Linköping University; 2011. [cited 2021 Mar 01].
Available from: http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-73064.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Huang Q. An extension to the Android access control framework. [Thesis]. Linköping University; 2011. Available from: http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-73064
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Delft University of Technology
16.
Steenstra, C.T. (author).
Designing a privacy aware infrastructure for an Inclusive Enterprise at IBM.
Degree: 2016, Delft University of Technology
URL: http://resolver.tudelft.nl/uuid:e0704a99-6b12-4fc0-8310-c7cbabfe5a8d
► The widespread adoption of computer technologies fundamentally re-shaped the way companies operate. A deluge of systems and applications now support the daily activities of employees…
(more)
▼ The widespread adoption of computer technologies fundamentally re-shaped the way companies operate. A deluge of systems and applications now support the daily activities of employees and managers alike, thus increasing the amount, value, and sensibleness of available data. This abundance of data provides new opportunities for applications development, where more and more data is shared and reused to enable new functionalities, to unlock novel insights about the enterprise or its personnel, or to improve on aspects such as employee engagement, productivity or sociability. At the same time, data sharing poses new challenges. Data is often used for purposes that are different from the original design, and there is a pervasive need to ensure compliance with the relevant laws and third party policies. What is more, employees might find the increased use of personal data undesirable, and therefore demand proper transparency and control over their personal data. This works tackles the technical challenges that come with the sharing and usage of personal data by enterprise-class applications, and provides a framework for privacy aware data sharing. In a literature survey we investigate several disciplines related to privacy, access control management, and provenance in computer systems, to determine the current state of the art and practice. The study provides the conceptual underpinning for a novel data model that facilitates a privacy aware way for applications to share data while still providing transparency, simplicity and control to users. The model is then implemented in a new enterprise-class platform, a multi-tenant Software-as-a-Service (SaaS) provider that centralises privacy and consent management related functionalities. The model and framework are then validated through interviews with IBM employees having different roles within the organisation. The quality of the resulting implementation is validated by means of a set of scalability tests, with the goal of demonstrating the actual suitability of the proposed solution in a realistic enterprise context.
Computer Science
Web Information Systems
Electrical Engineering, Mathematics and Computer Science
Advisors/Committee Members: Bozzon, A. (mentor), Sips, R. (mentor).
Subjects/Keywords: privacy; access control; authorization; infrastructure
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Steenstra, C. T. (. (2016). Designing a privacy aware infrastructure for an Inclusive Enterprise at IBM. (Masters Thesis). Delft University of Technology. Retrieved from http://resolver.tudelft.nl/uuid:e0704a99-6b12-4fc0-8310-c7cbabfe5a8d
Chicago Manual of Style (16th Edition):
Steenstra, C T (author). “Designing a privacy aware infrastructure for an Inclusive Enterprise at IBM.” 2016. Masters Thesis, Delft University of Technology. Accessed March 01, 2021.
http://resolver.tudelft.nl/uuid:e0704a99-6b12-4fc0-8310-c7cbabfe5a8d.
MLA Handbook (7th Edition):
Steenstra, C T (author). “Designing a privacy aware infrastructure for an Inclusive Enterprise at IBM.” 2016. Web. 01 Mar 2021.
Vancouver:
Steenstra CT(. Designing a privacy aware infrastructure for an Inclusive Enterprise at IBM. [Internet] [Masters thesis]. Delft University of Technology; 2016. [cited 2021 Mar 01].
Available from: http://resolver.tudelft.nl/uuid:e0704a99-6b12-4fc0-8310-c7cbabfe5a8d.
Council of Science Editors:
Steenstra CT(. Designing a privacy aware infrastructure for an Inclusive Enterprise at IBM. [Masters Thesis]. Delft University of Technology; 2016. Available from: http://resolver.tudelft.nl/uuid:e0704a99-6b12-4fc0-8310-c7cbabfe5a8d
University of Victoria
17.
Habibi, Ryan.
Consent based privacy for eHealth systems.
Degree: Department of Computer Science, 2018, University of Victoria
URL: https://dspace.library.uvic.ca//handle/1828/10010
► Access to Personal Health Information (PHI) is a valuable part of the modern health care model. Timely access to relevant PHI assists care providers in…
(more)
▼ Access to Personal Health Information (PHI) is a valuable part of the modern health care model. Timely
access to relevant PHI assists care providers in making clinical decisions and ensure that patients receive the highest quality of care. PHI is highly sensitive and unauthorized disclosure of PHI has potential to lead to social, economic, or even physical harm to the patient. Traditional electronic health (eHealth) tools are designed for the needs of care providers and are insufficient for the needs of patients. Our research goal is to investigate the requirements of electronic health care systems which place patient health and privacy above all other concerns.
Control of secure resources is a well established area of research in which many techniques such as cryptography,
access control, authentication, and organizational policy can be combined to maintain the confidentiality and integrity of data.
Access control is the dominant data owner facing privacy
control. To better understand this domain we conducted a scoping literature review to rapidly map the key concepts underpinning patient facing
access controls in eHealth systems. We present the analysis of that corpus as well as a set of identified requirements. Based on the identified requirements we developed Circle of Health based
Access Control (CoHBAC), a patient centered
access control model. We then performed a second scoping review to extend our research beyond just
access controls, which are insufficient to provide reasonable privacy alone. The second review yielded a larger, more comprehensive, set of sixty five requirements for patient centered privacy systems. We refined CoHBAC into Privacy Centered
Access Control (PCAC) to meet the needs of our second set of requirements. Using the conceptual model of accountability that emerged from the reviewed literature we present the identified requirements organized into the Patient Centered Privacy Framework. We applied our framework to the Canadian health care context to demonstrate its applicability.
Advisors/Committee Members: Damian, Daniela (supervisor).
Subjects/Keywords: Access Control; eHealth; Consent; Privacy
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Habibi, R. (2018). Consent based privacy for eHealth systems. (Masters Thesis). University of Victoria. Retrieved from https://dspace.library.uvic.ca//handle/1828/10010
Chicago Manual of Style (16th Edition):
Habibi, Ryan. “Consent based privacy for eHealth systems.” 2018. Masters Thesis, University of Victoria. Accessed March 01, 2021.
https://dspace.library.uvic.ca//handle/1828/10010.
MLA Handbook (7th Edition):
Habibi, Ryan. “Consent based privacy for eHealth systems.” 2018. Web. 01 Mar 2021.
Vancouver:
Habibi R. Consent based privacy for eHealth systems. [Internet] [Masters thesis]. University of Victoria; 2018. [cited 2021 Mar 01].
Available from: https://dspace.library.uvic.ca//handle/1828/10010.
Council of Science Editors:
Habibi R. Consent based privacy for eHealth systems. [Masters Thesis]. University of Victoria; 2018. Available from: https://dspace.library.uvic.ca//handle/1828/10010
University of Ontario Institute of Technology
18.
Sharghigoorabi, Mohammadhassan.
Access control obligation specification and enforcement using behavior pattern language.
Degree: 2018, University of Ontario Institute of Technology
URL: http://hdl.handle.net/10155/908
► Increasing the use of Internet-based devices offers novel opportunities for users to access and share resources anywhere and anytime so that such a collaborative environment…
(more)
▼ Increasing the use of Internet-based devices offers novel opportunities for users
to
access and share resources anywhere and anytime so that such a collaborative
environment complicates the design of an accountable resource
access control system.
Relying on only predefined
access control policies based on an entity's attributes,
as in traditional
access control solutions, cannot provide enough flexibility to apply
continuous adjustments in order to adapt to any kind of operative run time conditions.
The limited scope and precision of the existing policy-based
access control solutions
have put considerable limitations on adequately satisfying the challenging security
aspects of the IT enterprises.
In this research, we focus on the obligatory behavior that can play an important
role in
access control to protect resources and services of a typical system. Since
traditional
access control is performed only once before the resource is accessed by
the
subject, the
access control system is unable to
control the fulfillment of obligation
while the
access is in progress. Practically, such a requirement is implemented in
hard-coded and proprietary ways. Consequently, the lack of sophisticated means
for specification and enforcement of obligation in
access control system decreases its
flexibility and may also lead to the security breach in sensitive environments.
We provide a descriptive language that is capable of defining a variety of complex
behavior patterns based on a sequence of user actions. Such a description can be used
to specify different elements of the obligation in order to attach to a policy language,
and it is also used to generate queries for behavior matching purposes.
Moreover, we propose a behavior pattern matching framework to approve the
fulfillment of the obligation by looking into the audit logs. However, this method is
extremely inadequate for ongoing obligations. Therefore, we proposed a compliance
engine by utilizing complex event processing in order to make a decision to revoke
or continue the
access in a timely manner. We implemented both frameworks that
can be used to approve the obligation fulfillment as well as to evaluate the expressive
power and complexity of our proposed language.
Advisors/Committee Members: Liscano, Ramiro.
Subjects/Keywords: Access control; Obligation; Behavior; Language
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Sharghigoorabi, M. (2018). Access control obligation specification and enforcement using behavior pattern language. (Thesis). University of Ontario Institute of Technology. Retrieved from http://hdl.handle.net/10155/908
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Sharghigoorabi, Mohammadhassan. “Access control obligation specification and enforcement using behavior pattern language.” 2018. Thesis, University of Ontario Institute of Technology. Accessed March 01, 2021.
http://hdl.handle.net/10155/908.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Sharghigoorabi, Mohammadhassan. “Access control obligation specification and enforcement using behavior pattern language.” 2018. Web. 01 Mar 2021.
Vancouver:
Sharghigoorabi M. Access control obligation specification and enforcement using behavior pattern language. [Internet] [Thesis]. University of Ontario Institute of Technology; 2018. [cited 2021 Mar 01].
Available from: http://hdl.handle.net/10155/908.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Sharghigoorabi M. Access control obligation specification and enforcement using behavior pattern language. [Thesis]. University of Ontario Institute of Technology; 2018. Available from: http://hdl.handle.net/10155/908
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
University of Waterloo
19.
Krishnan, Vivek.
Relating Declarative Semantics and Usability in Access Control.
Degree: 2012, University of Waterloo
URL: http://hdl.handle.net/10012/6893
► This thesis addresses the problem of usability in the context of administration of access control systems. We seek to relate the notion of declarative semantics,…
(more)
▼ This thesis addresses the problem of usability in the context of administration of access control systems. We seek to relate the notion of declarative semantics, a recurring theme in research in access control, with usability. We adopt the concrete context of POSIX ACLs and the traditional interface for it that comprises two utilities getfacl and setfacl. POSIX ACLs are the de facto standard to which POSIX conformant systems such as Linux and OpenBSD adhere. The natural semantics of getfacl and setfacl is operational. By operational we mean that the semantics of these are speci ed procedurally. We have designed and implemented an alternate interface that we call askfacl whose natural semantics is declarative. Declarative semantics means "what you see is what it is."
We also discuss our design of askfacl and articulate the following thesis that underlies our work: If the natural semantics of the interface for ACLs is declarative, then a user is able to more quickly, accurately and confidently, inspect and edit ACLs than if the semantics is operational. To validate our thesis we conducted a between participant human-subject usability study with 42 participants. The results of our study measurably demonstrate the goodness of declarative semantics in access control.
Subjects/Keywords: Usability; Security; Access Control
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Krishnan, V. (2012). Relating Declarative Semantics and Usability in Access Control. (Thesis). University of Waterloo. Retrieved from http://hdl.handle.net/10012/6893
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Krishnan, Vivek. “Relating Declarative Semantics and Usability in Access Control.” 2012. Thesis, University of Waterloo. Accessed March 01, 2021.
http://hdl.handle.net/10012/6893.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Krishnan, Vivek. “Relating Declarative Semantics and Usability in Access Control.” 2012. Web. 01 Mar 2021.
Vancouver:
Krishnan V. Relating Declarative Semantics and Usability in Access Control. [Internet] [Thesis]. University of Waterloo; 2012. [cited 2021 Mar 01].
Available from: http://hdl.handle.net/10012/6893.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Krishnan V. Relating Declarative Semantics and Usability in Access Control. [Thesis]. University of Waterloo; 2012. Available from: http://hdl.handle.net/10012/6893
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Rutgers University
20.
Uzun, Emre.
Formal security analysis of access control models and their spatiotemporal extensions.
Degree: PhD, Management, 2015, Rutgers University
URL: https://rucore.libraries.rutgers.edu/rutgers-lib/48785/
► Providing restrictive and secure access to resources is a challenging and socially important problem. Today, there exists a variety of formal security models to meet…
(more)
▼ Providing restrictive and secure access to resources is a challenging and socially important problem. Today, there exists a variety of formal security models to meet the wide needs of requirements in specifying access control policies. These include Discretionary Access Control (DAC) and Role Based Access Control (RBAC). For every model, it is necessary to analyze and prove that the system is secure, or in other words, access rights of sensitive data are not leaked to potentially untrusted users (rights leakage), as well as the data itself (data leakage). Analysis is essential to understand the implications of security policies and helps organizations gain confidence on the control they have on resources while providing access, and devise and maintain policies. There is a dire need for such analysis tools that help security administrators as they make administrative changes to reflect changes in policy. In this dissertation we tackle two major problems: Rights leakage problem and data leakage problem. For the rights leakage problem, we focus on RBAC and its temporal and spatiotemporal extensions, since RBAC has been successfully incorporated in a variety of commercial systems, and has become the norm in many of today’s organizations for enforcing security. Towards this end, we first propose suitable administrative models that govern changes to policies. Then we develop efficient security analysis techniques and tools, in which we explore a decomposition strategy, that splits the temporal or spatio temporal security analysis problems into smaller and more manageable sub-problems which in fact, are RBAC security analysis problems on which the existing RBAC security analysis tools can be employed. We then evaluate them from a theoretical perspective by analyzing their complexity, as well as from a practical perspective by evaluating their performance using real world and simulated data sets. For the data leakage problem, we consider two types of data leakages: confidentiality violating and integrity violating. In confidentiality violating data leakage, sensitive data in an object can be leaked to potentially untrusted users via another object that is readable by those users. In integrity violating data leakage, on the other hand, data can be leaked to an object where the user is not allowed to write to explicitly. We propose techniques to eliminate these possible leakages by using three different strategies: Conservative, Proactive and Retrospective. We then computationally evaluate them to show the running times and restrictiveness of our proposed methodologies in terms of identifying the possible data leakages and eliminating them.
Advisors/Committee Members: Atluri, Vijayalakshmi (chair), Vaidya, Jaideep (co-chair), Adam, Nabil (internal member), Sural, Shamik (outside member), Parthasarathy, Madhusudan (outside member).
Subjects/Keywords: Access control; Computer security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Uzun, E. (2015). Formal security analysis of access control models and their spatiotemporal extensions. (Doctoral Dissertation). Rutgers University. Retrieved from https://rucore.libraries.rutgers.edu/rutgers-lib/48785/
Chicago Manual of Style (16th Edition):
Uzun, Emre. “Formal security analysis of access control models and their spatiotemporal extensions.” 2015. Doctoral Dissertation, Rutgers University. Accessed March 01, 2021.
https://rucore.libraries.rutgers.edu/rutgers-lib/48785/.
MLA Handbook (7th Edition):
Uzun, Emre. “Formal security analysis of access control models and their spatiotemporal extensions.” 2015. Web. 01 Mar 2021.
Vancouver:
Uzun E. Formal security analysis of access control models and their spatiotemporal extensions. [Internet] [Doctoral dissertation]. Rutgers University; 2015. [cited 2021 Mar 01].
Available from: https://rucore.libraries.rutgers.edu/rutgers-lib/48785/.
Council of Science Editors:
Uzun E. Formal security analysis of access control models and their spatiotemporal extensions. [Doctoral Dissertation]. Rutgers University; 2015. Available from: https://rucore.libraries.rutgers.edu/rutgers-lib/48785/
University of Saskatchewan
21.
Monir, Samiul 1989-.
A Lightweight Attribute-Based Access Control System for IoT.
Degree: 2016, University of Saskatchewan
URL: http://hdl.handle.net/10388/7556
► The evolution of the Internet of things (IoT) has made a significant impact on our daily and professional life. Home and office automation are now…
(more)
▼ The evolution of the Internet of things (IoT) has made a significant impact on our daily and professional life. Home and office automation are now even easier with the implementation of IoT. Multiple sensors are connected to monitor the production line, or to
control an unmanned environment is now a reality. Sensors are now smart enough to sense an environment and also communicate over the Internet. That is why, implementing an IoT system within the production line, hospitals, office space, or at home could be beneficial as a human can interact over the Internet at any time to know the environment. 61% of International Data
Corporation (IDC) surveyed organizations are actively pursuing IoT initiatives, and 6.8% of the average IT budgets is also being allocated to IoT initiatives. However, the security risks are still unknown, and 34% of
respondents pointed out that data safety is their primary concern [1].
IoT sensors are being open to the users with portable/mobile devices. These mobile devices have enough computational power and make it di cult to track down who is using the data or resources. That is why this research focuses on proposing a dynamic
access control system for portable devices in IoT environment. The proposed architecture evaluates user context information from mobile devices and calculates trust value by matching with de ned policies to mitigate IoT risks. The cloud application acts as a trust module or gatekeeper that provides the authorization
access to READ, WRITE, and
control the IoT sensor.
The goal of this thesis is to offer an
access control system that is dynamic, flexible, and lightweight. This proposed
access control architecture can secure IoT sensors as well as protect sensor data. A prototype of the working model of the cloud, mobile application, and sensors is developed to prove the concept and evaluated against automated generated web requests to measure the response time and performance overhead. The results show that the proposed system requires less interaction time than the state-of-the-art methods.
Advisors/Committee Members: Deters, Ralph, Wahid, Khan A, Roy, Chanchal, Vassileva, Julita.
Subjects/Keywords: IoT; Access Control; Security; Attribute-based Access Control
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Monir, S. 1. (2016). A Lightweight Attribute-Based Access Control System for IoT. (Thesis). University of Saskatchewan. Retrieved from http://hdl.handle.net/10388/7556
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Monir, Samiul 1989-. “A Lightweight Attribute-Based Access Control System for IoT.” 2016. Thesis, University of Saskatchewan. Accessed March 01, 2021.
http://hdl.handle.net/10388/7556.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Monir, Samiul 1989-. “A Lightweight Attribute-Based Access Control System for IoT.” 2016. Web. 01 Mar 2021.
Vancouver:
Monir S1. A Lightweight Attribute-Based Access Control System for IoT. [Internet] [Thesis]. University of Saskatchewan; 2016. [cited 2021 Mar 01].
Available from: http://hdl.handle.net/10388/7556.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Monir S1. A Lightweight Attribute-Based Access Control System for IoT. [Thesis]. University of Saskatchewan; 2016. Available from: http://hdl.handle.net/10388/7556
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
University of Johannesburg
22.
Louwrens, Cecil Petrus.
Single sign-on in heterogeneous computer environments.
Degree: 2012, University of Johannesburg
URL: http://hdl.handle.net/10210/7051
► M.Sc.
The aim of this dissertation (referred to as thesis in the rest of the document) is to investigate the concept of Single Sign-on (SSO)…
(more)
▼ M.Sc.
The aim of this dissertation (referred to as thesis in the rest of the document) is to investigate the concept of Single Sign-on (SSO) in heterogeneous computing environments and to provide guidelines and reference frameworks for the selection and successful implementation of SSO solutions. In doing so. it also provides an overview of the basic types of SSO, Secure Single Sign-on (SSSO) solutions, enabling technologies, as well as products currently available. Chapter 1 introduces the sign-on problem, the purpose and organization of the thesis and terminology and abbreviations used. The crux of the sign-on problem is that users are required to sign on to multiple systems, developed at different times and based on different technologies, each with its own set of signon procedures and passwords. This inevitably leads to frustration, loss of productivity and weakened security. Users frequently resort to writing down passwords or using trivial password that can easily be guessed. In Chapter 2 the concepts of Single Sign-on and a special subset of SSO, Secure Single Sign-on are defined. Five types of SSO solutions are identified, namely: Synchronization, Scripting, Proxies and Trusted Hosts. Trusted Authentication Server and Hybrid solutions. Of the available types of solutions, only Trusted Authentication Server and Hybrid solutions can provide Secure Single Sign-on if properly implemented. The security services for SSSO are identified as authentication, authorization, integrity, confidentiality, non-repudiation, security management and cryptographic services. Additional SSSO concepts, as well as the vulnerabilities, obstacles and pitfalls to introducing SSO solutions are discussed. Chapter 3 provides an overview of the most important SSO enabling technologies. The following technologies are discussed: OSF DCE, SESAME, Kerberos, DSSA/SPX, TESS, NetSp, Secure Tokens, GSS-API and Public key Cryptography. Chapter 4 discusses the Open Software Foundation's (OSF) Distributed Computing Environment (DCE). OSF DCE is one of the two open standards for distributed processing which are having a major influence on the development of single sign-on solutions and forms the basis of many existing SSO products. DCE is not a SSO product. but consists of specifications and software. The goal of DCE is to turn a computer network into a single, coherent computing engine. It is considered to be one of the fundamental building blocks for SSO solutions in the future. In Chapter 5 SESAME is discussed in some detail as another major enabling technology for SSO. Secure European System for Applications in a Multi-vendor Environment (SESAME) is an architecture that implements a model for the provision of security services within open systems developed by the European Computer Manufacturers Association (ECMA). The architecture was developed and implemented on a trial basis, by Bull, ICL and Siemens-Nixdorf in an initiative supported by the European Commission. Chapter 6 presents a list of 49 commercial SSO products currently available,…
Subjects/Keywords: Computers - Access control.; Computers - Access control - Passwords.; Single sign-on.
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Louwrens, C. P. (2012). Single sign-on in heterogeneous computer environments. (Thesis). University of Johannesburg. Retrieved from http://hdl.handle.net/10210/7051
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Louwrens, Cecil Petrus. “Single sign-on in heterogeneous computer environments.” 2012. Thesis, University of Johannesburg. Accessed March 01, 2021.
http://hdl.handle.net/10210/7051.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Louwrens, Cecil Petrus. “Single sign-on in heterogeneous computer environments.” 2012. Web. 01 Mar 2021.
Vancouver:
Louwrens CP. Single sign-on in heterogeneous computer environments. [Internet] [Thesis]. University of Johannesburg; 2012. [cited 2021 Mar 01].
Available from: http://hdl.handle.net/10210/7051.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Louwrens CP. Single sign-on in heterogeneous computer environments. [Thesis]. University of Johannesburg; 2012. Available from: http://hdl.handle.net/10210/7051
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Colorado State University
23.
Abdunabi, Ramadan.
Access control framework for mobile applications, An.
Degree: PhD, Computer Science, 2013, Colorado State University
URL: http://hdl.handle.net/10217/78814
► With the advent of wireless and mobile devices, many new applications are being developed that make use of the spatio-temporal information of a user in…
(more)
▼ With the advent of wireless and mobile devices, many new applications are being developed that make use of the spatio-temporal information of a user in order to provide better functionality. Such applications also necessitate sophisticated authorization models where
access to a resource depends on the credentials of the user and also on the location and time of
access. Consequently, traditional
access control models, such as, Role-Based
Access Control (RBAC), has been augmented to provide spatio-temporal
access control. However, the velocity of technological development imposes sophisticated constraints that might not be possible to support with earlier works. In this dissertation, we provide an
access control framework that allows one to specify, verify, and enforce spatio-temporal policies of mobile applications. Our specification of spatio-temporal
access control improves the expressiveness upon earlier works by providing features that are useful for mobile applications. Thus, an application using our model can specify different types of spatio-temporal constraints. It defines a number of novel concepts that allow ease of integration of
access control policies with applications and make policy models more amenable to analysis. Our
access control models are presented using both theoretical and practical methods. Our models have numerous features that may interact to produce conflicts. Towards this end, we also develop automated analysis approaches for conflict detection and correction at model and application levels. These approaches rigorously check policy models and provide feedback when some properties do not hold. For strict temporal behaviour, our analysis can be used to perform a quantitative verification of the temporal properties while considering mobility. We also provide a number of techniques to reduce the state-space explosion problem that is inherent in model checkers. Furthermore, we introduce a policy enforcement mechanism illustrates the practical viability of our models and discusses potential challenges with possible solutions. Specifically, we propose an event-based architecture for enforcing spatio-temporal
access control and demonstrate its feasibility by developing a prototype. We also provide a number of protocols for granting and revoking
access and formally analyze these protocols in order to provide assurance that our proposed architecture is indeed secure.
Advisors/Committee Members: Ray, Indrakshi (advisor), France, Robert (committee member), Ray, Indrajit (committee member), Turk, Daniel (committee member).
Subjects/Keywords: access control; access control protocol; computer security; enforcement; policy model; RBAC
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Abdunabi, R. (2013). Access control framework for mobile applications, An. (Doctoral Dissertation). Colorado State University. Retrieved from http://hdl.handle.net/10217/78814
Chicago Manual of Style (16th Edition):
Abdunabi, Ramadan. “Access control framework for mobile applications, An.” 2013. Doctoral Dissertation, Colorado State University. Accessed March 01, 2021.
http://hdl.handle.net/10217/78814.
MLA Handbook (7th Edition):
Abdunabi, Ramadan. “Access control framework for mobile applications, An.” 2013. Web. 01 Mar 2021.
Vancouver:
Abdunabi R. Access control framework for mobile applications, An. [Internet] [Doctoral dissertation]. Colorado State University; 2013. [cited 2021 Mar 01].
Available from: http://hdl.handle.net/10217/78814.
Council of Science Editors:
Abdunabi R. Access control framework for mobile applications, An. [Doctoral Dissertation]. Colorado State University; 2013. Available from: http://hdl.handle.net/10217/78814
University of North Texas
24.
Narouei, Masoud.
A Top-Down Policy Engineering Framework for Attribute-Based Access Control.
Degree: 2020, University of North Texas
URL: https://digital.library.unt.edu/ark:/67531/metadc1703379/
► The purpose of this study is to propose a top-down policy engineering framework for attribute-based access control (ABAC) that aims to automatically extract ACPs from…
(more)
▼ The purpose of this study is to propose a top-down policy engineering framework for attribute-based
access control (ABAC) that aims to automatically extract ACPs from requirement specifications documents, and then, using the extracted policies, build or update an ABAC model. We specify a procedure that consists of three main components: 1) ACP sentence identification, 2) policy element extraction, and 3) ABAC model creation and update. ACP sentence identification processes unrestricted natural language documents and identify the sentences that carry ACP content. We propose and compare three different methodologies from different disciplines, namely deep recurrent neural networks (RNN-based), biological immune system (BIS-based), and a combination of multiple natural language processing techniques (PMI-based) in order to identify the proper methodology for extracting ACP sentences from irrelevant text. Our evaluation results improve the state-of-the-art by a margin of 5% F1-Measure. To aid future research, we also introduce a new dataset that includes 5000 sentences from real-world policy documents. ABAC policy extraction extracts ACP elements such as
subject, object, and action from the identified ACPs. We use semantic roles and correctly identify ACP elements with an average F1 score of 75%, which bests the previous work by 15%. Furthermore, as SRL tools are often trained on publicly available corpora such as Wall Street Journal, we investigate the idea of improving SRL performance using domain-related knowledge. We utilize domain adaptation and semi-supervised learning techniques and improve the SRL performance by 2% using only a small amount of
access control data. The third component, ABAC model creation and update, builds a new ABAC model or updates an existing one using the extracted ACP elements. For this purpose, we present an efficient methodology based on a particle swarm optimization algorithm for solving ABAC policy mining with minimal perturbation. Experimental results demonstrate that the proposed methodology generates much less complex policies than previous works using the same realistic case studies. Furthermore, we perform experiments on how to find an ABAC state as similar as possible to both the existing state and the optimal state. Part of the data utilized in this study was collected from the University of North Texas Policy Office, as well as policy documents from the university of North Texas Health Science Center, for the school years 2015-2016 through 2016-2017.
Advisors/Committee Members: Blanco, Eduardo, Takabi, Hassan, Nielsen, Rodney, Do, Hyunsook.
Subjects/Keywords: Attribute-based Access Control; Policy Engineering; Access Control Policy
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
Rochester Institute of Technology
25.
Alshehri, Suhair.
Toward Effective Access Control Using Attributes and Pseudoroles.
Degree: PhD, Computer Science (GCCIS), 2014, Rochester Institute of Technology
URL: https://scholarworks.rit.edu/theses/7938
► Sharing of information is fundamental to modern computing environments across many application domains. Such information sharing, however, raises security and privacy concerns that require…
(more)
▼ Sharing of information is fundamental to modern computing environments across many application domains. Such information sharing, however, raises security and privacy concerns that require effective
access control to prevent unauthorized
access and ensure compliance with various laws and regulations. Current approaches such as Role-Based
Access Control (RBAC), and Attribute-Based
Access Control (ABAC) and their variants are inadequate. Although it provides simple administration of
access control and user revocation and permission review, RBAC demands complex initial role engineering and makes
access control static. ABAC, on the other hand, simplifies initial security setup and enables flexible
access control, but increases the complexity of managing privileges, user revocation and user permissions review. These limitations of RBAC and ABAC have thus motivated research into the development of newer models that use attributes and policies while preserving RBAC's advantages.
This dissertation explores the role of attributes – characteristics of entities in the system – in achieving effective
access control. The first contribution of this dissertation is the design and development of a secure
access system using Ciphertext-Policy Attribute-Based Encryption (CP-ABE). The second contribution is the design and validation of a two-step
access control approach, the BiLayer
Access Control (BLAC) model. The first layer in BLAC checks whether subjects making
access requests have the right BLAC pseudoroles – a pseudorole is a predefined subset of a
subject's static attributes. If requesting subjects hold the right pseudoroles, the second layer checks rule(s) within associated BLAC policies for further constraints on
access. BLAC thus makes use of attributes effectively while preserving RBAC's advantages. The dissertation's third contribution is the design and definition of an evaluation framework for time complexity analysis, and uses this framework to compare BLAC model with RBAC and ABAC. The fourth contribution is the design and construction of a generic
access control threat model, and applying it to assess the effectiveness of BLAC, RBAC and ABAC in mitigating insider threats.
Advisors/Committee Members: Rajendra K. Raj.
Subjects/Keywords: Access control; Attribute-based access control; Fine-grained access control; Information security; Role-based security; Security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Alshehri, S. (2014). Toward Effective Access Control Using Attributes and Pseudoroles. (Doctoral Dissertation). Rochester Institute of Technology. Retrieved from https://scholarworks.rit.edu/theses/7938
Chicago Manual of Style (16th Edition):
Alshehri, Suhair. “Toward Effective Access Control Using Attributes and Pseudoroles.” 2014. Doctoral Dissertation, Rochester Institute of Technology. Accessed March 01, 2021.
https://scholarworks.rit.edu/theses/7938.
MLA Handbook (7th Edition):
Alshehri, Suhair. “Toward Effective Access Control Using Attributes and Pseudoroles.” 2014. Web. 01 Mar 2021.
Vancouver:
Alshehri S. Toward Effective Access Control Using Attributes and Pseudoroles. [Internet] [Doctoral dissertation]. Rochester Institute of Technology; 2014. [cited 2021 Mar 01].
Available from: https://scholarworks.rit.edu/theses/7938.
Council of Science Editors:
Alshehri S. Toward Effective Access Control Using Attributes and Pseudoroles. [Doctoral Dissertation]. Rochester Institute of Technology; 2014. Available from: https://scholarworks.rit.edu/theses/7938
University of Utah
26.
Joseph, Jithu.
Cenet – capability enabled networking: towards least-privileged networking.
Degree: MSin Computer Science, School of Computing, 2015, University of Utah
URL: http://content.lib.utah.edu/cdm/singleitem/collection/etd3/id/3990/rec/409
► In today's IP networks, any host can send packets to any other host irrespective of whether the recipient is interested in communicating with the sender…
(more)
▼ In today's IP networks, any host can send packets to any other host irrespective of whether the recipient is interested in communicating with the sender or not. The downside of this openness is that every host is vulnerable to an attack by any other host. We ob- serve that this unrestricted network access (network ambient authority) from compromised systems is also a main reason for data exfiltration attacks within corporate networks. We address this issue using the network version of capability based access control. We bring the idea of capabilities and capability-based access control to the domain of networking. CeNet provides policy driven, fine-grained network level access control enforced in the core of the network (and not at the end-hosts) thereby removing network ambient authority. Thus CeNet is able to limit the scope of spread of an attack from a compromised host to other hosts in the network. We built a capability-enabled SDN network where communication privileges of an endpoint are limited according to its function in the network. Network capabilities can be passed between hosts, thereby allowing a delegation-oriented security policy to be realized. We believe that this base functionality can pave the way for the realization of sophisticated security policies within an enterprise network. Further we built a policy manager that is able to realize Role-Based Access Control (RBAC) policy based network access control using capability operations. We also look at some of the results of formal analysis of capability propagation models in the context of networks.
Subjects/Keywords: Access control in SDN; Capability based access control; Network access control; Network security; Security; Software defined networks
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Joseph, J. (2015). Cenet – capability enabled networking: towards least-privileged networking. (Masters Thesis). University of Utah. Retrieved from http://content.lib.utah.edu/cdm/singleitem/collection/etd3/id/3990/rec/409
Chicago Manual of Style (16th Edition):
Joseph, Jithu. “Cenet – capability enabled networking: towards least-privileged networking.” 2015. Masters Thesis, University of Utah. Accessed March 01, 2021.
http://content.lib.utah.edu/cdm/singleitem/collection/etd3/id/3990/rec/409.
MLA Handbook (7th Edition):
Joseph, Jithu. “Cenet – capability enabled networking: towards least-privileged networking.” 2015. Web. 01 Mar 2021.
Vancouver:
Joseph J. Cenet – capability enabled networking: towards least-privileged networking. [Internet] [Masters thesis]. University of Utah; 2015. [cited 2021 Mar 01].
Available from: http://content.lib.utah.edu/cdm/singleitem/collection/etd3/id/3990/rec/409.
Council of Science Editors:
Joseph J. Cenet – capability enabled networking: towards least-privileged networking. [Masters Thesis]. University of Utah; 2015. Available from: http://content.lib.utah.edu/cdm/singleitem/collection/etd3/id/3990/rec/409
Nelson Mandela Metropolitan University
27.
Mogale, Miemie.
Information security assurance model for an examination paper preparation process in a higher education institution.
Degree: Faculty of Engineering, the Built Environment and Information Technology, 2016, Nelson Mandela Metropolitan University
URL: http://hdl.handle.net/10948/8509
► In today’s business world, information has become the driving force of organizations. With organizations transmitting large amounts of information to various geographical locations, it is…
(more)
▼ In today’s business world, information has become the driving force of organizations. With organizations transmitting large amounts of information to various geographical locations, it is imperative that organizations ensure the protection of their valuable commodity. Organizations should ensure that only authorized individuals receive, view and alter the information. This is also true to Higher Education Institutions (HEIs), which need to protect its examination papers, amongst other valuable information. With various threats waiting to take advantage of the examination papers, HEIs need to be prepared by equipping themselves with an information security management system (ISMS), in order to ensure that the process of setting examination papers is secure, and protects the examination papers within the process. An ISMS will ensure that all information security aspects are considered and addressed in order to provide appropriate and adequate protection for the examination papers. With the assistance of information security concepts and information security principles, the ISMS can be developed, in order to secure the process of preparing examination papers; in order to protect the examination papers from potential risks. Risk assessment form part of the ISMS, and is at the centre of any security effort; reason being that to secure an information environment, knowing and understanding the risks is imperative. Risks pertaining to that particular environment need to be assessed in order to deal with those appropriately. In addition, very important to any security effort is ensuring that employees working with the valuable information are made aware of these risks, and can be able to protect the information. Therefore, the role players (within the examination paper preparation process (EPPP)) who handle the examination papers on a daily basis have to be equipped with means of handling valuable information in a secure manner. Some of the role players’ behaviour and practices while handling the information could be seen as vulnerabilities that could be exploited by threats, resulting in the compromise in the CIA of the information. Therefore, it is imperative that role players are made aware of their practices and iv behaviour that could result in a negative impact for the institution. This awareness forms part and is addressed in the ISMS.
Subjects/Keywords: Computer security – Management – Examinations; Computers – Access control
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Mogale, M. (2016). Information security assurance model for an examination paper preparation process in a higher education institution. (Thesis). Nelson Mandela Metropolitan University. Retrieved from http://hdl.handle.net/10948/8509
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Mogale, Miemie. “Information security assurance model for an examination paper preparation process in a higher education institution.” 2016. Thesis, Nelson Mandela Metropolitan University. Accessed March 01, 2021.
http://hdl.handle.net/10948/8509.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Mogale, Miemie. “Information security assurance model for an examination paper preparation process in a higher education institution.” 2016. Web. 01 Mar 2021.
Vancouver:
Mogale M. Information security assurance model for an examination paper preparation process in a higher education institution. [Internet] [Thesis]. Nelson Mandela Metropolitan University; 2016. [cited 2021 Mar 01].
Available from: http://hdl.handle.net/10948/8509.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Mogale M. Information security assurance model for an examination paper preparation process in a higher education institution. [Thesis]. Nelson Mandela Metropolitan University; 2016. Available from: http://hdl.handle.net/10948/8509
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Carnegie Mellon University
28.
Sleeper, Manya.
Everyday Online Sharing.
Degree: 2016, Carnegie Mellon University
URL: http://repository.cmu.edu/dissertations/881
► People make a range of everyday decisions about how and whether to share content with different people, across different platforms and services, during a variety…
(more)
▼ People make a range of everyday decisions about how and whether to share content with different people, across different platforms and services, during a variety of tasks. These sharing decisions can encompass complex preferences and a variety of access-control dimensions. In this thesis I examine potential methods for improving sharing mechanisms by better understanding the everyday online sharing environment and evaluating a potential sharing tool. I first present two studies that explore how current sharing mechanisms may fall short on social networking sites, leading to suboptimal outcomes such as regret or self censorship. I discuss the implications of these suboptimal outcomes for the design of behavioral nudging tools and the potential for improving the design of selective-sharing mechanisms. I then draw on a third study to explore the broader “ecosystem” of available channels created by the services and platforms people move between and combine to share content in everyday contexts. I examine the role of selective-sharing features in the broader audience-driven and task-driven dynamics that drive sharing decisions in this environment. I discuss the implications of channel choice and dynamics for the design of selective-sharing mechanisms. Using insights from current shortfalls and ecosystem-level dynamics I then present a fourth study examining the potential for adding topic-driven sharing mechanisms to Facebook. I use design mockups and a lab-based interview to explore participants’ hypothetical use cases for such mechanisms. I find that these mechanisms could potentially be useful in a variety of situations, but successful implementation would require accounting for privacy requirements and users’ sharing strategies.
Subjects/Keywords: usability; privacy; social networking sites; access control
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Sleeper, M. (2016). Everyday Online Sharing. (Thesis). Carnegie Mellon University. Retrieved from http://repository.cmu.edu/dissertations/881
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Sleeper, Manya. “Everyday Online Sharing.” 2016. Thesis, Carnegie Mellon University. Accessed March 01, 2021.
http://repository.cmu.edu/dissertations/881.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Sleeper, Manya. “Everyday Online Sharing.” 2016. Web. 01 Mar 2021.
Vancouver:
Sleeper M. Everyday Online Sharing. [Internet] [Thesis]. Carnegie Mellon University; 2016. [cited 2021 Mar 01].
Available from: http://repository.cmu.edu/dissertations/881.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Sleeper M. Everyday Online Sharing. [Thesis]. Carnegie Mellon University; 2016. Available from: http://repository.cmu.edu/dissertations/881
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Nelson Mandela Metropolitan University
29.
Deas, Matthew Burns.
Towards a user centric model for identity and access management within the online environment.
Degree: Faculty of Engineering, the Built Environment and Information Technology, 2008, Nelson Mandela Metropolitan University
URL: http://hdl.handle.net/10948/775
► Today, one is expected to remember multiple user names and passwords for different domains when one wants to access on the Internet. Identity management seeks…
(more)
▼ Today, one is expected to remember multiple user names and passwords for different domains when one wants to access on the Internet. Identity management seeks to solve this problem through creating a digital identity that is exchangeable across organisational boundaries. Through the setup of collaboration agreements between multiple domains, users can easily switch across domains without being required to sign in again. However, use of this technology comes with risks of user identity and personal information being compromised. Criminals make use of spoofed websites and social engineering techniques to gain illegal access to user information. Due to this, the need for users to be protected from online threats has increased. Two processes are required to protect the user login information at the time of sign-on. Firstly, user’s information must be protected at the time of sign-on, and secondly, a simple method for the identification of the website is required by the user. This treatise looks at the process for identifying and verifying user information, and how the user can verify the system at sign-in. Three models for identity management are analysed, namely the Microsoft .NET Passport, Liberty Alliance Federated Identity for Single Sign-on and the Mozilla TrustBar for system authentication.
Subjects/Keywords: Computers – Access control; Computer networks – Security measures
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Deas, M. B. (2008). Towards a user centric model for identity and access management within the online environment. (Thesis). Nelson Mandela Metropolitan University. Retrieved from http://hdl.handle.net/10948/775
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Deas, Matthew Burns. “Towards a user centric model for identity and access management within the online environment.” 2008. Thesis, Nelson Mandela Metropolitan University. Accessed March 01, 2021.
http://hdl.handle.net/10948/775.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Deas, Matthew Burns. “Towards a user centric model for identity and access management within the online environment.” 2008. Web. 01 Mar 2021.
Vancouver:
Deas MB. Towards a user centric model for identity and access management within the online environment. [Internet] [Thesis]. Nelson Mandela Metropolitan University; 2008. [cited 2021 Mar 01].
Available from: http://hdl.handle.net/10948/775.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Deas MB. Towards a user centric model for identity and access management within the online environment. [Thesis]. Nelson Mandela Metropolitan University; 2008. Available from: http://hdl.handle.net/10948/775
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Cornell University
30.
Bender, Gabriel.
Reasoning About Information Disclosure In Relational Databases.
Degree: PhD, Computer Science, 2014, Cornell University
URL: http://hdl.handle.net/1813/38815
► Companies and organizations collect and use vast troves of sensitive user data whose release must be carefully controlled. In practice, the access policies that govern…
(more)
▼ Companies and organizations collect and use vast troves of sensitive user data whose release must be carefully controlled. In practice, the
access policies that govern this data are often fine-grained, complex, poorly documented, and difficult to reason about. These issues make it easy for principals to accidentally request and be granted
access to data they never use. To encourage developers and administrators to use security mechanisms more effectively, we propose a novel security model in which all security decisions are formally explainable. Whether a query is accepted or denied, the system returns a concise yet formal explanation which can allow the issuer to reformulate a rejected query or adjust his/her security credentials. In order to demonstrate the practical applicability of our approach, we implement and evaluate a disclosure
control system that handles a wide variety of real SQL queries and can accommodate complex policy constraints. Our explainable security model is based on a new theoretical foundation for reasoning about information disclosure in database systems that we call disclosure labeling. Information disclosure is expressed in terms of a set of security views that are defined by a human administrator and reveal types of information that are relevant to the security constraints of the system at hand. Disclosure labeling allows us to precisely characterize which subsets of the security views contain enough information to determine a query's answer; such characterizations form the basis for the explanations generated by our system.
Advisors/Committee Members: Gehrke, Johannes E. (chair), Pass, Rafael N. (committee member), Kozen, Dexter Campbell (committee member).
Subjects/Keywords: Database Security; Access Control; Explainable Security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Bender, G. (2014). Reasoning About Information Disclosure In Relational Databases. (Doctoral Dissertation). Cornell University. Retrieved from http://hdl.handle.net/1813/38815
Chicago Manual of Style (16th Edition):
Bender, Gabriel. “Reasoning About Information Disclosure In Relational Databases.” 2014. Doctoral Dissertation, Cornell University. Accessed March 01, 2021.
http://hdl.handle.net/1813/38815.
MLA Handbook (7th Edition):
Bender, Gabriel. “Reasoning About Information Disclosure In Relational Databases.” 2014. Web. 01 Mar 2021.
Vancouver:
Bender G. Reasoning About Information Disclosure In Relational Databases. [Internet] [Doctoral dissertation]. Cornell University; 2014. [cited 2021 Mar 01].
Available from: http://hdl.handle.net/1813/38815.
Council of Science Editors:
Bender G. Reasoning About Information Disclosure In Relational Databases. [Doctoral Dissertation]. Cornell University; 2014. Available from: http://hdl.handle.net/1813/38815
◁ [1] [2] [3] [4] [5] … [36] ▶
. 
Open Access Theses and Dissertations