To see the other types of publications on this topic, follow the link: Access control.

Dissertations / Theses on the topic 'Access control'

Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles

Select a source type:

Consult the top 50 dissertations / theses for your research on the topic 'Access control.'

Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.

You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.

Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.

1

SILVESTRE, BRUNO OLIVEIRA. "INTERINSTITUTIONAL ACCESS: AUTHENTICATION AND ACCESS CONTROL." PONTIFÍCIA UNIVERSIDADE CATÓLICA DO RIO DE JANEIRO, 2005. http://www.maxwell.vrac.puc-rio.br/Busca_etds.php?strSecao=resultado&nrSeq=6619@1.

Full text
Abstract:
COORDENAÇÃO DE APERFEIÇOAMENTO DO PESSOAL DE ENSINO SUPERIOR
O uso de computação distribuída vem expandindo seu escopo, saindo de aplicações em redes locais para aplicações envolvendo diversas instituições. Em termos de segurança, essa expansão introduz desafios em identificar usuários oriundos das diferentes organizações e definir seus direitos de acesso a determinado recurso. Abordagens comuns adotam a replicação do cadastro dos usuários pelas diversas instituições ou o compartilhamente de uma mesma identidade por um conjunto de usuários. Entretanto, essas estratégias apresentam deficiências, demandando, por exemplo, maior esforço de gerência por parte dos administradores e até esbarrando em políticas de privacidade. Neste trabalho propomos uma arquitetura que utiliza o conceito de papéis para a autenticação e o controle de acesso entre diferentes instituições. Baseado em uma relação de confiança entre as organizações, a arquitetura permite que os usuários sejam autenticados na instituições onde estão afiliados e utiliza o papel por eles desempenhados para controlar o acesso aos recursos disponibilizados pelas demais organizações.
Distributed computing has been expanding its scope from local area network applications to wide-area applications, involving different organizations. This expansion implies in several new security challenges, such as the identification of users originating from different organizations and the definition of their access rights. Commom aproaches involve replicating user data in several institutions or sharing identities among sets of users. However, these approaches have several limitations, sucj as the increased management effort of administrators or problems with privacy policies. This work proposes a framework for inter-institucional authentication. The framework is based on the concepts of RBAC (role-based access control) and of trust between organizations.
APA, Harvard, Vancouver, ISO, and other styles
2

Atkins, Derek A. (Derek Allan). "Media Bank--access and access control." Thesis, Massachusetts Institute of Technology, 1995. http://hdl.handle.net/1721.1/61086.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

May, Brian 1975. "Scalable access control." Monash University, School of Computer Science and Software, 2001. http://arrow.monash.edu.au/hdl/1959.1/8043.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

de, la Motte L. "Professional Access Control." Thesis, Honours thesis, University of Tasmania, 2004. https://eprints.utas.edu.au/118/1/front_Thesis.pdf.

Full text
Abstract:
Professional Access Control (PAC) is a self-administrating access control model for professional users which employs a peer review process and oversight by system administrators. It is characterised by the existence of ethical controls on the relationships between the users (those accessing data or granting access privileges to others) and data owners. Investigations revealed that the issue of availability was crucial to users in the hospital domain studied, and that to minimise the administrative burden on system administrators, the users needed to take some of the load. These factors led to the development of the new Trusted Access Control (TAC) model which gives users control. TAC is a fundamental access control model, complementary to the well-known Mandatory Access Control (MAC) and Discretionary Access Control (DAC) models. PAC uses TAC at its core and also incorporates Role Based Access Control (RBAC) and Provision Based Access Control (PBAC). This gives it the flexibility and user-friendliness necessary in the hospital environment, while still providing a high degree of data confidentiality and integrity protection. The required PAC functionality has been built into an Oracle package which can be used by new and existing applications, making it a viable access control solution for complex environments such as hospitals. When enabled workflow applications use the Oracle package, access control is automatically effected behind-the-scene, providing both usability benefits and reduced administrative burden.
APA, Harvard, Vancouver, ISO, and other styles
5

Hoppenstand, Gregory S. "Secure access control with high access precision/." Thesis, Monterey, California. Naval Postgraduate School, 1988. http://hdl.handle.net/10945/23386.

Full text
Abstract:
When classified data of different classifications are stored in a database, it is necessary for a contemporary database system to pass through other classified data to find the properly classified data. Although the user of the system may only see data classified at the user's level, the database system itself has breached the security by bringing the other classified data into the main memory from secondary storage. Additionally, the system is not efficient as it could be because unnecessary material has been retrieved. This is a problem in access precision. This thesis proposes a solution to the access precision and pass-through problems using a database counterpart to the mathematical concept of equivalence relations. Each record of the database contains at least one security attribute (e.g., classification) and the database is divided into compartments of records; Compartments are disjoint sets, where each compartment of records has the same aggregate of security attributes. A suitable database model, the Attribute-Based Data Model, is selected, and an example of implementation is provided. Keywords: Database security; Multilevel security; Computer security. (Theses)
APA, Harvard, Vancouver, ISO, and other styles
6

Magnussen, Gaute, and Stig Stavik. "Access Control in Heterogenous Health Care Systems : A comparison of Role Based Access Control Versus Decision Based Access Control." Thesis, Norwegian University of Science and Technology, Department of Computer and Information Science, 2006. http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-9295.

Full text
Abstract:

Role based access control (RBAC) is widely used in health care systems today. Some of the biggest systems in use at Norwegian hospitals utilizes role based integration. The basic concept of RBAC is that users are assigned to roles, permissions are assigned to roles and users acquire permissions by being members of roles. An alternative approach to the role based access distribution, is that information should be available only to those who are taking active part in a patient’s treatment. This approach is called decision based access control (DBAC). While some RBAC implementations grant access to a groups of people by ward, DBAC ensures that access to relevant parts of the patient’s medical record is given for treatment purposes regardless of which department the health care worker belongs to. Until now the granularity which the legal framework describes has been difficult to follow. The practical approach has been to grant access to entire wards or organizational units in which the patient currently resides. Due to the protection of personal privacy, it is not acceptable that any medical record is available to every clinician at all times. The most important reason to implement DBAC where RBAC exists today, is to get an access control model that is more dynamic. The users should have the access they need to perform their job at all times, but not more access than needed. With RBAC, practice has shown that it is very hard to make dynamic access rules when properties such as time and tasks of an employee’s work change. This study reveals that pretty much all security measures in the RBAC systems can be overridden by the use of emergency access features. These features are used extensively in everyday work at the hospitals, and thereby creates a security risk. At the same time conformance with the legal framework is not maintained. Two scenarios are simulated in a fictional RBAC and DBAC environment in this report. The results of the simulation show that a complete audit of the logs containing access right enhancements in the RBAC environment is unfeasible at a large hospital, and even checking a few percent of the entries is also a very large job. Changing from RBAC to DBAC would probably affect this situation to the better. Some economical advantages are also pointed out. If a change is made, a considerable amount of time that is used by health care workers to unblock access to information they need in their everyday work will be saved.

APA, Harvard, Vancouver, ISO, and other styles
7

Macfie, Alex. "Semantic role-based access control." Thesis, University of Westminster, 2014. https://westminsterresearch.westminster.ac.uk/item/964y2/semantic-role-based-access-control.

Full text
Abstract:
In this thesis we propose two semantic ontological role-based access control (RBAC) reasoning processes. These processes infer user authorisations according to a set of role permission and denial assignments, together with user role assignments. The first process, SO-RBAC (Semantic Ontological Role-Based Access Control) uses OWL-DL to store the ontology, and SWRL to perform reasoning. It is based mainly on RBAC models previously described using Prolog. This demonstrates the feasibility of writing an RBAC model in OWL and performing reasoning inside it, but is still tied closely to descriptive logic concepts, and does not effectively exploit OWL features such as the class hierarchy. To fully exploit the capabilities of OWL, it was necessary to enhance the SO-RBAC model by programming it in OWL-Full. The resulting OWL-Full model, ESO-RBAC (Enhanced Semantic Ontological Role-Based Access Control), uses Jena for performing reasoning, and allows an object-oriented definition of roles and of data items. The definitions of roles as classes, and users as members of classes representing roles, allows user-role assignments to be defined in a way that is natural to OWL. All information relevant to determining authorisations is stored in the ontology. The resulting RBAC model is more flexible than models based on predicate logic and relational database systems. There are three motivations for this research. First, we found that relational database systems do not implement all of the features of RBAC that we modelled in Prolog. Furthermore, implementations of RBAC in database management systems is always vendor-specific, so the user is dependent on a particular vendor's procedures when granting permissions and denials. Second, Prolog and relational database systems cannot naturally represent hierarchical data, which is the backbone of any semantic representation of RBAC models. An RBAC model should be able to infer user authorisations from a hierarchy of both roles and data types, that is, determine permission or denial from not just the type of role (which may include sub-roles), but also the type of data (which may include sub-types). Third, OWL reasoner-enabled ontologies allow us to describe and manipulate the semantics of RBAC differently, and consequently to address the previous two problems efficiently. The contribution of this thesis is twofold. First, we propose semantic ontological reasoning processes, which are domain and implementation independent, and can be run from any distributed computing environment. This can be developed through integrated development environments such as NetBeans and using OWL APIs. Second, we have pioneered a way of exploiting OWL and its reasoners for the purpose of defining and manipulating the semantics of RBAC. Therefore, we automatically infer OWL concepts according to a specific stage that we define in our proposed reasoning processes. OWL ontologies are not static vocabularies of terms and constraints that define the semantics of RBAC. They are repositories of concepts that allow ad-hoc inference, with the ultimate goal in RBAC of granting permissions and denials.
APA, Harvard, Vancouver, ISO, and other styles
8

Schmidt, Ronald. "Distributed Access Control System." Universitätsbibliothek Chemnitz, 2001. http://nbn-resolving.de/urn:nbn:de:bsz:ch1-200100336.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Knight, G. S. "Scenario-based access control." Thesis, National Library of Canada = Bibliothèque nationale du Canada, 2000. http://www.collectionscanada.ca/obj/s4/f2/dsk1/tape3/PQDD_0021/NQ54421.pdf.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Lukefahr, Joseph W. "Service-oriented access control." Thesis, Monterey, California: Naval Postgraduate School, 2014. http://hdl.handle.net/10945/43948.

Full text
Abstract:
Approved for public release; distribution is unlimited
As networks grow in complexity and data breaches become more costly, network administrators need better tools to help design networks that provide service-level availability while restricting unauthorized access. Current research, specifically in declarative network management, has sought to address this problem but fails to bridge the gap between service-level requirements and low-level configuration directives. We introduce service-oriented access control, an approach that frames the problem in terms of maintaining service-level paths between users and applications. We show its use in several scenarios involving tactical networks typically seen in the military’s field artillery community.
APA, Harvard, Vancouver, ISO, and other styles
11

Aktoudianakis, Evangelos. "Relationship based access control." Thesis, University of Surrey, 2016. http://epubs.surrey.ac.uk/809642/.

Full text
Abstract:
Relationship Based Access Control (ReBAC) has emerged as a popular alternative to traditional access control models, such as Role Based Access Control (RBAC) and Attribute Based Access Control (ABAC). However, some of the model's aspects, such as its expression language and delegation abilities have not been studied in depth. Further-more, existing ReBAC models cater to single policy control, thus not taking into account cases were many access control policies might apply to a single access control object. We propose a ReBAC model, set theoretic ReBac (STReBAC), which bases its expression language on set theory. Our model is expressive and exible, catering to the above problems, and able to overcome access control challenges as discussed by popular ReBAC models without needing to alter its formal grammar. Additionally, we extend our model to handle situations where more than one policy applies to the same access control object. To achieve this we have combined our STReBAC model with PTaCL which is an evaluation framework for ABAC. We provide a solution which is compatible with many industrial standards, such as eXtensible Access Control Markup Language (XACML) and Ponder, and formalise techniques used by those very standards to extend our model without sacri�cing its original exibility. As part of our research, we implement a demonstrator that proves how our formal model can be applied to real life industrial problems, whether as a stand alone project or as part of a larger access control mechanism. To demonstrate the above, we implement our model in terms of Application Programming Interface (API)s that are widely used by today's industry. This shows that our STReBAC models can be translated into implementations which are exible and scalable.
APA, Harvard, Vancouver, ISO, and other styles
12

Withrow, Gary W. "An access control middleware application." [Denver, Colo.] : Regis University, 2006. http://165.236.235.140/lib/GWithrow2006.pdf.

Full text
APA, Harvard, Vancouver, ISO, and other styles
13

Prasai, Sandesh. "Access control of NUTS uplink." Thesis, Norges teknisk-naturvitenskapelige universitet, Institutt for telematikk, 2012. http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-19209.

Full text
APA, Harvard, Vancouver, ISO, and other styles
14

Fisher, Craig. "Network access control disruptive technology? /." [Denver, Colo.] : Regis University, 2008. http://165.236.235.140/lib/JFisher2007.pdf.

Full text
APA, Harvard, Vancouver, ISO, and other styles
15

Geshan, Susan Carol. "Signature verification for access control." Thesis, Monterey, California. Naval Postgraduate School, 1991. http://hdl.handle.net/10945/28533.

Full text
APA, Harvard, Vancouver, ISO, and other styles
16

O'Shea, Gregory Francis Gerard. "Access control in operating systems." Thesis, Birkbeck (University of London), 1998. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.301025.

Full text
APA, Harvard, Vancouver, ISO, and other styles
17

Klingsbo, Lukas. "Access Control for CDN Assets." Thesis, Uppsala universitet, Institutionen för informationsteknologi, 2016. http://urn.kb.se/resolve?urn=urn:nbn:se:uu:diva-302091.

Full text
Abstract:
This work presents a technique for implementing Copy-on-Write on top of a persistent storage. The method was developed from the needs of a se curity management system, but the technique and conclusions drawn are general enough to be applicable to any system with vaguely similar consistency requirements. The scalability of the security management system is tested and the technique is evaluated with load testing and model checking. The implementation is shown to be scalable for up to >6.000 simultaneous active users per node, but based on our experience a better solution is suggested in the conclusion.
APA, Harvard, Vancouver, ISO, and other styles
18

Klöck, Clemens. "Auction-based Medium Access Control." [S.l. : s.n.], 2007. http://digbib.ubka.uni-karlsruhe.de/volltexte/1000007323.

Full text
APA, Harvard, Vancouver, ISO, and other styles
19

Hermansson, Rickard, and Johan Hellström. "Discretionary Version Control : Access Control for Versionable Documents." Thesis, KTH, Skolan för teknik och hälsa (STH), 2014. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-152815.

Full text
Abstract:
A common problem in the workplace is sharing digital documents with coworkers. Forsome companies the problem extends to wanting the documentskept internally backedup and controlling which people in the company has rights to read and revise certaindocuments.This paper shows different systems and models for access control, version control,and distribution of the documents that can be used to create asystem that solves theseproblems.One requirement for this system was a user interface where users can upload, down-load and manage access to their documents. Another requirement was a service thathandles version control for the documents, and a way to quickly connect and distributethe documents. The system also needed to be able to handle access control of the ver-sioned documents on document level, referred to as "fine grained access control" in thispaper.These models and systems were evaluated based on aspects of the access control mod-els, version control systems, and distribution systems andprotocols. After evaluating,appropriate selections were made to create a prototype to test the system as a whole.The prototype ended up meeting the goals that Nordicstationset for the project butonly with basic functionality. Functionality for retrieving any version from a docu-ments history, controlling access for the documents at document level, and a simpleweb based user interface for managing the documents.
Att enkelt dela dokument med arbetskollegor är något alla företag har ett behov utav.Ofta är dessa dokument interna och skall hållas inom företaget. Även inom företagetkan det finnas behov av att styra vem som har rätt att läsa ellerrevidera dokumenten.Denna examensarbetesrapport beskriver olika tekniker ochmodeller för accesskon-troll, versionshantering och distribution som kan användas för att implementera ettsystem som kan lösa de nämnda problemen.Ett av kraven för systemet var ett användargränssnitt där användare kan ladda upp ochned sina dokument. Ytterligare krav var att systemet skulleversionshantera dokumenetenoch att användare skall kunna komma åt de olika versionerna.Systemet skulle ocksåkunna hantera åtkomstkontroll på dokumentnivå, något denna examensrapport definerarsom "fine grained access control".För att designa ett sådant system så utredes och utvärderades olika tekniker kringåtkomstkontroll och versionshantering samt distributionav dokumenten. För att testasystemet så utvecklads en prototyp baserad på de valda lösningsmetoderna.Den resulterande prototypen uppfyllde de mål som Nordicstation satte för projektet,dock endast med grundläggande funktionalitet. Stöd för atthämta olika versioner avdokument, kontrollera access till dokumentet nere på dokument nivå och ett webbaseratgränssnitt för att administrera dokumenten.
APA, Harvard, Vancouver, ISO, and other styles
20

Røstad, Lillian. "Access Control in Healthcare Information Systems." Doctoral thesis, Norges teknisk-naturvitenskapelige universitet, Institutt for datateknikk og informasjonsvitenskap, 2009. http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-5130.

Full text
Abstract:
Access control is a key feature of healthcare information systems. Access control is about enforcing rules to ensure that only authorized users get access to resources in a system. In healthcare systems this means protecting patient privacy. However, the top priority is always to provide the best possible care for a patient. This depends on the clinicians having access to the information they need to make the best, most informed, care decisions. Care processes are often unpredictable and hard to map to strict access control rules. As a result, in emergency or otherwise unexpected situations, clinicians need to be able to bypass access control. In a crisis, availability of information takes precedence over privacy concerns. This duality of concerns is what makes access control in healthcare systems so challenging and interesting as a research subject. To create access control models for healthcare we need to understand how healthcare works. Before creating a model we need to understand the requirements the model should fulfill. Though many access control models have been proposed and argued to be suitable for healthcare, little work has been published on access control requirements for healthcare. This PhD project has focused on bridging the gap between formalized models and real world requirements for access control in healthcare by targeting the following research goals:RG1 To collect knowledge that forms a foundation for access control requirements in healthcare systems.RG2 To create improved access control models for healthcare systems based on real requirements.This PhD project has consisted of a number of smaller, distinct, but relatedprojects to reach the research goals. The main contributions can be summarized as:C1 Requirements for access control in healthcare: Studies performed onaudit data, in workshops, by observation and interviews have helped discoverrequirements. Results from this work include methods for access controlrequirements elicitation in addition to the actual requirements discovered.C2 Process-based access control: The main conclusion from the requirementswork is that access control should be tailored to care processes. Care processesare highly dynamic and often unpredictable, and access control needs to adaptto this. This thesis suggests how existing sources of process information, bothexplicit and implicit, may be used for this purpose.C3 Personally controlled health records (PCHR): This thesis explores theconsequences of making the patient the administrator of access control andproposes a model based on these initial requirements. From a performedusability study it is clear that the main challenge is how to keep the patientinformed about the consequences of sharing.
APA, Harvard, Vancouver, ISO, and other styles
21

Li, Cheng. "Fluid model for access control mechanism." Thesis, University of Ottawa (Canada), 2004. http://hdl.handle.net/10393/26691.

Full text
Abstract:
In this thesis, we develop two distinct traffic models: one based on Brownian motion and the other based on fractional Brownian motion. The later model captures the self-similarity and the long-range dependence (LRD) properties. The aggregate model is composed of a drift part and of a fluctuation (diffusion) part. With this model, traffic from several seconds to 24 hours can be simulated. Applying the Token Bucket (TB) mechanism, a continuous time (state-space) dynamic system model is developed based on the ideas of recent papers [1,2]. Incoming traffic from each user is policed at the TBs and one multiplexor buffer, linked to all the TBs, multiplexes the conforming traffic. We propose two feedback control strategies, one is a simple feedback control law and the other is a feedback control based on neural network, to control the traffic flow into the link of the backbone network. We also use the simulated annealing algorithm to optimize the parameters of control laws. Several network performance related issues are studied systemically. The results show that the proposed control laws can improve the network performance, by improving throughput, reducing multiplexor and TB losses, and relaxing, not avoiding, congestion.
APA, Harvard, Vancouver, ISO, and other styles
22

Fransson, Linda, and Therese Jeansson. "Biometric methods and mobile access control." Thesis, Blekinge Tekniska Högskola, Avdelningen för programvarusystem, 2004. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-5023.

Full text
Abstract:
Our purpose with this thesis was to find biometric methods that can be used in access control of mobile access. The access control has two parts. Firstly, to validate the identity of the caller and, secondly, to ensure the validated user is not changed during the session that follows. Any solution to the access control problem is not available today, which means that anyone can get access to the mobile phone and the Internet. Therefore we have researched after a solution that can solve this problem but also on how to secure that no one else can take over an already validated session. We began to search for biometric methods that are available today to find them that would be best suited together with a mobile phone. After we had read information about them we did choose three methods for further investigation. These methods were Fingerprint Recognition, Iris Scan and Speaker Verification. Iris Scan is the method that is best suited to solve the authentication problem. The reasons for this are many. One of them is the uniqueness and stability of the iris, not even identical twins or the pair of the same individual has the same iris minutiae. The iris is also very protected behind eyelids, cornea and the aqueous humor and therefore difficult to damage. When it comes to the method itself, is it one of the most secure methods available today. One of the reasons for this is that the equal error rate is better than one in a million. However, this rate can be even better. It all depends on the Hamming Distance, which is a value that show how different the saved and temporarily template are, and what it is set to. To solve our session authentication, which was to make sure that no one else could take over a connected mobile phone, a sensor plate is the answer. This sensor will be able to sense for touch, heat and pulse. These three sensor measurements will together secure a validated session since the mobile phone will disconnect if the sensor looses its sensor data. There are, however, technological and other challenges to be solved before our proposed solutions will become viable. We address some of these issues in our thesis.
APA, Harvard, Vancouver, ISO, and other styles
23

Andersson, Fredrik, and Stefan Hagström. "Dynamic identities for flexible access control." Thesis, Blekinge Tekniska Högskola, Avdelningen för programvarusystem, 2005. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-5310.

Full text
Abstract:
This thesis will analyse the pros and cons of a module-based approach versus the currently existing certificate schemes and the proposed requirements for a module-based certificate scheme to serve as a plausible identity verification system. We will present a possible model and evaluate it in respect to the existing solutions and our set of identified requirements.
APA, Harvard, Vancouver, ISO, and other styles
24

Boberg, Hannes. "Designing and comparing access control systems." Thesis, Linköpings universitet, Programvara och system, 2016. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-131855.

Full text
Abstract:
Access control systems are an important concept in the area of computer security. In this master thesis different solutions are analyzed. The focus is on a tool called DW Access. DW Access is developed by Pdb Datasystem AB. A comparison was done that showed that DW Access is lacking some important functionality. After the comparison a base model for an access control system was designed. The new design includes concepts like relation- ships, replacements and time limited access. It also works for generic subjects and objects in the system. This design was later partly implemented in DW Access. The conclusions from this thesis work is that DW Access is a unique tool and there is a market for the application or similar applications. The new functionality was one step forward and the evaluation showed that the potential users liked the new concepts. But it is a very open area because of very unique requirements on the market.
APA, Harvard, Vancouver, ISO, and other styles
25

Wong, Tung Chong. "Wireless ATM network access and control." Thesis, National Library of Canada = Bibliothèque nationale du Canada, 1999. http://www.collectionscanada.ca/obj/s4/f2/dsk1/tape7/PQDD_0005/NQ44781.pdf.

Full text
APA, Harvard, Vancouver, ISO, and other styles
26

Sadighi, Firozabadi Seyd Babak. "Decentralised privilege management for access control." Thesis, Imperial College London, 2005. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.424362.

Full text
APA, Harvard, Vancouver, ISO, and other styles
27

Barker, Steven Graham. "Database access control by logic planning." Thesis, Imperial College London, 2003. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.408732.

Full text
APA, Harvard, Vancouver, ISO, and other styles
28

Belokosztolszki, András. "Role-based access control policy administration." Thesis, University of Cambridge, 2004. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.615798.

Full text
APA, Harvard, Vancouver, ISO, and other styles
29

Pang, Kenneth K. (Kenneth Kwok Kit) 1976. "Fine-grained event-based access control." Thesis, Massachusetts Institute of Technology, 1998. http://hdl.handle.net/1721.1/47532.

Full text
Abstract:
Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science; and, Thesis (B.S.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 1998.
Includes bibliographical references (leaf 46).
by Kenneth K. Pang.
B.S.
M.Eng.
APA, Harvard, Vancouver, ISO, and other styles
30

Allen, Steven D. M. Eng Massachusetts Institute of Technology. "DRACL (Decentralized resource access control list)." Thesis, Massachusetts Institute of Technology, 2016. http://hdl.handle.net/1721.1/112855.

Full text
Abstract:
Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2016.
Cataloged from PDF version of thesis.
Includes bibliographical references (pages 132-135).
DRACL is a privacy-preserving, scalable, secure, and developer and user friendly federated access control system. It allows producers to manage, through a single authentication provider, which consumers can access what content across all content hosts that support the DRACL protocol. It preserves user privacy by not revealing the producers' social networks to content hosts and consumers and allowing content consumers to access content anonymously. Unlike existing solutions, DRACL is federated (cf. Facebook Connect, Google Sign-In), does not have a single point of failure (cf. Mozilla Persona, OpenID), and does not reveal its producers' social networks to content hosts (cf. Facebook Connect's user_friends permission).
by Steven D. Allen.
M. Eng.
APA, Harvard, Vancouver, ISO, and other styles
31

Zhu, Jian. "Access Control for Cross Organizational Collaboration." University of Dayton / OhioLINK, 2012. http://rave.ohiolink.edu/etdc/view?acc_num=dayton1334690364.

Full text
APA, Harvard, Vancouver, ISO, and other styles
32

Yang, Naikuo. "Formalism of privacy preserving access control." Thesis, University of Manchester, 2011. https://www.research.manchester.ac.uk/portal/en/theses/formalism-of-privacy-preserving-access-control(ea4a3d37-fcd9-471b-a33e-7414c315aad9).html.

Full text
Abstract:
There is often a misalignment between requirements for keeping data owners' information private and real data processing practices, and this can lead to violations of privacy. Specifying and implementing appropriate policies to control a user's access to a system and its resource is critical for keeping data owners' information private. Traditionally, policy specification is isolated from requirements analysis, which often results in data processing practices that are not in compliance with data owners' requirements. This thesis investigates a development scheme that integrates policy specification into requirements analysis and approach design. It suggests that, while we derive specification from requirements analysis, we can also improve requirements and approach design through privacy preservation specification by clarifying ambiguities in the requirements and resolving inconsistencies between requirements and data processing practices. This claim is supported by the requirements analysis and specification of a purpose based access control approach for privacy preservation. The purpose-based access control method consists of an entity of purpose, which expresses requirements for keeping personal information private from a data owner's point of view. The requirements analysis is helped by the specification of the entities, the relationships, the invariants corresponding to the requirements, and the model operations along with proof obligations of their satisfiability. That specification results in a complete purpose based access control model in the case of an intra-organisation scenario. The development scheme has also been applied for privacy preservation in distributed collaborative environments. Distributed computing environments pose further challenges for keeping personal information private. Design considerations are taken for ensuring that personal information is accessed from two or more parties only if agreed privacy policies and privacy preferences are satisfied, and for facilitating privacy policies matching and privacy preference compliance among distributed collaborative organisations. The work presented in this thesis should be of value to researchers on privacy protection methods, to whom the purpose-based access control model has been made available for privacy property verification, and to researchers on privacy specification, who will be able to incorporate specification into the requirements analysis.
APA, Harvard, Vancouver, ISO, and other styles
33

Zhao, Yining. "Behavioural access control in distributed environments." Thesis, University of York, 2013. http://etheses.whiterose.ac.uk/4640/.

Full text
Abstract:
Applications and services in distributed environments are an increasingly important topic. Hence approaches to security issues in such applications are also becoming essential. Crucial information is needed to be protected properly and mechanisms must be developed for this protection. Access control is one of the topics that underline security problems. It concerns assuring that data or resources are accessed by the correct entities. A commonly used access control approach is called access control lists, which is widely applied in most operating systems. However, this approach has some weaknesses with regard to scalability, and so it is not very suitable for distributed environments that usually have variable populations. Capabilities on the other hand offer scalability and adaptability advantages over access control lists. Capabilities are unforgeable tickets that can be propagated between entities, and fit well in distributed environments. But capabilities also have limits due to their simple structure. They grant infinite number of accesses for given types of actions, but are not able to capture sequences and branches of actions, which may be called aspects of behaviours. In this thesis, behaviour control approaches are introduced, through Vistas to Treaties. Vistas can provide explicit access control for each component of objects, and provide primitive control over action sequences. Treaties develop behaviour control further by containing behaviour descriptors which can specify those sequencing, branching and terminating aspects, and hence can provide much finer control over behaviours. Because treaties inherit the scalable attributes of capabilities, they also fit well in distributed environments. An interesting feature in treaty systems is that they allow users to refine the specifications of behaviours and generate new treaties from existing ones. A number of treaty combinator operations are proposed to realize this functionality, and they are shown to be safe with respect to the security of access control. A novel issue created by the treaty approach is identified in the thesis. The new problem is called the duplication problem, which could cause users being able to gain more permissions than they should have by making copies of unprotected treaties. Any treaty systems must provide solutions to this problem. Three models which solve the duplication problem are proposed, with an analysis of their differences, and advantages and disadvantages. Treaties are a general concept and in real cases they can be represented in various ways. There are components in treaties that have given a variety of implementation options, and the developers of services and applications can choose to combine these options to fit their special requirements. This makes treaties more flexible and adaptable. The implementations of concreted treaties and treaty systems are introduced, and these implemented treaties are used to test their behaviour control abilities. Evaluations for different treaty representations are provided to compare their performance. Scalability of treaty systems is also evaluated, showing that treaties are good to be deployed in distributed environments.
APA, Harvard, Vancouver, ISO, and other styles
34

Svetlana, Jakšić. "Types for Access and Memory Control." Phd thesis, Univerzitet u Novom Sadu, Fakultet tehničkih nauka u Novom Sadu, 2016. https://www.cris.uns.ac.rs/record.jsf?recordId=101762&source=NDLTD&language=en.

Full text
Abstract:
Three issues will be elaborated and disussed in the proposed thesis. The first isadministration and control of data access rights in networks with XML data, withemphasis on data security. The second is the administration and control ofaccess rights to data in computer networks with RDF data, with emphasis ondata privacy. The third is prevention of errors and memory leaks, as well ascommunication errors, generated by programs written in Sing # language in thepresence of exceptions. For all three issues, there will be presented formalmodels with corresponding type systems and showed the absence of undesiredbehavior i.e. errors in networks or programs.
У тези су разматрана три проблема. Први је администрација и контролаправа приступа података у рачунарској мрежи са XML подацима, санагласком на безбедости посматраних података. Други је администрација икотрола права приступа подацима у рачунарској мрежи са RDF подацима,са нагласком на приватности посматраних података. Трећи је превенцијагрешака и цурења меморије, као и грешака у комуникацији генерисанимпрограмима написаних на језику Sing# у којима су присутни изузеци. За сватри проблема биће предложени формални модели и одговарајући типскисистеми помоћу којих се показује одсуство неповољних понашања тј.грешака у мрежама односно програмима.
U tezi su razmatrana tri problema. Prvi je administracija i kontrolaprava pristupa podataka u računarskoj mreži sa XML podacima, sanaglaskom na bezbedosti posmatranih podataka. Drugi je administracija ikotrola prava pristupa podacima u računarskoj mreži sa RDF podacima,sa naglaskom na privatnosti posmatranih podataka. Treći je prevencijagrešaka i curenja memorije, kao i grešaka u komunikaciji generisanimprogramima napisanih na jeziku Sing# u kojima su prisutni izuzeci. Za svatri problema biće predloženi formalni modeli i odgovarajući tipskisistemi pomoću kojih se pokazuje odsustvo nepovoljnih ponašanja tj.grešaka u mrežama odnosno programima.
APA, Harvard, Vancouver, ISO, and other styles
35

Salim, Farzad. "Approaches to access control under uncertainty." Thesis, Queensland University of Technology, 2012. https://eprints.qut.edu.au/58408/1/Farzad_Salim_Thesis.pdf.

Full text
Abstract:
The ultimate goal of an access control system is to allocate each user the precise level of access they need to complete their job - no more and no less. This proves to be challenging in an organisational setting. On one hand employees need enough access to the organisation’s resources in order to perform their jobs and on the other hand more access will bring about an increasing risk of misuse - either intentionally, where an employee uses the access for personal benefit, or unintentionally, through carelessness or being socially engineered to give access to an adversary. This thesis investigates issues of existing approaches to access control in allocating optimal level of access to users and proposes solutions in the form of new access control models. These issues are most evident when uncertainty surrounding users’ access needs, incentive to misuse and accountability are considered, hence the title of the thesis. We first analyse access control in environments where the administrator is unable to identify the users who may need access to resources. To resolve this uncertainty an administrative model with delegation support is proposed. Further, a detailed technical enforcement mechanism is introduced to ensure delegated resources cannot be misused. Then we explicitly consider that users are self-interested and capable of misusing resources if they choose to. We propose a novel game theoretic access control model to reason about and influence the factors that may affect users’ incentive to misuse. Next we study access control in environments where neither users’ access needs can be predicted nor they can be held accountable for misuse. It is shown that by allocating budget to users, a virtual currency through which they can pay for the resources they deem necessary, the need for a precise pre-allocation of permissions can be relaxed. The budget also imposes an upper-bound on users’ ability to misuse. A generalised budget allocation function is proposed and it is shown that given the context information the optimal level of budget for users can always be numerically determined. Finally, Role Based Access Control (RBAC) model is analysed under the explicit assumption of administrators’ uncertainty about self-interested users’ access needs and their incentives to misuse. A novel Budget-oriented Role Based Access Control (B-RBAC) model is proposed. The new model introduces the notion of users’ behaviour into RBAC and provides means to influence users’ incentives. It is shown how RBAC policy can be used to individualise the cost of access to resources and also to determine users’ budget. The implementation overheads of B-RBAC is examined and several low-cost sub-models are proposed.
APA, Harvard, Vancouver, ISO, and other styles
36

Ferreira, Ana. "Modelling access control for healthcare information systems : how to control access through policies, human processes and legislation." Thesis, University of Kent, 2010. https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.529399.

Full text
Abstract:
The introduction of Electronic Medical Records (EMR) within healthcare organizations has the main goal of integrating heterogeneous patient information that is usually scattered over different locations. However, there are some barriers that impede the effective integration of EMR within the healthcare practice (e.g., educational, time/costs, security). A focus in improving access control definition and implementation is fundamental to define proper system workflow and access. The main objectives of this research are: to involve end users in the definition of access control rules; to determine which access control rules are important to those users; to define an access control model that can model these rules; and to implement and evaluate this model. Technical, methodological and legislative reviews were conducted on access control both in general and the healthcare domain. Grounded theory was used together with mixed methods to gather users experiences and needs regarding access control. Focus groups (main qualitative method) followed by structured questionnaires (secondary quantitative method) were applied to the healthcare professionals whilst structured telephone interviews were applied to the patients. A list of access control rules together with the new Break-The-Glass (BTG) RBAC model were developed. A prototype together with a pilot case study was implemented in order to test and evaluate the new model. A research process was developed during this work that allows translating access control procedures in healthcare, from legislation to practice, in a systematic and objective way. With access controls closer to the healthcare practice, educational, time/costs and security barriers of EMR integration can be minimized. This is achieved by: reducing the time needed to learn, use and alter the system; allowing unanticipated or emergency situations to be tackled in a controlled manner (BTG) and reducing unauthorized and non-justified accesses. All this helps to achieve a faster and safer patient treatment.
APA, Harvard, Vancouver, ISO, and other styles
37

Jensen, Torstein, and Knut Halvor Larsen. "Developing Patient Controlled Access : An Access Control Model for Personal Health Records." Thesis, Norwegian University of Science and Technology, Department of Computer and Information Science, 2007. http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-9597.

Full text
Abstract:

The health and social care sector has a continuous growth in the use of information technology. With more and more information about the patient stored in different systems by different health care actors, information sharing is a key to better treatment. The introduction of the personal health record aims at making this treatment process easier. In addition to being able to share information to others, the patients can also take a more active part in their treatment by communicating with participants through the system. As the personal health record is owned and controlled by the patient with assistance from health care actors, one of the keys to success lies in how the patient can control the access to the record. In this master's thesis we have developed an access control model for the personal health record in a Norwegian setting. The development is based on different studies of existing similar solutions and literature. Some of the topics we present are re-introduced from an earlier project. Interviews with potential users have also been a valuable and important source for ideas and inspiration, especially due to the fact that the access control model sets high demands on user-friendliness. As part of the access control model we have also suggested a set of key roles for the personal health record. Through a conceptual implementation we have further shown that the access control model can be implemented. Three different solutions that show the conceptual implementation in the Indivo personal health record have been suggested, using the Extensible Access Control Markup Language as the foundation.

APA, Harvard, Vancouver, ISO, and other styles
38

Hu, Wendong. "Medium access control protocols for cognitive radio based dynamics spectrum access networks." Diss., Restricted to subscribing institutions, 2008. http://proquest.umi.com/pqdweb?did=1580792591&sid=28&Fmt=2&clientId=1564&RQT=309&VName=PQD.

Full text
APA, Harvard, Vancouver, ISO, and other styles
39

Pan, Su, and 潘甦. "Medium access control in packet CDMA systems." Thesis, The University of Hong Kong (Pokfulam, Hong Kong), 2004. http://hub.hku.hk/bib/B31245870.

Full text
APA, Harvard, Vancouver, ISO, and other styles
40

Huang, Qing. "An extension to the Android access control framework." Thesis, Linköpings universitet, Institutionen för datavetenskap, 2011. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-73064.

Full text
Abstract:
Several nice hardware functionalities located at the low level of operating system onmobile phones could be utilized in a better way if they are available to applicationdevelopers. With their help, developers are able to bring overall user experienceto a new level in terms of developing novel applications. For instance, one of thosehardware functionalities, SIM-card authentication is able to offer stronger andmore convenient way of authentication when compared to the traditional approach.Replacing the username-password combination with the SIM-card authentication,users are freed from memorizing passwords. However, since normally those kindsof functionalities are locked up at the low level, they are only accessible by a fewusers who have been given privileged access rights. To let the normal applicationsbe benefiting as well, they need to be made accessible at the application level. Onthe one hand, as we see the benefit it will bring to us, there is a clear intentionto open it up, however, on the other hand, there is also a limitation resultingfrom their security-critical nature that needs to be placed when accessing whichis restricting the access to trusted third parties. Our investigation is based on the Android platform. The problem that we havediscovered is the existing security mechanism in Android is not able to satisfy everyregards of requirements we mentioned above when exposing SIM-card authenticationfunctionality. Hence, our requirement on enhancing the access control modelof Android comes naturally. In order to better suit the needs, we proposed a solutionWhite lists & Domains (WITDOM) to improve its current situation in thethesis. The proposed solution is an extension to the existing access control modelin Android that allows alternative ways to specify access controls therefore complementingthe existing Android security mechanisms. We have both designedand implemented the solution and the result shows that with the service that weprovided, critical functionalities, such as APIs for the low-level hardware functionalitycan retain the same level of protection however in the meanwhile, with moreflexible protection mechanism.
APA, Harvard, Vancouver, ISO, and other styles
41

Rao, Vikhyath Jaeger Trent. "Dynamic mandatory access control for multiple stakeholders." [University Park, Pa.] : Pennsylvania State University, 2009. http://etda.libraries.psu.edu/theses/approved/WorldWideIndex/ETD-3963/index.html.

Full text
APA, Harvard, Vancouver, ISO, and other styles
42

Cavallero, Sara. "Medium Access Control Protocols for Terahertz Communication." Master's thesis, Alma Mater Studiorum - Università di Bologna, 2021.

Find full text
Abstract:
This thesis proposes and studies a Medium Access Control (MAC) protocol for networks of tags deployed over an industrial machine using THz communications. Despite the great advantages of these frequencies, there are drawbacks that cannot be ignored, such as propagation delays that, even at small distances, are of the same order of magnitude as packet transmission times. For this reason, the mathematical models developed for Contention-Free and Contention-Based protocols take into account the propagation delay. The main focus of this thesis is on the CSMA/CA protocol, which introduces channel sensing to reduce collisions and increase performance. The performance of the protocol are compared with two benchmarks, based on Polling and Aloha, considering an industrial machine scenario and accounting for physical and MAC layers features.
APA, Harvard, Vancouver, ISO, and other styles
43

Brose, Gerald. "Access control management in distributed object systems." [S.l. : s.n.], 2001. http://www.diss.fu-berlin.de/2001/203/index.html.

Full text
APA, Harvard, Vancouver, ISO, and other styles
44

Porter, Paul A. "Trust Negotiation for Open Database Access Control." Diss., CLICK HERE for online access, 2006. http://contentdm.lib.byu.edu/ETD/image/etd1311.pdf.

Full text
APA, Harvard, Vancouver, ISO, and other styles
45

Boström, Erik. "Refined Access Control in a Distributed Environment." Thesis, Linköping University, Department of Electrical Engineering, 2002. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-1020.

Full text
Abstract:

In the area of computer network security, standardization work has been conducted for several years. However, the sub area of access control and authorization has so far been left out of major standardizing.

This thesis explores the ongoing standardization for access control and authorization. In addition, areas and techniques supporting access control are investigated. Access control in its basic forms is described to point out the building blocks that always have to be considered when an access policy is formulated. For readers previously unfamiliar with network security a number of basic concepts are presented. An overview of access control in public networks introduces new conditions and points out standards related to access control. None of the found standards fulfills all of our requirements at current date. The overview includes a comparison between competing products, which meet most of the stated conditions.

In parallel with this report a prototype was developed. The purpose of the prototype was to depict how access control could be administered and to show the critical steps in formulating an access policy.

APA, Harvard, Vancouver, ISO, and other styles
46

Qazi, Hasham Ud Din. "Comparative Study of Network Access Control Technologies." Thesis, Linköping University, Department of Computer and Information Science, 2007. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-8971.

Full text
Abstract:

This thesis presents a comparative study of four Network Access Control (NAC) technologies; Trusted Network Connect by the Trusted Computing group, Juniper Networks, Inc.’s Unified Access Control, Microsoft Corp.’s Network Access Protection, and Cisco Systems Inc.’s Network Admission Control. NAC is a vision, which utilizes existing solutions and new technologies to provide assurance that any device connecting to a network policy domain is authenticated and is subject to the network’s policy enforcement. Non-compliant devices are isolated until they have been brought back to a complaint status. We compare the NAC technologies in terms of architectural and functional features they provide.

There is a race of NAC solutions in the marketplace, each claiming their own definition and terminology, making it difficult for customers to adopt such a solution, resulting in much uncertainty. The NAC paradigm can be classified into two categories: the first category embraces open standards; the second follows proprietary standards. By selecting these architectures, we cover a representative set of proprietary and open standards-based NAC technologies.

This study concludes that there is a great need for standardization and interoperability of NAC components and that the four major solution proposals that we studied fall short of the desired interoperability. With standards, customers have the choice to adopt solution components from different vendors, selecting, what is commonly referred to as the best of breed. One example for a standard technology that all four NAC technologies that we studied did adopt is the IEEE’s 802.1X port-based access control technology. It is used to control endpoint device access to the network.

One shortcoming that most NAC architectures (with the exception of Trusted Network Connect) have in common, is the lack of a strong root-of-trust. Without it, clients’ compliance measurements cannot be trusted by the policy server whose task is to assess each client’s policy compliance.

APA, Harvard, Vancouver, ISO, and other styles
47

Stenbakk, Bjørn-Erik Sæther, and Gunnar René Øie. "Role-Based Information Ranking and Access Control." Thesis, Norwegian University of Science and Technology, Department of Computer and Information Science, 2005. http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-9236.

Full text
Abstract:

This thesis presents a formal role-model based on a combination of approaches towards rolebased access control. This model is used both for access control and information ranking. Purpose: Healthcare information is required by law to be strictly secured. Thus an access control policy is needed, especially when this information is stored in a computer system. Roles, instead of just users, have been used for enforcing access control in computer systems. When a healthcare employee is granted access to information, only the relevant information should be presented by the system, providing better overview and highlighting critical information stored among less important data. The purpose of this thesis is to enable efficiency and quality improvements in healthcare by using IT-solutions that address both access control and information highlighting. Methods: We have developed a formal role model in a previous project. It has been manually tested, and some possible design choices were identified. The project report pointed out that more work was required, in the form of making design choices, implementing a prototype, and extending the model to comply with the Norwegian standard for electronic health records. In preparing this thesis, we reviewed literature about the extensions that we wanted to make to that model. This included deontic logic, delegation and temporal constraints. We made decisions on some of the possible design choices. Some of the topics that were presented in the previous project are also re-introduced in this thesis. The theories are explained through examples, which are later used as a basis for an illustrating scenario. The theory and scenario were used for requirement elicitation for the role-model, and for validating the model. Based on these requirements a formal role-model was developed. To comply with the Norwegian EHR standard the model includes delegation and context based access control. An access control list was also added to allow for patients to limit or deny access to their record information for any individual. To validate the model, we implemented parts of the model in Prolog and tested it with data from the scenario. Results: The test results show rankings for information and controls access to it correctly, thus validating the implemented parts of the model. Other results are a formal model, an executable implementation of parts of the model, recommendations for model design, and the scenario. Conclusions: Using the same role-model for access control and information ranking works, and allows using flexible ways to define policies and information needs.

APA, Harvard, Vancouver, ISO, and other styles
48

Garnes, Håvard Husevåg. "Access Control in Multi-Thousand-Machine Datacenters." Thesis, Norwegian University of Science and Technology, Department of Telematics, 2008. http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-9730.

Full text
Abstract:

Large data centers are used for large-scale high-performance tasks that often includes processing and handling sensitive information. It is therefore important to have access control systems that are able to function in large-scale data centers. This thesis looks into existing solutions for the authentication step of access control in large data centers, and analyses how two authentication systems, Kerberos and PKI, will perform when employed on a larger scale, beyond what is normal in a large data center today. The emphasis in the analysis is on possible bottlenecks in the system, computational power spent on access control routines, procedures for administration and key distribution and availability of extension features needed in large scale data center scenarios. Our administration analysis will propose and present possible methods for initial key distribution to new machines in the data center, as well as methods for enrolling new users. We will also propose a method for automatic service instantiation in Kerberos and present a method for service instantiation in PKI. We will look at how the systems handle failed machines in the network, and look at how the systems handle breaches of trusted components. Our performance analysis will show that under given assumptions, both Kerberos and PKI will handle the average load in a hypothetical data center consisting of 100000 machines and 1000 users. We will also see that under an assumed peak load, Kerberos will be able to handle 10000 service requests in under 1 second, whereas the PKI solution would need at least 15 seconds to handle the same number of requests using recommended public key sizes. This means that some programs may need special configurations to work in a PKI system under high load.

APA, Harvard, Vancouver, ISO, and other styles
49

Zhuo, Donghui. "On Fine-Grained Access Control for XML." Thesis, University of Waterloo, 2003. http://hdl.handle.net/10012/1058.

Full text
Abstract:
Fine-grained access control for XML is about controlling access to XML documents at the granularity of individual elements or attributes. This thesis addresses two problems related to XML access controls. The first is efficient, secure evaluation of XPath expressions. We present a technique that secures path expressions by means of query modification, and we show that the query modification algorithm is correct under a language-independent semantics for secure query evaluation. The second problem is to provide a compact, yet useful, representation of the access matrix. Since determining a user's privilege directly from access control policies can be extremely inefficient, materializing the access matrix---the net effect of the access control policies---is a common approach to speed up the authorization decision making. The fine-grained nature of XML access controls, however, makes the space cost of matrix materialization a significant issue. We present a codebook-based technique that records access matrices compactly. Our experimental study shows that the codebook approach exhibits significant space savings over other storage schemes, such as the access control list and the compressed accessibility map. The solutions to the above two problems provide a foundation for the development of an efficient mechanism that enforces fine-grained access controls for XML databases in the cases of query access.
APA, Harvard, Vancouver, ISO, and other styles
50

Beznosov, Konstantin. "Engineering access control for distributed enterprise applications." FIU Digital Commons, 2000. http://digitalcommons.fiu.edu/etd/1651.

Full text
Abstract:
Access control (AC) is a necessary defense against a large variety of security attacks on the resources of distributed enterprise applications. However, to be effective, AC in some application domains has to be fine-grain, support the use of application-specific factors in authorization decisions, as well as consistently and reliably enforce organization-wide authorization policies across enterprise applications. Because the existing middleware technologies do not provide a complete solution, application developers resort to embedding AC functionality in application systems. This coupling of AC functionality with application logic causes significant problems including tremendously difficult, costly and error prone development, integration, and overall ownership of application software. The way AC for application systems is engineered needs to be changed. In this dissertation, we propose an architectural approach for engineering AC mechanisms to address the above problems. First, we develop a framework for implementing the role-based access control (RBAC) model using AC mechanisms provided by CORBA Security. For those application domains where the granularity of CORBA controls and the expressiveness of RBAC model suffice, our framework addresses the stated problem. In the second and main part of our approach, we propose an architecture for an authorization service, RAD, to address the problem of controlling access to distributed application resources, when the granularity and support for complex policies by middleware AC mechanisms are inadequate. Applying this architecture, we developed a CORBA-based application authorization service (CAAS). Using CAAS, we studied the main properties of the architecture and showed how they can be substantiated by employing CORBA and Java technologies. Our approach enables a wide-ranging solution for controlling the resources of distributed enterprise applications.
APA, Harvard, Vancouver, ISO, and other styles
We offer discounts on all premium plans for authors whose works are included in thematic literature selections. Contact us to get a unique promo code!

To the bibliography