A Dynamic Access Control Model Using Authorising Workfow and Task Role-based Access Control

Access control is fundamental and prerequisite to govern and safeguard information assets within an organisation. Organisations generally use Web enabled remote access coupled with applications access distributed across various networks. These networks face various challenges including increase operational burden and monitoring issues due to the dynamic and complex nature of security policies for access control. The increasingly dynamic nature of collaborations means that in one context a user should have access to sensitive information, whilst not being allowed access in other contexts. The current access control models are static and lack Dynamic Segregation of Duties (SoD), Task instance level of Segregation, and decision making in real time. This thesis addresses these limitations describes tools to support access management in borderless network environments with dynamic SoD capability and real time access control decision making and policy enforcement. This thesis makes three contributions: i) Defining an Authorising Workflow Task Role Based Access Control (AW-TRBAC) using existing task and workflow concepts. This new workflow integrates dynamic SoD, whilst considering task instance restriction to ensure overall access governance and accountability. It enhances existing access control models such as Role Based Access Control (RBAC) by dynamically granting users access rights and providing access governance. ii) Extension of the OASIS standard of XACML policy language to support dynamic access control requirements and enforce access control rules for real time decision making. This mitigates risks relating to access control, such as escalation of privilege in broken access control, and insucient logging and monitoring. iii) The AW-TRBAC model is implemented by extending the open source XACML (Balana) policy engine to demonstrate its applicability to a real industrial use case from a financial institution. The results show that AW-TRBAC is scalable, can process relatively large numbers of complex requests, and meets the requirements of real time access control decision making, governance and mitigating broken access control risk

Role of non-timber forest products in sustaining forest-based livelihoods and rural households' resilience capacity in and around protected area- a Bangladesh study

People in developing world derive a significant part of their livelihoods from various forest products, particularly non-timber forest products. This article attempts to explore the contribution of NTFPs in sustaining forest-based rural livelihood in and around a protected area of Bangladesh, and their potential role in enhancing households resilience capacity. Based on empirical investigation our study revealed that, local communities gather a substantial amount of NTFPs from national park despite the official restrictions. 27 percent households of the area received at least some cash benefit from the collection, processing and selling of NTFPs, and NTFPs contribute as HHs primary, supplementary and emergency sources of income. NTFPs also constituted an estimated 19 percent of HHs net annual income, and were the primary occupation for about 18 percent of the HHs. HHs dependency on nearby forests for various NTFPs varied vis-a-vis their socio-economic condition as well as with their location from the park. Based on our case study the article also offers some clues for improving the situation in PA.Comment: To appear in Journal of Environmental Planning and Management, 201