280 research outputs found
IaaS-cloud security enhancement: an intelligent attribute-based access control model and implementation
The cloud computing paradigm introduces an efficient utilisation of huge computing
resources by multiple users with minimal expense and deployment effort
compared to traditional computing facilities. Although cloud computing has incredible
benefits, some governments and enterprises remain hesitant to transfer
their computing technology to the cloud as a consequence of the associated security
challenges. Security is, therefore, a significant factor in cloud computing
adoption. Cloud services consist of three layers: Software as a Service (SaaS), Platform
as a Service (PaaS), and Infrastructure as a Service (IaaS). Cloud computing
services are accessed through network connections and utilised by multi-users who
can share the resources through virtualisation technology. Accordingly, an efficient
access control system is crucial to prevent unauthorised access.
This thesis mainly investigates the IaaS security enhancement from an access
control point of view. [Continues.
Process control and configuration of a reconfigurable production system using a multi-agent software system
Thesis (M. Tech. (Information Technology)) -- Central University of technology, Free State, 2011Traditional designs for component-handling platforms are rigidly linked to the product being produced. Control and monitoring methods for these platforms consist of various proprietary hardware controllers containing the control logic for the production process. Should the configuration of the component handling platform change, the controllers need to be taken offline and reprogrammed to take the changes into account.
The current thinking in component-handling system design is the notion of re-configurability. Reconfigurability means that with minimum or no downtime the system can be adapted to produce another product type or overcome a device failure. The re-configurable component handling platform is built-up from groups of independent devices. These groups or cells are each responsible for some aspect of the overall production process. By moving or swopping different versions of these cells within the component-handling platform, re-configurability is achieved. Such a dynamic system requires a flexible communications platform and high-level software control architecture to accommodate the reconfigurable nature of the system.
This work represents the design and testing of the core of a re-configurable production control software platform. Multiple software components work together to control and monitor a re-configurable component handling platform.
The design and implementation of a production database, production ontology, communications architecture and the core multi-agent control application linking all these components together is presented
Access and information flow control to secure mobile web service compositions in resource constrained environments
The growing use of mobile web services such as electronic health records systems and applications like twitter, Facebook has increased interest in robust mechanisms for ensuring security for such information sharing services. Common security mechanisms such as access control and information flow control are either restrictive or weak in that they prevent applications from sharing data usefully, and/or allow private information leaks when used independently. Typically, when services are composed there is a resource that some or all of the services involved in the composition need to share. However, during service composition security problems arise because the resulting service is made up of different services from different security domains. A key issue that arises and that we address in this thesis is that of enforcing secure information flow control during service composition to prevent illegal access and propagation of information between the participating services. This thesis describes a model that combines access control and information flow control in one framework. We specifically consider a case study of an e-health service application, and consider how constraints like location and context dependencies impact on authentication and authorization. Furthermore, we consider how data sharing applications such as the e-health service application handle issues of unauthorized users and insecure propagation of information in resource constrained environments¹. Our framework addresses this issue of illegitimate information access and propagation by making use of the concept of program dependence graphs (PDGs). Program dependence graphs use path conditions as necessary conditions for secure information flow control. The advantage of this approach to securing information sharing is that, information is only propagated if the criteria for data sharing are verified. Our solution proposes or offers good performance, fast authentication taking into account bandwidth limitations. A security analysis shows the theoretical improvements our scheme offers. Results obtained confirm that the framework accommodates the CIA-triad (which is the confidentiality, integrity and availability model designed to guide policies of information security) of our work and can be used to motivate further research work in this field
An Access Control Model to Facilitate Healthcare Information Access in Context of Team Collaboration
The delivery of healthcare relies on the sharing of patients information among a group of healthcare professionals (so-called multidisciplinary teams (MDTs)). At present, electronic health records (EHRs) are widely utilized system to create, manage and share patient healthcare information among MDTs. While it is necessary to provide healthcare professionals with privileges to access patient health information, providing too many privileges may backfire when healthcare professionals accidentally or intentionally abuse their privileges. Hence, finding a middle ground, where the necessary privileges are provided and malicious usage are avoided, is necessary. This thesis highlights the access control matters in collaborative healthcare domain. Focus is mainly on the collaborative activities that are best accomplished by organized MDTs within or among healthcare organizations with an objective of accomplishing a specific task (patient treatment).
Initially, we investigate the importance and challenges of effective MDTs treatment, the sharing of patient healthcare records in healthcare delivery, patient data confidentiality and the need for flexible access of the MDTs corresponding to the requirements to fulfill their duties. Also, we discuss access control requirements in the collaborative environment with respect to EHRs and usage scenario of MDTs collaboration. Additionally, we provide summary of existing access control models along with their pros and cons pertaining to collaborative health systems.
Second, we present a detailed description of the proposed access control model. In this model, the MDTs is classified based on Belbin’s team role theory to ensure that privileges are provided to the actual needs of healthcare professionals and to guarantee confidentiality as well as protect the privacy of sensitive patient information. Finally, evaluation indicates that our access control model has a number of advantages including flexibility in terms of permission management, since roles and team roles can be updated without updating privilege for every user. Moreover, the level of fine-grained control of access to patient EHRs that can be authorized to healthcare providers is managed and controlled based on the job required to meet the minimum necessary standard and need-to-know principle. Additionally, the model does not add significant administrative and performance overhead.publishedVersio
Securing Distributed Systems: A Survey on Access Control Techniques for Cloud, Blockchain, IoT and SDN
Access Control is a crucial defense mechanism organizations can deploy to meet modern cybersecurity needs and legal compliance with data privacy. The aim is to prevent unauthorized users and systems from accessing protected resources in a way that exceeds their permissions. The present survey aims to summarize state-of-the-art Access Control techniques, presenting recent research trends in this area. Moreover, as the cyber-attack landscape and zero-trust networking challenges require organizations to consider their Information Security management strategies carefully, in this study, we present a review of contemporary Access Control techniques and technologies being discussed in the literature and the various innovations and evolution of the technology. We also discuss adopting and applying different Access Control techniques and technologies in four upcoming and crucial domains: Cloud Computing, Blockchain, the Internet of Things, and Software-Defined Networking. Finally, we discuss the business adoption strategies for Access Control and how the technology can be integrated into a cybersecurity and network architecture strategy
Security Mechanisms for Workflows in Service-Oriented Architectures
Die Arbeit untersucht, wie sich Unterstützung für Sicherheit und Identitätsmanagement in ein Workflow-Management-System integrieren lässt. Basierend auf einer Anforderungsanalyse anhand eines Beispiels aus der beruflichen Weiterbildung und einem Abgleich mit dem Stand der Technik wird eine Architektur für die sichere Ausführung von Workflows und die Integration mit Identitätsmanagement-Systemen entwickelt, die neue Anwendungen mit verbesserter Sicherheit und Privatsphäre ermöglicht
Decisioning 2022 : Collaboration in knowledge discovery and decision making: Applications to sustainable agriculture
Sustainable agriculture is one of the Sustainable Development Goals (SDG) proposed by UN (United Nations), but little systematic work on Knowledge Discovery and Decision Making has been applied to it.
Knowledge discovery and decision making are becoming active research areas in the last years. The era of FAIR (Findable, Accessible, Interoperable, Reusable) data science, in which linked data with a high degree of variety and different degrees of veracity can be easily correlated and put in perspective to have an empirical and scientific perception of best practices in sustainable agricultural domain. This requires combining multiple methods such as elicitation, specification, validation, technologies from semantic web, information retrieval, formal concept analysis, collaborative work, semantic interoperability, ontological matching, specification, smart contracts, and multiple decision making.
Decisioning 2022 is the first workshop on Collaboration in knowledge discovery and decision making: Applications to sustainable agriculture. It has been organized by six research teams from France, Argentina, Colombia and Chile, to explore the current frontier of knowledge and applications in different areas related to knowledge discovery and decision making. The format of this workshop aims at the discussion and knowledge exchange between the academy and industry members.Laboratorio de Investigación y Formación en Informática Avanzad
Virtualization services: scalable methods for virtualizing multicore systems
Multi-core technology is bringing parallel processing capabilities
from servers to laptops and even handheld devices. At the same time,
platform support for system virtualization is making it easier to
consolidate server and client resources, when and as needed by
applications. This consolidation is achieved by dynamically mapping
the virtual machines on which applications run to underlying
physical machines and their processing cores. Low cost processor and
I/O virtualization methods efficiently scaled to different numbers of
processing cores and I/O devices are key enablers of such consolidation.
This dissertation develops and evaluates new methods for scaling
virtualization functionality to multi-core and future many-core systems.
Specifically, it re-architects virtualization functionality to improve
scalability and better exploit multi-core system resources. Results
from this work include a self-virtualized I/O abstraction, which
virtualizes I/O so as to flexibly use different platforms' processing
and I/O resources. Flexibility affords improved performance and resource
usage and most importantly, better scalability than that offered by
current I/O virtualization solutions. Further, by describing system virtualization as a
service provided to virtual machines and the underlying computing platform,
this service can be enhanced to provide new and innovative functionality.
For example, a virtual device may provide obfuscated data to guest operating
systems to maintain data privacy; it could mask differences in device
APIs or properties to deal with heterogeneous underlying resources; or it
could control access to data based on the ``trust' properties of the
guest VM.
This thesis demonstrates that extended virtualization services are
superior to existing operating system or user-level implementations
of such functionality, for multiple reasons. First, this solution
technique makes more efficient use of key performance-limiting resource in
multi-core systems, which are memory and I/O bandwidth. Second, this
solution technique better exploits the parallelism inherent in multi-core
architectures and exhibits good scalability properties, in
part because at the hypervisor level, there is greater control in precisely
which and how resources are used to realize extended virtualization services.
Improved control over resource usage makes it possible to provide
value-added functionalities for both guest VMs and the platform.
Specific instances of virtualization services described in this thesis are the
network virtualization service that exploits heterogeneous processing cores,
a storage virtualization service that provides location transparent access
to block devices by extending
the functionality provided by network virtualization service, a multimedia
virtualization service that allows efficient media device sharing based on semantic
information, and an object-based storage service with enhanced access
control.Ph.D.Committee Chair: Schwan, Karsten; Committee Member: Ahamad, Mustaq; Committee Member: Fujimoto, Richard; Committee Member: Gavrilovska, Ada; Committee Member: Owen, Henry; Committee Member: Xenidis, Jim
- …