Two Extensions of Trust Management Languages, Journal of Telecommunications and Information Technology, 2020, nr 1

This article is focused on the family of role-based trust management languages (RT). Trust management languages are a useful method of representing security credentials and policies in large distributed access control mechanisms. They provide sets of credentials that are assigned to individual roles performed by the specific entities. These credentials provide relevant information about security policies issued by trusted authorities and define user permissions. RT languages describe the individual entities and the roles that these entities play in a given environment. A set of credentials representing a given security policy defines which entity has the necessary rights to access a specific resource and which entity does not have such rights. This study presents the results of research focusing on the potential of the family of RT languages. Its purpose is to show how security policies may be applied more widely by applying an inference system, and then using the extensions of the credentials, by taking into account time-related information or the conditions imposed with regard to the validity of such credentials. Each of these extensions can be used jointly or separately, offering even a wider range of opportunitie

USING BLOCKCHAIN TO BUILD DECENTRALIZED ACCESS CONTROL IN A PEER-TO-PEER E-LEARNING PLATFORM

In the context of E-learning platforms, the amount of research focusing on access control is proliferating. However, research related to the decentralized access control in this field is scarce. To improve such area of research, an innovative model of decentralized access control used to protect the collaborative peer-to-peer E-learning platform has been proposed. In this model, the integrity, authenticity, non-repudiation and traceability of E-learning resources are ensured by using Blockchain platform. Also, RESTful web service and Go/Java programming language will be used as tools to implement this model. A key metric is measured to evaluate the proposed model: average response time. To increase the accuracy, some experiments (144) have been carried out. The same experiment is conducted in two comparatively different network environment: Local Area Network (LAN) and Cloud Web Service (such as Amazon Web Service). LAN running environment represents the optimal condition while Cloud environment stands for the actual condition in the real world. When the number of clients in my proposed E-learning platform is relatively small (consisting of one to thirty concurrent clients interacting with E-learning resources), the average response time in the LAN environment is much faster (nearly 1.5 times) than that in Cloud environment. Nevertheless, when the number of clients is on a large scale, the difference of average response time between this two environment becomes insignificant. Besides, adding servers in both environments can increase the horizontal scalability. Furthermore, adding servers in Cloud environment can boost the system performance dramatically. However, extending the delay could have an impact on the system performance but negligible

Controle de acesso em bancos de dados geograficos

Orientador : Claudia Maria Bauzer MedeirosDissertação (mestrado) - Universidade Estadual de Campinas, Instituto de ComputaçãoResumo: O problema de controle de acesso em bancos de dados consiste em determinar quando (e se) usuários ou aplicações podem acessar os dados armazenados, e que tipo de acesso é permitido. A maioria das soluções existentes está voltada a dados relacionais para aplicações comerciais. O objetivo desta dissertação é estudar este problema para bancos de dados geográficos, onde as restrições impostas ao acesso são acrescidas de fatores inerentes à localização no espaço. As principais contribuições desta pesquisa são: (a) levantamento de requisitos para controle de acesso em bancos de dados geográficos; (b) definição de um modelo de autorização baseado em caracterização espacial; (c) discussão detalhada dos aspectos de implementação deste modelo; (d) proposta de adaptação e aplicação do mecanismo para uma aplicação real na área de gerenciamento de aplicações de telefonia, o Sistema SAGREAbstractMestradoMestre em Ciência da Computaçã

Context Sensitive Access Control Model TI for Business Processes

Kontrola pristupa odnosno autorizacija, u širem smislu, razmatra na koji način korisnici mogu pristupiti resursima računarskog sistema i na koji način ih koristiti. Ova disertacija se bavi problemima kontrole pristupa u poslovnim sistemima. Tema disertacije je formalna specifkacija modela kontekstno zavisne kontrole pristupa u poslovnim sistemima koji je baziran na RBAC modelu kontrole pristupa. Uvođenjem kontekstno zavisne kontrole pristupa omogućeno je defnisanje složenijih prava pristupa koje u postojećim modelima kontrole pristupa za poslovne sisteme nije bilo moguće realizovati ili bi njihova realizacija bila komplikovana. Dati model primenljiv je u različitim poslovnim sistemima, a podržava defnisanje prava pristupa kako za jednostavne tako i za slo·zene poslovne tokove. Sistem je verifkovan na dva realna poslovna procesa pomoću razvijenog prototipa. Prikazana prototipska implementacija koja ispunjava ciljeve u pogledu funkcionalnosti postavljene pred sistem predstavlja potvrdu praktične vrednosti predloženog modela.Access control is concerned with the way in which users can access to resources in the computer system. This dissertation focuses on problems of access control for business processes. The subject of the dissertation is a formal specification of the RBAC-based context sensitive access control model for business processes. By using a context-sensitive access control it is possible to define more complex access control policies whose implementation in existing access control models for business processes is not possible or is very complicated. The given model is applicable in diferent business systems, and supports the definition of access control policies for both simple and complex business processes. The model's prototype is verified by two case studies on real business processes. The presented prototype implementation represents a proof of the proposed model's practical value

A MAC Policy Framework for Multilevel Relational Databases

We develop a formal framework of MAC policies in multilevel relational databases. We identify the important components of MAC policies and their desirable properties. The framework provides a basis for systematically specifying MAC policies and characterizing their potential mismatches. Based on the framework, we compare and unify the MAC policies and policy components that are proposed in the literature or imposed in existing systems. Our framework could be used to capture and resolve MAC policy mismatches in the trusted interoperation of heterogeneous multilevel relational databases. Keywords--- Inference Channel, Integrity Constraints, Mandatory Access Control, Multilevel Databases, Security Label Semantics, Security Policy I. Introduction Multilevel security is a security model that captures the security requirements of military, government, and commercial organizations that are naturally hierarchical and compartmentalized. In such a model, subjects are assigned clearance levels ..