35 research outputs found
Common Representation of Information Flows for Dynamic Coalitions
We propose a formal foundation for reasoning about access control policies
within a Dynamic Coalition, defining an abstraction over existing access
control models and providing mechanisms for translation of those models into
information-flow domain. The abstracted information-flow domain model, called a
Common Representation, can then be used for defining a way to control the
evolution of Dynamic Coalitions with respect to information flow
Context-Based Access for Infrequent Requests in Tanzania\u27s Health Care System
Access control is an important aspect of any information system. It is a way of ensuring that users can only access what they are authorised to and no more. This can be achieved by granting users access to resources based on pre-defined organisational and legislative rules. Although access control has been extensively studied, and as a result, a wide range of access control models, mechanisms and systems have been proposed, specific access control requirements for healthcare systems that needs to support the continuity of care in an accountable manner have not been addressed. This results in a gap between what is required by the application domain and what is actually practised, and thus access control solutions implemented for the domain become too restrictive. The continuity of care is defined as the delivery of seamless health care services to patients through integration, coordination and sharing of information between providers. This thesis, therefore, designs a context-based access control model that allows healthcare professionals to bypass access rules in an accountable manner in case of an infrequent access request involving an emergency situation. This research uses the Tanzania\u27s healthcare system as a case study domain
A Novel Cyberspace-Oriented Access Control Model
With the developments of mobile communication, networks and information technology, many new information service patterns and dissemination modes emerge with some security and privacy threats in access control, i.e., the ownership of data is separated from the administration of them, secondary/mutiple information distribution etc. Existing access control models, which are always proposed for some specific scenarios, are hardly to achieve fine-grained and adaptive access control. In this paper, we propose a novel Cyberspace-oriented Access Control model, termed as CoAC, which avoids the aforementioned threats by comprehensively considering some vital factors, such as the access requesting entity, general tense, access point, resource, device, networks, internet-based interactive graph and chain of resource transmission. By appropriately adjusting these factors, CoAC covers most of typical access control models and fulfills the requirements of new information service patterns and dissemination modes. We also present the administrative model of our proposed CoAC model and formally describe the administrative functions and methods used in the administrative model by utilizing Z-notation. Our CoAC is flexible and scalable, it can be further refined and expanded to figure out new opportunities and challenges in the upcoming access control techniques
Estabelecimento de redes de comunidades sobreponíveis
Doutoramento em Engenharia InformáticaUma das áreas de investigação em Telecomunicações de interesse crescente
prende-se com os futuros sistemas de comunicações móveis de 4a geração
e além destes. Nos últimos anos tem sido desenvolvido o conceito de redes
comunitárias, no qual os utilizadores se agregam de acordo com interesses
comuns. Estes conceitos têm sido explorados de uma forma horizontal em
diferentes camadas da comunicação, desde as redes comunitárias de comunicação
(Seattle Wireless ou Personal Telco, p.ex.) até às redes de interesses
peer-to-peer. No entanto, estas redes são usualmente vistas como redes de
overlay, ou simplesmente redes de associação livre. Na prática, a noção de
uma rede auto-organizada, completamente orientada ao serviço/comunidade,
integralmente suportada em termos de arquitetura, não existe. Assim este
trabalho apresenta uma realização original nesta área de criação de redes
comunitárias, com uma arquitetura subjacente orientada a serviço, e que suporta
integralmente múltiplas redes comunitárias no mesmo dispositivo, com
todas as características de segurança, confiança e disponibilização de serviço
necessárias neste tipo de cenários (um nó pode pertencer simultaneamente
a mais do que uma rede comunitária). Devido à sua importância para
os sistemas de redes comunitárias, foi dado particular atenção a aspetos de
gestão de recursos e controlo de acessos. Ambos realizados de uma forma
descentralizada e considerando mecanismos dotados de grande escalabilidade.
Para isso, é apresentada uma linguagem de políticas que suporta a
criação de comunidades virtuais. Esta linguagem não é apenas utilizada para
o mapeamento da estrutura social dos membros da comunidade, como para,
gerir dispositivos, recursos e serviços detidos pelos membros, de uma forma
controlada e distribuída.One of the research areas with increasing interest in the field of telecommunications,
are the ones related to future telecommunication systems, both 4th
generation and beyond. In parallel, during the last years, several concepts
have been developed related to clustering of users according to their interested,
in the form of community networks. Solutions proposed for these concepts
tackle the challenges horizontally, for each layer of the communication
stack, ranging from community based communication networks (e.g. Seattle
Wireless, or Personal Telco), to interest networks based on peer-to-peer protocols.
However, these networks are presented either as free joining, or overlay
networks. In practice, the notion of a self-organized, service and community
oriented network, with these principles embedded in its design principles, is
yet to be developed. This work presents an novel instantiation of a solution in
the area of community networks, with a underlying architecture which is fully
service oriented, and envisions the support for multiple community networks
in the same device. Considerations regarding security, trust and service availability
for this type of environments are also taken. Due to the importance of
resource management and access control, in the context of community driven
communication networks, a special focus was given to the support of scalable
and decentralized management and access control methods. For this
purpose, it is presented a policy language which supports the creation and
management of virtual communities. The language is not only used for mapping
the social structure of the community members, but also to, following
a distributed approach, manage devices, resources and services owned by
each community member
Self-Protecting Access Control: On Mitigating Privacy Violations with Fault Tolerance
Self-protecting access control mechanisms can be described as an approach to enforcing security in a manner that automatically protects against violations of access control rules. In this chapter, we present a comparative analysis of standard Cryptographic Access Control (CAC) schemes in relation to privacy enforcement on the Web. We postulate that to mitigate privacy violations, self-protecting CAC mechanisms need to be supported by fault-tolerance. As an example of how one might to do this, we present two solutions that are inspired by the autonomic computing paradigm1. Our solutions are centered on how CAC schemes can be extended to protect against privacy violations that might arise from key updates and collusion attacks
Context-aware access control in ubiquitous computing (CRAAC)
Ubiquitous computing (UbiComp) envisions a new computing environment, where computing devices and related technology are widespread (i.e. everywhere) and services are provided at anytime. The technology is embedded discreetly in the environment to raise users' awareness. UbiComp environments support the proliferation of heterogeneous devices such as embedded computing devices, personal digital assistants (PDAs), wearable computers, mobile phones, laptops, office desktops (PCs), and hardware sensors. These devices may be interconnected by common networks (e.g. wired, wireless), and may have different levels of capabilities (i.e. computational power, storage, power consumption, etc). They are seamlessly integrated and interoperated to provide smart services (i.e. adaptive services). A UbiComp environment provides smart services to users based on the users' and/or system's current contexts. It provides the services to users unobtrusively and in turn the user's interactions with the environment should be as non-intrusive and as transparent as possible. Access to such smart services and devices must be controlled by an effective access control system that adapts its decisions based on the changes in the surrounding contextual information. This thesis aims at designing an adaptive fine-grained access control solution that seamlessly fits into UbiComp environments. The solution should be flexible in supporting the use of different contextual information and efficient, in terms of access delays, in controlling access to resources with divergent levels of sensitivity. The main contribution of this thesis is the proposal of the Context-Risk-Aware Access Control (CRAAC) model. CRAAC achieves fine-grained access control based upon the risk level in the underlying access environment and/or the sensitivity level of the requested resource object. CRAAC makes new contributions to the access control field, those include 1) introducing the concept of level of assurance based access control, 2) providing a method to convert the contextual attributes values into the corresponding level of assurance, 3) Proposing two methods to aggregate the set of level of assurance into one requester level of assurance, 4) supporting four modes of working each suits a different application context and/or access control requirements, 5) a comprehensive access control architecture that supports the CRAAC four modes of working, and 6) an evaluation of the CRAAC performance at runtime.EThOS - Electronic Theses Online Serviceral Centre and Educational BureauCairo UniversityGBUnited Kingdo
Analysis of the methods for attribute-based access control
Приведён аналитический обзор основных моделей и методов разграничения доступа, начиная от традиционных (DAC, MAC, RBAC) и до последних разработок—многочисленных моделей, реализующих атрибутное разграничение доступа (ABAC). Описана разрабатываемая в настоящее время модель типизированного атрибутного разграничения доступа (ТАРД). Сформулированы требования к методам разграничения доступа, обеспечивающие безопасное совместное использование информационных ресурсов как в локальных, так и в глобальных вычислительных средах. Проанализированы достоинства и недостатки существующих моделей ABAC. Показано, что модели ТАРД отвечают поставленным требованиям универсальности, гибкости, удобства администрирования, способствующим обеспечению безопасности разграничения доступа вне зависимости от типа операционной среды