199 research outputs found
QuickFeed Security: Redesigned Authentication and Authorization Architecture.
QuickFeed (former Autograder) is a software project developed at the University of Stavanger. The application performs automated grading of coding assignments and
provides nearly instant feedback to the students in programming courses.
Authentication (establishing the identity of a user) and authorization (defining what types of data a user can access or modify) comprise an essential part of any web-based
application.
QuickFeed went through multiple reworks and updates, but the authentication module remained unchanged. As a result, it is necessary to keep extra steps to ensure interoperability between the authentication module and the rest of the application.
This makes the affected parts of the QuickFeed codebase unnecessary
complex, somewhat redundant, and hard to understand and maintain.
This thesis work is dedicated to redesigning the authentication and authorization architecture of Quickfeed in order to enhance security and improve maintainability and
scalability of the project
The Abacus: A New Architecture for Policy-based Authorization
Modern authorization architectures using role-based, policy-based, and even custom solutions have numerous flaws and challenges. A new design for authorization architecture is presented called the Abacus. This paper discusses the architecture that the Abacus utilizes to overcome the issues inherent in other proprietary and open-source authorization solutions. Specifically, the Abacus respects domain boundaries, is less complex than existing systems, and does not require direct connections to domain data stores
Clarens Client and Server Applications
Several applications have been implemented with access via the Clarens web
service infrastructure, including virtual organization management, JetMET
physics data analysis using relational databases, and Storage Resource Broker
(SRB) access. This functionality is accessible transparently from Python
scripts, the Root analysis framework and from Java applications and browser
applets.Comment: Talk from the 2003 Computing in High Energy and Nuclear Physics
(CHEP03), La Jolla, Ca, USA, March 2003, 4 pages, LaTeX, no figures, PSN
TUCT00
Authorization Framework for the Internet-of-Things
This paper describes a framework that allows fine-grained
and flexible access control to connected devices with very
limited processing power and memory.
We propose a set of security and performance requirements
for this setting and derive an authorization framework distributing
processing costs between constrained devices and less constrained back-end servers while keeping message exchanges
with the constrained devices at a minimum.
As a proof of concept we present performance results from
a prototype implementing the device part of the framework
Secure Management of Personal Health Records by Applying Attribute-Based Encryption
The confidentiality of personal health records is a major problem when patients use commercial Web-based systems to store their health data. Traditional access control mechanisms, such as Role-Based Access Control, have several limitations with respect to enforcing access control policies and ensuring data confidentiality. In particular, the data has to be stored on a central server locked by the access control mechanism, and the data owner loses control on the data from the moment when the data is sent to the requester. Therefore, these mechanisms do not fulfil the requirements of data outsourcing scenarios where the third party storing the data should not have access to the plain data, and it is not trusted to enforce access control policies. In this paper, we describe a new approach which enables secure storage and controlled sharing of patientâs health records in the aforementioned scenarios. A new variant of a ciphertext-policy attribute-based encryption scheme is proposed to enforce patient/organizational access control policies such that everyone can download the encrypted data but only authorized users from the social domain (e.g. family, friends, or fellow patients) or authorized users from the professional\ud
domain (e.g. doctors or nurses) are allowed to decrypt it
- âŠ