Privileged Access Management

Security breaches are becoming a common occurrence in society today. When breaches occur, people are often left wondering how they will be affected and what steps can be taken to protect them. The passing of stricter standards and regulations has not slowed would be hackers from crafting ways to breach networks. While there are many ways that a breach can occur, the focus of this paper will be to look at the usage of credentials and privileged accounts. Specifically, the idea of privilege access management and methods for protecting credentials will be examined

Identity and Access Management System: a Web-Based Approach for an Enterprise

Managing digital identities and access control for enterprise users and applications remains one of the greatest challenges facing computing today. An attempt to address this issue led to the proposed security paradigm called Identity and Access Management (IAM) service based on IAM standards. Current approaches such as Lightweight Directory Access Protocol (LDAP), Central Authentication Service (CAS) and Security Assertion Markup Language (SAML) lack comprehensive analysis from conception to physical implementation to incorporate these solutions thereby resulting in impractical and fractured solutions. In this paper, we have implemented Identity and Access Management System (IAMSys) using the Lightweight Directory Access Protocol (LDAP) which focuses on authentication, authorization, administration of identities and audit reporting. Its primary concern is verification of the identity of the entity and granting correct level of access for resources which are protected in either the cloud environment or on-premise systems. A phased approach methodology was used in the research where it requires any enterprise or organization willing to adopt this must carry out a careful planning and demonstrated a good understanding of the technologies involved. The results of the experimental evaluation indicated that the average rating score is 72.0 % for the participants involved in this study. This implies that the idea of IAMSys is a way to mitigating security challenges associated with authentication, authorization, data protection and accountability if properly deployed

Access Management Best Practices

Research has persistently demonstrated that adopting a systematic access management framework improves highway operations and bolsters safety. Many state transportation agencies have adopted formal access management programs to systematize the application of access management techniques, however, the Kentucky Transportation Cabinet (KYTC) been unable to institute such a program due to institutional, regulatory, and political constraints. Recognizing the benefits of judicious access management, the Cabinet asked researchers at the Kentucky Transportation Center (KTC) to identify access management best practices that are effective, can be easily implemented, and are compatible with existing statutes and regulations. After reviewing national-level and state-level guidance on access management, researchers devised an Access Management Toolbox which contains 14 commonly used access management techniques. Using a rating scale of 1 to 5, personnel at KYTC were then asked to rate each technique in terms of its effectiveness and ease of implementation (1 = ineffective and/or difficult to implement; 5 = highly effective and/or easy to adopt). Six techniques garnered scores of 4 or above for both effectiveness and implementation: 1) maintaining sight distance, 2) setting the maximum number of driveways per lot, 3) installing auxiliary turn lanes, 4) protecting the functional area of intersections, 5) adopting turn restrictions, and 6) conducting traffic impact studies. Consistently incorporating these access management techniques into permitting, planning, and design activities will result in the development of an efficient and safe highway system that equitably balances the needs of motorists and property owners

The GLASS project: supporting secure shibboleth-based single sign-on to campus resources

Higher and Further education institutions in the UK are in the process of migrating their IT infrastructures to exploit Shibboleth technologies for federated access management. Ease of use and secure access are paramount to the successful uptake of these technologies, both from the end user and system administrator perspective. The JISC-funded GLASS project is a one-year project investigating the use of Shibboleth to support single sign-on to a variety of campus resources at the University of Glasgow including browser-based email access; the Moodle online virtual learning environment; the WebSURF online student records facility, and a network filestore browser. This paper describes the implementation issues and experiences gained in rolling out the Shibboleth technologies to support federated access management

A JSON Token-Based Authentication and Access Management Schema for Cloud SaaS Applications

Cloud computing is significantly reshaping the computing industry built around core concepts such as virtualization, processing power, connectivity and elasticity to store and share IT resources via a broad network. It has emerged as the key technology that unleashes the potency of Big Data, Internet of Things, Mobile and Web Applications, and other related technologies, but it also comes with its challenges - such as governance, security, and privacy. This paper is focused on the security and privacy challenges of cloud computing with specific reference to user authentication and access management for cloud SaaS applications. The suggested model uses a framework that harnesses the stateless and secure nature of JWT for client authentication and session management. Furthermore, authorized access to protected cloud SaaS resources have been efficiently managed. Accordingly, a Policy Match Gate (PMG) component and a Policy Activity Monitor (PAM) component have been introduced. In addition, other subcomponents such as a Policy Validation Unit (PVU) and a Policy Proxy DB (PPDB) have also been established for optimized service delivery. A theoretical analysis of the proposed model portrays a system that is secure, lightweight and highly scalable for improved cloud resource security and management.Comment: 6 Page

Economic Benefits of Management Reform in the Gulf of Mexico Grouper Fishery: A Semi-Parametric Analysis

This paper uses a semi-parametric empirical model to estimate the economic benefits of adopting a property rights-based management program in the Gulf of Mexico grouper fishery. The analysis predicts that a rights-based fleet will be comprised of fewer, more cost efficient boats than under the current controlled access management program. Results indicate that in the year of our data, 1993, the smaller, more productive fleet could harvest the allowable reef fish catch at a cost saving of $2.92-$7.07 million, 12-30% less than under controlled access management. Recent tightening of controlled access regulations suggest that the benefits from management reform could be even larger in the current day fishery.

Federated Access Management for Collaborative Environments

abstract: Access control has been historically recognized as an effective technique for ensuring that computer systems preserve important security properties. Recently, attribute-based access control (ABAC) has emerged as a new paradigm to provide access mediation by leveraging the concept of attributes: observable properties that become relevant under a certain security context and are exhibited by the entities normally involved in the mediation process, namely, end-users and protected resources. Also recently, independently-run organizations from the private and public sectors have recognized the benefits of engaging in multi-disciplinary research collaborations that involve sharing sensitive proprietary resources such as scientific data, networking capabilities and computation time and have recognized ABAC as the paradigm that suits their needs for restricting the way such resources are to be shared with each other. In such a setting, a robust yet flexible access mediation scheme is crucial to guarantee participants are granted access to such resources in a safe and secure manner. However, no consensus exists either in the literature with respect to a formal model that clearly defines the way the components depicted in ABAC should interact with each other, so that the rigorous study of security properties to be effectively pursued. This dissertation proposes an approach tailored to provide a well-defined and formal definition of ABAC, including a description on how attributes exhibited by different independent organizations are to be leveraged for mediating access to shared resources, by allowing for collaborating parties to engage in federations for the specification, discovery, evaluation and communication of attributes, policies, and access mediation decisions. In addition, a software assurance framework is introduced to support the correct construction of enforcement mechanisms implementing our approach by leveraging validation and verification techniques based on software assertions, namely, design by contract (DBC) and behavioral interface specification languages (BISL). Finally, this dissertation also proposes a distributed trust framework that allows for exchanging recommendations on the perceived reputations of members of our proposed federations, in such a way that the level of trust of previously-unknown participants can be properly assessed for the purposes of access mediation.Dissertation/ThesisDoctoral Dissertation Computer Science 201