Attributes Enhanced Role-Based Access Control Model

Abstract. Attribute-based access control (ABAC) and role-based access control (RBAC) are currently the two most popular access con-trol models. Yet, they both have known limitations and offer features complimentary to each other. Due to this fact, integration of RBAC and ABAC has recently emerged as an important area of research. In this paper, we propose an access control model that combines the two mod-els in a novel way in order to unify their benefits. Our approach provides a fine-grained access control mechanism that not only takes contextual information into account while making the access control decisions but is also suitable for applications where access to resources is controlled by exploiting contents of the resources in the policy

HUC-HISF: A Hybrid Intelligent Security Framework for Human-centric Ubiquitous Computing

制度:新 ; 報告番号:乙2336号 ; 学位の種類:博士(人間科学) ; 授与年月日:2012/1/18 ; 早大学位記番号:新584

Controle de acesso em bancos de dados geograficos

Orientador : Claudia Maria Bauzer MedeirosDissertação (mestrado) - Universidade Estadual de Campinas, Instituto de ComputaçãoResumo: O problema de controle de acesso em bancos de dados consiste em determinar quando (e se) usuários ou aplicações podem acessar os dados armazenados, e que tipo de acesso é permitido. A maioria das soluções existentes está voltada a dados relacionais para aplicações comerciais. O objetivo desta dissertação é estudar este problema para bancos de dados geográficos, onde as restrições impostas ao acesso são acrescidas de fatores inerentes à localização no espaço. As principais contribuições desta pesquisa são: (a) levantamento de requisitos para controle de acesso em bancos de dados geográficos; (b) definição de um modelo de autorização baseado em caracterização espacial; (c) discussão detalhada dos aspectos de implementação deste modelo; (d) proposta de adaptação e aplicação do mecanismo para uma aplicação real na área de gerenciamento de aplicações de telefonia, o Sistema SAGREAbstractMestradoMestre em Ciência da Computaçã

Access control in multiversion geographic databases

Orientador: Claudia Maria Bauzer MedeirosDissertação (mestrado) - Universidade Estadual de Campinas, Instituto de ComputaçãoResumo: Aplicações geográficas estão cada vez mais influenciando todas nossas atividades diárias. Seu desenvolvimento exige, via de regra, trabalho em equipe de múltiplos perfis de especialistas, com diferentes visões e direitos de acesso aos dados. Em conseqüência, vários mecanismos vêm sendo propostos para controlar autorização a bancos de dados geográficos ou disponibilizar o uso de versões. Estes mecanismos, no entanto, trabalham de forma isolada, priorizando apenas o direito de acesso ou o versionamento flexível. A dissertação aborda esta questão, propondo um modelo unificado de autorização em bancos de dados que ataque os dois problemas em conjunto. O modelo trata da questão de controle de acesso em bancos de dados geográficos, levando-se em consideração a existência de mecanismos de versionamento dos dados armazenados. Este modelo pode, assim, servir como base para trabalho cooperativo e seguro em aplicações que usem Sistemas de Informação Geográficos (SIGs)Abstract: Geographic applications are increasingly influencing our daily activities. Their development requires efforts from multiple teams of experts with different views and authorizations to access data. As a result, several mechanisms have been proposed to control authorization in geographic databases or to provide the use of versions. These mechanisms, however, work in isolation, prioritizing only either data access or versioning systems. This dissertation addresses this issue, by proposing a unified authorization model for databases that faces both problems. The model deals with the access control issue in geographic databases, taking into account the existence of data versioning mechanisms. This model may serve as the basis for cooperative and secure work in applications that use Geographic Information Systems (GIS)MestradoBanco de DadosMestre em Ciência da Computaçã

Content sensitivity based access control model for big data

Big data technologies have seen tremendous growth in recent years. They are being widely used in both industry and academia. In spite of such exponential growth, these technologies lack adequate measures to protect the data from misuse or abuse. Corporations that collect data from multiple sources are at risk of liabilities due to exposure of sensitive information. In the current implementation of Hadoop, only file level access control is feasible. Providing users, the ability to access data based on attributes in a dataset or based on their role is complicated due to the sheer volume and multiple formats (structured, unstructured and semi-structured) of data. In this dissertation an access control framework, which enforces access control policies dynamically based on the sensitivity of the data is proposed. This framework enforces access control policies by harnessing the data context, usage patterns and information sensitivity. Information sensitivity changes over time with the addition and removal of datasets, which can lead to modifications in the access control decisions and the proposed framework accommodates these changes. The proposed framework is automated to a large extent and requires minimal user intervention. The experimental results show that the proposed framework is capable of enforcing access control policies on non-multimedia datasets with minimal overhea

An Access Control Model for Video Database Systems

A novel approach for modeling access control in video databases is presented. The proposed access control mechanism uses both the semantics and the structural composition of video data. The unit of authorization, a video element, can either be a sequence of video frames or a video object that appears as part of a frame, e.g., the face of an anonymous person in an interview. The components of the access control model are the video elements, the potential users, and the mode of operation, e.g., viewing, or editing. Video elements are specied either explicitly by their identiers or implicitly by their semantic contents, while users are characterized by the user credentials. An algorithm is presented that determines the authorized portions of a video that a given user may acquire, given the user's credentials, the video content descriptions, and the type of requested video operations. The description of the implementation of a prototype MPEG-2 based video database system with access control are also presented. 1

Access Control In Geographic Databases

The problem of access control in databases consists of determining when (and if) users or applications can access stored data, and what kind of access they are allowed. This paper discusses this problem for geographic databases, where constraints imposed on access control management must consider the spatial location context. The model and solution provided are motivated by problems found in AM/FM applications developed in the management of telephone infrastructure in Brazil, in a real life situation. © Springer-Verlag Berlin Heidelberg 2006.4231 LNCS110119Ashby, V., Jajodia, S., Smith, G., Wisseman, S., Wichers, D., (1996) Trusted Database Management Systems - Interpretation of the Trusted Computer System Evaluation Criteria, , [AJS+96]. Technical Report 001-005, National Computer Security Center. 75 pagesBelussi, A., Bertino, E., Catania, B., Damiani, M., Nucita, A., An authorization model for geographical maps (2004) Proc. 14th ACM GIS, pp. 82-91. , [BBC+04], novemberBertino, E., Bonatti, P., Ferrari, E., TRBAC: Temporal role-based access control model (2001) ACM Transactions on Information and System Security, 4 (3), pp. 191-223. , [BBF01]Bertino, E., Catania, B., Damiani, M., Perlasca, P., GEO-RBAC: A spatially aware RBAC (2005) Proc, 10th ACM Symposium on Access Control, pp. 29-37. , [BCDP05]JuneBertino, E., Castano, S., Ferrari, E., Mesiti, M., Specifying and enforcing access control policies for XML document sources (2000) World Wide Web, 3 (3), pp. 139-151. , [BCFM00]Baraani-Dastjerdi, A., Pieprzyk, J., Safavi-Naini, R., (1996) Security in Databases: A Survey Study, , http://citeseer.nj.nec.com/baraani-dastjerdi96security.html, [BDPSN96]. February: 1-39Bertino, E., Hammad, M.A., Aref, W.G., Elmagarmid, A.K., An access control model for video database systems (2000) CIKM, pp. 336-343. , [BHAE00]Bertino, E., Jajodia, S., Samarati, P., Database security - Research and practice (1995) Information Systems, 20 (7), pp. 537-556. , [BJS95]Bell, D.E., La Padula, L.J., (1976) Secure Computer Systems: Unified Exposition and Multics Interpretation, , [BP76]. Technical report, The Mitre CorpClementini, E., Di Felice, P., Van Oosterom, P., A small set of formal topological relationships suitable for end-user interaction (1993) Proceedings of the 3rd Symposium Spatial Database Systems, pp. 277-295. , [CdFvO93]Ferraiolo, D., Kuhn, R., Role-based access control (1992) Proceedings of 15th National Computer Security Conference, , [FK92]Griffiths, P.G., Wade, B., An authorization mechanism for a relational dabase system (1976) ACM TODS, 1 (3), pp. 243-255. , [GW76]Magalhaes, G.C., Telecommunications outside plant management throughout Brazil (1997) Proc GITA 1997, , [Mag97]Park, J., Sandhu, R., Ahn, G., Role-based access control on the web (2001) ACM Transactions on Information and System Security, 4 (1), pp. 37-71. , [PSA01]http://www.cpqdusa.com/solutions/outside.html, [Sag] Sagre, accessed on April 2006Sasaoka, L.K., (2002) Access Control in Geographic Databases, , [Sas02]. Master's thesis, Universidade Estadual de Campinas, June. In PortugueseYe, W., Heidemann, J., Estrin, D., Medium access control with coordinated adaptive sleeping for wireless sensor networks (2004) IEEE/ACM Transactions on Networking, 12 (3), pp. 493-506. , [WHE04