Functionality-based application confinement: A parameterised and hierarchical approach to policy abstraction for rule-based application-oriented access controls

Access controls are traditionally designed to protect resources from users, and consequently make access decisions based on the identity of the user, treating all processes as if they are acting on behalf of the user that runs them. However, this user-oriented approach is insufficient at protecting against contemporary threats, where security compromises are often due to applications running malicious code, either due to software vulnerabilities or malware. Application-oriented access controls can mitigate this threat by managing the authority of individual applications. Rule-based application-oriented access controls can restrict applications to only allow access to the specific finely-grained resources required for them to carry out their tasks, and thus can significantly limit the damage that can be caused by malicious code. Unfortunately existing application-oriented access controls have policy complexity and usability problems that have limited their use. This thesis proposes a new access control model, known as functionality-based application confinement (FBAC). The FBAC model has a number of unique features designed to overcome problems with previous approaches. Policy abstractions, known as functionalities, are used to assign authority to applications based on the features they provide. Functionalities authorise elaborate sets of finely grained privileges based on high-level security goals, and adapt to the needs of specific applications through parameterisation. FBAC is hierarchical, which enables it to provide layers of abstraction and encapsulation in policy. It also simultaneously enforces the security goals of both users and administrators by providing discretionary and mandatory controls. An LSM-based (Linux security module) prototype implementation, known as FBAC-LSM, was developed as a proof-of-concept and was used to evaluate the new model and associated techniques. The policy requirements of over one hundred applications were analysed, and policy abstractions and application policies were developed. Analysis showed that the FBAC model is capable of representing the privilege needs of applications. The model is also well suited to automaiii tion techniques that can in many cases create complete application policies a priori, that is, without first running the applications. This is an improvement over previous approaches that typically rely on learning modes to generate policies. A usability study was conducted, which showed that compared to two widely-deployed alternatives (SELinux and AppArmor), FBAC-LSM had significantly higher perceived usability and resulted in significantly more protective policies. Qualitative analysis was performed and gave further insight into the issues surrounding the usability of application-oriented access controls, and confirmed the success of the FBAC model

Essays on Accounting Information Quality in China

This research contributes to provide a better understanding of the nature of accounting information reliability by measuring the relation between the informativeness of earnings and corporate governance based on the Chinese context with its unique political, social, cultural and economic environment and large sample size. In particular, mainland China has a distinct two-tier board structure comprising a supervisor board including employee representatives and board of directors of whom at least one third are independent directors. The objective of this thesis is to investigate accounting information reliability and corporate governance by addressing three predominant empirical research questions in three studies. The first study examines the impact of board composition and independence on earnings management in mainland China through investigating whether independent directors and supervisors are effective at restraining earnings management. To fully capture the earnings attributes, the second study investigates the quality of reported earnings in China from the perspective of both accounting-based (including accrual quality, persistence, predictability and smoothness) and market-based earnings attributes (including value relevance, timeliness, and conservatism and earnings response coefficient). A two-way test has been conducted to compare the difference in earnings quality between State-Owned and Non-State-Owned enterprises. According to financial distress theory, the incentives for Non-SOEs to manipulate earnings are stronger than in SOEs, since SOEs have the advantage to receive financial subsidies from government while Non-SOEs face more financing constraints. The agency theory, however, argues that state ownership in SOEs creates incentives and regulatory backing for self-serving purposes, thus motivating SOEs to manipulate accounting numbers. The political cost hypothesis complements the agency theory and illustrates that SOEs’ managers would manipulate accounting numbers in response to government intervention (report conservatively to disguise the profits or report aggressively to meet specific thresholds). In addition, it tests whether analysts' forecasts are more accurate than forecasts based on time-series predicted statistics with random walk. Finally, the third empirical study detects whether managers intend to manipulate earnings via discretionary accruals in order to just meet or beat consensus analyst forecasts on the basis of earnings surprise (analyst forecast error). The key findings of the first study in this thesis suggest that the distinct Chinese two-tier board structure comprising independent directors and supervisory directors fails to mitigate earnings management. The second study documents that Chinese SOEs overall exhibit a lower earnings quality than Non-SOEs, supporting the agency theory. Government ownership might create incentives and regulatory backing for self-serving purposes that negatively influence the listed firms’ financial reporting. Moreover, SOEs manipulate downwards the earnings much more than Non-SOEs, manifesting the government generally expropriate the benefits of SOEs, according to the political cost hypothesis. One interesting finding in second study is that predicted earnings based on the time-series statistical model with drift are more accurate than the consensus analyst forecast. This result conflicts with findings from developed country studies, indicating the malfunction of financial analysts in mainland China. In the third empirical study, the findings suggest an optimistic bias in analysts' forecasts exists in Chinese listed companies but fail to provide any evidence supporting that discretionary accrual measures are positively associated with just meeting or beating the analysts’ forecast benchmark. It challenges the ‘benchmark beating’ incentive in most prior literature based on western developed countries, such as the US and the UK

Content sensitivity based access control model for big data

Big data technologies have seen tremendous growth in recent years. They are being widely used in both industry and academia. In spite of such exponential growth, these technologies lack adequate measures to protect the data from misuse or abuse. Corporations that collect data from multiple sources are at risk of liabilities due to exposure of sensitive information. In the current implementation of Hadoop, only file level access control is feasible. Providing users, the ability to access data based on attributes in a dataset or based on their role is complicated due to the sheer volume and multiple formats (structured, unstructured and semi-structured) of data. In this dissertation an access control framework, which enforces access control policies dynamically based on the sensitivity of the data is proposed. This framework enforces access control policies by harnessing the data context, usage patterns and information sensitivity. Information sensitivity changes over time with the addition and removal of datasets, which can lead to modifications in the access control decisions and the proposed framework accommodates these changes. The proposed framework is automated to a large extent and requires minimal user intervention. The experimental results show that the proposed framework is capable of enforcing access control policies on non-multimedia datasets with minimal overhea

Design Baseline Document: Mini Baja Frame

Our objective as the Mini Baja Frame team is to design and implement a prototype vehicle frame that is both cost-effective and competitive in an all-terrain racing environment. This vehicle must be able to endure the trials of the Society of Automotive Engineers (SAE) Mini Baja competition. An effective frame will contribute to the complete Utah State University Mini Baja Team objectives by efficiently integrating the components produced by the drivetrain and the suspension engineers. In addition, this competition is a means for us as students to gain valuable, tangible experience in the engineering design process

Semantic discovery and reuse of business process patterns

Patterns currently play an important role in modern information systems (IS) development and their use has mainly been restricted to the design and implementation phases of the development lifecycle. Given the increasing significance of business modelling in IS development, patterns have the potential of providing a viable solution for promoting reusability of recurrent generalized models in the very early stages of development. As a statement of research-in-progress this paper focuses on business process patterns and proposes an initial methodological framework for the discovery and reuse of business process patterns within the IS development lifecycle. The framework borrows ideas from the domain engineering literature and proposes the use of semantics to drive both the discovery of patterns as well as their reuse

Technology 2000, volume 1

The purpose of the conference was to increase awareness of existing NASA developed technologies that are available for immediate use in the development of new products and processes, and to lay the groundwork for the effective utilization of emerging technologies. There were sessions on the following: Computer technology and software engineering; Human factors engineering and life sciences; Information and data management; Material sciences; Manufacturing and fabrication technology; Power, energy, and control systems; Robotics; Sensors and measurement technology; Artificial intelligence; Environmental technology; Optics and communications; and Superconductivity