CRiBAC: Community-centric role interaction based access control model

As one of the most efficient solutions to complex and large-scale problems, multi-agent cooperation has been in the limelight for the past few decades. Recently, many research projects have focused on context-aware cooperation to dynamically provide complex services. As cooperation in the multi-agent systems (MASs) becomes more common, guaranteeing the security of such cooperation takes on even greater importance. However, existing security models do not reflect the agents' unique features, including cooperation and context-awareness. In this paper, we propose a Community-based Role interaction-based Access Control model (CRiBAC) to allow secure cooperation in MASs. To do this, we refine and extend our preliminary RiBAC model, which was proposed earlier to support secure interactions among agents, by introducing a new concept of interaction permission, and then extend it to CRiBAC to support community-based cooperation among agents. We analyze potential problems related to interaction permissions and propose two approaches to address them. We also propose an administration model to facilitate administration of CRiBAC policies. Finally, we present the implementation of a prototype system based on a sample scenario to assess the proposed work and show its feasibility. © 2012 Elsevier Ltd. All rights reserved

Commercial Integrity, Roles And Object-orientation

This thesis presents a study of realizing commercial security, as defined in the Clark and Wilson Model (CW87), using Object-Oriented (O-O) concepts.;Role-based security is implied in the Clark and Wilson model in which specified operations are grouped to compose roles. This approach to protection is suitable for applications involving large numbers of users with overlapping user requirements and/or where there is a large number of objects. It presents a flexible (hence adaptive) means for enforcing differing ranges of security policies. It enforces the principle of least privilege, hence minimizing the risk of Trojan horse attacks.;Consequently, in part, this work focuses on role-based protection, formalizes the role concept and proposes a model for role organization and administration. This model, intended to ease access rights administration, is defined by a set of properties. Algorithms for role administration are presented. These guarantee the properties of the role organization model. Role-based protection is also studied with respect to traditional protection schemes. One aspect of this enquiry focuses on information flow analysis in role-based security systems; the other addresses the realization of mandatory access control using role-based protection. This involves the imposition of acyclic information flows and rules that ensure secrecy. It demonstrates the strength of the role-based protection approach.;A role is a named collection of responsibilities and functions which we term privileges. Execution of one or more privileges of a role facilitates access to information available via the role. Access to information is realized both via user authorization to the role and the role\u27s privilege list. A role exists as a separate entity from the role-holder and/or the role administrator. In determining role organization, role relationships are used based on privilege sharing. This results in an acyclic role graph with roles being nodes and edges being role relationships. These relationships help us infer those privileges of a role that are implicitly defined. Analysis of this model indicates that it can simulate lattice-like models, hierarchical structures and privilege graphs.;Principles from the O-O paradigm are utilized to impose segmented access to object information. This approach uses methods to window an object\u27s interface to facilitate segmented access to object data through different roles, and hence different users. By defining these methods to suit the intended functionality and associating them with specific roles, we in effect distribute the object interface to different roles and users. An object model is proposed as the basis of O-O executions. Further, in order to impose the well-formed transaction (WFTs) requirement, a transaction model is proposed that imposes transactional properties on method executions. By use of transaction scripts we can design executions to realize desirable outcomes.;Separation of duty is another major requirement in the Clark and Wilson model. It requires object history for its enforcement. Our proposal ensures that objects track their history. Moreover, every execution on an object utilizes the object history to determine access and updates the history with any attempted access. (Abstract shortened by UMI.

Role-Based Access Control for the Open Grid Services Architecture - Data Access and Integration (OGSA-DAI)

Grid has emerged recently as an integration infrastructure for the sharing and coordinated use of diverse resources in dynamic, distributed virtual organizations (VOs). A Data Grid is an architecture for the access, exchange, and sharing of data in the Grid environment. In this dissertation, role-based access control (RBAC) systems for heterogeneous data resources in Data Grid systems are proposed. The Open Grid Services Architecture - Data Access and Integration (OGSA-DAI) is a widely used framework for the integration of heterogeneous data resources in Grid systems. However, in the OGSA-DAI system, access control causes substantial administration overhead for resource providers in VOs because each of them has to manage the authorization information for individual Grid users. Its identity-based access control mechanisms are severely inefficient and too complicated to manage because the direct mapping between users and privileges is transitory. To solve this problem, (1) the Community Authorization Service (CAS), provided by the Globus toolkit, and (2) the Shibboleth, an attribute authorization service, are used to support RBAC in the OGSA-DAI system. The Globus Toolkit is widely used software for building Grid systems. Access control policies need to be specified and managed across multiple VOs. For this purpose, the Core and Hierarchical RBAC profile of the eXtensible Access Control Markup Language (XACML) is used; and for distributed administration of those policies, the Object, Metadata and Artifacts Registry (OMAR) is used. OMAR is based on the e-business eXtensible Markup Language (ebXML) registry specifications developed to achieve interoperable registries and repositories. The RBAC systems allow quick and easy deployments, privacy protection, and the centralized and distributed management of privileges. They support scalable, interoperable and fine-grain access control services; dynamic delegation of rights; and user-role assignments. They also reduce the administration overheads for resource providers because they need to maintain only the mapping information from VO roles to local database roles. Resource providers maintain the ultimate authority over their resources. Moreover, unnecessary mapping and connections can be avoided by denying invalid requests at the VO level. Performance analysis shows that our RBAC systems add only a small overhead to the existing security infrastructure of OGSA-DAI

United Nations Development Assistance Framework for Kenya

The United Nations Development Assistance Framework (2014-2018) for Kenya is an expression of the UN's commitment to support the Kenyan people in their self-articulated development aspirations. This UNDAF has been developed according to the principles of UN Delivering as One (DaO), aimed at ensuring Government ownership, demonstrated through UNDAF's full alignment to Government priorities and planning cycles, as well as internal coherence among UN agencies and programmes operating in Kenya. The UNDAF narrative includes five recommended sections: Introduction and Country Context, UNDAF Results, Resource Estimates, Implementation Arrangements, and Monitoring and Evaluation as well as a Results and Resources Annex. Developed under the leadership of the Government, the UNDAF reflects the efforts of all UN agencies working in Kenya and is shaped by the five UNDG programming principles: Human Rights-based approach, gender equality, environmental sustainability, capacity development, and results based management. The UNDAF working groups have developed a truly broad-based Results Framework, in collaboration with Civil Society, donors and other partners. The UNDAF has four Strategic Results Areas: 1) Transformational Governance encompassing Policy and Institutional Frameworks; Democratic Participation and Human Rights; Devolution and Accountability; and Evidence-based Decision-making, 2) Human Capital Development comprised of Education and Learning; Health, including Water, Sanitation and Hygiene (WASH), Environmental Preservation, Food Availability and Nutrition; Multi-sectoral HIV and AIDS Response; and Social Protection, 3) Inclusive and Sustainable Economic Growth, with Improving the Business Environment; Strengthening Productive Sectors and Trade; and Promoting Job Creation, Skills Development and Improved Working Conditions, and 4) Environmental Sustainability, Land Management and Human Security including Policy and Legal Framework Development; and Peace, Community Security and Resilience. The UNDAF Results Areas are aligned with the three Pillars (Political, Social and Economic) of the Government's Vision 2030 transformational agenda

Labour Administration Reforms in China

[Excerpt] This publication provides an explanation of the comprehensive labour administration system in China, including its recent advances, with emphasis on its public services functions, such as public employment, labour inspection and social insurance services. With the recent improvements to both the legal framework and the institutions of labour administration, it is believed that these public services will play bigger and more active roles in ensuring compliance with legislation and protecting the legitimate rights and interests of employers and workers alike

Realizing women's rights to land and other productive resources

The purpose of this publication is to provide detailed guidance for lawmakers and policymakers, as well as civil society organizations and other stakeholders, to support the adoption and effective implementation of laws, policies and programmes to respect, protect and fulfil women's rights to land and other productive resources. It is based on the results of an expert group meeting held on 25-27 June 2012 in Geneva, Switzerland, during which papers were presented from various sectors and regions. These papers, and the discussions which were informed by them, helped to bring to the surface many of the critical issues facing women today in relation to the enjoyment of their land rights. The publication also incorporates additional case studies submitted by key experts, as well as extensive thematic research