Dissertations / Theses on the topic 'Role based access control (RBAC)'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 dissertations / theses for your research on the topic 'Role based access control (RBAC).'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
Khayat, Etienne J. "Role-based access control (RBAC) : formal modelling and risk-based administration." Thesis, London South Bank University, 2006. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.435233.
Full textSubedi, Harendra. "Mathematical Modelling of Delegation in Role Based Access Control." Thesis, KTH, Skolan för informations- och kommunikationsteknik (ICT), 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-222381.
Full textSingh, Arundhati 1978. "SIREN : a SQL-based implementation of role-based access control (RBAC) for enterprise networks." Thesis, Massachusetts Institute of Technology, 2002. http://hdl.handle.net/1721.1/87870.
Full textIncludes bibliographical references (leaves 69-71).
by Arundhati Singh.
M.Eng.
Falkcrona, Jerry. "Role-based access control and single sign-on for Web services." Thesis, Linköping University, Department of Electrical Engineering, 2008. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-11224.
Full textNowadays, the need for sharing information between different systems in a secure manner is common, not only in the corporate world but also in the military world. This information often resides at different locations, creating a distributed system. In order to share information in a secure manner in a distributed system, credentials are often used to attain authorization.
This thesis examines how such a distributed system for sharing information can be realized, using the technology readily available today. Accounting to the results of this examination a basic system is implemented, after which the overall security of the system is evaluated. The thesis then presents possible extensions and improvements that can be done in future implementations.
The result shows that dynamic roles do not easily integrate with a single sign-on system. Combining the two technologies leads to several synchronization issues, where some are non-trivial to solve.
Manning, Francis Jay. "A Framework for Enforcing Role Based Access Control in Open Source Software." NSUWorks, 2013. http://nsuworks.nova.edu/gscis_etd/228.
Full textRondinini, Giorgia. "Role-Based Access Control in ambienti cloud multi-region." Bachelor's thesis, Alma Mater Studiorum - Università di Bologna, 2020.
Find full textGunnarsson, Peter. "Role based access control in a telecommunications operations and maintenance network." Thesis, Linköping University, Department of Computer and Information Science, 2005. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-2875.
Full textEricsson develops and builds mobile telecommunication networks. These networks consists of a large number of equipment. Each telecommunication company has a staff of administrators appointed to manage respective networks.
In this thesis, we investigate the requirements for an access control model to manage the large number of permissions and equipment in telecommunication networks. Moreover, we show that the existing models do not satisfy the identified requirements. Therefore, we propose a novel RBAC model which is adapted for these conditions.
We also investigate some of the most common used commercial tools for administrating RBAC, and evaluate their effectiveness in coping with our new proposed model. However, we find the existing tools limited, and thereby design and partly implement a RBAC managing system which is better suited to the requirements posed by our new model.
Shi, Wei, and wshi2001@yahoo com au. "An Extended Role-based Access Control Model for Enterprise Systems and Web Services." RMIT University. Computer Science and Information Technology, 2006. http://adt.lib.rmit.edu.au/adt/public/adt-VIT20070122.122429.
Full textPoe, Gary A. "Privacy in Database Designs: A Role Based Approach." Scholar Commons, 2007. https://scholarcommons.usf.edu/etd/454.
Full textWang, Hua. "Access management in electronic commerce system." University of Southern Queensland, Faculty of Sciences, 2004. http://eprints.usq.edu.au/archive/00001522/.
Full textBoström, Erik. "Refined Access Control in a Distributed Environment." Thesis, Linköping University, Department of Electrical Engineering, 2002. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-1020.
Full textIn the area of computer network security, standardization work has been conducted for several years. However, the sub area of access control and authorization has so far been left out of major standardizing.
This thesis explores the ongoing standardization for access control and authorization. In addition, areas and techniques supporting access control are investigated. Access control in its basic forms is described to point out the building blocks that always have to be considered when an access policy is formulated. For readers previously unfamiliar with network security a number of basic concepts are presented. An overview of access control in public networks introduces new conditions and points out standards related to access control. None of the found standards fulfills all of our requirements at current date. The overview includes a comparison between competing products, which meet most of the stated conditions.
In parallel with this report a prototype was developed. The purpose of the prototype was to depict how access control could be administered and to show the critical steps in formulating an access policy.
Motta, Gustavo Henrique Matos Bezerra. "Um modelo de autorização contextual para o controle de acesso ao prontuário eletrônico do paciente em ambientes abertos e distribuídos." Universidade de São Paulo, 2004. http://www.teses.usp.br/teses/disponiveis/3/3142/tde-05042004-152226/.
Full textThe recent advances in computing and communication technologies allowed ready access to the electronic patient record (EPR) information. High availability of clinical information raises concerns about patients privacy and data confidentiality of their data. The legal regulation mandates the confidentiality of EPR contents. Everyone has to be authorized by the patients to access their EPR, except when this access is necessary to provide care on their behalf. This work proposes MACA, a contextual authorization model for the role-based access control (RBAC) that considers the ac-cess restrictions requirements for the EPR in open and distributed environments. RBAC regulates users access to EPR based on organizational functions (roles). Con-textual authorizations use environmental information available at access time, like user/patient relationship, in order to decide whether a user is allowed to access an EPR resource. This gives flexibility and expressive power to MACA, allowing one to establish access policies for the EPR and administrative policies for the RBAC that considers the environmental and cultural diversity of healthcare organizations. MACA also allows EPR components to use RBAC transparently, making it more user friendly when compared with other RBAC models. The implementation of MACA architecture uses the LDAP (Lightweight Directory Access Protocol) directory server, the Java programming language and the standards CORBA Security Service and Re-source Access Decision Facility. Thus, heterogeneous EPR components can request user authentication and access authorization services in a unified and coherent way across multiple platforms. MACA implementation complies with free software pol-icy. It is based on software components without licensing costs and it offers good performance for the estimated access demand. Finally, the daily use of MACA to control the access of about 2000 users to the EPR at InCor-HC.FMUSP shows the feasibility of the model, of its implementation and the effectiveness of its practical application on real cases.
Ashley, Paul. "Security technologies for intranet computing." Thesis, Queensland University of Technology, 1999.
Find full textLandberg, Fredrik. "Flexible role-handling in command and control systems." Thesis, Linköping University, Department of Electrical Engineering, 2006. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-7880.
Full textIn organizations the permissions a member has is not decided by their person, but by their functions within the organization. This is also the approach taken within military command and control systems. Military operations are often characterized by frictions and uncontrollable factors. People being absent when needed are one such problem.
This thesis has examined how roles are handled in three Swedish command and control systems. The result is a model for handling vacant roles with the possibility, in some situations, to override ordinary rules.
Macfie, Alex. "Semantic role-based access control." Thesis, University of Westminster, 2014. https://westminsterresearch.westminster.ac.uk/item/964y2/semantic-role-based-access-control.
Full textBelokosztolszki, András. "Role-based access control policy administration." Thesis, University of Cambridge, 2004. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.615798.
Full textMontrieux, Lionel. "Model-based analysis of role-based access control." Thesis, Open University, 2013. http://oro.open.ac.uk/38672/.
Full textMagnussen, Gaute, and Stig Stavik. "Access Control in Heterogenous Health Care Systems : A comparison of Role Based Access Control Versus Decision Based Access Control." Thesis, Norwegian University of Science and Technology, Department of Computer and Information Science, 2006. http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-9295.
Full textRole based access control (RBAC) is widely used in health care systems today. Some of the biggest systems in use at Norwegian hospitals utilizes role based integration. The basic concept of RBAC is that users are assigned to roles, permissions are assigned to roles and users acquire permissions by being members of roles. An alternative approach to the role based access distribution, is that information should be available only to those who are taking active part in a patients treatment. This approach is called decision based access control (DBAC). While some RBAC implementations grant access to a groups of people by ward, DBAC ensures that access to relevant parts of the patients medical record is given for treatment purposes regardless of which department the health care worker belongs to. Until now the granularity which the legal framework describes has been difficult to follow. The practical approach has been to grant access to entire wards or organizational units in which the patient currently resides. Due to the protection of personal privacy, it is not acceptable that any medical record is available to every clinician at all times. The most important reason to implement DBAC where RBAC exists today, is to get an access control model that is more dynamic. The users should have the access they need to perform their job at all times, but not more access than needed. With RBAC, practice has shown that it is very hard to make dynamic access rules when properties such as time and tasks of an employees work change. This study reveals that pretty much all security measures in the RBAC systems can be overridden by the use of emergency access features. These features are used extensively in everyday work at the hospitals, and thereby creates a security risk. At the same time conformance with the legal framework is not maintained. Two scenarios are simulated in a fictional RBAC and DBAC environment in this report. The results of the simulation show that a complete audit of the logs containing access right enhancements in the RBAC environment is unfeasible at a large hospital, and even checking a few percent of the entries is also a very large job. Changing from RBAC to DBAC would probably affect this situation to the better. Some economical advantages are also pointed out. If a change is made, a considerable amount of time that is used by health care workers to unblock access to information they need in their everyday work will be saved.
Stenbakk, Bjørn-Erik Sæther, and Gunnar René Øie. "Role-Based Information Ranking and Access Control." Thesis, Norwegian University of Science and Technology, Department of Computer and Information Science, 2005. http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-9236.
Full textThis thesis presents a formal role-model based on a combination of approaches towards rolebased access control. This model is used both for access control and information ranking. Purpose: Healthcare information is required by law to be strictly secured. Thus an access control policy is needed, especially when this information is stored in a computer system. Roles, instead of just users, have been used for enforcing access control in computer systems. When a healthcare employee is granted access to information, only the relevant information should be presented by the system, providing better overview and highlighting critical information stored among less important data. The purpose of this thesis is to enable efficiency and quality improvements in healthcare by using IT-solutions that address both access control and information highlighting. Methods: We have developed a formal role model in a previous project. It has been manually tested, and some possible design choices were identified. The project report pointed out that more work was required, in the form of making design choices, implementing a prototype, and extending the model to comply with the Norwegian standard for electronic health records. In preparing this thesis, we reviewed literature about the extensions that we wanted to make to that model. This included deontic logic, delegation and temporal constraints. We made decisions on some of the possible design choices. Some of the topics that were presented in the previous project are also re-introduced in this thesis. The theories are explained through examples, which are later used as a basis for an illustrating scenario. The theory and scenario were used for requirement elicitation for the role-model, and for validating the model. Based on these requirements a formal role-model was developed. To comply with the Norwegian EHR standard the model includes delegation and context based access control. An access control list was also added to allow for patients to limit or deny access to their record information for any individual. To validate the model, we implemented parts of the model in Prolog and tested it with data from the scenario. Results: The test results show rankings for information and controls access to it correctly, thus validating the implemented parts of the model. Other results are a formal model, an executable implementation of parts of the model, recommendations for model design, and the scenario. Conclusions: Using the same role-model for access control and information ranking works, and allows using flexible ways to define policies and information needs.
Qiu, Wei. "Exploring user-to-role delegation in role-based access control." Thesis, University of Ottawa (Canada), 2006. http://hdl.handle.net/10393/27411.
Full textChen, Liang. "Analyzing and developing role-based access control models." Thesis, Royal Holloway, University of London, 2011. http://repository.royalholloway.ac.uk/items/1de9694d-de0f-c437-5a35-82a813abdd1a/10/.
Full textDavuluri, Chowdary Venkata Ram Mohan. "Role-Based Access Control in Collaborative Research Environments." The Ohio State University, 2010. http://rave.ohiolink.edu/etdc/view?acc_num=osu1285036690.
Full textDamasceno, Carlos Diego Nascimento. "Evaluating finite state machine based testing methods on RBAC systems." Universidade de São Paulo, 2016. http://www.teses.usp.br/teses/disponiveis/55/55134/tde-11112016-101158/.
Full textControle de Acesso (CA) é um dos principais pilares da segurança da informação. Em resumo, CA permite assegurar que somente usuários habilitados terão acesso aos recursos de um sistema, e somente o acesso necessário para a realização de uma dada tarefa será disponibilizado. Neste contexto, o controle de acesso baseado em papel (do inglês, Role Based Access Control - RBAC) tem se estabelecido como um dos mais importante paradigmas de controle de acesso. Em uma organização, usuários recebem responsabilidades por meio de cargos e papéis que eles exercem e, em sistemas RBAC, permissões são distribuídas por meio de papéis atribuídos aos usuários. Apesar da aparente simplicidade, enganos podem ocorrer no desenvolvimento de sistemas RBAC e gerar falhas ou até mesmo brechas de segurança. Dessa forma, processos de verificação e validação tornam-se necessários. Teste de CA visa identificar divergências entre a especificação e o comportamento apresentado por um mecanismo de CA. Teste Baseado em Modelos (TBM) é uma variante de teste de software que se baseia em modelos explícitos de especificação para automatizar a geração de casos testes. TBM tem sido aplicado com sucesso no teste funcional, entretanto, ainda existem lacunas de pesquisa no TBM de requisitos não funcionais, tais como controle de acesso, especialmente de critérios de teste. Nesta dissertação de mestrado, dois aspectos do TBM de RBAC são investigados: métodos de geração de teste baseados em Máquinas de Estados Finitos (MEF) para RBAC; e priorização de testes para RBAC. Inicialmente, dois métodos tradicionais de geração de teste, W e HSI, foram comparados ao método de teste mais recente, SPY, em um experimento usando políticas RBAC especificadas como MEFs. As características (número de resets, comprimento médio dos casos de teste e comprimento do conjunto de teste) e a efetividade dos conjuntos de teste gerados por cada método para cinco políticas RBAC foram analisadas. Posteriormente, três métodos de priorização de testes foram comparados usando os conjuntos de teste gerados no experimento anterior. Neste caso, um critério baseado em similaridade RBAC foi proposto e comparado com a priorização aleatória e baseada em similaridade simples. Os resultados obtidos mostraram que o método SPY conseguiu superar os métodos W e HSI no teste de sistemas RBAC. A similaridade RBAC também alcançou uma detecção de defeitos superior.
Rohrer, Felix. "DR BACA: dynamic role based access control for Android." Thesis, Boston University, 2013. https://hdl.handle.net/2144/12203.
Full textAndroid, as an open platform, dominates the booming mobile market. However, its permission mechanism is inflexible and often results in over-privileged applications. This in turn creates severe security issues. Aiming to support the Principle of Least Privilege, we propose a Dynamic Role Based Access Control for Android (DR BACA) model and implement the DR BACA system to address these problems. Our system offers multi-user management on Android mobile devices, comparable to traditional workstations, and provides fine-grained Role Based Access Control (RBAC) to en- hance Android security at both the application and permission level. Moreover, by leveraging context-aware capabilities of mobile devices and Near Field communication (NFC) technology, our solution supports dynamic RBAC that provides more flexible access control while still being able to mitigate some of the most serious security risks on mobile devices. The DR BACA system is highly scalable, suitable for both end- users and large business environments. It simplifies configuration and management of Android devices and can help enterprises to deal with security issues by implementing a uniform security policy. We show that our DR BACA system can be deployed and used with eet:se. With a proper security policy, our evaluation shows that DR BACA can effectively mitigate the security risks posed by both malicious and vulnerable non-malicious applications while incurring only a small overall system overhead.
Kugblenu, Francis M., and Memon Asim. "Separation of Duty in Role Based Access." Thesis, Blekinge Tekniska Högskola, Avdelningen för för interaktion och systemdesign, 2007. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-4662.
Full textManian, Vijay. "Voting enabled role-based access control model for distributed collaboration." [Gainesville, Fla.] : University of Florida, 2005. http://purl.fcla.edu/fcla/etd/UFE0011941.
Full textZhang, Zhixiong. "Scalable role & organization based access control and its administration." Fairfax, VA : George Mason University, 2008. http://hdl.handle.net/1920/3110.
Full textVita: p. 121. Thesis directors: Ravi S. Sandhu, Daniel Menascé. Submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Information Technology. Title from PDF t.p. (viewed July 7, 2008). Includes bibliographical references (p. 113-120). Also issued in print.
Muppavarapu, Vineela. "Semantic and Role-Based Access Control for Data Grid Systems." Wright State University / OhioLINK, 2009. http://rave.ohiolink.edu/etdc/view?acc_num=wright1258569101.
Full textHelal, Mohammad Rahat. "Efficient Isolation Enabled Role-Based Access Control for Database Systems." University of Toledo / OhioLINK, 2017. http://rave.ohiolink.edu/etdc/view?acc_num=toledo1501627843916302.
Full textRhodes, Anthony William. "Distributed information systems security through extended role based access control." Thesis, Queensland University of Technology, 2002.
Find full textAli, Asad. "Enforcing role-based and category-based access control in Java : a hybrid approach." Thesis, King's College London (University of London), 2018. https://kclpure.kcl.ac.uk/portal/en/theses/enforcing-rolebased-and-categorybased-access-control-in-java(fcad2ae5-71e9-4edf-8c49-391344358505).html.
Full textMcDaniel, Christopher R. Tardy Matthew L. "Role-based access control for coalition partners in maritime domain awareness /." Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2005. http://library.nps.navy.mil/uhtbin/hyperion/05Jun%5FMcDaniel.pdf.
Full textHammoudi, Faouzi, and Greg L. Nygard. "Role-based access control for loosely coupled distributed database management systems." Thesis, Monterey, California. Naval Postgraduate School, 2002. http://hdl.handle.net/10945/6058.
Full textMuch of the work to date to apply Role-Based Access Control (RBAC) to database management systems has focused on single database systems or an integrated distributed database system. For situations where the need exists to consolidate multiple independent databases, and where the direct integration of the databases is neither practical nor desirable, the application of RBAC requires that policy be enforced via a method that is distinct from the databases. The method must provide for the verification of the RBAC policy, while allowing for the independence of the various databases on which the policy is enforced. This paper proposes a model for an application that provides for a web-based interface for users to be granted access to data held in various independent databases. The application enforces a strict RBAC policy on a well-defined set of accesses, while alleviating the need for users to have a separate account on each of the databases.
Torabian, Hajaralsadat. "Protecting sensitive data using differential privacy and role-based access control." Master's thesis, Université Laval, 2016. http://hdl.handle.net/20.500.11794/26580.
Full textIn nowadays world where most aspects of modern life are handled and managed by computer systems, privacy has increasingly become a big concern. In addition, data has been massively generated and processed especially over the last two years. The rate at which data is generated on one hand, and the need to efficiently store and analyze it on the other hand, lead people and organizations to outsource their massive amounts of data (namely Big Data) to cloud environments supported by cloud service providers (CSPs). Such environments can perfectly undertake the tasks for storing and analyzing big data since they mainly rely on Hadoop MapReduce framework, which is designed to efficiently handle big data in parallel. Although outsourcing big data into the cloud facilitates data processing and reduces the maintenance cost of local data storage, it raises new problem concerning privacy protection. The question is how one can perform computations on sensitive and big data while still preserving privacy. Therefore, building secure systems for handling and processing such private massive data is crucial. We need mechanisms to protect private data even when the running computation is untrusted. There have been several researches and work focused on finding solutions to the privacy and security issues for data analytics on cloud environments. In this dissertation, we study some existing work to protect the privacy of any individual in a data set, specifically a notion of privacy known as differential privacy. Differential privacy has been proposed to better protect the privacy of data mining over sensitive data, ensuring that the released aggregate result gives almost nothing about whether or not any given individual has been contributed to the data set. Finally, we propose an idea of combining differential privacy with another available privacy preserving method.
Tardy, Matthew L. "Role-based access control for coalition partners in maritime domain awareness." Thesis, Monterey, California. Naval Postgraduate School, 2005. http://hdl.handle.net/10945/1925.
Full textGao, Shu. "An aspect-oriented approach to designing role-based access control services." FIU Digital Commons, 2005. https://digitalcommons.fiu.edu/etd/3626.
Full textBhamidipati, Venkata Ramana Murthy. "Architectures and models for administration of user-role assignment in role based access control." Fairfax, VA : George Mason University, 2008. http://hdl.handle.net/1920/3357.
Full textVita: p. 99. Thesis directors: Ravi Sandhu, Daniel Menascé. Submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Information Technology. Title from PDF t.p. (viewed Jan. 8, 2009). Includes bibliographical references (p. 94-98). Also issued in print.
Pereira, Anil L. "Role-based Access Control for the Open Grid Services Architecture – Data Access and Integration (OGSA-DAI)." Wright State University / OhioLINK, 2007. http://rave.ohiolink.edu/etdc/view?acc_num=wright1176331524.
Full textRegateiro, Diogo José Domingues. "A secure, distributed and dynamic RBAC for relational applications." Master's thesis, Universidade de Aveiro, 2014. http://hdl.handle.net/10773/14045.
Full textNowadays, database application use tools like Java Database Connectivity, Hibernate or ADO.NET to access data stored in databases. These tools are designed to bring together the relational database and object-oriented programming paradigms, forsaking applied access control policies. Hence, the application developers must master the established policies as a means to develop software that is conformant with the established access control policies. Furthermore, there are situations where these policies can evolve dynamically. In these cases it becomes hard to adjust the access control mechanisms. This challenge has led to the development of an extension to the role based access control (RBAC) model where permissions are defined as a sequence of create, read, update and delete (CRUD) expressions that can be executed and the interfaces to access them. From these permissions it's possible to generate security artefacts on the client side, i.e. in a distributed manner, which allows the clients to access the stored data while satisfying the security policies defined. On top of this model extension, a security layer has also been created in order to make the access control secure and obligatory. For the RBAC model extension this work leverages a previous work that created a dynamic access control architecture for relational applications, here referred to as DACA (Dynamic Access Control Architecture). DACA uses business logic information and the defined access control policies to build dynamically the security artefacts for the applications. In situations where the access control policies can evolve dynamically, the security artefacts are adjusted automatically. This base work, however, defines as permissions CRUD expressions, which can be executed in any order, and needs an adequate security layer to authenticate users and protect the system form intruders. Hence, this work aims to create a new architecture, called “S-DRACA” (Secure, Dynamic and Distributed Role-based Access Control Architecture), which extends the work done with DACA so that it is capable of enforcing sequences of CRUD expressions that the applications can execute if the sequences are associated with their roles and the development of a security layer to make it secure. We discuss as well the performance of this system and its applicability to other environments outside of relational databases.
Atualmente, aplicações que acedem a bases de dados utilizam ferramentas como o Java Database Connectivity, Hibernate ou ADO.NET para aceder aos dados nelas armazenados. Estas ferramentas estão desenhadas para unir os paradigmas das bases de dados relacionais e da programação orientada a objetos, mas não estão preocupados com as políticas de controlo de acesso a aplicar. Portanto, os programadores de aplicações têm de dominar as políticas estabelecidas a fim de desenvolver aplicações em conformidade com as políticas de controlo de acesso estabelecidas.. Além disso, existem situações em que as políticas de controlo de acesso podem evoluir dinamicamente. Nestes casos, torna-se difícil adequar os mecanismos de controlo de acesso. Este desafio motivou o desenvolvimento de uma extensão ao modelo de controlo de acesso baseado em papeis (RBAC) que define como permissões sequências de expressões para criar, ler, atualizar e apagar (CRUD) informação e as interfaces de acesso a cada uma delas. A partir destas permissões podem ser gerados artefactos de segurança do lado dos clientes, i.e. de uma forma distribuída, que lhes permitem aceder à informação armazenada na base de dados segundo as políticas definidas. Por cima desta extenção também foi criada uma camada de segurança para tornar o controlo de acesso seguro e obrigatório. Para a extensão do modelo RBAC este trabalho baseou-se num trabalho anterior que criou uma arquitectura dinâmica de controlo de acesso para aplicações de bases de dados relacionais, aqui referida como DACA (Dynamic Access Control Architecture). DACA utiliza informação da lógica de negócio e as políticas de controlo de acesso que foram definidos para criar dinamicamente os artefactos de segurança para as aplicações. Em situações onde as políticas de controle de acesso evoluem de forma dinâmica, os artefactos de segurança são ajustados automaticamente. Este trabalho base, no entanto, define como permissões as expressões CRUD, podendo estas ser executadas em qualquer ordem, e necessita de uma camada de segurança adequada para autenticar utilizadores e proteger os dados sensíveis de intrusos. Portanto, neste trabalho, pretende-se criar uma nova arquitectura, chamada “S-DRACA” (Secure, Dynamic and Distributed Role-based Access Control Architecture), que estende o trabalho feito no âmbito do DACA para que este seja capaz de garantir que sejam cumpridas sequência de expressões CRUD que as aplicações podem executar e que estão associados aos seus papéis nas políticas RBAC e desenvolver uma camada de segurança adequada para a tornar segura. Discutimos, também, o seu desempenho e aplicabilidade em outros ambientes sem ser em bases de dados relacionais.
Khandavilli, Ambica Pawan. "A MOBILE ROLE BASED ACCESS CONTROL SYSTEM USING IDENTITY BASED ENCRYPTION WITH NON-INTERACTIVE ZERO KNOWLEDGE PROOF OF AUTHENTICATION." 2012. http://hdl.handle.net/10222/14604.
Full textZitouni, Toufik. "A Statistically Rigorous Evaluation of the Cascade Bloom Filter for Distributed Access Enforcement in Role-Based Access Control (RBAC) Systems." Thesis, 2010. http://hdl.handle.net/10012/5747.
Full textKomlenovic, Marko. "A Platform for Assessing the Efficiency of Distributed Access Enforcement in Role Based Access Control (RBAC) and its Validation." Thesis, 2011. http://hdl.handle.net/10012/5731.
Full text"Automated Testing for RBAC Policies." Master's thesis, 2014. http://hdl.handle.net/2286/R.I.24933.
Full textDissertation/Thesis
M.S. Computer Science 2014
Biswas, Arnab Kumar. "Securing Multiprocessor Systems-on-Chip." Thesis, 2016. https://etd.iisc.ac.in/handle/2005/2554.
Full textMHRD PhD scholarship
Biswas, Arnab Kumar. "Securing Multiprocessor Systems-on-Chip." Thesis, 2016. http://etd.iisc.ernet.in/handle/2005/2554.
Full textWith Multiprocessor Systems-on-Chips (MPSoCs) pervading our lives, security issues are emerging as a serious problem and attacks against these systems are becoming more critical and sophisticated. We have designed and implemented different hardware based solutions to ensure security of an MPSoC. Security assisting modules can be implemented at different abstraction levels of an MPSoC design. We propose solutions both at circuit level and system level of abstractions. At the VLSI circuit level abstraction, we consider the problem of presence of noise voltage in input signal coming from outside world. This noise voltage disturbs the normal circuit operation inside a chip causing false logic reception. If the disturbance is caused intentionally the security of a chip may be compromised causing glitch/transient attack. We propose an input receiver with hysteresis characteristic that can work at voltage levels between 0.9V and 5V. The circuit can protect the MPSoC from glitch/transient attack. At the system level, we propose solutions targeting Network-on-Chip (NoC) as the on-chip communication medium. We survey the possible attack scenarios on present-day MPSoCs and investigate a new attack scenario, i.e., router attack targeted toward NoC enabled MPSoC. We propose different monitoring-based countermeasures against routing table-based router attack in an MPSoC having multiple Trusted Execution Environments (TEEs). Software attacks, the most common type of attacks, mainly exploit vulnerabilities like buffer overflow. This is possible if proper access control to memory is absent in the system. We propose four hardware based mechanisms to implement Role Based Access Control (RBAC) model in NoC based MPSoC.
Yu, Jin-Shyan, and 余俊賢. "Construction of RBAC-based Web Pages Access Control Mechanism." Thesis, 2002. http://ndltd.ncl.edu.tw/handle/25570522902980781696.
Full text國立交通大學
資訊管理所
90
RBAC (Role-Based Access Control) is an access control model that is most applicable in the organizational context. It is, however, hard to implement the model with popular web-based systems. The main purpose of this thesis is to design a methodology for embedding RBAC implementations into web-based systems. The author has programmed a computer code, called Role Capabilities Access Module (RCAM), as the basic unit to be integrated into web systems. The author uses RCAM in the bottom layer of web sites to achieve page-based access control. In other words, access control in such systems is done on a page-by-page base. As such, two advantages are achieved: (1) Access control is implemented in the most strict sense; (2) Role information about users is retained in log trails, which can be used to support analysis of users’ behavior. Finally, the author has studied two cases─one for an IC design company and the other for an insurance company─to demonstrate the operability of the RCAM code in various application domains.
MAXA, Karel. "Systém správy identit pro malé a střední firmy." Master's thesis, 2014. http://www.nusl.cz/ntk/nusl-180579.
Full text何冠儒. "A Two-Phase Web Services Access Control Mechanism based on RBAC and Reputation Management." Thesis, 2010. http://ndltd.ncl.edu.tw/handle/19962405369233064012.
Full textLiu, Yi-Han, and 劉義漢. "Using RBAC to Design the Access Control Model of XML-Based Electronic Financial Service Portal." Thesis, 2002. http://ndltd.ncl.edu.tw/handle/51047625156187555981.
Full text國立交通大學
資訊管理所
90
Most information systems in enterprises group users into several sets of members and then utilize Discretionary Access Control (DAC) to carry out the enforcement of security policies. Such method could seldom truly satisfy the needs of enterprises, because the information security policies must reflect the privilege setting for organizational functioning. A simple grouping is not sufficient. Aiming at information security management for organizations, including business enterprises, Sandhu introduced a new model, called Role-Based Access Control (RBAC), for defining access control policies. The model is powerful due to its flexibility in assigning access privileges to various roles and grouping users into role hierarchies. Separation of duty--an essential concept from the viewpoint of organizational control--can be described using this model. Though RBAC has been studied for quite a few years and has been recommended as a national standard of the United States, successful implementations of the model usually demand massive modification of working systems. In this thesis, the author presents a new system architecture, which allows the RBAC model to be easily integrated with working information portals. In this architecture, the function of RBAC is detached from business functions of the information portals. Two key system components are defined and programmed: (1) the RBAC server and (2) the XML interface, called XML RBAC (XRBAC). The RBAC server is a place to manage security policies and is a generator to produce information for access control decisions. The information produced is transmitted as an XML document to the portal through the XRBAC. In addition to functioning as the communication intermediary between the portal and the RBAC server, XRBAC follows the workflow and helps the portal record transactional activities in the audit trail. The aforementioned design realizes the separation of the security management function from the application function and, as a result, enables an enterprise to add RBAC to its own information system without modification of the system itself. The author, finally, demonstrates an implementation of the RBAC server and the XRBAC middleware, using a portal offered by Linkway Inc. Linkway developed this portal, called Financial XML over the Internet (XOI), for the banking industry in Taiwan. The experience shows that embedding RBAC into working portals can be done using the architecture introduced in this thesis.
Huang, Tzu-Wei, and 黃賜瑋. "Distributed Task-Role Based Access Control." Thesis, 2004. http://ndltd.ncl.edu.tw/handle/72068048471456468998.
Full text國立成功大學
會計學系碩博士班
92
This research project applies the Task-Role Based Access Control mechanism to a distributed (database) environment. The Task-Role Based Access Control mechanism has a secure trusted computing based component that the traditional RBAC approach falls short of. This secure trusted computing-based component is designed according to secure trusted computing-based algorithm, which ensures the security and integrity of schedule transactions. In order to investigate its practical implications, we will apply the DTRBAC approach to a case study of a multi-national enterprise.