Dissertationen zum Thema „Access control“
Geben Sie eine Quelle nach APA, MLA, Chicago, Harvard und anderen Zitierweisen an
Machen Sie sich mit Top-50 Dissertationen für die Forschung zum Thema "Access control" bekannt.
Neben jedem Werk im Literaturverzeichnis ist die Option "Zur Bibliographie hinzufügen" verfügbar. Nutzen Sie sie, wird Ihre bibliographische Angabe des gewählten Werkes nach der nötigen Zitierweise (APA, MLA, Harvard, Chicago, Vancouver usw.) automatisch gestaltet.
Sie können auch den vollen Text der wissenschaftlichen Publikation im PDF-Format herunterladen und eine Online-Annotation der Arbeit lesen, wenn die relevanten Parameter in den Metadaten verfügbar sind.
Sehen Sie die Dissertationen für verschiedene Spezialgebieten durch und erstellen Sie Ihre Bibliographie auf korrekte Weise.
SILVESTRE, BRUNO OLIVEIRA. „INTERINSTITUTIONAL ACCESS: AUTHENTICATION AND ACCESS CONTROL“. PONTIFÍCIA UNIVERSIDADE CATÓLICA DO RIO DE JANEIRO, 2005. http://www.maxwell.vrac.puc-rio.br/Busca_etds.php?strSecao=resultado&nrSeq=6619@1.
Der volle Inhalt der QuelleO uso de computação distribuída vem expandindo seu escopo, saindo de aplicações em redes locais para aplicações envolvendo diversas instituições. Em termos de segurança, essa expansão introduz desafios em identificar usuários oriundos das diferentes organizações e definir seus direitos de acesso a determinado recurso. Abordagens comuns adotam a replicação do cadastro dos usuários pelas diversas instituições ou o compartilhamente de uma mesma identidade por um conjunto de usuários. Entretanto, essas estratégias apresentam deficiências, demandando, por exemplo, maior esforço de gerência por parte dos administradores e até esbarrando em políticas de privacidade. Neste trabalho propomos uma arquitetura que utiliza o conceito de papéis para a autenticação e o controle de acesso entre diferentes instituições. Baseado em uma relação de confiança entre as organizações, a arquitetura permite que os usuários sejam autenticados na instituições onde estão afiliados e utiliza o papel por eles desempenhados para controlar o acesso aos recursos disponibilizados pelas demais organizações.
Distributed computing has been expanding its scope from local area network applications to wide-area applications, involving different organizations. This expansion implies in several new security challenges, such as the identification of users originating from different organizations and the definition of their access rights. Commom aproaches involve replicating user data in several institutions or sharing identities among sets of users. However, these approaches have several limitations, sucj as the increased management effort of administrators or problems with privacy policies. This work proposes a framework for inter-institucional authentication. The framework is based on the concepts of RBAC (role-based access control) and of trust between organizations.
Atkins, Derek A. (Derek Allan). „Media Bank--access and access control“. Thesis, Massachusetts Institute of Technology, 1995. http://hdl.handle.net/1721.1/61086.
Der volle Inhalt der QuelleMay, Brian 1975. „Scalable access control“. Monash University, School of Computer Science and Software, 2001. http://arrow.monash.edu.au/hdl/1959.1/8043.
Der volle Inhalt der Quellede, la Motte L. „Professional Access Control“. Thesis, Honours thesis, University of Tasmania, 2004. https://eprints.utas.edu.au/118/1/front_Thesis.pdf.
Der volle Inhalt der QuelleHoppenstand, Gregory S. „Secure access control with high access precision/“. Thesis, Monterey, California. Naval Postgraduate School, 1988. http://hdl.handle.net/10945/23386.
Der volle Inhalt der QuelleMagnussen, Gaute, und Stig Stavik. „Access Control in Heterogenous Health Care Systems : A comparison of Role Based Access Control Versus Decision Based Access Control“. Thesis, Norwegian University of Science and Technology, Department of Computer and Information Science, 2006. http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-9295.
Der volle Inhalt der QuelleRole based access control (RBAC) is widely used in health care systems today. Some of the biggest systems in use at Norwegian hospitals utilizes role based integration. The basic concept of RBAC is that users are assigned to roles, permissions are assigned to roles and users acquire permissions by being members of roles. An alternative approach to the role based access distribution, is that information should be available only to those who are taking active part in a patients treatment. This approach is called decision based access control (DBAC). While some RBAC implementations grant access to a groups of people by ward, DBAC ensures that access to relevant parts of the patients medical record is given for treatment purposes regardless of which department the health care worker belongs to. Until now the granularity which the legal framework describes has been difficult to follow. The practical approach has been to grant access to entire wards or organizational units in which the patient currently resides. Due to the protection of personal privacy, it is not acceptable that any medical record is available to every clinician at all times. The most important reason to implement DBAC where RBAC exists today, is to get an access control model that is more dynamic. The users should have the access they need to perform their job at all times, but not more access than needed. With RBAC, practice has shown that it is very hard to make dynamic access rules when properties such as time and tasks of an employees work change. This study reveals that pretty much all security measures in the RBAC systems can be overridden by the use of emergency access features. These features are used extensively in everyday work at the hospitals, and thereby creates a security risk. At the same time conformance with the legal framework is not maintained. Two scenarios are simulated in a fictional RBAC and DBAC environment in this report. The results of the simulation show that a complete audit of the logs containing access right enhancements in the RBAC environment is unfeasible at a large hospital, and even checking a few percent of the entries is also a very large job. Changing from RBAC to DBAC would probably affect this situation to the better. Some economical advantages are also pointed out. If a change is made, a considerable amount of time that is used by health care workers to unblock access to information they need in their everyday work will be saved.
Macfie, Alex. „Semantic role-based access control“. Thesis, University of Westminster, 2014. https://westminsterresearch.westminster.ac.uk/item/964y2/semantic-role-based-access-control.
Der volle Inhalt der QuelleSchmidt, Ronald. „Distributed Access Control System“. Universitätsbibliothek Chemnitz, 2001. http://nbn-resolving.de/urn:nbn:de:bsz:ch1-200100336.
Der volle Inhalt der QuelleKnight, G. S. „Scenario-based access control“. Thesis, National Library of Canada = Bibliothèque nationale du Canada, 2000. http://www.collectionscanada.ca/obj/s4/f2/dsk1/tape3/PQDD_0021/NQ54421.pdf.
Der volle Inhalt der QuelleLukefahr, Joseph W. „Service-oriented access control“. Thesis, Monterey, California: Naval Postgraduate School, 2014. http://hdl.handle.net/10945/43948.
Der volle Inhalt der QuelleAs networks grow in complexity and data breaches become more costly, network administrators need better tools to help design networks that provide service-level availability while restricting unauthorized access. Current research, specifically in declarative network management, has sought to address this problem but fails to bridge the gap between service-level requirements and low-level configuration directives. We introduce service-oriented access control, an approach that frames the problem in terms of maintaining service-level paths between users and applications. We show its use in several scenarios involving tactical networks typically seen in the military’s field artillery community.
Aktoudianakis, Evangelos. „Relationship based access control“. Thesis, University of Surrey, 2016. http://epubs.surrey.ac.uk/809642/.
Der volle Inhalt der QuelleWithrow, Gary W. „An access control middleware application“. [Denver, Colo.] : Regis University, 2006. http://165.236.235.140/lib/GWithrow2006.pdf.
Der volle Inhalt der QuellePrasai, Sandesh. „Access control of NUTS uplink“. Thesis, Norges teknisk-naturvitenskapelige universitet, Institutt for telematikk, 2012. http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-19209.
Der volle Inhalt der QuelleFisher, Craig. „Network access control disruptive technology? /“. [Denver, Colo.] : Regis University, 2008. http://165.236.235.140/lib/JFisher2007.pdf.
Der volle Inhalt der QuelleGeshan, Susan Carol. „Signature verification for access control“. Thesis, Monterey, California. Naval Postgraduate School, 1991. http://hdl.handle.net/10945/28533.
Der volle Inhalt der QuelleO'Shea, Gregory Francis Gerard. „Access control in operating systems“. Thesis, Birkbeck (University of London), 1998. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.301025.
Der volle Inhalt der QuelleKlingsbo, Lukas. „Access Control for CDN Assets“. Thesis, Uppsala universitet, Institutionen för informationsteknologi, 2016. http://urn.kb.se/resolve?urn=urn:nbn:se:uu:diva-302091.
Der volle Inhalt der QuelleKlöck, Clemens. „Auction-based Medium Access Control“. [S.l. : s.n.], 2007. http://digbib.ubka.uni-karlsruhe.de/volltexte/1000007323.
Der volle Inhalt der QuelleHermansson, Rickard, und Johan Hellström. „Discretionary Version Control : Access Control for Versionable Documents“. Thesis, KTH, Skolan för teknik och hälsa (STH), 2014. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-152815.
Der volle Inhalt der QuelleAtt enkelt dela dokument med arbetskollegor är något alla företag har ett behov utav.Ofta är dessa dokument interna och skall hållas inom företaget. Även inom företagetkan det finnas behov av att styra vem som har rätt att läsa ellerrevidera dokumenten.Denna examensarbetesrapport beskriver olika tekniker ochmodeller för accesskon-troll, versionshantering och distribution som kan användas för att implementera ettsystem som kan lösa de nämnda problemen.Ett av kraven för systemet var ett användargränssnitt där användare kan ladda upp ochned sina dokument. Ytterligare krav var att systemet skulleversionshantera dokumenetenoch att användare skall kunna komma åt de olika versionerna.Systemet skulle ocksåkunna hantera åtkomstkontroll på dokumentnivå, något denna examensrapport definerarsom "fine grained access control".För att designa ett sådant system så utredes och utvärderades olika tekniker kringåtkomstkontroll och versionshantering samt distributionav dokumenten. För att testasystemet så utvecklads en prototyp baserad på de valda lösningsmetoderna.Den resulterande prototypen uppfyllde de mål som Nordicstation satte för projektet,dock endast med grundläggande funktionalitet. Stöd för atthämta olika versioner avdokument, kontrollera access till dokumentet nere på dokument nivå och ett webbaseratgränssnitt för att administrera dokumenten.
Røstad, Lillian. „Access Control in Healthcare Information Systems“. Doctoral thesis, Norges teknisk-naturvitenskapelige universitet, Institutt for datateknikk og informasjonsvitenskap, 2009. http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-5130.
Der volle Inhalt der QuelleLi, Cheng. „Fluid model for access control mechanism“. Thesis, University of Ottawa (Canada), 2004. http://hdl.handle.net/10393/26691.
Der volle Inhalt der QuelleFransson, Linda, und Therese Jeansson. „Biometric methods and mobile access control“. Thesis, Blekinge Tekniska Högskola, Avdelningen för programvarusystem, 2004. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-5023.
Der volle Inhalt der QuelleAndersson, Fredrik, und Stefan Hagström. „Dynamic identities for flexible access control“. Thesis, Blekinge Tekniska Högskola, Avdelningen för programvarusystem, 2005. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-5310.
Der volle Inhalt der QuelleBoberg, Hannes. „Designing and comparing access control systems“. Thesis, Linköpings universitet, Programvara och system, 2016. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-131855.
Der volle Inhalt der QuelleWong, Tung Chong. „Wireless ATM network access and control“. Thesis, National Library of Canada = Bibliothèque nationale du Canada, 1999. http://www.collectionscanada.ca/obj/s4/f2/dsk1/tape7/PQDD_0005/NQ44781.pdf.
Der volle Inhalt der QuelleSadighi, Firozabadi Seyd Babak. „Decentralised privilege management for access control“. Thesis, Imperial College London, 2005. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.424362.
Der volle Inhalt der QuelleBarker, Steven Graham. „Database access control by logic planning“. Thesis, Imperial College London, 2003. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.408732.
Der volle Inhalt der QuelleBelokosztolszki, András. „Role-based access control policy administration“. Thesis, University of Cambridge, 2004. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.615798.
Der volle Inhalt der QuellePang, Kenneth K. (Kenneth Kwok Kit) 1976. „Fine-grained event-based access control“. Thesis, Massachusetts Institute of Technology, 1998. http://hdl.handle.net/1721.1/47532.
Der volle Inhalt der QuelleIncludes bibliographical references (leaf 46).
by Kenneth K. Pang.
B.S.
M.Eng.
Allen, Steven D. M. Eng Massachusetts Institute of Technology. „DRACL (Decentralized resource access control list)“. Thesis, Massachusetts Institute of Technology, 2016. http://hdl.handle.net/1721.1/112855.
Der volle Inhalt der QuelleCataloged from PDF version of thesis.
Includes bibliographical references (pages 132-135).
DRACL is a privacy-preserving, scalable, secure, and developer and user friendly federated access control system. It allows producers to manage, through a single authentication provider, which consumers can access what content across all content hosts that support the DRACL protocol. It preserves user privacy by not revealing the producers' social networks to content hosts and consumers and allowing content consumers to access content anonymously. Unlike existing solutions, DRACL is federated (cf. Facebook Connect, Google Sign-In), does not have a single point of failure (cf. Mozilla Persona, OpenID), and does not reveal its producers' social networks to content hosts (cf. Facebook Connect's user_friends permission).
by Steven D. Allen.
M. Eng.
Zhu, Jian. „Access Control for Cross Organizational Collaboration“. University of Dayton / OhioLINK, 2012. http://rave.ohiolink.edu/etdc/view?acc_num=dayton1334690364.
Der volle Inhalt der QuelleYang, Naikuo. „Formalism of privacy preserving access control“. Thesis, University of Manchester, 2011. https://www.research.manchester.ac.uk/portal/en/theses/formalism-of-privacy-preserving-access-control(ea4a3d37-fcd9-471b-a33e-7414c315aad9).html.
Der volle Inhalt der QuelleZhao, Yining. „Behavioural access control in distributed environments“. Thesis, University of York, 2013. http://etheses.whiterose.ac.uk/4640/.
Der volle Inhalt der QuelleSvetlana, Jakšić. „Types for Access and Memory Control“. Phd thesis, Univerzitet u Novom Sadu, Fakultet tehničkih nauka u Novom Sadu, 2016. https://www.cris.uns.ac.rs/record.jsf?recordId=101762&source=NDLTD&language=en.
Der volle Inhalt der QuelleУ тези су разматрана три проблема. Први је администрација и контролаправа приступа података у рачунарској мрежи са XML подацима, санагласком на безбедости посматраних података. Други је администрација икотрола права приступа подацима у рачунарској мрежи са RDF подацима,са нагласком на приватности посматраних података. Трећи је превенцијагрешака и цурења меморије, као и грешака у комуникацији генерисанимпрограмима написаних на језику Sing# у којима су присутни изузеци. За сватри проблема биће предложени формални модели и одговарајући типскисистеми помоћу којих се показује одсуство неповољних понашања тј.грешака у мрежама односно програмима.
U tezi su razmatrana tri problema. Prvi je administracija i kontrolaprava pristupa podataka u računarskoj mreži sa XML podacima, sanaglaskom na bezbedosti posmatranih podataka. Drugi je administracija ikotrola prava pristupa podacima u računarskoj mreži sa RDF podacima,sa naglaskom na privatnosti posmatranih podataka. Treći je prevencijagrešaka i curenja memorije, kao i grešaka u komunikaciji generisanimprogramima napisanih na jeziku Sing# u kojima su prisutni izuzeci. Za svatri problema biće predloženi formalni modeli i odgovarajući tipskisistemi pomoću kojih se pokazuje odsustvo nepovoljnih ponašanja tj.grešaka u mrežama odnosno programima.
Salim, Farzad. „Approaches to access control under uncertainty“. Thesis, Queensland University of Technology, 2012. https://eprints.qut.edu.au/58408/1/Farzad_Salim_Thesis.pdf.
Der volle Inhalt der QuelleFerreira, Ana. „Modelling access control for healthcare information systems : how to control access through policies, human processes and legislation“. Thesis, University of Kent, 2010. https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.529399.
Der volle Inhalt der QuelleJensen, Torstein, und Knut Halvor Larsen. „Developing Patient Controlled Access : An Access Control Model for Personal Health Records“. Thesis, Norwegian University of Science and Technology, Department of Computer and Information Science, 2007. http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-9597.
Der volle Inhalt der QuelleThe health and social care sector has a continuous growth in the use of information technology. With more and more information about the patient stored in different systems by different health care actors, information sharing is a key to better treatment. The introduction of the personal health record aims at making this treatment process easier. In addition to being able to share information to others, the patients can also take a more active part in their treatment by communicating with participants through the system. As the personal health record is owned and controlled by the patient with assistance from health care actors, one of the keys to success lies in how the patient can control the access to the record. In this master's thesis we have developed an access control model for the personal health record in a Norwegian setting. The development is based on different studies of existing similar solutions and literature. Some of the topics we present are re-introduced from an earlier project. Interviews with potential users have also been a valuable and important source for ideas and inspiration, especially due to the fact that the access control model sets high demands on user-friendliness. As part of the access control model we have also suggested a set of key roles for the personal health record. Through a conceptual implementation we have further shown that the access control model can be implemented. Three different solutions that show the conceptual implementation in the Indivo personal health record have been suggested, using the Extensible Access Control Markup Language as the foundation.
Hu, Wendong. „Medium access control protocols for cognitive radio based dynamics spectrum access networks“. Diss., Restricted to subscribing institutions, 2008. http://proquest.umi.com/pqdweb?did=1580792591&sid=28&Fmt=2&clientId=1564&RQT=309&VName=PQD.
Der volle Inhalt der QuellePan, Su, und 潘甦. „Medium access control in packet CDMA systems“. Thesis, The University of Hong Kong (Pokfulam, Hong Kong), 2004. http://hub.hku.hk/bib/B31245870.
Der volle Inhalt der QuelleHuang, Qing. „An extension to the Android access control framework“. Thesis, Linköpings universitet, Institutionen för datavetenskap, 2011. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-73064.
Der volle Inhalt der QuelleRao, Vikhyath Jaeger Trent. „Dynamic mandatory access control for multiple stakeholders“. [University Park, Pa.] : Pennsylvania State University, 2009. http://etda.libraries.psu.edu/theses/approved/WorldWideIndex/ETD-3963/index.html.
Der volle Inhalt der QuelleCavallero, Sara. „Medium Access Control Protocols for Terahertz Communication“. Master's thesis, Alma Mater Studiorum - Università di Bologna, 2021.
Den vollen Inhalt der Quelle findenBrose, Gerald. „Access control management in distributed object systems“. [S.l. : s.n.], 2001. http://www.diss.fu-berlin.de/2001/203/index.html.
Der volle Inhalt der QuellePorter, Paul A. „Trust Negotiation for Open Database Access Control“. Diss., CLICK HERE for online access, 2006. http://contentdm.lib.byu.edu/ETD/image/etd1311.pdf.
Der volle Inhalt der QuelleBoström, Erik. „Refined Access Control in a Distributed Environment“. Thesis, Linköping University, Department of Electrical Engineering, 2002. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-1020.
Der volle Inhalt der QuelleIn the area of computer network security, standardization work has been conducted for several years. However, the sub area of access control and authorization has so far been left out of major standardizing.
This thesis explores the ongoing standardization for access control and authorization. In addition, areas and techniques supporting access control are investigated. Access control in its basic forms is described to point out the building blocks that always have to be considered when an access policy is formulated. For readers previously unfamiliar with network security a number of basic concepts are presented. An overview of access control in public networks introduces new conditions and points out standards related to access control. None of the found standards fulfills all of our requirements at current date. The overview includes a comparison between competing products, which meet most of the stated conditions.
In parallel with this report a prototype was developed. The purpose of the prototype was to depict how access control could be administered and to show the critical steps in formulating an access policy.
Qazi, Hasham Ud Din. „Comparative Study of Network Access Control Technologies“. Thesis, Linköping University, Department of Computer and Information Science, 2007. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-8971.
Der volle Inhalt der QuelleThis thesis presents a comparative study of four Network Access Control (NAC) technologies; Trusted Network Connect by the Trusted Computing group, Juniper Networks, Inc.’s Unified Access Control, Microsoft Corp.’s Network Access Protection, and Cisco Systems Inc.’s Network Admission Control. NAC is a vision, which utilizes existing solutions and new technologies to provide assurance that any device connecting to a network policy domain is authenticated and is subject to the network’s policy enforcement. Non-compliant devices are isolated until they have been brought back to a complaint status. We compare the NAC technologies in terms of architectural and functional features they provide.
There is a race of NAC solutions in the marketplace, each claiming their own definition and terminology, making it difficult for customers to adopt such a solution, resulting in much uncertainty. The NAC paradigm can be classified into two categories: the first category embraces open standards; the second follows proprietary standards. By selecting these architectures, we cover a representative set of proprietary and open standards-based NAC technologies.
This study concludes that there is a great need for standardization and interoperability of NAC components and that the four major solution proposals that we studied fall short of the desired interoperability. With standards, customers have the choice to adopt solution components from different vendors, selecting, what is commonly referred to as the best of breed. One example for a standard technology that all four NAC technologies that we studied did adopt is the IEEE’s 802.1X port-based access control technology. It is used to control endpoint device access to the network.
One shortcoming that most NAC architectures (with the exception of Trusted Network Connect) have in common, is the lack of a strong root-of-trust. Without it, clients’ compliance measurements cannot be trusted by the policy server whose task is to assess each client’s policy compliance.
Stenbakk, Bjørn-Erik Sæther, und Gunnar René Øie. „Role-Based Information Ranking and Access Control“. Thesis, Norwegian University of Science and Technology, Department of Computer and Information Science, 2005. http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-9236.
Der volle Inhalt der QuelleThis thesis presents a formal role-model based on a combination of approaches towards rolebased access control. This model is used both for access control and information ranking. Purpose: Healthcare information is required by law to be strictly secured. Thus an access control policy is needed, especially when this information is stored in a computer system. Roles, instead of just users, have been used for enforcing access control in computer systems. When a healthcare employee is granted access to information, only the relevant information should be presented by the system, providing better overview and highlighting critical information stored among less important data. The purpose of this thesis is to enable efficiency and quality improvements in healthcare by using IT-solutions that address both access control and information highlighting. Methods: We have developed a formal role model in a previous project. It has been manually tested, and some possible design choices were identified. The project report pointed out that more work was required, in the form of making design choices, implementing a prototype, and extending the model to comply with the Norwegian standard for electronic health records. In preparing this thesis, we reviewed literature about the extensions that we wanted to make to that model. This included deontic logic, delegation and temporal constraints. We made decisions on some of the possible design choices. Some of the topics that were presented in the previous project are also re-introduced in this thesis. The theories are explained through examples, which are later used as a basis for an illustrating scenario. The theory and scenario were used for requirement elicitation for the role-model, and for validating the model. Based on these requirements a formal role-model was developed. To comply with the Norwegian EHR standard the model includes delegation and context based access control. An access control list was also added to allow for patients to limit or deny access to their record information for any individual. To validate the model, we implemented parts of the model in Prolog and tested it with data from the scenario. Results: The test results show rankings for information and controls access to it correctly, thus validating the implemented parts of the model. Other results are a formal model, an executable implementation of parts of the model, recommendations for model design, and the scenario. Conclusions: Using the same role-model for access control and information ranking works, and allows using flexible ways to define policies and information needs.
Garnes, Håvard Husevåg. „Access Control in Multi-Thousand-Machine Datacenters“. Thesis, Norwegian University of Science and Technology, Department of Telematics, 2008. http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-9730.
Der volle Inhalt der QuelleLarge data centers are used for large-scale high-performance tasks that often includes processing and handling sensitive information. It is therefore important to have access control systems that are able to function in large-scale data centers. This thesis looks into existing solutions for the authentication step of access control in large data centers, and analyses how two authentication systems, Kerberos and PKI, will perform when employed on a larger scale, beyond what is normal in a large data center today. The emphasis in the analysis is on possible bottlenecks in the system, computational power spent on access control routines, procedures for administration and key distribution and availability of extension features needed in large scale data center scenarios. Our administration analysis will propose and present possible methods for initial key distribution to new machines in the data center, as well as methods for enrolling new users. We will also propose a method for automatic service instantiation in Kerberos and present a method for service instantiation in PKI. We will look at how the systems handle failed machines in the network, and look at how the systems handle breaches of trusted components. Our performance analysis will show that under given assumptions, both Kerberos and PKI will handle the average load in a hypothetical data center consisting of 100000 machines and 1000 users. We will also see that under an assumed peak load, Kerberos will be able to handle 10000 service requests in under 1 second, whereas the PKI solution would need at least 15 seconds to handle the same number of requests using recommended public key sizes. This means that some programs may need special configurations to work in a PKI system under high load.
Zhuo, Donghui. „On Fine-Grained Access Control for XML“. Thesis, University of Waterloo, 2003. http://hdl.handle.net/10012/1058.
Der volle Inhalt der QuelleBeznosov, Konstantin. „Engineering access control for distributed enterprise applications“. FIU Digital Commons, 2000. http://digitalcommons.fiu.edu/etd/1651.
Der volle Inhalt der Quelle