Managing Dynamic User Communities in a Grid of Autonomous Resources

One of the fundamental concepts in Grid computing is the creation of Virtual Organizations (VO's): a set of resource consumers and providers that join forces to solve a common problem. Typical examples of Virtual Organizations include collaborations formed around the Large Hadron Collider (LHC) experiments. To date, Grid computing has been applied on a relatively small scale, linking dozens of users to a dozen resources, and management of these VO's was a largely manual operation. With the advance of large collaboration, linking more than 10000 users with a 1000 sites in 150 counties, a comprehensive, automated management system is required. It should be simple enough not to deter users, while at the same time ensuring local site autonomy. The VO Management Service (VOMS), developed by the EU DataGrid and DataTAG projects[1, 2], is a secured system for managing authorization for users and resources in virtual organizations. It extends the existing Grid Security Infrastructure[3] architecture with embedded VO affiliation assertions that can be independently verified by all VO members and resource providers. Within the EU DataGrid project, Grid services for job submission, file- and database access are being equipped with fine- grained authorization systems that take VO membership into account. These also give resource owners the ability to ensure site security and enforce local access policies. This paper will describe the EU DataGrid security architecture, the VO membership service and the local site enforcement mechanisms Local Centre Authorization Service (LCAS), Local Credential Mapping Service(LCMAPS) and the Java Trust and Authorization Manager.Comment: Talk from the 2003 Computing in High Energy and Nuclear Physics (CHEP03), La Jolla, Ca, USA, March 2003, 7 pages, LaTeX, 5 eps figures. PSN TUBT00

‘Enhanced Encryption and Fine-Grained Authorization for Database Systems

The aim of this research is to enhance fine-grained authorization and encryption so that database systems are equipped with the controls necessary to help enterprises adhere to zero-trust security more effectively. For fine-grained authorization, this thesis has extended database systems with three new concepts: Row permissions, column masks and trusted contexts. Row permissions and column masks provide data-centric security so the security policy cannot be bypassed as with database views, for example. They also coexist in harmony with the rest of the database core tenets so that enterprises are not forced to compromise neither security nor database functionality. Trusted contexts provide applications in multitiered environments with a secure and controlled manner to propagate user identities to the database and therefore enable such applications to delegate the security policy to the database system where it is enforced more effectively. Trusted contexts also protect against application bypass so the application credentials cannot be abused to make database changes outside the scope of the application’s business logic. For encryption, this thesis has introduced a holistic database encryption solution to address the limitations of traditional database encryption methods. It too coexists in harmony with the rest of the database core tenets so that enterprises are not forced to choose between security and performance as with column encryption, for example. Lastly, row permissions, column masks, trusted contexts and holistic database encryption have all been implemented IBM DB2, where they are relied upon by thousands of organizations from around the world to protect critical data and adhere to zero-trust security more effectively

Design and Implementation of Multilevel Secure Database in Website

Multi-tier web server systems are used in many importantcontexts and their security is a major cause of concern.Such systems can exploit strategies. In this paper, a model was present based onthree-tier architecture (Client tier, Server tier and Database tier) and applying multilevel security on it. The database server tier consists of the DBMS or the database management system and the database and we built it off-line to reduce unauthorized access to sensitive data. The Client tier, which is usually a web browser, processes and displays HTML resources, issues HTML requests and processes the responses. These web browsers are HTTP clients that interact with the Web servers using standard protocols. The Middle or application server tier consists most of the application logic. Inputs receives from the clients and interacts with the database but only the results sent to application server then to client. This achieved by using multilevel of security to protect database, using Authorization, Password Encryption. The process of authorization done by allowing the access to proposed system pages depending on authorized level; Password encrypted using bcrypt with fallbacks on sha-256/512 with key stretching to protect it from cracking by any types of attack. Client-to-Application Server Protocol (CAP) uses the RC4A algorithm to provide data confidentiality to secure transmitted information from application server to client. Keywords: Authentication, Multi-tier model, Multi-Tier Security, Security, Data protection, Internet security

Middleware non-repudiation service for the data warehouse

Nowadays, storing the information is fundamental for the correct functioning of any organization. The critical factor is to guarantee the security of the stored data. In the traditional database systems the security requirements are limited to confidentiality, integrity, availability of the data and user authorization. The criticality of the database system and data repositories for modern business with the new requirements of law and governments, makes the development of new system architecture necessary which ensures sophisticated set of security services. In this paper we propose the database architecture that ensures the non-repudiation of the user queries and data warehouse actions. These security services are accomplished by means of the middleware layer in the data warehouse architecture

Comparison of ASP.NET Core and Spring Boot ecosystems

The article describes a comparative analysis of the ASP.NET Core and Spring Boot framework ecosystems. The research was carried out on the basis of implemented two applications with identical functionality, which use the PostgreSQL database engine. In the implementation of the application, appropriate ORM tools were used to perform database operations, ie Spring Data and Entity Framework Core, technologies enabling the implementation of authentication and authorization (Spring Security and ASP.NET Core Identity) and several additional libraries that simplify the entire process of building the application. The criteria of comparison were the ease and intuitiveness of a given tool in the implementation of the application, the offered possibilities of the tools implementing authentication and authorization mechanisms, the efficiency of database operations, the general structure of the application and basic code metrics. Based on the research, it was found that  Spring Data technology is a faster tool than Entity Framework Core, while Spring Security, unlike Asp.Net Core Identity, is less integrated into the framework ecosystem

Protecting Scattered Database by Enforcing Data Preservation Using Data Protection Facilitator

In this paper we are incorporating data preservation in scattered database structure i.e. method of preserving data in scattered database structure and having secure access over it. In this paper data preservation is examined and solution is provided on the aforesaid condition. This paper is a summarized concept of documentation, authorization, access control and encryption that are main points to be taken in consideration in data preservation in scattered database structure. We propose a new method for secure access based on service provider comprising security application. This model set out for safe search on server and user relation. In this paper we used heuristic approach for preservation for scattered database system regarding security, as the importance of secure access is increasing in scattered domains on different issues, in this way we enhanced the database security in Scattered database environment

Security of Database Systems: Authorization Features and Mechanisms

Database security has become an essential issue in assuring the integrity, protection, and reliability of the data stored in a database management system (DBMS). The authorization mechanism is the component of the database security system which has the primary responsibility of safeguarding the previously defined data and access rules needed for database access control. The data and rules for authorization control assist in the enforcement of access controls regarding the list of authorized users, the data objects which the authorized users are allowed to manipulate, and the operations that these users can perform on these objects. As part of its tasks the authorization mechanism can grant or deny access to any user or group of users as appropriate

Cost Effective RADIUS Authentication for Wireless Clients

Network administrators need to keep administrative user information for each network device, but network devices usually support only limited functions for user management. WLAN security is a modern problem that needs to be solved and it requires a lot of overhead especially when applied to corporate wireless networks. Administrators can set up a RADIUS server that uses an external database server to handle authentication, authorization, and accounting for network security issues