Authorization and access control of application data in Workflow systems

Workflow Management Systems (WfMSs) are used to support the modeling and coordinated execution of business processes within an organization or across organizational boundaries. Although some research efforts have addressed requirements for authorization and access control for workflow systems, little attention has been paid to the requirements as they apply to application data accessed or managed by WfMSs. In this paper, we discuss key access control requirements for application data in workflow applications using examples from the healthcare domain, introduce a classification of application data used in workflow systems by analyzing their sources, and then propose a comprehensive data authorization and access control mechanism for WfMSs. This involves four aspects: role, task, process instance-based user group, and data content. For implementation, a predicate-based access control method is used. We believe that the proposed model is applicable to workflow applications and WfMSs with diverse access control requirements

An object-oriented approach to security policies and their access controls for database management

The constructs of the object-oriented data model seem to be good candidates for the specifications of the need-to-know and multilevel security policies and their respective access control requirements. This report demonstrates such specifications. The implication of this demonstration may be profound, since for the first time multiple security policies and their respective access controls may be realized and supported in a single object- oriented database management systemhttp://archive.org/details/objectorientedap00hsiaN

Minimization of DDoS false alarm rate in Network Security; Refining fusion through correlation

Intrusion Detection Systems are designed to monitor a network environment and generate alerts whenever abnormal activities are detected. However, the number of these alerts can be very large making their evaluation a difficult task for a security analyst. Alert management techniques reduce alert volume significantly and potentially improve detection performance of an Intrusion Detection System. This thesis work presents a framework to improve the effectiveness and efficiency of an Intrusion Detection System by significantly reducing the false positive alerts and increasing the ability to spot an actual intrusion for Distributed Denial of Service attacks. Proposed sensor fusion technique addresses the issues relating the optimality of decision-making through correlation in multiple sensors framework. The fusion process is based on combining belief through Dempster Shafer rule of combination along with associating belief with each type of alert and combining them by using Subjective Logic based on Jøsang theory. Moreover, the reliability factor for any Intrusion Detection System is also addressed accordingly in order to minimize the chance of false diagnose of the final network state. A considerable number of simulations are conducted in order to determine the optimal performance of the proposed prototype

DATABASE SECURITY

Ensuring the security of databases is a complex issue. The more complex the databases are the more complex the security measures that are to be applied are. Network and Internet connections to databases may complicate things even further. Also, each and every additional internal user that would be added can create further serious security problems. The purpose of this paper is to highlight and identify the main methods and facets of attack on a database, as well as ways to deflect attacks, through focusing on the delicate issue of data inference.This paper will examine the different topics related to database security and see the adaption of the research to the changing environment