Dissertations / Theses on the topic 'RBAC'
To see the other types of publications on this topic, follow the link: RBAC.
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 dissertations / theses for your research on the topic 'RBAC.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
Guo, Yuxia. "User/group administration for RBAC." Thesis, National Library of Canada = Bibliothèque nationale du Canada, 1999. http://www.collectionscanada.ca/obj/s4/f2/dsk1/tape7/PQDD_0001/MQ42067.pdf.
Full text
2
Khambhammettu, Hemanth. "Enforcing complex policies in RBAC." Thesis, Royal Holloway, University of London, 2010. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.529765.
Full text
3
Buccelli, Emanuele. "Ingegnerizzazione di RBAC-MAS in TuCSoN." Master's thesis, Alma Mater Studiorum - Università di Bologna, 2015. http://amslaurea.unibo.it/8462/.
Full textAbstract:
L'obiettivo della tesi è la creazione di un'infrastruttura di tipo RBAC (Role Based Access Control), adibita al controllo degli accessi all'interno del linguaggio di coordinazione TuCSoN. Il punto di partenza si basa sull'analisi del lavoro sviluppato dall'Ing. Galassi: "Modello di sicurezza e controllo di accesso in una infrastruttura di coordinazione: architettura e implementazione". Usando questa come base teorica di partenza, si sono estrapolati i concetti chiave e si è data vita ad un'implementazione funzionante e di semplice utilizzo di RBAC in TuCSoN.
4
Darwish, Wesam M. "Analysis of ANSI RBAC support in commercial middleware." Thesis, University of British Columbia, 2009. http://hdl.handle.net/2429/7147.
Full textAbstract:
This thesis analyzes the access control architectures of three middleware technologies: Common Object Request Broker Architecture (CORBA), Enterprise Java Beans (EJB), and Component Object Model (COM+). For all technologies under study, we formalize the protection state of their corresponding authorization architectures in a more precise and less ambiguous language than their respective specifications. We also suggest algorithms that define the semantics of authorization decisions in CORBA, EJB, and COM+. Using the formalized protection state configurations, we analyze the level of support for the American National Standard Institute's (ANSI) specification of Role-Based Access Control (RBAC) components and functional specification in the studied middleware technologies. This thesis establishes a framework for assessing implementations of ANSI RBAC in the analyzed middleware technologies.
Our findings indicate that all of three middleware technologies under study fall short of supporting even Core ANSI RBAC. Custom extensions are necessary in order for implementations compliant with each middleware to support ANSI RBAC required or optional components. Some of the limitations preventing support of ANSI RBAC are due to the middleware's architectural design decisions; however, fundamental limitations exist due to the impracticality of some aspects of the ANSI RBAC standard itself.
5
Ma, Mingchao. "Distributed RBAC for subscription-based remote network services." Thesis, University of Greenwich, 2007. http://gala.gre.ac.uk/6232/.
Full textAbstract:
The problems of identity management inherent in distributed subscription-based resource sharing are investigated in this thesis. The thesis introduces a concept of authentication delegation and distributed RBAC (DRBAC) to support fine granular access control across multiple autonomous resource sites and subscribing sites. The DRBAC model extends the RBAC model to a distributed environment. A prototype system based on the concepts of authentication delegation and distributed role and the distributed RBAC model has been implemented and tested. Access is allowed based on the distributed roles, subject to certain constraints. Enforcing distributed role based access control policies allows organizations to ease the administrative overhead in a distributed environment. This thesis concentrates on both theoretical and practical aspects. It describes the design, implementation and performance of a prototype system that provides controlled access to subscription-based remote network services through a web browser. The prototype system is developed using Java technology and runs on a Tomcat web server. A third-party authentication protocol is designed and employed to exchange security assertions among involved parties. An XML-based policy language has been employed in the system for authorization decision. Public key cryptography and XML security technology are used to ensure the confidentiality and integrity of the system and interaction among the involved parties. The web servers use plug-ins to provide an authentication-delegation service and a policy-based authorization service. Users can use a single userID and password to access multiple subscribed resource sites.
6
Regateiro, Diogo José Domingues. "A secure, distributed and dynamic RBAC for relational applications." Master's thesis, Universidade de Aveiro, 2014. http://hdl.handle.net/10773/14045.
Full textAbstract:
Mestrado em Engenharia de Computadores e TelemáticaNowadays, database application use tools like Java Database Connectivity, Hibernate or ADO.NET to access data stored in databases. These tools are designed to bring together the relational database and object-oriented programming paradigms, forsaking applied access control policies. Hence, the application developers must master the established policies as a means to develop software that is conformant with the established access control policies. Furthermore, there are situations where these policies can evolve dynamically. In these cases it becomes hard to adjust the access control mechanisms. This challenge has led to the development of an extension to the role based access control (RBAC) model where permissions are defined as a sequence of create, read, update and delete (CRUD) expressions that can be executed and the interfaces to access them. From these permissions it's possible to generate security artefacts on the client side, i.e. in a distributed manner, which allows the clients to access the stored data while satisfying the security policies defined. On top of this model extension, a security layer has also been created in order to make the access control secure and obligatory. For the RBAC model extension this work leverages a previous work that created a dynamic access control architecture for relational applications, here referred to as DACA (Dynamic Access Control Architecture). DACA uses business logic information and the defined access control policies to build dynamically the security artefacts for the applications. In situations where the access control policies can evolve dynamically, the security artefacts are adjusted automatically. This base work, however, defines as permissions CRUD expressions, which can be executed in any order, and needs an adequate security layer to authenticate users and protect the system form intruders. Hence, this work aims to create a new architecture, called “S-DRACA” (Secure, Dynamic and Distributed Role-based Access Control Architecture), which extends the work done with DACA so that it is capable of enforcing sequences of CRUD expressions that the applications can execute if the sequences are associated with their roles and the development of a security layer to make it secure. We discuss as well the performance of this system and its applicability to other environments outside of relational databases.
Atualmente, aplicações que acedem a bases de dados utilizam ferramentas como o Java Database Connectivity, Hibernate ou ADO.NET para aceder aos dados nelas armazenados. Estas ferramentas estão desenhadas para unir os paradigmas das bases de dados relacionais e da programação orientada a objetos, mas não estão preocupados com as políticas de controlo de acesso a aplicar. Portanto, os programadores de aplicações têm de dominar as políticas estabelecidas a fim de desenvolver aplicações em conformidade com as políticas de controlo de acesso estabelecidas.. Além disso, existem situações em que as políticas de controlo de acesso podem evoluir dinamicamente. Nestes casos, torna-se difícil adequar os mecanismos de controlo de acesso. Este desafio motivou o desenvolvimento de uma extensão ao modelo de controlo de acesso baseado em papeis (RBAC) que define como permissões sequências de expressões para criar, ler, atualizar e apagar (CRUD) informação e as interfaces de acesso a cada uma delas. A partir destas permissões podem ser gerados artefactos de segurança do lado dos clientes, i.e. de uma forma distribuída, que lhes permitem aceder à informação armazenada na base de dados segundo as políticas definidas. Por cima desta extenção também foi criada uma camada de segurança para tornar o controlo de acesso seguro e obrigatório. Para a extensão do modelo RBAC este trabalho baseou-se num trabalho anterior que criou uma arquitectura dinâmica de controlo de acesso para aplicações de bases de dados relacionais, aqui referida como DACA (Dynamic Access Control Architecture). DACA utiliza informação da lógica de negócio e as políticas de controlo de acesso que foram definidos para criar dinamicamente os artefactos de segurança para as aplicações. Em situações onde as políticas de controle de acesso evoluem de forma dinâmica, os artefactos de segurança são ajustados automaticamente. Este trabalho base, no entanto, define como permissões as expressões CRUD, podendo estas ser executadas em qualquer ordem, e necessita de uma camada de segurança adequada para autenticar utilizadores e proteger os dados sensíveis de intrusos. Portanto, neste trabalho, pretende-se criar uma nova arquitectura, chamada “S-DRACA” (Secure, Dynamic and Distributed Role-based Access Control Architecture), que estende o trabalho feito no âmbito do DACA para que este seja capaz de garantir que sejam cumpridas sequência de expressões CRUD que as aplicações podem executar e que estão associados aos seus papéis nas políticas RBAC e desenvolver uma camada de segurança adequada para a tornar segura. Discutimos, também, o seu desempenho e aplicabilidade em outros ambientes sem ser em bases de dados relacionais.
7
Costa, Vanderlei Ferreira da. "Autorização integrada entre portais e Globus baseada no modelo RBAC." Universidade Católica de Santos, 2008. http://biblioteca.unisantos.br:8181/handle/tede/603.
Full textAbstract:
Made available in DSpace on 2015-02-04T21:45:26Z (GMT). No. of bitstreams: 1
Vanderlei Costa.pdf: 1535805 bytes, checksum: 1edf57ffedf62a0db7a4c94312b486d6 (MD5)
Previous issue date: 2008-10-03Plataformas de grade computacional têm sido adotadas para promover o compartilhamento, agregação e coordenação de grandes quantidades de recursos geograficamente distribuídos e multi-institucionais. Em tais ambientes, que envolvem grandes quantidades de recursos localizados em diversos domínios administrativos e sujeitos a uma diversidade de políticas de controle de acesso, o controle de acesso é obrigatório. Como principal contribuição, o presente trabalho estende o arcabouço (framework) de portais GridSphere com o objetivo de fornecer ferramentas de controle de acesso que podem ser utilizadas para o desenvolvimento de aplicaçõess para grades computacionais. Os mecanismos e ferramentas propostos também realizam o controle de acesso no nível de invocação de serviço, que pode ser usado por qualquer aplicação compatível com OGSA que realize invocações a serviços de grade. Nossa abordagem permite a integração e consistência entre políticas de autorização aplicadas no lado do portal e no lado do provedor de serviço.
8
Damasceno, Carlos Diego Nascimento. "Evaluating finite state machine based testing methods on RBAC systems." Universidade de São Paulo, 2016. http://www.teses.usp.br/teses/disponiveis/55/55134/tde-11112016-101158/.
Full textAbstract:
Access Control (AC) is a major pillar in software security. In short, AC ensures that only intended users can access resources and only the required access to accomplish some task will be given. In this context, Role Based Access Control (RBAC) has been established as one of the most important paradigms of access control. In an organization, users receive responsibilities and privileges through roles and, in AC systems implementing RBAC, permissions are granted through roles assigned to users. Despite the apparent simplicity, mistakes can occur during the development of RBAC systems and lead to faults or either security breaches. Therefore, a careful verification and validation process becomes necessary. Access control testing aims at showing divergences between the actual and the intended behavior of access control mechanisms. Model Based Testing (MBT) is a variant of testing that relies on explicit models, such as Finite State Machines (FSM), for automatizing test generation. MBT has been successfully used for testing functional requirements; however, there is still lacking investigations on testing non-functional requirements, such as access control, specially in test criteria. In this Master Dissertation, two aspects of MBT of RBAC were investigated: FSM-based testing methods on RBAC; and Test prioritization in the domain of RBAC. At first, one recent (SPY) and two traditional (W and HSI) FSM-based testing methods were compared on RBAC policies specified as FSM models. The characteristics (number of resets, average test case length and test suite length) and the effectiveness of test suites generated from the W, HSI and SPY methods to five different RBAC policies were analyzed at an experiment. Later, three test prioritization methods were compared using the test suites generated in the previous investigation. A prioritization criteria based on RBAC similarity was introduced and compared to random prioritization and simple similarity. The obtained results pointed out that the SPY method outperformed W and HSI methods on RBAC domain. The RBAC similarity also achieved an Average Percentage Faults Detected (APFD) higher than the other approaches.Controle de Acesso (CA) é um dos principais pilares da segurança da informação. Em resumo, CA permite assegurar que somente usuários habilitados terão acesso aos recursos de um sistema, e somente o acesso necessário para a realização de uma dada tarefa será disponibilizado. Neste contexto, o controle de acesso baseado em papel (do inglês, Role Based Access Control - RBAC) tem se estabelecido como um dos mais importante paradigmas de controle de acesso. Em uma organização, usuários recebem responsabilidades por meio de cargos e papéis que eles exercem e, em sistemas RBAC, permissões são distribuídas por meio de papéis atribuídos aos usuários. Apesar da aparente simplicidade, enganos podem ocorrer no desenvolvimento de sistemas RBAC e gerar falhas ou até mesmo brechas de segurança. Dessa forma, processos de verificação e validação tornam-se necessários. Teste de CA visa identificar divergências entre a especificação e o comportamento apresentado por um mecanismo de CA. Teste Baseado em Modelos (TBM) é uma variante de teste de software que se baseia em modelos explícitos de especificação para automatizar a geração de casos testes. TBM tem sido aplicado com sucesso no teste funcional, entretanto, ainda existem lacunas de pesquisa no TBM de requisitos não funcionais, tais como controle de acesso, especialmente de critérios de teste. Nesta dissertação de mestrado, dois aspectos do TBM de RBAC são investigados: métodos de geração de teste baseados em Máquinas de Estados Finitos (MEF) para RBAC; e priorização de testes para RBAC. Inicialmente, dois métodos tradicionais de geração de teste, W e HSI, foram comparados ao método de teste mais recente, SPY, em um experimento usando políticas RBAC especificadas como MEFs. As características (número de resets, comprimento médio dos casos de teste e comprimento do conjunto de teste) e a efetividade dos conjuntos de teste gerados por cada método para cinco políticas RBAC foram analisadas. Posteriormente, três métodos de priorização de testes foram comparados usando os conjuntos de teste gerados no experimento anterior. Neste caso, um critério baseado em similaridade RBAC foi proposto e comparado com a priorização aleatória e baseada em similaridade simples. Os resultados obtidos mostraram que o método SPY conseguiu superar os métodos W e HSI no teste de sistemas RBAC. A similaridade RBAC também alcançou uma detecção de defeitos superior.
9
Goran, Sladić. "Model kontekstno zavisne kontrole pristupa u poslovnim sistemima." Phd thesis, Univerzitet u Novom Sadu, Fakultet tehničkih nauka u Novom Sadu, 2011. http://dx.doi.org/10.2298/NS2011SLADICGORAN.
Full textAbstract:
Kontrola pristupa odnosno autorizacija, u širem smislu, razmatra na koji način korisnici mogu pristupiti resursima računarskog sistema i na koji način ih koristiti. Ova disertacija se bavi problemima kontrole pristupa u poslovnim sistemima. Tema disertacije je formalna specifkacija modela kontekstno zavisne kontrole pristupa u poslovnim sistemima koji je baziran na RBAC modelu kontrole pristupa. Uvođenjem kontekstno zavisne kontrole pristupa omogućeno je defnisanje složenijih prava pristupa koje u postojećim modelima kontrole pristupa za poslovne sisteme nije bilo moguće realizovati ili bi njihova realizacija bila komplikovana. Dati model primenljiv je u različitim poslovnim sistemima, a podržava defnisanje prava pristupa kako za jednostavne tako i za slo·zene poslovne tokove. Sistem je verifkovan na dva realna poslovna procesa pomoću razvijenog prototipa. Prikazana prototipska implementacija koja ispunjava ciljeve u pogledu funkcionalnosti postavljene pred sistem predstavlja potvrdu praktične vrednosti predloženog modela.Access control is concerned with the way in which users can access to resources in the computer system. This dissertation focuses on problems of access control for business processes. The subject of the dissertation is a formal specification of the RBAC-based context sensitive access control model for business processes. By using a context-sensitive access control it is possible to define more complex access control policies whose implementation in existing access control models for business processes is not possible or is very complicated. The given model is applicable in diferent business systems, and supports the definition of access control policies for both simple and complex business processes. The model's prototype is verified by two case studies on real business processes. The presented prototype implementation represents a proof of the proposed model's practical value.
10
Khayat, Etienne J. "Role-based access control (RBAC) : formal modelling and risk-based administration." Thesis, London South Bank University, 2006. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.435233.
Full text
11
Singh, Arundhati 1978. "SIREN : a SQL-based implementation of role-based access control (RBAC) for enterprise networks." Thesis, Massachusetts Institute of Technology, 2002. http://hdl.handle.net/1721.1/87870.
Full textAbstract:
Thesis (M.Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2002.Includes bibliographical references (leaves 69-71).
by Arundhati Singh.
M.Eng.
12
Petrauskienė, Rasa. "Prieigos prie bevielio tinklo resursų valdymas panaudojant vietos informaciją." Master's thesis, Lithuanian Academic Libraries Network (LABT), 2011. http://vddb.laba.lt/obj/LT-eLABa-0001:E.02~2011~D_20110901_140213-99282.
Full textAbstract:
Tobulėjant mobilioms technologijoms vietos informacija tapo svarbi prieigos valdymui. Šiame darbe analizuojamos vietos informacijos derinimo su autentifikacijos ir prieigos valdymo mechanizmais galimybės. Darbe išskirti vietos informacijos įvedimo į autentifikacijos, prieigos valdymo ir atskaitomybės procesus privalumai. Pristatomas vietos informacija paremtas prieigos prie tinklo resursų valdymo modelis, kuris leidžia padidinti teisingo autentifikavimo tikimybę bei išplėsti prieigos valdymo galimybes. Suprojektuota prieigos prie bevielio tinklo valdymo sistema, pritaikyta veikti kelių aukštų pastate. Modelis yra suderinamas su OGC (Open GeoSpatial Consortium) ir Geo-RBAC (RBAC modelio išplėtimu), į jį įtraukti kitų tipų vietos informacija pagrįsti požymiai. Darbe pristatomi prieigos valdymo išplėtimai: periodiškumo algoritmas ir erdvinių požymių įvertinimo algoritmas, naudojantis susiejimo funkcijas ir įvertinantis vietos nustatymo patikimumą. Pasiūlyto prieigos valdymo modelio veikimas įvertinamas eksperimentais, nurodomi jo galimi pažeidžiamumai.Location-based Access Control LBAC techniques allow taking users’ physical location into account when determining their access privileges. The analysis of possibilities of integrating location information into access control and authentication is provided. I show the advantages of using location information for authentication and access control. I present location-based access control model that can increase the probability of correct authentication. I design wireless LAN location-based access control system that is used in building of several floors. The model is compliant with OGC (Open GeoSpatial Consortium) and Geo-RBAC (the extent of RBAC model); it integrates other types of location-based features. I describe the periodicity algorithm of location-based access control and design the policy enforcement algorithm that uses location mapping functions and the evaluation of confidence. The model is evaluated by testing the speed of the system and computer resources used by the system. The vulnerabilities of location-based access control are discussed in the context of sniffing, highjacking, DoS and warmhole attacks.
13
Landberg, Fredrik. "Flexible role-handling in command and control systems." Thesis, Linköping University, Department of Electrical Engineering, 2006. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-7880.
Full textAbstract:
In organizations the permissions a member has is not decided by their person, but by their functions within the organization. This is also the approach taken within military command and control systems. Military operations are often characterized by frictions and uncontrollable factors. People being absent when needed are one such problem.
This thesis has examined how roles are handled in three Swedish command and control systems. The result is a model for handling vacant roles with the possibility, in some situations, to override ordinary rules.
14
Manning, Francis Jay. "A Framework for Enforcing Role Based Access Control in Open Source Software." NSUWorks, 2013. http://nsuworks.nova.edu/gscis_etd/228.
Full textAbstract:
While Role Based Access Control (RBAC) has been a popular topic of research over the last several years, there are some gaps in the literature that have been waiting to be addressed. One of these gaps involves the application of RBAC to free and open source software (FOSS). With the prevalence of FOSS in most information systems growing rapidly, there is a need to be able to provide a level of confidence that the software will not compromise the data integrity of an environment, nor will it enable the violation of established access controls. Additionally, when utilizing FOSS software it is desirable to
do so without having to modify its source code whenever an update is released in order to maintain a secure environment; this makes adding proprietary modules both time consuming and expensive. The challenges involved in maintaining proprietary changes to
FOSS generates a particular interest in an RBAC environment that could be deployed without requiring modification to the source code. Developing this type of a framework presented a significant challenge due to the software having been established prior to the
definition of any security requirements that would have to be applied by the proposed framework.
What this research paper shows are the results of the development of a software framework that allowed security requirements engineering to seamlessly meld with an application after it had already been developed. This framework provided a mechanism to measurably reduce the attack surface of the application against which the framework was implemented, while performing these tasks without requiring alterations to the source code of the application. Additionally, this research introduced a mechanism that was
utilized to measure the effectiveness of the framework. This mechanism provided a means of comparing the relative effectiveness of different frameworks against the same software, as well as the effectiveness of a framework against different pieces of software.
15
Falkcrona, Jerry. "Role-based access control and single sign-on for Web services." Thesis, Linköping University, Department of Electrical Engineering, 2008. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-11224.
Full textAbstract:
Nowadays, the need for sharing information between different systems in a secure manner is common, not only in the corporate world but also in the military world. This information often resides at different locations, creating a distributed system. In order to share information in a secure manner in a distributed system, credentials are often used to attain authorization.
This thesis examines how such a distributed system for sharing information can be realized, using the technology readily available today. Accounting to the results of this examination a basic system is implemented, after which the overall security of the system is evaluated. The thesis then presents possible extensions and improvements that can be done in future implementations.
The result shows that dynamic roles do not easily integrate with a single sign-on system. Combining the two technologies leads to several synchronization issues, where some are non-trivial to solve.
16
Cáceres, Alvarez Luis Marco. "Modelo de segurança multilateral e RBAC em um ambiente de serviço no contexto de gerenciamento de contabilidade TINA." Florianópolis, SC, 2004. http://repositorio.ufsc.br/xmlui/handle/123456789/86854.
Full textAbstract:
Tese (doutorado) - Universidade Federal de Santa Catarina, Centro Tecnológico. Programa de Pós-Graduação em Ciência da Computação.Made available in DSpace on 2012-10-21T11:20:15Z (GMT). No. of bitstreams: 1 210977.pdf: 3171815 bytes, checksum: bf83468afb28c3e0d57c2322b1c8f216 (MD5)
Na área das telecomunicações, a crescente evolução e o constante desenvolvimento de novas tecnologias, aliado a fatores econômicos, tem proporcionado um grande impacto em praticamente todos os setores da sociedade. Além disso, a inexistência de padrões no setor de telecomunicações evidenciou as diferenças entre as estruturas das operadoras, onde existe uma constante introdução de novos serviços. Para atender rapidamente esta necessidade, faz-se necessário o uso de tecnologias avançadas que permitam conduzir a especificação e desenvolvimento desses serviços de uma maneira ágil e eficiente. Dentre tais tecnologias, pode se citar a orientação a objetos, reuso de componentes, sistemas distribuídos, arquitetura de serviços e, principalmente, TINA (Telecommunications Information Networking Architecture) devido à sua natureza aberta e independente de tecnologia. Os conceitos e os princípios de TINA foram elaborados com o objetivo de solucionar problemas existentes em IN (Intelligent Network), como o de controle de serviços centralizados e do modelo de dados de serviços. Nesse sentido, torna-se evidente que serviços mais complexos como multimídia e vídeo conferência precisam ser manipulados e gerenciados de uma forma mais rápida, eficiente e dinâmica. Neste contexto, TINA desenvolveu uma arquitetura detalhada para as redes de comunicações multi-serviços que permitem o intercâmbio de informações entre os usuários e os provedores em tempo real dentro de um ambiente seguro e confiável, onde o gerenciamento dos serviços TINA definidos pelas funções de gerenciamento FCAPS (Failure, Configurations, Accounting, Performance e Security) são ainda questões abertas para a pesquisa. Portanto, este trabalho de pesquisa tem como objetivo realizar um estudo e a análise deste contexto, propondo um modelo para responder as questões de segurança em um ambiente de serviço TINA. Este modelo esta principalmente relacionado com o gerenciamento de contabilidade em tempo real para múltiplos usuários e múltiplos provedores, onde os aspectos de segurança estão relacionados às políticas e mecanismos proporcionados pelos modelos de Segurança Multilateral e RBAC (Role-Based Access Control) e validado através do uso da técnica de descrição formal LOTOS e a implementação de um protótipo.
17
Shi, Wei, and wshi2001@yahoo com au. "An Extended Role-based Access Control Model for Enterprise Systems and Web Services." RMIT University. Computer Science and Information Technology, 2006. http://adt.lib.rmit.edu.au/adt/public/adt-VIT20070122.122429.
Full textAbstract:
This thesis intends to develop application-level access control models to address several major security issues in enterprise environments. The first goal is to provide simple and efficient authorization specifications to reduce the complexity of security management. The second goal is to provide dynamic access control for Web service applications. The third goal is to provide an access control framework for Semantic Web services. In this thesis, an Authorization-Function-Based Role-based Access Control (FB-RBAC) model is proposed for controlling enterprise systems at the application level. The unique features of the proposed model are authorization-function-based access control and constraint-based finegrained access control. This model significantly simplifies the management of an access control system by adopting roles and authorization-functions in authorization specifications. An extension of FB-RBAC, Extended FB-RBAC (ERBAC), is applied to Web service applications. New features such as credential-based access control and dynamic role assignment are added to FB-RBAC in order to address user heterogeneity and dynamicity in the Web environment. The proposed ERBAC model is then extended to support Semantic Web services. Each component of the ERBAC model is described by security ontologies. These correlated security ontologies are integrated with Semantic Web services to form a complete ontology network. Ontology-based role assignment is facilitated so that security information can be queries and discovered through a network of ontologies.
18
Siebach, Jacob Aaron Jess. "The Abacus: A New Approach to Authorization." BYU ScholarsArchive, 2021. https://scholarsarchive.byu.edu/etd/9221.
Full textAbstract:
The purpose of this thesis is to investigate the implementation of digital authorization for computer systems, specifically how to implement an efficient and secure authorization engine that uses policies and attributes to calculate authorization. The architecture for the authorization engine is discussed, the efficiency of the engine is characterized by various tests, and the security model is reviewed against other presently existing models. The resulting efforts showed an increase in efficiency of almost two orders of magnitude, along with a reduction in the amount of processing power required to run the engine. The main focus of the work is how to provide precise, performant authorization using policies and attributes in a way that does not require the authorization engine to break domain boundaries by directly accessing data stores. Specifically, by pushing attributes from source domains into the authorization service, domains do not require the authorization service to have access to the data stores of the domain, nor is the authorization service required to have credentials to access data via APIs. This model also allows for a significant reduction in data motion as attributes need only be sent over the network once (when the attribute changes) as opposed to every time that the engine needs the attribute or every time that an attribute cache needs to be refreshed, resulting in a more secure way to store attributes for authorization purposes.
19
Albalawi, Talal S. "A NEW APPROACH TO DYNAMIC INTEGRITY CONTROL." Kent State University / OhioLINK, 2016. http://rave.ohiolink.edu/etdc/view?acc_num=kent1460977241.
Full text
20
Lacroix, Julien. "Vers un cloud de confiance : modèles et algorithmes pour une provenance basée sur les contrôles d'accès." Thesis, Aix-Marseille, 2015. http://www.theses.fr/2015AIXM4365.
Full textAbstract:
Ce document constitue l'aboutissement de trois années de thèse. Après avoir introduit et dégagé la problématique générale se rapportant à mon sujet de thèse, à savoir « comment utiliser les données de provenance pour favoriser un Cloud de confiance ? », je présente une description des concepts, modèles et langages se rapportant à ma thèse et l'état de l'art qui peut répondre en partie à cette problématique. En second lieu, je présente la solution basée sur la provenance que j'apporte aux contrôles d'accès, dans les systèmes distribués comme le Cloud : PBAC². Elle repose sur un système combinant à la fois des modèles de provenance (PROV-DM) et de contrôles d'accès (règles génériques de type RBAC avec des politiques d'embrigadement ou de réglementation). Ce système utilise un moteur d'exécution central appelé le médiateur pour renforcer la sécurité et favoriser la confiance dans le Cloud, via la vérification de règles sur une partie du graphe de provenance rétrospective qu'il a reçue. Par ailleurs, je décris l'étude que j'ai faite de trois extensions de PBAC² : (1) l'intégration de l'ontologie PROV-O et ses avantages et inconvénients quant à la taille du (sous-)graphe de provenance reçu par le médiateur ; (2) la construction de l'adaptation de PBAC² avec l'approche de sécurité qu'est la réglementation; (3) la traduction des règles PBAC² en contraintes PROV-CONSTRAINTS. De plus, PBAC² est appliqué sur un exemple réaliste propre au secteur médical. Un prototype de PBAC² et une démonstration sur des exemples concrets avec une machine locale et un système de Cloud réel illustrent la portée de ce travail. En conclusion de la thèse, je propose quatre perspectives de ce travailThis document is the culmination of three years of thesis. Having introduced and cleared the general issue related to my thesis subject, i.e. « how to use provenance data to enforce trust in the Cloud? », I present a description of the concepts, models and languages related to my thesis and the state of the art that can partially address this issue. Secondly, I present the solution based on provenance that I bring to access controls, in distributed systems such as the Cloud: PBAC². It is based on a system combining both provenance models (PROV-DM) and access controls (generic rules of RBAC type with regimentation and regulation policies). This system uses a central execution engine denoted the mediator to enforce security and foster trust in the Cloud, via rule checking over a part of the retrospective provenance graph it received. Furthermore, I describe the study I made of three PBAC² extensions: (1) the integration of the PROV-O ontology and its pros and cons regarding the size of the (sub)graph received by the mediator; (2) the construction of the PBAC² adaptation with the regulation security approach; (3) the translation of PBAC² rules into PROV CONSTRAINTS constraints. Moreover, PBAC² is applied to a realistic example that belongs to the healthcare sector. A PBAC² prototype and a demonstration on some practical examples with a local machine and a real Cloud system illustrate the scope of this work. In conclusion of the thesis, I propose four perspectives of this work
21
Poniszewska, Aneta. "Spécification UML du contrôle d'accès dans les sytèmes d'information : une approche coopérative de la conception des rôles dans un modèle RBAC." Artois, 2003. http://www.theses.fr/2003ARTO0202.
Full textAbstract:
Nous avons choisi d'aborder le problème du contrôle d'accès d'un problème d'information en proposant un modèle de rôle dès la conception de celui-ci et tout au long de son évolution (i. E. Ajouts de nouvelles applications). Nos objectifs étaient d'une part de faciliter le travail de l'administrateur de sécurité et d'autre part d'avoir une meilleure cohérence entre les contraintes globales de sécurité de l'entreprise et les différents composants de son système d'information. Pour ce faire, nous avons utilisé une conception orientée décrite dans le langage UML. Nous avons montré comment gérer automatiquement les rôles associés à un composant du système d'information ceci en utilisant le méta-modèle d'UML. Nous avons rapproché certains concepts d'UML avec ceux de notre modèle RBACWe have chosen to develop the problem of access control in information system proposing a role model in the conception of a system during its evolution (i. E. Addition of new applications). Our objectives were to make easier the job of security administrator and to have the better coherence between the global security constraints in the enterprise and the different components of its information system. To make this, we used the object oriented conception defined in the UML language. We have shown how to automatically generate the roles associated to a component of information system using the UML meta-model. We have joined some concept of UML with the concepts of an extended RBAC model
22
Silva, Edemilson dos Santos da. "Extensão do modelo de restrições do RBAC para suportar obrigações do modelo ABC / Edemilson dos Santos da Silva ; orientador, Altair Olivo Santin." reponame:Biblioteca Digital de Teses e Dissertações da PUC_PR, 2004. http://www.biblioteca.pucpr.br/tede/tde_busca/arquivo.php?codArquivo=280.
Full textAbstract:
Dissertação (mestrado) - Pontifícia Universidade Católica do Paraná, Curitiba, 2004Inclui bibliografia
Este trabalho apresenta uma proposta de extensão ao modelo de restrição do modelo de controle de acesso baseado em papéis (role-based access control - RBAC) para suportar situações críticas respeitando as regras da política de autorização do sistema. As s
23
Gunnarsson, Peter. "Role based access control in a telecommunications operations and maintenance network." Thesis, Linköping University, Department of Computer and Information Science, 2005. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-2875.
Full textAbstract:
Ericsson develops and builds mobile telecommunication networks. These networks consists of a large number of equipment. Each telecommunication company has a staff of administrators appointed to manage respective networks.
In this thesis, we investigate the requirements for an access control model to manage the large number of permissions and equipment in telecommunication networks. Moreover, we show that the existing models do not satisfy the identified requirements. Therefore, we propose a novel RBAC model which is adapted for these conditions.
We also investigate some of the most common used commercial tools for administrating RBAC, and evaluate their effectiveness in coping with our new proposed model. However, we find the existing tools limited, and thereby design and partly implement a RBAC managing system which is better suited to the requirements posed by our new model.
24
Andersson, Jerker. "Rollbaserad åtkomstkontroll med geografisk avgränsning : En systematisk litteraturgenomgång av det befintliga kunskapstillståndet inom ämnesområdet." Thesis, Högskolan Dalarna, Informatik, 2015. http://urn.kb.se/resolve?urn=urn:nbn:se:du-18700.
Full textAbstract:
Rollbaserad åtkomstkontroll är en standardiserad och väl etablerad modell för att hantera åtkomsträttigheter i informationssystem. Den vedertagna ANSI-standarden 359-2004 saknar dock stöd för att geografiskt avgränsa rollbehörigheter. Informationssystem som behandlar geografiska data och de senaste årens ökade spridning av mobila enheter påkallar ett behov av att sådana rumsliga aspekter diskuteras inom kontexten av rollbaserad åtkomstkontroll. Arbetet syftar till att bringa klarhet i hur det befintliga kunskapstillståndet inom ämnesområdet rollbaserad åtkomst kontroll med geografisk avgränsning ser ut, och vilka aspekter hos detta som står i behov av vidare utveckling. Genom de teoretiska referensramar som skapats vid inledande litteraturstudier har en efterföljande systematisk litteraturgenomgång möjliggjorts, där vetenskapligt material selekterats genom fördefinierade urvalskriterier. Sammanställningen och analysen av den systematiska litteraturgenomgångens resultat har i samverkan med de teoretiska referensramarna lett fram till arbetets huvudsakliga kunskapsbidrag: en områdesöversikt där ämnets state-of-the-art presenteras och en strukturerad lista över angelägna forsknings- och utvecklingsbehov inom området.Role-based Access Control is a standardized and well established model in terms of handling access rights. However, the accepted ANSI standard 359-2004 lacks the support of geographically delimiting role authorizations. Information systems handling geographical data together with the increasing use of mobile devices call for a need to discuss such spatial aspects within the context of Role-Based Access Control. This thesis seeks to shed light on the current state of knowledge within the subject area as well as to identify aspects of it that are in need of further development. The theoretical framework conceived by the initial literature review has made the conduction of a systematic literature review possible, and the synthesis and analysis of the data together with the theoretical framework have led to the work’s contributions of knowledge: an overview of the subject where the state-of-the art in the area is presented and a structured list of desirous needs of research and development within the area of study.
25
Wang, Hua. "Access management in electronic commerce system." University of Southern Queensland, Faculty of Sciences, 2004. http://eprints.usq.edu.au/archive/00001522/.
Full textAbstract:
The definition of Electronic commerce is the use of electronic transmission mediums to engage in the exchange, including buying and selling, of products and services requiring transportation, either physically or digitally, from location to location. Electronic commerce systems, including mobile e-commerce, are widely used since 1990. The number of world-wide Internet users tripled between 1993 and 1995 to 60 million, and by 2000 there were 250 million users. More than one hundred countries have Internet access. Electronic commerce, especial mobile e-commerce systems, allows their users to access a large set of traditional (for example, voice communications) and contemporary (for example, e-shop) services without being tethered to one particular physical location. With the increasing use of electronic service systems for security sensitive application (for example, e-shop) that can be expected in the future, the provision of secure services becomes more important. The dynamic mobile environment is incompatible with static security services. Electronic service access across multiple service domains, and the traditional access mechanisms rely on cross-domain authentication using roaming agreements starting home location. Cross-domain authentication involves many complicated authentication activities when the roam path is long. This limits future electronic commerce applications. Normally, there are three participants in an electronic service. These are users, service providers, and services. Some services bind users and service providers as well as services such as flight services; other services do not bind any participants, for instance by using cash in shopping services, everyone can use cash to buy anything in shops. Hence, depending on which parts are bound, there are different kinds of electronic services. However, there is no scheme to provide a solution for all kinds of electronic services. Users have to change service systems if they want to apply different kind of electronic services on the Internet. From the consumer's point of view, users often prefer to have a total solution for all kinds of service problems, some degree of anonymity with no unnecessary cross authentications and a clear statement of account when shopping over the Internet. There are some suggested solutions for electronic service systems, but the solutions are neither total solution for all kinds of services nor have some degree of anonymity with a clear statement of account. In our work, we build a bridge between existing technologies and electronic service theory such as e-payment, security and so on. We aim to provide a foundation for the improvement of technology to aid electronic service application. As validation, several technologies for electronic service system design have been enhanced and improved in this project. To fix the problems mentioned above, we extend our idea to a ticket based access service system. The user in the above electronic service system has to pay when s/he obtains service. S/He can pay by traditional cash (physical cash), check, credit or electronic cash. The best way to pay money for goods or services on the Internet is using electronic cash. Consumers, when shopping over the Internet, often prefer to have a high level of anonymity with important things and a low level with general one. The ideal system needs to provide some degree of anonymity for consumers so that they cannot be traced by banks. There are a number of proposals for electronic cash systems. All of them are either too large to manage or lack flexibility in providing anonymity. Therefore, they are not suitable solutions for electronic payment in the future. We propose a secure, scalable anonymity and practical payment protocol for Internet purchases. The protocol uses electronic cash for payment transactions. In this new protocol, from the viewpoint of banks, consumers can improve anonymity if they are worried about disclosure of their identities. An agent, namely anonymity provider agent provides a higher anonymous certificate and improves the security of the consumers. The agent will certify re-encrypted data after verifying the validity of the content from consumers, but with no private information of the consumers required. With this new method, each consumer can get the required anonymity level. Electronic service systems involve various subsystems such as service systems, payment systems, and management systems. Users and service providers are widely distributed and use heterogeneous catalog systems. They are rapidly increasing in dynamic environments. The management of these service systems will be very complex. Whether systems are successful or not depends on the quality of their management. To simplify the management of e-commerce systems \cite{Sandhu97}, we discuss role based access control management. We define roles and permissions in the subsystems. For example, there are roles TELLER, AUDITOR, MANAGER and permissions teller (account operation), audit operation, managerial decision in a bank system. Permissions are assigned to roles such as permission teller is assigned to role TELLER. People (users) employed in the bank are granted roles to perform associated duties. However, there are conflicts between various roles as well as between various permissions. These conflicts may cause serious security problems with the bank system. For instance, if permissions teller and audit operation are assigned to a role, then a person with this role will have too much privilege to break the security of the bank system. Therefore, the organizing of relationships between users and roles, roles and permissions currently requires further development. Role based access control (RBAC) has been widely used in database management and operating systems. In 1993, the National Institute of Standards and Technology (NIST) developed prototype implementations, sponsored external research, and published formal RBAC models. Since then, many RBAC practical applications have been implemented, because RBAC has many advantages such as reducing administration cost and complexity. However, there are some problems which may arise in RBAC management. One is related to authorization granting process. For example, when a role is granted to a user, this role may conflict with other roles of the user or together with this role; the user may have or derive a high level of authority. Another is related to authorization revocation. For instance, when a role is revoked from a user, the user may still have the role. To solve these problems, we present an authorization granting algorithm, and weak revocation and strong revocation algorithms that are based on relational algebra. The algorithms check conflicts and therefore help allocate the roles and permissions without compromising the security in RBAC. We describe the applications of the new algorithms with an anonymity scalable payment scheme. In summary, this thesis has made the following major contributions in electronic service systems: 1. A ticket based global solution for electronic commerce systems; A ticket based solution is designed for different kinds of e-services. Tickets provide a flexible mechanism and users can check charges at anytime. 2. Untraceable electronic cash system; An untraceable e-cash system is developed, in which the bank involvement in the payment transaction between a user and a receiver is eliminated. Users remain anonymous, unless she/he spends a coin more than once. 3. A self-scalable anonymity electronic payment system; In this payment system, from the viewpoint of banks, consumers can improve anonymity if they are worried about disclosure of their identities. Each consumer can get the required anonymity level. 4. Using RBAC to manage electronic payment system; The basic structure of RBAC is reviewed. The challenge problems in the management of RBAC with electronic payment systems are analysed and how to use RBAC to manage electronic payment system is proposed. 5. The investigation of recovery algorithms for conflicting problems in user-role assignments and permission-role assignments. Formal authorization allocation algorithms for role-based access control have developed. The formal approaches are based on relational structure, and relational algebra and are used to check conflicting problems between roles and between permissions.
26
Subedi, Harendra. "Mathematical Modelling of Delegation in Role Based Access Control." Thesis, KTH, Skolan för informations- och kommunikationsteknik (ICT), 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-222381.
Full textAbstract:
One of the most widespread access control model that assigns permissions to a user is Role Based Access Control (RBAC). The basic idea is to limit the access to resources by using the indirection of roles, which are associated both to users and permissions. There has been research conducted with respect to clarifying RBAC and its components, as well as in creating mathematical models describing different aspects of its administrative issues in RBAC. But, till date no work has been done in terms of formalization (Mathematical Modelling) of delegation and revocation of roles in RBAC. Which provides most important extensions of the policy and provides flexibility in the user to user delegation of roles, especially in the environment where roles are organized in a hierarchy. The process allows a user with a role that is higher in the hierarchy to assign a part of the role to someone who is lower in the hierarchy or at the same level. This can be done for a limited time or permanently. The reverse process is called revocation and it consists of ending different types of delegations. This thesis has found the answer to the following research question i.e. how different mathematical Modelling for delegation and revocation of Roles in RBAC can be performed? This thesis presents different types of delegation and techniques for revocation with a comprehensive mathematical Modelling of both processes. As this can be clearly visible that this thesis objective is to derive a mathematical models for delegation and revocation of roles in RBAC policy, for deriving mathematical models formal method is applied. The mathematical models developed include grant and transfer delegation with and without role hierarchy, time based revocation, user based revocation and cascading revocation. The case scenario of an organization using RBAC is used to illustrate and clarify the mathematical models. The mathematical models presented here can serve as a starting point for developing, implementations of delegation and revocation on top of existing authorization modules based on the RBAC model.
27
Yangui, Rahma. "Modélisation UML/B pour la validation des exigences de sécurité des règles d'exploitation ferroviaires." Thesis, Ecole centrale de Lille, 2016. http://www.theses.fr/2016ECLI0003/document.
Full textAbstract:
La sécurité est un enjeu majeur dans le cycle de développement des systèmes critiques, notamment dans le secteur du transport ferroviaire. Cette thèse vise la modélisation, la vérification et la validation des règles d'exploitation ferroviaires au regard des exigences de sécurité. Ces règles ont pour but de définir les autorisations de déplacement des trains sur des lignes ferroviaires nationales équipées du système européen de gestion du trafic ferroviaire (ERTMS). De manière analogue, on trouve les concepts liés aux autorisations dans la description des politiques de contrôle d'accès des systèmes d'information. Par conséquent, nos contributions portent sur l'adaptation d'une approche UML/B pour le contrôle d'accès des systèmes d'information afin de modéliser et de valider les règles d'exploitation ferroviaires. Dans un premier temps, nous avons adapté le modèle Role Based Access Control (RBAC) sur une étude de cas ferroviaire extraite des règles d'exploitation appliquées sur la ligne à grande vitesse LGV Est-Européenne en France. La plate-forme B4MSecure nous a permis de modéliser ces règles à l'aide d'un profil UML de RBAC inspiré de SecureUML. Ensuite, ces modèles sont transformés en des spécifications B qui ont été enrichies par des propriétés de sécurité ferroviaire et soumises à des activités de vérification et de validation formelles. Aux concepts du modèle RBAC, le modèle Organization Based Access Control (Or-Bac) introduit la notion d'organisation, au centre de ce modèle, et la notion de contexte. Nous avons donc proposé d’utiliser ce modèle en tant qu’extension du modèle RBAC dans l’optique d’une interopérabilité ferroviaire en ERTMSThe safety is a major issue in the development cycle of the critical systems, in particular in the rail transportation sector. This thesis aims at the modeling, the verification and at the validation of the railway operating rules with regard to the safety requirements. These rules intend to define the authorizations of trains movement on national railway lines equipped with the European Rail Traffic Management System (ERTMS). In a similar way, we find the concepts of authorizations in the description of access control policies of information systems. Consequently, our contributions concern the adaptation of an UML/B approach for the access control of information systems to model and validate the railway operating rules. At first, we adapted the Role Based Access Control (RBAC) model on a railway case study extracted from the operating rules applied on the LGV-Est-Européenne line in France. The B4MSecure platform enables the modeling of these rules by means of a UML profile of RBAC inspired by SecureUML. Then, these models are transformed into B specifications. which are enhanced by railway safety properties and formally verified and validated. In addition to the concepts of the RBAC model, the Organization Based Access Control (Or-Bac) model introduces the notion of organization, in the center of this model, and the notion of context. We have therefore proposed to use this model as extension of the RBAC model in the context of railway interoperability in ERTMS
28
Rondinini, Giorgia. "Role-Based Access Control in ambienti cloud multi-region." Bachelor's thesis, Alma Mater Studiorum - Università di Bologna, 2020.
Find full textAbstract:
Negli ultimi anni si è assistito a un incremento dell'uso del cloud, con cambiamenti nel tipo di servizi distribuiti tramite esso e nel tipo di infrastruttura utilizzata per supportare tali servizi. Il comprensibile desiderio di migliorare i servizi offerti, diminuendo però i costi di gestione e manutenzione, sta portando infatti all'utilizzo di infrastrutture cloud eterogenee, spesso distribuite su più aree geografiche. Tale eterogeneità delle infrastrutture rende complicato garantire la sicurezza dei sistemi, in un mondo in cui gli attacchi informatici sono sempre più diffusi ed è sempre più importante impedire ai non autorizzati di accedere a dati e funzioni protette.
Lo scopo di questa tesi è creare un sistema di controllo degli accessi basato sui ruoli, o RBAC, atto a operare in modo distribuito in un ambiente cloud multi-region. Nei primi capitoli della tesi è descritto l'ambito in cui si è svolta la progettazione del sistema, ovvero il cloud computing e la sua sicurezza. Nel Capitolo 4 si trova una descrizione generale del sistema di gestione degli accessi creato. Successivamente sono stati spiegati gli strumenti utilizzati per la realizzazione del sistema e come esso sia stato creato. Negli ultimi capitoli sono poi riportati i test effettuati per valutare il sistema creato e i loro risultati.
29
Bouriche, Khalid. "Gestion de l'incertitude et codage des politiques de sécurité dans les systèmes de contrôle d'accès." Thesis, Artois, 2013. http://www.theses.fr/2013ARTO0406/document.
Full textAbstract:
La présente thèse s'intéresse à coder la politique de sécurité SELinux en OrBAC et à proposer une extension de ce modèle. Nous avons commencé par présenter l'état de l'art des différents modèles de contrôles d'accès présents dans la littérature en mettant en exergue les limites de chacun de ces modèles. Ensuite nous avons présenté le modèle OrBAC comme étant une extension du modèle RBAC, car d'une part il a apporté la notion de contexte et d'organisation et d'autre part il permet d'exprimer, en plus des permissions, des interdictions et des obligations. Ensuite, nous avons présenté la solution de sécurité SELinux qui utilise un ensemble de modèles de contrôle d'accès comme DAC, RBAC et MAC. Nous avons recensé plusieurs centaines, voire des milliers, de règles dans la politique de sécurité SELinux, ces règles peuvent concerner des décisions d'accès ou des décisions de transition. Nous avons ensuite pu coder lesdites règles en modèle OrBAC, et ce en passant par le remplissage ses tables d'entité, pour ensuite les transformer en relations OrBAC. Notre thèse a aussi rappelé les fondements de la logique possibiliste, et a ensuite apportée une amélioration importante du modèle OrBAC, il s'agit de l'introduction de l'entité priorité au niveau de chaque relation du modèle OrBAC. L'entité priorité quantifie la certitude pour qu'une entité concrète soit injectée dans l'entité abstraite correspondante, ou en cas général, le degré de certitude pour qu'une relation soit réalisée. Nous avons proposé trois modes de combinaison (pessimiste, optimiste et avancé) qui peuvent être adoptés pour déterminer la valeur de la priorité de chaque relation concrète à partir des priorités des relations abstraites correspondantes. Enfin, nous avons implémenté, via une application développé par DELPHI, le codage des règles concernant les décisions d'accès de la politique de sécurité SELinux, en modèle OrBAC tout en introduisant la notion de prioritéThis thesis focuses on encoding default-based SELinux security policy in OrBAC and propose an extension of this model. We presented the state of the art of different models of access controls present in the literature underlining the limitations of each of these models. Then we presented the model OrBAC as an extension of the RBAC model, firstly because he brought the notion of context and organization and secondly it allows expressing, in addition to permissions, prohibitions and obligation. Then we presented the SELinux security solution that uses a set of access control models such as DAC, RBAC and MAC. We identified several hundreds or even thousands of rules in SELinux security policy, these rules may be access decisions or decisions of transition. We could then encode these rules in OrBAC model, and via filling its tables of entities, then transform relations OrBAC. Our thesis also reviewed the foundations of possibilistic logic, and then made an important enlargement in OrBAC model; it's to introduce an entity called "priority" in each relationship model OrBAC. The entity "priority" quantifies the certainty for concrete entity injection into the corresponding abstract entity, in general, it's meaning the degree of certainty that a relationship is performed. We proposed three modes of combination (pessimistic, optimistic and advanced) that can be adopted to determine the concrete relations priority value from priorities values of each corresponding abstract relationship. Finally, we implement, via an application developed by DELPHI, coding access decisions rules of the SELinux policy in OrBAC model introducing the priority entity
30
Namli, Tuncay. "Security, Privacy, Identity And Patient Consent Management Across Healthcare Enterprises Inintegrated Healthcare Enterprises (ihe) Cross Enterprise Document Sharing (xds) Affinity Domain." Master's thesis, METU, 2007. http://etd.lib.metu.edu.tr/upload/12608463/index.pdf.
Full textAbstract:
Integrated Healthcare Enterprise (IHE) is an initiative by industry and healthcare professionals to improve knowledge sharing and interoperability between healthcare related enterprises. IHE publishes Integration Profiles on several Healthcare Fields to define how systems can use existing standards and technologies to execute a specific use case in healthcare. Cross Enterprise Document Sharing (XDS) is such a profile which defines the way of sharing Electronic Health Records (EHR) between healthcare enterprises. In this thesis, IHE Cross Enterprise User Authentication, IHE Node Authentication and Audit Trail, IHE Basic Patient Privacy Consent profiles are implemented based on the IHE XDSimplementation by National Institute of Standards, USA. Furthermore, some of the unspecified issues related with these profiles are clarified and new techniques are offered for their implementations. One of the contribution of the thesis is to use OASIS Extensible Access Control Markup Language (XACML) to define patient consent policies and manage access control. Other technologies and standards that are used in the implementation are as followsOASIS Security Assertion Markup Language (SAML), XML Signature, Mutual Transport Layer Security (TLS), RFC 3195 Reliable Delivery for Syslog, RFC 3881 Security Audit and Access Accountability Message XML Data Definitions.
31
Poe, Gary A. "Privacy in Database Designs: A Role Based Approach." Scholar Commons, 2007. https://scholarcommons.usf.edu/etd/454.
Full textAbstract:
Privacy concerns have always been present in every society. The introduction of information technology information has enabled a reduction in the cost of gathering information, management of that information and the permitted that same information to become increasingly portable. Coupled with these reductions of cost has been an increase in the demand for information as well as the concern that privacy expectations be respected and enforced through security systems that safeguard access to private-type data. Security systems enforce privacy expectations. Unfortunately there is no consensus on a definition of privacy making the specification of security often over broad and resulting in the loss of critical functionality in the systems produced. This research expands the understanding of privacy by proposing a replicable type-based taxonomy of privacy that is grounded in philosophy and law. This type-based system is applied to a Role Based Access Control System to specify and control access to data in a in a hospital setting as a proof of concept.
32
Boström, Erik. "Refined Access Control in a Distributed Environment." Thesis, Linköping University, Department of Electrical Engineering, 2002. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-1020.
Full textAbstract:
In the area of computer network security, standardization work has been conducted for several years. However, the sub area of access control and authorization has so far been left out of major standardizing.
This thesis explores the ongoing standardization for access control and authorization. In addition, areas and techniques supporting access control are investigated. Access control in its basic forms is described to point out the building blocks that always have to be considered when an access policy is formulated. For readers previously unfamiliar with network security a number of basic concepts are presented. An overview of access control in public networks introduces new conditions and points out standards related to access control. None of the found standards fulfills all of our requirements at current date. The overview includes a comparison between competing products, which meet most of the stated conditions.
In parallel with this report a prototype was developed. The purpose of the prototype was to depict how access control could be administered and to show the critical steps in formulating an access policy.
33
Pooda, Herman. "Évaluation et comparaison des modèles de contrôle d'accès." Mémoire, Université de Sherbrooke, 2015. http://hdl.handle.net/11143/8157.
Full textAbstract:
La protection des données et de la vie privée des personnes est devenue aujourd’hui
un enjeu majeur pour les entreprises et les organisations gouvernementales qui collectent
et entreposent les données à caractère personnel. L’adoption d’une politique de sécurité
est un impératif. Plusieurs modèles de contrôle d’accès sont proposés dans la littérature
pour guider les utilisateurs dans la mise en oeuvre de leurs politiques de sécurité.
Chacun de ces modèles a ses forces et faiblesses. Les systèmes de contrôle d’accès mis
en place s’érigent souvent en de véritables obstacles, rendant inefficace le travail de
leurs utilisateurs. Il convient de mieux connaître les modèles de contrôles d’accès avant
de les implémenter. Ce mémoire présente une étude complète des modèles de contrôle
d’accès RBAC, XACML et SGAC, en dégageant les enjeux auxquels les utilisateurs
devront s’attendre en adoptant ces modèles. RBAC et XACML ont été normalisés
respectivement par ANSI et OASIS et sont actuellement les modèles dominants dans
l’industrie et dans le monde de la recherche. SGAC est un modèle proposé à la suite
d’une étude, pour implémenter le contrôle d’accès aux dossiers médicaux au profit
du réseau de santé de Sherbrooke. Les récentes études ont montré que c’est dans
le domaine de la santé que les violations de la vie privée sont plus fréquentes. Le
mémoire présente aussi les principales exigences d’un système de contrôle d’accès dans
le domaine de la santé. Sur la base des exigences identifiées, il propose une évaluation
des modèles de contrôle d’accès étudiés, et fournit une comparaison de ces modèles.
34
El, Houri Marwa. "Un modèle formel pour exprimer des politiques dynamiques pour contrôle d'accès et négociation dans un environnement distribué." Phd thesis, Université Paul Sabatier - Toulouse III, 2010. http://tel.archives-ouvertes.fr/tel-00492317.
Full textAbstract:
L'objectif principal de cette thèse est de définir un langage logique de haut niveau qui permet l'expression de politiques de sécurité complexes au sein d'un modèle de contrôle d'accès. Le développement de ce langage se fait en trois temps. Dans un premier temps nous présentons un modèle dynamique basé sur les rôles. Ainsi, nous considérons que l'évolution de l'état de sécurité d'un service dépend de l'exécution de ses fonctionnalités. Dans un deuxième temps nous définissons un formalisme basé sur les attributs qui offre plus de flexibilité en termes de spécifications des conditions de contrôle d'accès, et ajoutons la notion de workflow qui permet de modéliser le comportement d'un service. Dans un dernier temps, nous ajoutons un mécanisme de négociation qui permet à chaque service de définir sa propre politique d'échange avec les autres services dans l'environnement. La conception d'un tel cadre logique unifié facilite l'analyse de sûreté des politiques de sécurité puisque tous les facteurs qui influencent les décisions de contrôle d'accès sont pris en compte dans le même cadre. Ainsi le second objectif de cette thèse est d'étudier d'une part les principales propriétés de contrôle d'accès tels la délégation et la séparation des tâches et d'autre part les propriétés de sécurité pour la communication entre les différents services au niveau de la négociation.
35
Frausto, Bernal Paul Axayacatl. "ICARE-S2 : Infrastructure de confiance sur des architectures de réseaux pour les services de signature évoluée." Phd thesis, Télécom ParisTech, 2004. http://pastel.archives-ouvertes.fr/pastel-00000924.
Full textAbstract:
Actuellement, de plus en plus d'ordinateurs sont interconnectés à l'Internet ou à des réseaux locaux. Il est donc indispensable de partager et de protéger l'information de façon performante. Pour accélérer et favoriser le développement de nouvelles applications et services autour des transactions électroniques, la sécurité devient une priorité. L'infrastructure de gestion de clés (IGC) est une réponse conçue pour assurer la sécurité des transactions électroniques et permettre l'échange de renseignements sensibles entre des parties qui n'ont pas établi au préalable de liens. La signature électronique est un service de base des IGC qui permet l'authentification, la confidentialité, l'intégrité et la non-répudiation de la transaction électronique. Elle devient une composante fondamentale des transactions sécurisées. Elle pourra bientôt se substituer légalement à la signature écrite. Dans ce contexte, notre objectif est de contribuer au développement et à la création de nouveaux e-services nécessaires à la croissance des transactions électroniques: la certification de rôles associés à la signature (pour connaître les privilèges du signataire aux moyens de la définition d'un rôle), l'habilitation et la délégation de signature (pour que quelqu'un puisse donner l'autorisation à quelqu'un d'autre d'exercer un pouvoir à sa place et donner l'autorisation de transférer ce pouvoir à un tiers), la signature électronique contrôlée (pour indiquer qui peut signer un document et contrôler la séquence et les priorités des signatures) et enfin les métadonnées de droits d'accès (pour définir les droits d'accès à un document indépendamment du système d'exploitation utilisé). Une infrastructure de confiance est nécessaire pour prendre en compte ces e-services. Nous proposons l'infrastructure ICARE-S2 (Infrastructure de Confiance sur des Architectures de RésEaux pour les Services de Signature évoluée ) basée sur les principes associés à l'infrastructure de gestion de privilèges et l'infrastructure de gestion de clés, un certificat d'attribut encodé en XML supporté par cette architecture, ainsi que la spécification de ces différents e-services utilisant ce type de certificat. Concrètement, l'infrastructure ICARE-S2 propose un système couvrant les principales fonctions de sécurité nécessaires à un processus transactionnel. De l'authentification et la gestion des droits des utilisateurs et des composants, en passant par le chiffrement des informations, et la gestion de l'intégrité des messages par le biais de certificats électroniques. Une partie de ces travaux a été financée par le projet RNRT ICARE.
36
Katcharian, Hope. "Risk-Based Corrective Action (RBCA) at petroleum contaminated sites : the rationale for RBCA and natural attenuation." Thesis, Springfield, Va. : Available from National Technical Information Service, 1997. http://handle.dtic.mil/100.2/ADA339431.
Full text
37
Kauermann, Richard [Verfasser]. "Sinterformen von reaktionsgebundenem Aluminiumoxid (RBAO) / Richard Kauermann." Aachen : Shaker, 2007. http://d-nb.info/116651238X/34.
Full text
38
Motta, Gustavo Henrique Matos Bezerra. "Um modelo de autorização contextual para o controle de acesso ao prontuário eletrônico do paciente em ambientes abertos e distribuídos." Universidade de São Paulo, 2004. http://www.teses.usp.br/teses/disponiveis/3/3142/tde-05042004-152226/.
Full textAbstract:
Os recentes avanços nas tecnologias de comunicação e computação viabilizaram o pronto acesso às informações do prontuário eletrônico do paciente (PEP). O potencial de difusão de informações clínicas resultante suscita preocupações acerca da priva-cidade do paciente e da confidencialidade de seus dados. As normas presentes na legislação dispõem que o conteúdo do prontuário deve ser sigiloso, não cabendo o acesso a ele sem a prévia autorização do paciente, salvo quando necessário para be-neficiá-lo. Este trabalho propõe o MACA, um modelo de autorização contextual para o controle de acesso baseado em papéis (CABP) que contempla requisitos de limita-ção de acesso ao PEP em ambientes abertos e distribuídos. O CABP regula o acesso dos usuários ao PEP com base nas funções (papéis) que eles exercem numa organi-zação. Uma autorização contextual usa informações ambientais disponíveis durante o acesso para decidir se um usuário tem o direito e a necessidade de acessar um re-curso do PEP. Isso confere ao MACA flexibilidade e poder expressivo para estabele-cer políticas de acesso ao PEP e políticas administrativas para o CABP que se adap-tam à diversidade ambiental e cultural das organizações de saúde. O MACA ainda permite que os componentes do PEP utilizem o CABP de forma transparente para o usuário final, tornando-o mais fácil de usar quando comparado a outros modelos de CABP. A arquitetura onde a implementação do MACA foi integrada adota o serviço de diretórios LDAP (Lightweight Directory Access Protocol), a linguagem de pro-gramação Java e os padrões CORBA Security Service e Resource Access Decision Fa-cility. Com esses padrões abertos e distribuídos, os componentes heterogêneos do PEP podem solicitar serviços de autenticação de usuário e de autorização de acesso de modo unificado e coerente a partir de múltiplas plataformas. A implementação do MACA ainda tem a vantagem de ser um software livre, de basear-se em componen-tes de software sem custos de licenciamento e de apresentar bom desempenho para as demandas de acesso estimadas. Por fim, a utilização rotineira do MACA no con-trole de acesso ao PEP do InCor-HC.FMUSP, por cerca de 2000 usuários, evidenciam a exeqüibilidade do modelo, da sua implementação e da sua aplicação prática em casos reais.The recent advances in computing and communication technologies allowed ready access to the electronic patient record (EPR) information. High availability of clinical information raises concerns about patients privacy and data confidentiality of their data. The legal regulation mandates the confidentiality of EPR contents. Everyone has to be authorized by the patients to access their EPR, except when this access is necessary to provide care on their behalf. This work proposes MACA, a contextual authorization model for the role-based access control (RBAC) that considers the ac-cess restrictions requirements for the EPR in open and distributed environments. RBAC regulates users access to EPR based on organizational functions (roles). Con-textual authorizations use environmental information available at access time, like user/patient relationship, in order to decide whether a user is allowed to access an EPR resource. This gives flexibility and expressive power to MACA, allowing one to establish access policies for the EPR and administrative policies for the RBAC that considers the environmental and cultural diversity of healthcare organizations. MACA also allows EPR components to use RBAC transparently, making it more user friendly when compared with other RBAC models. The implementation of MACA architecture uses the LDAP (Lightweight Directory Access Protocol) directory server, the Java programming language and the standards CORBA Security Service and Re-source Access Decision Facility. Thus, heterogeneous EPR components can request user authentication and access authorization services in a unified and coherent way across multiple platforms. MACA implementation complies with free software pol-icy. It is based on software components without licensing costs and it offers good performance for the estimated access demand. Finally, the daily use of MACA to control the access of about 2000 users to the EPR at InCor-HC.FMUSP shows the feasibility of the model, of its implementation and the effectiveness of its practical application on real cases.
39
Báča, Petr. "RBC model - aplikace na ČR." Master's thesis, Vysoká škola ekonomická v Praze, 2009. http://www.nusl.cz/ntk/nusl-76667.
Full textAbstract:
The diploma thesis deals with the basic Real Business Cycle (RBC) model. RBC theory provides pure supply-side explanation of economic fluctuations. Generaly acknowledged contribution of RBC theory is the fact that the model is developed strictly on microeconomic basis. The thesis consists of two basic parts, theoretical and practical. First, historical background of RBC theory is mentioned. Then the basic RBC model is step-by-step derived and all equations are provided with explanations. In the last theoretical part section RBC theory critisism is discussed. In the practical part the derived basic model is applied to the Czech economy. First certain properties of the Czech business cycles are examined. Then, the basic model is calibrated, simulated and the results are commented.
40
Simões, David João Apolinário. "Endowing NoSQL DBMS with SQL features through call level interfaces." Master's thesis, Universidade de Aveiro, 2015. http://hdl.handle.net/10773/18592.
Full textAbstract:
Mestrado em Engenharia de Computadores e TelemáticaOs arquitetos de software usam ferramentas, tais como Call Level Interfaces (CLI), para guardar, atualizar e retirar dados de Sistemas de Gestão de Bases de Dados (SGBD). Estas ferramentas estão desenhadas para efetuarem a junção entre os paradigmas de Base de Dados Relacional e da Programação Orientada a Objetos e fornecem funcionalidades padrão para interagir com SGBD. No entanto, a emergência do paradigma NoSQL, e particularmente de novos fornecedores de SGBD NoSQL, leva a situações onde algumas das funcionalidades padrão fornecidas por CLI não são suportadas. Isto deve-se normalmente à distância entre o modelo SQL e NoSQL, ou devido a restrições de design. Assim, quando um arquiteto de sistema precisa de evoluir, nomeadamente de um SGBD relacional para um SGBD NoSQL, tem de ultrapassar as dificuldades que emergem por existirem funcionalidades não suportadas pelo SGBD NoSQL. Não só isso, mas as CLI costumam ignorar políticas de controlo de acesso estabelecidas e, portanto, programadores de aplicações têm de dominar as ditas políticas de maneira a desenvolverem software em concordância com elas. Escolher o SGBD NoSQL errado pode levar a problemas de grandes dimensões quando as aplicações pedem funcionalidades não suportadas ou a que não têm acesso. Esta tese foca-se em implementar funcionalidades que não são comummente suportadas por SGBD NoSQL, tais como Stored Procedures, Transações, Save Points e interações com estruturas de memória local, através de uma framework baseada numa CLI padrão. O modelo de implementação de funcionalidades é definido por módulos da nossa framework, e permite a criação de sistemas distribuídos e tolerantes a falhas, que simulam as funcionalidades anteriormente referidas e abstraem as funcionalidades da base de dados subjacente de clientes. Também temos como objetivo integrar a nossa framework com trabalho anterior, a S-DRACA, uma arquitetura dinâmica e segura de controlo de acesso para aplicações relacionais, onde as permissões são definidas como sequências de expressões create, read, update e delete. Com esta integração, conseguimos fornecer Role-Based Access Control e outras funcionalidades de segurança a qualquer tipo de SGBD. Desenvolvemos várias formas de utilizar cada componente (localmente ou distribuído) e a framework está construída de forma modular, o que permite aos vários componentes serem utilizados individualmente ou em grupo, assim como permite o acrescento de funcionalidades ou SGBD adicionais por administradores de sistema que queiram adaptar a framework às suas necessidades particulares.
To store, update and retrieve data from database management systems (DBMS), software architects use tools, like call level interfaces (CLI), which provide standard functionality to interact with DBMS. These tools are designed to bring together the relational database and object-oriented programming paradigms, but the emergence of the NoSQL paradigm, and particularly new NoSQL DBMS providers, leads to situations where some of the standard functionality provided by CLI are not supported, very often due to their distance from the relational model or due to design constraints. As such, when a system architect needs to evolve, namely from a relational DBMS to a NoSQL DBMS, he must overcome the difficulties conveyed by the features not provided by the NoSQL DBMS. Not only that, but CLI usually forsake applied access control policies. As such, application developers must master the established policies as a means to develop software that is conformant with them. Choosing the wrong NoSQL DBMS risks major issues with applications requesting non-supported features and with unauthorized accesses. This thesis focuses on deploying features that are not so commonly supported by NoSQL DBMS, such as Stored Procedures, Transactions, Save Points and interactions with local memory structures, through a framework based in a standard CLI. The feature implementation model is defined by modules of our framework, and allows for distributed and fault-tolerant systems to be deployed, which simulate the previously mentioned features and abstract the underlying database features from clients. It is also our goal to integrate our framework with previous work, S-DRACA, a dynamic secure access control architecture for relational applications, where permissions are defined as a sequence of create, read, update and delete expressions. With the integration, we can provide dynamic Role-Based Access Control and other security features to any kind of DBMS. We developed several ways of using each component (locally or distributed) and the framework is built in a modular fashion, which allows several components to be used individually or together, as well as extra features or DBMS to be added by system administrators that wish to adapt the framework to their particular needs.
41
Law, Boon-Chuan. "UNCERTAINTY ANALYSIS FOR ROCKET-BASED COMBINED CYCLE (RBCC) SYSTEMS TESTING." MSSTATE, 2003. http://sun.library.msstate.edu/ETD-db/theses/available/etd-07152003-174339/.
Full textAbstract:
General uncertainty analysis was used to evaluate the performance of a Rocket-Based Combined Cycle (RBCC) engine system. To estimate the uncertainties of test results, uncertainties of basic measurements such as temperature, pressure, mass flow rate, and thrust were determined. The desired test results of interest included specific impulse and characteristic velocity. Various possible test facilities were reviewed to obtain background information and example test run conditions. Based on the test run conditions, five methods of determining specific impulse were evaluated. Also, theoretical and actual characteristic velocities were analyzed to evaluate C* efficiency. Initially, general uncertainty analyses were completed relative to 1% accuracy for each measured variable. Then, cases were run using more realistic uncertainty estimates. The relative contributions of the different variables? uncertainties to the overall uncertainty of the selected performance parameters were also calculated. This process helps to identify the critical measurements from an uncertainty standpoint and can be a significant guide in the cost effective use of resources to reduce the test uncertainty.
42
Modebe, Emmanuel Obinna. "Extended Cr-51 RBC combined with Tc-99m RBC for the detection and localisation of occult GIT bleeding." Thesis, Stellenbosch : Stellenbosch University, 2014. http://hdl.handle.net/10019.1/86509.
Full textAbstract:
Thesis (MMed)--Stellenbosch University, 2014.ENGLISH ABSTRACT: Background Occult blood loss from the gastrointestinal tract (GIT), causing iron deficiency often with anaemia, can be diagnostically and therapeutically challenging. This is because the endoscopic and radiologic tests may be negative due to the slow, chronic and intermittent nature of the gastrointestinal bleeding, making timing key in detection and localisation of the bleed. These limitations can be approached using two different radioactive isotopes. Firstly, we tested the sensitivity of extending Cr-51 RBC for 21 days relative to 5 days to detect GIT bleeding and its use to optimise timing of a Tc-99m RBC study for GIT blood loss localisation. Finally, we tested if the information provided by the Tc-99m RBC study aided gastroenterologic intervention for anatomical localisation of a lesion. Method In this retrospective review, after obtaining institutional and ethics committee approval, records of patients referred for evaluation of possible GIT blood loss were reviewed. In each; daily appearance of radiochromium in stool was measured in the whole body counter. In those cases exceeding 50 ml/day, a technetium-99m (Tc-99m) localization study was performed. These studies were correlated with clinical findings. Results A total of 59 Cr-51 RBC studies were carried out in 36 females and 21 males (n = 57). In 32 (54%) the radiochromium results were positive with 75% of the bleeding incidences occurring after 5 days of stool collection. Of 17 cases in whom Tc-99m RBC imaging studies were performed, 14 (82%) were positive with specific anatomical sites successfully defined in twelve. In all patients with blood loss of >100 ml/24h, Tc-99m RBC were positive and localised. Ten of the 17 Tc-99m RBC studies were further investigated and half diagnosed with small-bowel angiodysplasia. Conclusion This sequential twin isotope method is practical in revealing otherwise silent intestinal haemorrhage. Although it has good patient acceptability and clinical as well as diagnostic utility in management, further studies are required to clearly establish a cut-off level of blood loss for performing imaging studies and the impact of the findings on the overall patient management.
AFRIKAANSE OPSOMMING: Agtergrond Die evaluasie van okkulte bloedverlies uit die gastro-intestinale kanaal (GIT), met gevolglike ystertekort anemie, kan diagnosties en terapeuties uitdagend wees. Dit is omdat endoskopiese en radiologiese ondersoeke negatief mag wees as gevolg van die stadige, chroniese en intermitterende aard van die gastro-intestinale bloeding, wat die presiese tydstip van opsporing en lokalisering van die bloeding krities belangrik maak. Hierdie beperkings kan aangespreek word deur twee verskillende radioaktiewe isotope te gebruik. Eerstens is die sensitiwiteit van die verlenging van die Cr-51 RBS studie tot 21 dae in plaas van 5 dae om die GIT bloeding op te spoor, getoets, asook die gebruik daarvan om die optimale tyd vir ‘n Tc-99m RBS studie om die GIT bloedverlies te lokaliseer, vas te stel. Laastens is getoets of die inligting van die Tc-99m RBS studie wel bygedra het tot die gastroenterologiese ingreep om die letsel anatomies te lokaliseer. Metode Na institusionele en etiese komitee toestemming is inligting van pasiënte wat vir die evaluering van ‘n moontlike GI bloedverlies verwys is, in hierdie retrospektiewe oorsig nagegaan. Die daaglikse voorkoms van radioaktiewe chroom in stoelgangmonsters is in ‘n heelliggaamteller gemeet. In gevalle waar dit 50 ml/dag oorskry het, is ‘n tegnesium 99m (Tc 99m) studie gedoen. Hierdie studies is met die kliniese bevindinge gekorreleer. Resultate ‘n Totaal van 59 Cr-51 RBS studies is in 36 vroue en 21 mans (n = 57) gedoen. Die gemerkte chroomstudies was positief in 32 (54%), met 75% van die bloedings wat meer as 5 dae na versameling van die stoelgang plaasgevind het. In veertien (82%) van die 17 gevalle waar Tc-99m RBS studies gedoen is, was die studies positief. Spesifieke anatomiese gebiede van bloeding kon in 12 hiervan suksesvol bevestig word. Tc-99m RBS studies was positief in al die pasiënte met ‘n bloedverlies van >100 ml/24h, en kon gelokaliseer word. Tien van die 17 Tc-99m RBS studies is verder ondersoek en die helfte daarvan gediagnoseer met dunderm angiodisplasie. Gevolgtrekking Die opeenvolgende twee isotoopmetode om andersins asimptomatiese dermbloeding op te spoor, is prakties uitvoerbaar. Alhoewel die studies goed deur pasiënte aanvaar is, en ook van kliniese en diagnostiese waarde in die hantering van die pasiënte is, is verdere studies nodig om die afsnypunt vir die hoeveelheid bloedverlies om beeldingstudies uit te voer, sonder twyfel vas te stel, asook om die impak van die bevindings op ‘n groter pasiëntpopulasie vas te stel.
43
Lee, Chang Hee. "The competitive effects of RBOC interLATA entry on local telephone markets." Columbus, Ohio : Ohio State University, 2004. http://rave.ohiolink.edu/etdc/view?acc%5Fnum=osu1078943781.
Full textAbstract:
Thesis (Ph. D.)--Ohio State University, 2004.Title from first page of PDF file. Document formatted into pages; contains xiii, 274 p.; also includes graphics (some col). Includes abstract and vita. Advisor: Douglas N. Jones, Dept. of Public Policy and Management. Includes bibliographical references (p. 275-317).
44
Carneiro, Dias André Eduardo. "Study of RBC shape transitions induced by nanoparticles." Doctoral thesis, Universitat Rovira i Virgili, 2019. http://hdl.handle.net/10803/668080.
Full textAbstract:
Aquesta tesi descriu l'estudi de les propietats del medi extracel·lular sobre la criopreservació de glòbuls vermells i la possible aplicació de nanopartícules de sílice com a co-agents per al lliurament intracel·lular de trehalosa, un crioprotector natural. La primera part de l™estudi es va centrar en les condicions de congelació i descongelació i en les propietats del medi extracel·lular per a la congelació. Es van analitzar diferents propietats segons la seva influència en la taxa de supervivència dels glòbuls vermells, que es va avaluar mitjançant l™assaig d™hemòlisi i es va analitzar l™efecte de la congelació mitjançant anàlisi morfològica d™imatges de glòbuls vermells. La segona part de l'estudi investiga la interacció de nanopartícules de sílice carregades de manera diferent amb els glòbuls vermells per a futures aplicacions com a co-agent per al lliurament de la trehalosa. La toxicitat de les nanopartícules de sílice es va determinar mitjançant un assaig d™hemòlisi i la seva distribució espacial es va estudiar mitjançant l™examen de glòbuls vermells que flotaven lliurement mitjançant microscòpia confocal d™escaneig làser (LSCM). Es va desenvolupar un nou mètode de visualització 3D de gran rendiment i aplicat a les imatges LSCM per tal de corregir la deriva al llarg de la z-stack permetent l'anàlisi de les imatges. Els resultats es van confirmar interactuant les nanopartícules de sílice amb vesícules gegants unilamellars (GUV) com a sistema experimental.Esta tesis describe el estudio de las propiedades del medio extracelular en la crioconservación de los glóbulos rojos y la posible aplicación de nanopartículas de sílice como coagentes para la entrega intracelular de trehalose, un crioprotector natural. La primera parte del estudio se centró en las condiciones de congelación y descongelación, y en las propiedades del medio extracelular para la congelación. Se analizaron diferentes propiedades de acuerdo con su influencia en la tasa de supervivencia de los glóbulos rojos, según se evaluó mediante el ensayo de hemólisis, y se analizó el efecto de la congelación mediante el análisis morfológico de las imágenes de los glóbulos rojos. La segunda parte del estudio investiga la interacción de nanopartículas de sílice, cargadas de manera diferente, con glóbulos rojos para su futura aplicación como coagente para la entrega de trehalose. La toxicidad de la nanopartícula de sílice se determinó mediante un ensayo de hemólisis y su distribución espacial se estudió mediante la obtención de imágenes de los glóbulos rojos que flotan libremente usando microscopía confocal (LSCM). Se desarrolló un nuevo método de visualización 3D de alto rendimiento que se aplicó a las imágenes LSCM para corregir la deriva en toda la pila z permitiendo el análisis de las imágenes. Los resultados se confirmaron mediante la interacción de las nanopartículas de sílice con vesículas unilamelares gigantes (GUV) como un sistema de modelo experimental.
This thesis describes the study of the properties of extracellular medium on the cryopreservation of red blood cells and the potential application of silica nanoparticles as co-agents for the intracellular delivery of trehalose, a natural cryoprotectant. The first part of the study focused on the freezing and thawing conditions, and on the properties of the extracellular medium for freezing. Different properties were analyzed according to their influence on the survival rate of red blood cells as assessed by hemolysis assay and the effect of freezing was analyzed by morphological analysis of images of red blood cells. The second part of the study investigates the interaction of differently charged silica nanoparticles with red blood cells for future application as co-agent for trehalose delivery. Silica nanoparticle toxicity was determined by hemolysis assay and their spatial distribution was studied by imaging freely floating red blood cells using laser scanning confocal microscopy (LSCM). A novel high-throughput 3D visualization method was developed and applied to LSCM images in order to correct the drift throughout the z-stack allowing the analysis of the images. Results were confirmed by interacting the silica nanoparticles with giant unilamellar vesicles (GUV) as an experimental model system.
45
Mendes, William Corrêa. "ARQUITETURA BASEADA EM ONTOLOGIAS DE UM AGENTE RBC." Universidade Federal do Maranhão, 2013. http://tedebc.ufma.br:8080/jspui/handle/tede/506.
Full textAbstract:
Made available in DSpace on 2016-08-17T14:53:25Z (GMT). No. of bitstreams: 1
dissertacao William.pdf: 3403982 bytes, checksum: cac96344d66257744889562ee1b77235 (MD5)
Previous issue date: 2013-11-04Case-Based Reasoning (CBR) is a problem-solving paradigm where it is possible to use knowledge from past experiences to solve new situations. The CBR agent approach that combines agent autonomy with the problem-solving model of CBR has been proven adequate for the development of complex systems. This paper proposes the architecture of a CBR agent whose main differential is the use of ontologies for representing the case base along with all the mechanisms that make up a CBR system. The proposed architecture besides promoting the reuse of the case ontology, unifies the software agent approach with CBR, a typical paradigm of human reasoning. All the CBR mechanisms are present in the proposed architecture: case representation, similarity analysis for cases retrieval, adaptation and cases learning, where the last two mechanisms are still being specified. The architecture was evaluated in the Brazilian Family Law legal domain. For that, a targeted ontology for the representation CBR cases of this area was created. The results obtained in the tests showed good effectiveness in retrieving similar cases and showing the feasibility of the architecture using the semantic model of similarity for retrieval of CBR cases.
O Raciocínio Baseado em Casos (RBC) é um paradigma de resolução de problemas no qual é possível utilizar conhecimentos de experiências passadas para resolver novas situações. A abordagem de agentes RBC que combina a autonomia dos agentes e o modelo de resolução de problemas do RBC tem se mostrado adequada para o desenvolvimento de sistemas complexos. Este trabalho propõe a arquitetura de um agente RBC cujo principal diferencial é utilizar ontologias para representar a base de casos junto com todos os mecanismos que compõem um sistema RBC. A arquitetura proposta, além de promover o reúso da ontologia de representação dos casos, unifica as abordagens de agentes de software e RBC, um paradigma de raciocínio típico dos seres humanos. Estão presentes na arquitetura os mecanismos de representação dos casos, análise de similaridade para recuperação de casos, adaptação e aprendizado de casos, estes dois últimos ainda em fase de especificação. A arquitetura foi avaliada no domínio jurídico do Direito de Família brasileiro, sendo que para isso foi criada uma ontologia, representando casos RBC nesta área. Os resultados obtidos nos testes realizados demonstraram uma boa efetividade na recuperação de casos similares e a consequente viabilidade do uso da arquitetura com o modelo de similaridade semântico utilizado para recuperação de casos RBC.
46
Almeida, Sara Cristina Cantarino Valente de. "An RBC model with a rich fiscal sector." Master's thesis, NSBE - UNL, 2013. http://hdl.handle.net/10362/9698.
Full textAbstract:
A Work Project, presented as part of the requirements for the Award of a Masters Degree in Economics from the NOVA – School of Business and EconomicsContributing to the general understanding of fiscal policy e ectiveness, this study consists in the reformulation and estimation of the DSGE model developed in Azevedo and Ercolani (2012), to measure the potential relations between the private sector and the consumption and investment components of government expenditures. The estimation results show that public consumption and capital have both a substitutability e ect on private factors. For the study of the dynamic e ects, the model is augmented with strict fiscal rules, whose imposition creates a "crowding-out" e ect of the simulated fiscal policy shocks on government consumption and investment.
47
Morrow, Carl. "Phylogenetic investigations of the African Restionaceae using rbc." Thesis, University of Cape Town, 2017. http://hdl.handle.net/11427/26316.
Full text
48
Beppler, Fabiano Duarte. "Emprego de RBC para recuperação inteligente de informações." Florianópolis, SC, 2002. http://repositorio.ufsc.br/xmlui/handle/123456789/82898.
Full textAbstract:
Dissertação (mestrado) - Universidade Federal de Santa Catarina, Centro Tecnológico. Programa de Pós-Graduação em Engenharia de Produção.Made available in DSpace on 2012-10-19T19:18:05Z (GMT). No. of bitstreams: 1 189259.pdf: 2369619 bytes, checksum: 6081c39e99c22484b1465b896722ff2a (MD5)
A dimensão do volume de informações disponíveis na Internet e as taxas diárias de crescimento tornam cada vez mais presentes mecanismos eficientes e eficazes de recuperação de informações. A maioria dos métodos pesquisados e aplicados tem por base o tratamento das informações disponíveis nos repositórios associados aos sites. Nesta abordagem, um elemento de conhecimento é normalmente negligenciado: a memória das interações efetuadas pelos usuários que utilizaram o site previamente a um usuário atual. A construção desta memória viabiliza o emprego de interações de busca do passado na apresentação de informações desejadas no momento das consultas. A presente dissertação propõe a construção da memória das buscas aos sites na forma de casos de consulta e a aplicação de Raciocínio Baseado em Casos para utilização destas interações passadas como subsídio em novos processos de consulta. O método proposto deu origem à ferramenta RBNet. Para demonstração de sua viabilidade, RBNet foi aplicada ao site de busca do "Diretório dos Grupos de Pesquisa no Brasil", projeto do Conselho Nacional de Desenvolvimento Científico e Tecnológico (CNPq). RBNet permite que usuários interessados em grupos de pesquisa possam encontrar rapidamente o que desejam, quando se valem das interações semelhantes registradas na base de casos do RBNet.
49
Simm, Robert. "Enhanced biological phosphorus removal using a sequencing batch RBC." Thesis, University of British Columbia, 1988. http://hdl.handle.net/2429/28517.
Full textAbstract:
The objective of the research program was to demonstrate the technical feasibility of removing phosphorus, by the enhanced biological phosphorus removal mechanism, from domestic wastewater using a laboratory scale Sequencing Batch Rotating Biological Contactor (SBRBC). The rotating discs of the RBC were subjected to alternating anaerobic/aerobic conditions by varying the water level in the reaction vessel. At the start of the treatment cycle, the RBC reactor would be filled submerging the rotating discs and ensuring anaerobic conditions in the RBC biofilm. Acetate would be added to the reaction vessel at this time. Following the batch anaerobic react period part of the reactor contents were decanted to either the sewage feed tank or a separate holding vessel to later become part of the influent for the next treatment cycle. With the rotating: discs of the-RBC partially submerged oxygen was available to the bacteria, in the RBC biofilm.
Three operating schedules were tried with the above process. Each operating schedule
differed in the way the decanted wastewater from the anaerobic phase was handled.
Batch tests were conducted weekly to determine the nature of the biological reactions
taking place in each of the batch anaerobic and aerobic phases.
The SBRBC process showed promise for enhanced biological phosphorus removal from domestic wastewater. Carbon removal and nitrification of the wastewater were secondary benefits to this process. The success of the process was found to be dependent on the attainment of proper anaerobic conditions at the start of each treatment cycle.Applied Science, Faculty of
Civil Engineering, Department of
Graduate
50
Tapon, Njamo Julien Serge. "Olive wastewater bioremediation using a rotating biological contactor (RBC)." Thesis, Cape Peninsula University of Technology, 2012. http://hdl.handle.net/20.500.11838/2023.
Full textAbstract:
Thesis (MTech (Food Technology))--Cape Peninsula University of Technology, 2012.The expansion of the South African olive processing industry has brought an increased threat to the environment. More production activities lead to more wastewater generation that requires more costly treatment. Regulatory bodies concerned with the release of effluents into the environment are imposing evermore-restrictive guidelines. With this information in mind, the South African olive industry is facing a significant challenge of maintaining economic competitiveness while becoming more environmentally benign. To begin addressing this challenge, the olive processing industry must develop and implement new, more effective, tailored treatment technologies to remediate olive wastewater prior to its release into the environment. In this study, the use of indigenous olive wastewater biofilms in combination with a rotating biological contactor (RBC) was investigated for possible bioremediation purposes. The development of microbial biofilms resulted in the breakdown of the hazardous chemical compounds present in the olive wastewater, i.e. reducing the chemical oxygen demand (COD) and polyphenol content. Results showed that indigenous microorganisms within table olive and olive mill wastewater have a strong tendency to form biofilms. Furthermore, when these biofilms are applied to a small-scale RBC system, significant lower levels of both COD (on average 55% for table olive wastewater (TOWW) and 46% for olive mill wastewater (OMWW) and total phenol (on average 51% for TOWW and 39% for OMWW) were obtained. Results from shocking the biofilms with chemicals routinely used during olive processing indicates that most have a negative effect on the biofilm population, but that the biofilms are able to survive and recover in a relatively short time. This study confirms the potential application of indigenous biofilms found in olive wastewater streams for future bioremediation technologies that form the basis for the development of an eco-friendly, easy-to-manage, low cost technologies specifically designed for the small South African olive processing industry.