Logical Foundations of Multilevel Databases

International audienceIn this paper, we propose a formal model for multilevel databases. This model aims at being a generic model, that is it can be interpreted for any kind of database (relational, object-oriented...). Our model has three layers. The first layer corresponds to a model for a non-protected database. The second layer corresponds to a model for a multilevel database. In this second layer, we propose a list of theorems that must be respected in order to build a secure multilevel database. We also propose a new solution to manage cover stories without using the ambiguous technique of polyinstantiation. The third layer corresponds to a model for a MultiView database, that is, a database that provides at each security level a consistent view of the multilevel database. Finally, as an illustration, we interpret our 3-layer model in the case of an object-oriented database

A discretionary access control policy for the process handbook

Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 1997.Includes bibliographical references (p. 71).by Calvin Yuen.M.Eng

Implementation of the lean approach in sustainable construction: a conceptual framework

There has been a growing awareness of the adoption of lean principles within UK construction organisations. The UK Government has recognised the importance of the construction industry in achieving the overall goals of sustainable development. Therefore, the Government has put several policies and strategies in place for achieving more sustainable construction. Assessment and performance improvement have been advocated by many researchers, and there is a substantial interest in performance measurement by construction organisations. Assessing the implementation efforts and benefits of lean approach in sustainable construction has become more critical to organisations in pursuit of continuous improvement. The inadequacy of many frameworks and tools developed to address this advancement in the area of lean and sustainability provided the motivation for this research. Therefore, the aim of this research was to develop a conceptual framework for assessing the implementation efforts and benefits of the lean approach in sustainable construction within contracting organisations. The objectives of this study were to explore the process of implementation of the lean approach throughout all the levels of construction organisations, investigate the linkages between lean and sustainable construction, review the concept of lean and its application to sustainable construction, analyse the barriers and success factors, and to identify the benefits of lean in sustainable construction. An exploratory method of investigation and study involving both quantitative and qualitative methodology was utilised in this research. An in-depth literature review and questionnaire survey was conducted among UK-based construction professionals on issues relating to sustainability and lean in order to identify the barriers, success factors and linkages between sustainability and the lean concept. The data collected were analysed with SPSS 19.0 version software using the percentile method, factor analysis, Kruskal Wallis test, Cronbach's Alpha reliability test and the Severity Index Analysis. A case study was also used with content analysis, in order to allow for a better understanding of the implementation process and drivers of lean at the organisational level. The success factors in implementing lean and sustainability were subjected to factor analysis. A factor analysis of the data yielded two (2) critical success factors, which were labelled as management and resource factors and organisational culture factor. All the identified benefits of implementing lean construction were classified into economic, social, and environmental benefits. Also, the drivers of implementing lean were discussed and classified into internal and external drivers. The research further revealed that reduction in waste is the most important benefit of synchronising lean and sustainability. The most significant barrier is resistance to change. The adoption of lean techniques will impact significantly on the realisation of sustainable construction as there are linkages between lean and sustainability. The developed framework of lean implementation process at the strategic level is made up of three sections, namely: policy and strategy deployment, assessments criteria, and the application and the implementation phase (with their respective sub sections). The framework highlighted the need to understand the implementation issues within a contracting construction organisation as well as the drivers of implementing lean. This study has theoretical, practical and methodological significance for successful lean implementation in contracting construction organisations in the UK

Processus IDM pour l’intégration des patrons de sécurité dans une application à base de composants

Security has become an important challenge in current software and system development. Most of designers are experts in software development but not experts in security. It is important to guide them to apply security mechanisms in the early phases of software development to reduce time and cost of development. To reach this objective, we propose to apply security expertise as security patterns at software design phase. A security pattern is a well-understood solution to a recurring information security problem. So, security patterns encapsulate the knowledge accumulated by security experts to secure a software system. Although well documented, patterns are often neglected at the design level and do not constitute an intuitive solution that can be used by software designers. This can be the result of the maladjustment of those patterns to systems context, the inexpertness of designers with security solutions and the need of integration process to let designers apply those pattern ? solutions in practical situations and to work with patterns at higher levels of abstraction. To enable designers to use solutions proposed by security patterns, this thesis proposes a model driven engineering approach to secure applications through the integration of security patterns. Component-based approach is a powerful means to develop and reuse complex systems. In this thesis, we take component based software systems as an application domain for our approach to facilitate the development of applications by assembling prefabricated software building blocks called components. The proposed process provides separation between domain expertise and application security expertise, both of which are needed to build a secure application. Our main goal is to provide a semi-automatic integrating of security patterns into component-based models, and producing an executable secure code. This integration is performed through a set of transformation rules. The result of this integration is a new model supporting security concepts. It is then automatically translated into aspect-oriented code related to security. These aspects are then woven in a modular way within the functional application code to enforce specified security properties. The use of aspect technology in the implementation phase guarantees that the application of security patterns is independent from any particular implementation. In order to provide a clear comprehension of the SCRIP process, we have described it using the standard SPEM . This work is implemented in a software tool called SCRI-TOOL (SeCurity patteRn Integration Tool). This tool allows not security experts developers to integrate different security properties throughout the development cycle of an component based application. To illustrate the use of SCRI-TOOL, we propose a case study regarding electronic healthcare systems. The choice of such a case study is motivated by the great attention archived for such systems from academia and industry and by the importance of security in such systems. Indeed, because of the large number of actors that can interact in such systems, security is a critical requirement. This case study will also allow us to illustrate the proposed methodology to highlight the importance of security management at a high level of abstraction. As results of the application of this process, we obtain a health care application completely secure and meeting the requirements of medical context.La sécurité est devenue un enjeu important dans le développement des systèmes logiciels actuels. La majorité des concepteurs de ces systèmes manquent d’expertise dans le domaine de la sécurité. Il s’avère donc important de les guider tout au long des différentes phases de développement logiciel dans le but de produire des systèmes plus sécurisés. Cela permettra de réduire le temps ainsi que les coûts de développement. Pour atteindre cet objectif, nous proposons d’appliquer l’expertise en matière de sécurité sous forme de patrons de sécurité lors de la phase de conception de logiciels. Un patron de sécurité intègre des solutions éprouvées et génériques proposées par des experts en sécurité. Cependant, les patrons de sécurité sont souvent négligés au niveau de la conception et ne constituent pas une solution intuitive qui peut être utilisée par les concepteurs de logiciels. Cela peut être le résultat de l’inadaptation de ces patrons au contexte des systèmes, la non-expertise des concepteurs dans le domaine de la sécurité ou encore l’absence d’un processus d’intégration de ces patrons dans les modèles à un haut niveau d’abstraction.Afin de permettre aux concepteurs d’utiliser les solutions proposées par des patrons de sécurité, cette thèse propose une approche d’ingénierie dirigée par les modèles pour sécuriser des applications via l’intégration de patrons de sécurité. Nous avons choisi comme contexte d’application de notre approche, les applications à base de composants qui visent à faciliter le développement d’applications à partir de l’assemblage de briques logicielles préfabriquées appelées composants. Le processus proposé assure la séparation entre l’expertise du domaine d’application et l’expertise de sécurité, toutes les deux étant nécessaires pour construire une application sécurisée. La méthodologie proposée assure une intégration semi-automatique des patrons de sécurité dans le modèle initial. Cette intégration est réalisée tout d’abord lors de la modélisation de l’application à travers, dans un premier temps, l’élaboration de profils étendant les concepts du domaine avec les concepts de sécurité. Dans un second temps, l’intégration se fait à travers la définition de règles, qui une fois appliquées, génèrent une application sécurisée. Finalement, cette intégration est assurée aussi au niveau de la génération du code fonctionnel de l’application en intégrant le code non-fonctionnel relatif à la sécurité à travers l’utilisation des aspects. L’utilisation de l’approche orientée aspect garantit que l’application des patrons de sécurité est indépendante de toute application particulière. Le processus proposé est décrit avec le standard SPEM.Ce travail a été concrétisé par un outil nommé SCRI-TOOL pour SeCurity patteRn Integration Tool. Cet outil permet aux développeurs non experts en sécurité d’intégrer les différentes propriétés de sécurité (intégrées dans les patrons) dans une application à base de composants. Afin d’illustrer l’utilisation de SCRI-TOOL, nous proposons une étude de cas portant sur le domaine des systèmes de soins distribués. Le choix d’une telle étude de cas s’explique par l’importance des exigences en termes de sécurité requises pour le bon fonctionnement d’une telle application. En effet, vue le grand nombre d’acteurs pouvant interagir, la sécurité est une exigence critique dans de tels systèmes. Cette étude nous a permis de mettre en évidence l’importance de la gestion de la sécurité à un haut niveau d’abstraction et la façon d’appliquer la méthodologie proposée sur un cas réel

Una estrategia de modelado conceptual de objetos basada en modelos de requisitos en lenguaje natural

En esta tesis se presenta una estrategia para la definición de un modelo conceptual de objetos a partir de modelos de requisitos basados en Lenguaje Natural. Más precisamente, se utilizan modelos pertenecientes a la Requirements Baseline, en particular, el Léxico extendido del Lenguaje(LEL), para modelar el lenguaje del Universo del Discurso (UofD), el Modelo de Escenarios para representar el comportamiento y un Modelo de Reglas de Negocio para definir las reglas de la organización. Se define un conjunto de heurísticas que permite manipular la gran cantidad de información generada por estos modelos, con el objetivo de definir un modelo de objetos. La modelización consta principalmente de dos modelos: el modelo de CRCs que define al UofD en términos de clases, responsabilidades y colaboraciones y un modelo lógico que representa los aspectos estructurales, más concretamente los métodos, atributos y asociaciones de las clases. Las heurísticas guían la construcción de ambos modelos a partir de los modelos de la Requirements Baseline. La aplicación de estas heurísticas permiten definir relaciones de trace entre los modelos generadores y los generados, mejorando la pre-traceability. Este modelo de objetos es independiente del sistema de software que se va a construir y de la metodología de desarrollo de software orientada a objetos que se elija para las etapas posteriores.In this thesis, a strategy for the definition of an Object Conceptual Model from requirements models based on Natural Language is presented. More precisely, models belonging to Requirements Baseline, more specifically, the Language Extended Lexicon (LEL) to model the Language of the Universe of Discourse (UofD), the Scenario Model to represent behaviour and a Business Rule Model to define organisation rules, are used. A set of heuristics is defined in order to manipulate a large quantity of data generated by these models with the objective of defining an object model. Modelling has mainly two models: the CRCs model which defines UofD in terms of classes, responsibilities and collaborations and a logical model representing structural aspects and in a more concrete way, methods, attributes and class associations. Heuristics guide the construction of both models from Requirement Baseline models. The application of these heuristics allows to define trace relationships among generating and generated models, thus enhancing pre-traceability. This object model is independent from the software system to be constructed and from the object-oriented software development methodology chosen for further stages.Facultad de Informátic

1995 BRAC Commission

Naval Research Lab: Military Value Data Call. Tabular data, memos, documents. Box 178, L-110

Programmable Security For Object-Oriented Systems

This paper focuses on "programmable security" for object-oriented systems and languages. A primitive distributed object model is used to capture the essence of object behavior and access control schemes. This model can be used to construct virtually any distributed object language or system while supporting a spectrum of decentralized authorization models