Role mining with ORCA.

ABSTRACT With continuously growing numbers of applications, enterprises face the problem of efficiently managing the assignment of access permissions to their users. On the one hand, security demands a tight regime on permissions; on the other hand, users need permissions to perform their tasks. Rolebased access control (RBAC) has proven to be a solution to this problem but relies on a well-defined set of role definitions, a role concept for the enterprise in question. The definition of a role concept (role engineering) is a difficult task traditionally performed via interviews and workshops. However, often users already have the permissions that they need to do their jobs, and roles can be derived from these permission assignments using data mining technology, thus giving the process of role concept definition a head-start. In this paper, we present the ORCA role mining tool and its algorithm. The algorithm performs a cluster analysis on permission assignments to build a hierarchy of permission clusters and presents the results to the user in graphical form. It allows the user to interactively add expert knowledge to guide the clustering algorithm. The tool provides valuable insights into the permission structures of an enterprise and delivers an initial role hierarchy for the definition of an enterprise role concept using a bottom-up approach

Using a wiki to facilitate learning on a Requirements Engineering course

In this paper, we describe the introduction of a wiki for collaborative activities in a Requirements Engineering course offered at a distance to part-time learners. The paper describes the course and how wiki activities were incorporated. The paper then discusses the initial feedback from the students which shows that the wiki has been largely effective for developing students' understanding of the course concepts, the effectiveness of team working in Requirements Engineering and the use of wikis in practice. However, there are particular issues related to asynchronous working in distance education/eLearning that need to be better addressed. We conclude with a discussion of how we are tackling these issues and developing the use of the wiki on the course based on the students' feedba

R-PEKS: RBAC Enabled PEKS for Secure Access of Cloud Data

In the recent past, few works have been done by combining attribute-based access control with multi-user PEKS, i.e., public key encryption with keyword search. Such attribute enabled searchable encryption is most suitable for applications where the changing of privileges is done once in a while. However, to date, no efficient and secure scheme is available in the literature that is suitable for these applications where changing privileges are done frequently. In this paper our contributions are twofold. Firstly, we propose a new PEKS scheme for string search, which, unlike the previous constructions, is free from bi-linear mapping and is efficient by 97% compared to PEKS for string search proposed by Ray et.al in TrustCom 2017. Secondly, we introduce role based access control (RBAC) to multi-user PEKS, where an arbitrary group of users can search and access the encrypted files depending upon roles. We termed this integrated scheme as R-PEKS. The efficiency of R-PEKS over the PEKS scheme is up to 90%. We provide formal security proofs for the different components of R-PEKS and validate these schemes using a commercial dataset

Authorization algorithms for permission-role assignments

Permission-role assignments (PRA) is one important process in Role-based access control (RBAC) which has been proven to be a flexible and useful access model for information sharing in distributed collaborative environments. However, problems may arise during the procedures of PRA. Conflicting permissions may assign to one role, and as a result, the role with the permissions can derive unexpected access capabilities. This paper aims to analyze the problems during the procedures of permission-role assignments in distributed collaborative environments and to develop authorization allocation algorithms to address the problems within permission-role assignments. The algorithms are extended to the case of PRA with the mobility of permission-role relationship. Finally, comparisons with other related work are discussed to demonstrate the effective work of the paper

CRiBAC: Community-centric role interaction based access control model

As one of the most efficient solutions to complex and large-scale problems, multi-agent cooperation has been in the limelight for the past few decades. Recently, many research projects have focused on context-aware cooperation to dynamically provide complex services. As cooperation in the multi-agent systems (MASs) becomes more common, guaranteeing the security of such cooperation takes on even greater importance. However, existing security models do not reflect the agents' unique features, including cooperation and context-awareness. In this paper, we propose a Community-based Role interaction-based Access Control model (CRiBAC) to allow secure cooperation in MASs. To do this, we refine and extend our preliminary RiBAC model, which was proposed earlier to support secure interactions among agents, by introducing a new concept of interaction permission, and then extend it to CRiBAC to support community-based cooperation among agents. We analyze potential problems related to interaction permissions and propose two approaches to address them. We also propose an administration model to facilitate administration of CRiBAC policies. Finally, we present the implementation of a prototype system based on a sample scenario to assess the proposed work and show its feasibility. © 2012 Elsevier Ltd. All rights reserved

Enhancing apprentice-based learning of Java

Various methods have been proposed in the past to improve student learning by introducing new styles of working with assignments. These include problem-based learning, use of case studies and apprenticeship. In most courses, however, these proposals have not resulted in a widespread significant change of teaching methods. Most institutions still use a traditional lecture/lab class approach with a strong separation of tasks between them. In part, this lack of change is a consequence of the lack of easily available and appropriate tools to support the introduction of new approaches into mainstream courses.In this paper, we consider and extend these ideas and propose an approach to teaching introductory programming in Java that integrates assignments and lectures, using elements of all three approaches mentioned above. In addition, we show how the BlueJ interactive programming environment [7] (a Java development environment aimed at education) can be used to provide the type of support that has hitherto hindered the widespread take-up of these approaches. We arrive at a teaching method that is motivating, effective and relatively easy to put into practice. Our discussion includes a concrete example of such an assignment, followed by a description of guidelines for the design of this style of teaching unit

V-Model Role Engineering

The paper focuses on role engineering which is an important topic in the development of access control system, particularly when considering Role Based Access Control – RBAC models. Despite the wide use of RBAC in various applications, the role engineering process is not a standardized approach. The paper aims to define a methodology and a process model for role engineeringInformation security, access control systems, role based access control systems – RBAC, engineering methodologies, security policies, access control models

Free and open source software development of IT systems

IT system development, integration, deployment, and administration benefit significantly from free and open source software (FOSS) tools and services. Affordability has been a compelling reason for adopting FOSS in computing curricula and equipping computing labs with support infrastructure. Using FOSS systems and services, however, is just the first step in taking advantage of how FOSS development principles and practices can impact student learning in IT degree programs. Above all, FOSS development of IT systems requires changes to how students, instructors, and other contributors work collaboratively and openly and get involved and invested in project activities. In this paper I examine the challenges to engage students in FOSS development projects proposed by real clients. A six-week course project revealed problems with adopting FOSS development and collaboration across different activities and roles that student team members have assumed. Despite these problems, students have showed a genuine and strong interest in gaining more practice with FOSS development. FOSS development teaching was further refined in two other courses to learn about adequate teaching strategies and the competencies that students achieve when they participate in FOSS development of IT systems