New Approaches in Software Security: Composition of Privileges
|
|
- Nancy Potter
- 7 years ago
- Views:
Transcription
1 New Approaches in Software Security: Composition of Privileges Dr. Michael Hoche, Martin Kortwinkel EADS Deutschland GmbH SET Congress 2009, Zürich Outline Problem Description Eisting solutions and models Formalization / Abstraction Conceptual Solution Practical Application Conclusion This talk consists of a gentle introduction in the security domain followed by a formal description of the proposed method. Advantageousness is illustrated by providing some application eamples. 2
2 Problem Description Security is usually a build in property of software Application integration of heterogeneous access rights management is hard work. Usually integrated things comprise their own individual full featured and different a access rights management. There is a strong need to unify them. We introduce a new formal verifiable technique by looking at the well known concept of authorization. We impose a new embedding in a quasi ordering on rights as a natural result of a stronger notion of composition. 3 Problem Description General Subject Object Access Relation The compleity of implicit dependencies in a net of objects Object / Subject Has right 4
3 Eisting Solutions & Models Part 1 Discretionary Access Control (DAC) Access control only by user identity and his right on resource Mandatory Access Control (MAC) DAC plus additional rules & properties (e.g. label, code word) Role Based Access Control (RBAC) Fi role resource access rights Multi-Level-Security Systems (MLS) Access control by access (vertical) level (e.g. free, restricted,..) Bell-LaPadula-Model MAC combined with security levels Biba-Model / Low-Watermark Mandatory Access Control MAC with policies March 2009 Composition of Rights 5 Eisting Solutions & Models Part 2 Policy based access control Multi-lateral Security Systems MLS (vertical) plus code words (horizontal) Compartment-Model - Lattice-Model Combination of security level and categories by policy based access control for information flow Chinese Wall Brewer-Nash Model Access control cluster (e.g. company), granted access if recent accesses into cluster Clark-Wilson-Model Access by valid transactions (mainly used by host systems), defines enforcement rules and certification rules BMA-Model (British Medical Association) Combination of Clark-Wilson Model and Bell-LaPadula-Model decentralized model, access rights defined by data owner March 2009 Composition of Rights 6
4 Formalization Restriction on Transitions State Transition Clark-Wilson-Model Objects Invariant 7 Formalization Complete Subject/Object Right Relation Objects Subjects MAC model Right 8
5 Conclusion eisting models Models are specialized on solving specific problems. The compleity augments not linear with increasing number of objects, subjects, and access right definitions. All models to simple for heterogeneous multi-lateral systems. No model realizes need-to-know access control sufficient, especially not in multi-lateral systems. All models are not very fleible to reorganize access rights. 9 Concept Composition of Privileges Rules Ordering set of right definitions Assigning of rights to objects to perform an operation which defines a mapping of objects to ordered rights. (1st Function) Assigning of rights to subject to perform an operation which defines a mapping of subjects to ordered rights. (2nd Function) Validating right of subject to perform operation by comparing order of results of 1st Function and 2nd Function. 10
6 Conceptual Solution Subject/Object Right Relation 1 0 Objects / Subjects Rights 11 Conceptual Solution Rights hierarchy & ordering Objects (Rights, ) Object aggregation ma 2 Objects (Rights, ) Permission granted!!! 2 Subjects (Rights, ) Subject aggregation min Subjects (Rights, ) 12
7 Conceptual Solution Multilateral Subject/Object Right Management Component A Component B Objects a 1 b 1 Objects b c r1 r2 r3 y 0 0 y z Subjects Subjects 13 Conceptual Solution Composition Rights 1,1 1,r3 1,0 r1,1 r2,1 r1,r3 r2,r3 r1,0 r2,0 0,1 0,r3 0,0 14
8 Conceptual Solution Composition Credentials a c 1,0 b 1,r3 1,1 r1,1 r2,1 r1,r3 r2,r3 r1,0 r2,0 0,1 y 0,r3 0,0 z y 15 Practical Application Right vectors Right vectors (labels) are sets of right definitions with specific semantics. Definition: (What should define a right vector) Mapping of different aspects which defines information access. Each aspect should be independent to others. For each aspect there is an ordering of rights. Each aspect forms his own semantic contet for information access. Eample for right vector: Level of security (free, restricted, confidential, secret, top secret) Geo-localization Time range Role Etendible 16
9 Right Vector Eample Confidentiality & Time Range Function: higher confidential Function: time interval within 17 Right Vector Eample Geo-localization No Region Function: is complete contained in Frauenfeld Paris Thurgau Corsica Congo New York Melbourne Swiss France Corsica & Medit. Sea Mediterranean Sea Atlantic Ocean Oceania Antarctic Arctic Europe Asia Africa Sea America Australia World 18
10 ESB implementation For each object type (e.g. Services, data within specific DB) it can be defined access right aspects which are shared for a domain. Result: Definition of right vectors For each element of the vector there is a function which calculates the ordering of the values and can add new elements. Heterogeneous domains can compose their right vectors. 19 Conclusion Advantages of ordered rights method On-the-fly and dynamic at run-time evaluation of access rights Right definitions always consistent Semantics of interpretation is definable by application (no domain specific semantic) Can be used to decide access by contet (need-to-know) Compatible for integration of ontologies. Heterogeneous right definitions of foreign systems has not to be harmonized. They are combinable. Works for aggregated sets of subjects and objects, too. Hom_S(s) Hom_O(o) Construction creates partial or complete Boolean Algebra or lattice which can be efficiently and compactly presented and implemented. The right ordering method can be embedded into each of the eisting access right systems and models. Eisting standards and components like SAML, LDAP, PEP can be used. 20
Access Control Intro, DAC and MAC. System Security
Access Control Intro, DAC and MAC System Security System Security It is concerned with regulating how entities use resources in a system It consists of two main phases: Authentication: uniquely identifying
More informationCS 665: Computer System Security. Designing Trusted Operating Systems. Trusted? What Makes System Trusted. Information Assurance Module
CS 665: Computer System Security Designing Trusted Operating Systems Bojan Cukic Lane Department of Computer Science and Electrical Engineering West Virginia University 1 Trusted? An operating system is
More informationLecture 14 Towards Trusted Systems Security Policies and Models
Lecture 14 Towards Trusted Systems Security Policies and Models Thierry Sans 15-349: Introduction to Computer and Network Security domains Definition of MAC MAC (Mandatory Access Control) A set of access
More informationChapter 23. Database Security. Security Issues. Database Security
Chapter 23 Database Security Security Issues Legal and ethical issues Policy issues System-related issues The need to identify multiple security levels 2 Database Security A DBMS typically includes a database
More informationMarianne Winslett, winslett@cs.uiuc.edu 217-333-3536. 217-265-6494 (fax)
Security of Shared Data in Large Systems: State of the Art and Research Directions Tutorial Proposal for VLDB 2004 Arnon Rosenthal & Marianne Winslett 1 We propose to repeat (with minor updates) the tutorial
More informationBest Practices, Procedures and Methods for Access Control Management. Michael Haythorn
Best Practices, Procedures and Methods for Access Control Management Michael Haythorn July 13, 2013 Table of Contents Abstract... 2 What is Access?... 3 Access Control... 3 Identification... 3 Authentication...
More informationRole Based Access Control (RBAC) Nicola Zannone
Role Based Access Control (RBAC) Nicola Zannone 1 DAC and MAC Discretionary Access Control (DAC) Access control determined by the owner of an object Oner can delegate access rights to other users Access
More informationAn Object Oriented Role-based Access Control Model for Secure Domain Environments
International Journal of Network Security, Vol.4, No.1, PP.10 16, Jan. 2007 10 An Object Oriented -based Access Control Model for Secure Domain Environments Cungang Yang Department of Electrical and Computer
More informationAccess Control Models Part I. Murat Kantarcioglu UT Dallas
UT DALLAS Erik Jonsson School of Engineering & Computer Science Access Control Models Part I Murat Kantarcioglu UT Dallas Introduction Two main categories: Discretionary Access Control Models (DAC) Definition:
More informationSEA PRE SCREENING REPORT (COVER NOTE ) PART 1. An SEA Pre Screening Report is attached for the plan, programme or strategy (PPS) entitled:
SEA PRE SCREENING REPORT (COVER NOTE ) PART 1 To: SEA.gateway@scotland.gsi.gov.uk or SEA Gateway Scottish Eecutive Area 1 H (Bridge) Victoria Quay Edinburgh EH6 6QQ PART 2 An SEA Pre Screening Report is
More informationAccess Control Basics. Murat Kantarcioglu
UT DALLAS Erik Jonsson School of Engineering & Computer Science Access Control Basics Murat Kantarcioglu Access Control - basic concepts An access control system regulates the operations that can be executed
More informationSecurity Enhanced Linux and the Path Forward
Security Enhanced Linux and the Path Forward April 2006 Justin Nemmers Engineer, Red Hat Agenda System security in an insecure world Red Hat Enterprise Linux Security Features An overview of Discretionary
More informationChapter 23. Database Security. Security Issues. Database Security
Chapter 23 Database Security Security Issues Legal and ethical issues Policy issues System-related issues The need to identify multiple security levels 2 Database Security A DBMS typically includes a database
More informationSECURITY MODELS FOR OBJECT-ORIENTED DATA BASES
82-10-44 DATA SECURITY MANAGEMENT SECURITY MODELS FOR OBJECT-ORIENTED DATA BASES James Cannady INSIDE: BASICS OF DATA BASE SECURITY; Discretionary vs. Mandatory Access Control Policies; Securing a RDBMS
More informationINF3510 Information Security University of Oslo Spring 2012. Lecture 8 Identity and Access Management. Audun Jøsang
INF3510 Information Security University of Oslo Spring 2012 Lecture 8 Identity and Access Management Audun Jøsang Outline Identity and access management concepts Identity management models Access control
More informationSIXTH GRADE PLATE TECTONICS 1 WEEK LESSON PLANS AND ACTIVITIES
SIXTH GRADE PLATE TECTONICS 1 WEEK LESSON PLANS AND ACTIVITIES PLATE TECTONIC CYCLE OVERVIEW OF SIXTH GRADE VOLCANOES WEEK 1. PRE: Comparing the structure of different types of volcanoes. LAB: Plotting
More information1.6. Piecewise Functions. LEARN ABOUT the Math. Representing the problem using a graphical model
1.6 Piecewise Functions YOU WILL NEED graph paper graphing calculator GOAL Understand, interpret, and graph situations that are described by piecewise functions. LEARN ABOUT the Math A city parking lot
More information0 0 such that f x L whenever x a
Epsilon-Delta Definition of the Limit Few statements in elementary mathematics appear as cryptic as the one defining the limit of a function f() at the point = a, 0 0 such that f L whenever a Translation:
More informationAccess Control Matrix
Access Control Matrix List all proceses and files in a matrix Each row is a process ( subject ) Each column is a file ( object ) Each matrix entry is the access rights that subject has for that object
More informationReference Guide for Security in Networks
Reference Guide for Security in Networks This reference guide is provided to aid in understanding security concepts and their application in various network architectures. It should not be used as a template
More informationDraft Martin Doerr ICS-FORTH, Heraklion, Crete Oct 4, 2001
A comparison of the OpenGIS TM Abstract Specification with the CIDOC CRM 3.2 Draft Martin Doerr ICS-FORTH, Heraklion, Crete Oct 4, 2001 1 Introduction This Mapping has the purpose to identify, if the OpenGIS
More informationSecure Document Circulation Using Web Services Technologies
Secure Document Circulation Using Web Services Technologies Shane Bracher Bond University, Gold Coast QLD 4229, Australia Siemens AG (Corporate Technology), Otto-Hahn-Ring 6, 81739 Munich, Germany sbracher@student.bond.edu.au
More informationMandatory Access Control
CIS/CSE 643: Computer Security (Syracuse University) MAC: 1 1 Why need MAC DAC: Discretionary Access Control Mandatory Access Control Definition: An individual user can set an access control mechanism
More informationSecurity Architecture and Design
IT Networks and Security & CERIAS CISSP Luncheon Series Security Architecture and Design Presented by Rob Stanfield Domain Overview Identify key principles and concepts critical to securing the infrastructure
More informationSecurity and Cryptography 1. Stefan Köpsell, Thorsten Strufe. Module 8:Access Control and Authentication
Security and Cryptography 1 Stefan Köpsell, Thorsten Strufe Module 8:Access Control and Authentication Disclaimer: large parts from Stefan Katzenbeisser, Günter Schäfer Dresden, WS 14/15 Reprise from the
More informationCompleteness, Versatility, and Practicality in Role Based Administration
Completeness, Versatility, and Practicality in Role Based Administration Slobodan Vukanović svuk002@ec.auckland.ac.nz Abstract Applying role based administration to role based access control systems has
More informationResources, process calculi and Godel-Dummett logics
Resources, process calculi and Godel-Dummett logics Dominique Larchey LORIA { CNRS Nancy, France 1 Gödel-Dummett logics LC Most studied intermediate logic IL LC CL Proof theory, proof-search IL (Dyckho
More informationSemantic Description of Distributed Business Processes
Semantic Description of Distributed Business Processes Authors: S. Agarwal, S. Rudolph, A. Abecker Presenter: Veli Bicer FZI Forschungszentrum Informatik, Karlsruhe Outline Motivation Formalism for Modeling
More informationRole-based Authorization Constraints Specification Using Object Constraint Language
Role-based Authorization Constraints Specification Using Object Constraint Language Gail-Joon Ahn Department of Computer Science University of North Carolina at Charlotte gahn@uncc.edu Michael. E. Shin
More informationGMP and QMS Regulation in Japan
GMP and QMS Regulation in Japan Tomiko Tawaragi Chief Safety Officer Pharmaceuticals and Medical Devices Agency (PMDA) August 2 nd, 2014 1 st Brazil-Japan Seminar GMP/QMS GMP : Good Manufacture Practice
More informationSupport Vector Machine. Tutorial. (and Statistical Learning Theory)
Support Vector Machine (and Statistical Learning Theory) Tutorial Jason Weston NEC Labs America 4 Independence Way, Princeton, USA. jasonw@nec-labs.com 1 Support Vector Machines: history SVMs introduced
More informationThe fairy tale Hansel and Gretel tells the story of a brother and sister who
Piecewise Functions Developing the Graph of a Piecewise Function Learning Goals In this lesson, you will: Develop the graph of a piecewise function from a contet with or without a table of values. Represent
More informationHow To Model Access Control Models In Cse543
CSE543 - Introduction to Computer and Network Security Module: Access Control Models Professor Patrick McDaniel Fall 2008 1 Access Control Models What language should I use to express policy? Access Control
More informationRole Based Access Control: Adoption and Implementation in the Developing World
Role Based Access Control: Adoption and Implementation in the Developing World By Loy A.K. Muhwezi Master s Thesis in Computer Science Thesis number: Supervised By Dr. Martijn Oostdijk Radboud University
More informationSecurity Models: Past, Present and Future
Security Models: Past, Present and Future Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University of Texas at San Antonio August 2010 ravi.sandhu@utsa.edu www.profsandhu.com
More informationMaterial and some slide content from: - Software Architecture: Foundations, Theory, and Practice NFPs Reid Holmes Lecture 5 - Tuesday, Sept 27 2010.
Material and some slide content from: - Software Architecture: Foundations, Theory, and Practice NFPs Reid Holmes Lecture 5 - Tuesday, Sept 27 2010. NFPs NFPs are constraints on the manner in which the
More informationA methodology for secure software design
A methodology for secure software design Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca Raton, FL 33431 ed@cse.fau.edu 1. Introduction A good percentage of the
More informationDatabase Security and Authorization
Database Security and Authorization 1 Database Security and Authorization 1.1 Introduction to Database Security Issues 1.2 Types of Security 1.3 Database Security and DBA 1.4 Access Protection, User Accounts,
More informationCSE543 - Introduction to Computer and Network Security. Module: Access Control
CSE543 - Introduction to Computer and Network Security Module: Access Control Professor Trent Jaeger 1 Policy A policy specifies the rules of security Some statement of secure procedure or configuration
More informationConstructing Trusted Code Base XIV
Constructing Trusted Code Base XIV Certification Aleksy Schubert & Jacek Chrząszcz Today s news (on tvn24bis.pl) (June 6th on BBC) security vulnerability CVE-2014-0224 was discovered by Masashi Kikuchi
More informationFoundations Applications Technologies
Institute for Cyber Security ICS Research Projects Ravi Sandhu Institute for Cyber Security University of Te exas at San Antonio August 30, 2012 IIIT Delhi 1 ICS Philosophy Foundations Applications Technologies
More informationAnalysis of Different Access Control Mechanism in Cloud
Analysis of Different Access Control Mechanism in Cloud Punithasurya K Post Graduate Scholar Department of Information Technology Karunya University, India Jeba Priya S Lecturer Department of Information
More informationIdentity Management Basics. OWASP May 9, 2007. The OWASP Foundation. Derek Browne, CISSP, ISSAP Derek.Browne@Emergis.com. http://www.owasp.
Identity Management Basics Derek Browne, CISSP, ISSAP Derek.Browne@Emergis.com May 9, 2007 Copyright The Foundation Permission is granted to copy, distribute and/or modify this document under the terms
More informationImplementing XML-based Role and Schema Migration Scheme for Clouds
Implementing XML-based Role and Schema Migration Scheme for Clouds Gurleen Kaur 1, Sarbjeet Singh 2 Computer Science and Engineering, UIET Panjab University, Chandigarh, India 1 gurleenturka@gmail.com
More informationRBAC and HIPAA Security
Chief Executive, HIPAA Academy RBAC and HIPAA Security Uday O. Ali Pabrai, CHSS, SCNA Session Objective Challenges HIPAA Requirements Seven Steps to HIPAA Security Access Control RBAC Information Access
More informationLinear Equations in Linear Algebra
1 Linear Equations in Linear Algebra 1.5 SOLUTION SETS OF LINEAR SYSTEMS HOMOGENEOUS LINEAR SYSTEMS A system of linear equations is said to be homogeneous if it can be written in the form A 0, where A
More informationSTRAND: ALGEBRA Unit 3 Solving Equations
CMM Subject Support Strand: ALGEBRA Unit Solving Equations: Tet STRAND: ALGEBRA Unit Solving Equations TEXT Contents Section. Algebraic Fractions. Algebraic Fractions and Quadratic Equations. Algebraic
More informationAPIs The Next Hacker Target Or a Business and Security Opportunity?
APIs The Next Hacker Target Or a Business and Security Opportunity? SESSION ID: SEC-T07 Tim Mather VP, CISO Cadence Design Systems @mather_tim Why Should You Care About APIs? Amazon Web Services EC2 alone
More informationAdministration of Access Control in Information Systems Using URBAC Model
JOURNAL OF APPLIED COMPUTER SCIENCE Vol. 19 No. 2 (2011), pp. 89-109 Administration of Access Control in Information Systems Using URBAC Model Aneta Poniszewska-Marańda Institute of Information Technology
More informationCS377: Database Systems Data Security and Privacy. Li Xiong Department of Mathematics and Computer Science Emory University
CS377: Database Systems Data Security and Privacy Li Xiong Department of Mathematics and Computer Science Emory University 1 Principles of Data Security CIA Confidentiality Triad Prevent the disclosure
More informationWhite Paper. Authentication and Access Control - The Cornerstone of Information Security. Vinay Purohit September 2007. Trianz 2008 White Paper Page 1
White Paper Authentication and Access Control - The Cornerstone of Information Security Vinay Purohit September 2007 Trianz 2008 White Paper Page 1 Table of Contents 1 Scope and Objective --------------------------------------------------------------------------------------------------------
More informationIntroduction to Computer Security
Introduction to Computer Security Access Control and Authorization Pavel Laskov Wilhelm Schickard Institute for Computer Science Resource access recapitulated 1. Identification Which object O requests
More informationChapter 3: Distributed Database Design
Chapter 3: Distributed Database Design Design problem Design strategies(top-down, bottom-up) Fragmentation Allocation and replication of fragments, optimality, heuristics Acknowledgements: I am indebted
More informationInformation Flows and Covert Channels
Information Flows and Covert Channels Attila Özgit METU, Dept. of Computer Engineering ozgit@metu.edu.tr Based on: Mike McNett s presentation slides CENG-599 Data Security and Protection Objectives Understand
More information1.6. Piecewise Functions. LEARN ABOUT the Math. Representing the problem using a graphical model
1. Piecewise Functions YOU WILL NEED graph paper graphing calculator GOAL Understand, interpret, and graph situations that are described b piecewise functions. LEARN ABOUT the Math A cit parking lot uses
More informationService-Oriented Architecture and Software Engineering
-Oriented Architecture and Software Engineering T-86.5165 Seminar on Enterprise Information Systems (2008) 1.4.2008 Characteristics of SOA The software resources in a SOA are represented as services based
More informationOpenHRE Security Architecture. (DRAFT v0.5)
OpenHRE Security Architecture (DRAFT v0.5) Table of Contents Introduction -----------------------------------------------------------------------------------------------------------------------2 Assumptions----------------------------------------------------------------------------------------------------------------------2
More informationAssuring Privacy of Medical Records in an Open Collaborative Environment A Case Study of Walloon region's ehealth Platform
Assuring Privacy of Medical Records in an Open Collaborative Environment A Case Study of Walloon region's ehealth Platform Syed Naqvi, Gautier Dallons, Arnaud Michot, Renaud De Landtsheer, Christophe Ponsard
More informationHow To Understand And Solve Algebraic Equations
College Algebra Course Text Barnett, Raymond A., Michael R. Ziegler, and Karl E. Byleen. College Algebra, 8th edition, McGraw-Hill, 2008, ISBN: 978-0-07-286738-1 Course Description This course provides
More informationRole Based Access Control
Role Based Access Control Role-Based Access Control Models. By R.S. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman, IEEE Computer, vol 29(2):38--47, February 1996. The most cited paper in access control!
More informationVerifying Semantic of System Composition for an Aspect-Oriented Approach
2012 International Conference on System Engineering and Modeling (ICSEM 2012) IPCSIT vol. 34 (2012) (2012) IACSIT Press, Singapore Verifying Semantic of System Composition for an Aspect-Oriented Approach
More informationRole-based access control. RBAC: Motivations
Role-based access control 1 RBAC: Motivations Complexity of security administration For large number of subjects and objects, the number of authorizations can become extremely large For dynamic user population,
More informationINTEROPERABILITY IN DATA WAREHOUSES
INTEROPERABILITY IN DATA WAREHOUSES Riccardo Torlone Roma Tre University http://torlone.dia.uniroma3.it/ SYNONYMS Data warehouse integration DEFINITION The term refers to the ability of combining the content
More informationBM482E Introduction to Computer Security
BM482E Introduction to Computer Security Lecture 7 Database and Operating System Security Mehmet Demirci 1 Summary of Lecture 6 User Authentication Passwords Password storage Password selection Token-based
More informationAgenda. Overview. Federation Requirements. Panlab IST034305 Teagle for Partners
Agenda Panlab IST034305 Teagle for Partners Sebastian Wahle, sebastian.wahle@fokus.fraunhofer.de Overview Testbed Federation Requirements Panlab Roles Federation Architecture Functional Components of Teagle
More informationMATH 10550, EXAM 2 SOLUTIONS. x 2 + 2xy y 2 + x = 2
MATH 10550, EXAM SOLUTIONS (1) Find an equation for the tangent line to at the point (1, ). + y y + = Solution: The equation of a line requires a point and a slope. The problem gives us the point so we
More informationThe Future of Access Control: Attributes, Automation and Adaptation
Institute for Cyber Security The Future of Access Control: Attributes, Automation and Adaptation Prof. Ravi Sandhu Executive Director and Endowed Chair SERE NIST, Gaithersberg June 19, 2013 ravi.sandhu@utsa.edu
More informationIDENTITY MANAGEMENT. February 2008. The Government of the Hong Kong Special Administrative Region
IDENTITY MANAGEMENT February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More informationSolution Park Support for Visual Dashboards
Solution Park Support for Visual Dashboards CS Odessa corp. Contents What is a Dashboard?...4 CS Odessa Role...4 Live Objects Technology...5 Transforming Objects...5 Switching Object...5 Data Driven Objects...6
More informationSPL: An access control language for security policies with complex constraints
SPL: An access control language for security policies with complex constraints Carlos Ribeiro, André Zúquete, Paulo Ferreira and Paulo Guedes IST / INESC Portugal E-mail: Carlos.Ribeiro,Andre.Zuquete,Paulo.Ferreira,Paulo.Guedes
More informationChapter 2 Taxonomy and Classification of Access Control Models for Cloud Environments
Chapter 2 Taxonomy and Classification of Access Control Models for Cloud Environments Abhishek Majumder, Suyel Namasudra and Samir Nath Abstract Cloud computing is an emerging and highly attractive technology
More informationIAntarcticaI. IArctic Ocean I. Where in the World? Arctic Ocean. Pacific Ocean. Pacific Ocean. Atlantic Ocean. North America.
Name ------------------------------ Where in the World? Continents and s Arctic Pacific Pacific Atlantic.1.... 0" o ". North America South America Antarctica Arctic 261 Name Where in the World Continents
More informationJOURNAL OF OBJECT TECHNOLOGY
JOURNAL OF OBJECT TECHNOLOGY Online at http://www.jot.fm. Published by ETH Zurich, Chair of Software Engineering JOT, 2004 Vol. 3, no. 3, March-April 2004 L n RBAC: A Multiple-Levelled Role- Based Access
More informationIT2304: Database Systems 1 (DBS 1)
: Database Systems 1 (DBS 1) (Compulsory) 1. OUTLINE OF SYLLABUS Topic Minimum number of hours Introduction to DBMS 07 Relational Data Model 03 Data manipulation using Relational Algebra 06 Data manipulation
More informationCompTIA Security+ Certification SY0-301
CompTIA Security+ Certification SY0-301 Centro Latino, Inc. Computer Technology Program Prof: Nestor Uribe, nuribe@centrolatino.org www.centrolatino.org 267 Broadway, Chelsea, MA 02150 Tel. (617) 884-3238
More informationOutline. INF3510 Information Security University of Oslo Spring 2015. Lecture 9 Identity Management and Access Control. The concept of identity
INF50 Information Security University of Oslo Spring 05 Outline Identity and access management concepts Identity management models Access control models (security models) Lecture 9 Identity Management
More informationIntroduction to IT Security
Marek Rychly mrychly@strathmore.edu Strathmore University, @ilabafrica & Brno University of Technology, Faculty of Information Technology Enterprise Security 30 November 2015 Marek Rychly ES, 30 November
More informationRisk-Aware Role-Based Access Control
Risk-Aware Role-Based Access Control Liang Chen Jason Crampton Information Security Group, Royal Holloway, University of London 7th International Workshop on Security and Trust Management Risk-Aware RBAC
More informationThe XACML Enabled Gateway The Entrance to a New SOA Ecosystem
The XACML Enabled Gateway The Entrance to a New SOA Ecosystem White Paper Intel SOA Expressway and Axiomatics Policy Server Solution Intel SOA Expressway and Axiomatics Policy Server combined provide a
More informationIT2305 Database Systems I (Compulsory)
Database Systems I (Compulsory) INTRODUCTION This is one of the 4 modules designed for Semester 2 of Bachelor of Information Technology Degree program. CREDITS: 04 LEARNING OUTCOMES On completion of this
More informationWhite Paper The Identity & Access Management (R)evolution
White Paper The Identity & Access Management (R)evolution Federation and Attribute Based Access Control Page 2 A New Perspective on Identity & Access Management Executive Summary Identity & Access Management
More informationUIMA and WebContent: Complementary Frameworks for Building Semantic Web Applications
UIMA and WebContent: Complementary Frameworks for Building Semantic Web Applications Gaël de Chalendar CEA LIST F-92265 Fontenay aux Roses Gael.de-Chalendar@cea.fr 1 Introduction The main data sources
More informationAn Extended Role-based Access Control Model for. Enterprise Systems and Web Services
An Extended Role-based Access Control Model for Enterprise Systems and Web Services A thesis submitted for the degree of Master of Applied Science by Research (Computer Science) Wei Shi School of Computer
More informationMEMORANDUM. All students taking the CLC Math Placement Exam PLACEMENT INTO CALCULUS AND ANALYTIC GEOMETRY I, MTH 145:
MEMORANDUM To: All students taking the CLC Math Placement Eam From: CLC Mathematics Department Subject: What to epect on the Placement Eam Date: April 0 Placement into MTH 45 Solutions This memo is an
More informationIdentity Management and Access Control
and Access Control Marek Rychly mrychly@strathmore.edu Strathmore University, @ilabafrica & Brno University of Technology, Faculty of Information Technology Enterprise Security 7 December 2015 Marek Rychly
More informationSELinux. Security Enhanced Linux
SELinux Security Enhanced Linux Introduction and brief overview. Copyright 2005 by Paweł J. Sawicki http://www.pawel-sawicki.com/ Agenda DAC Discretionary Access Control ACL Access Control Lists MAC Mandatory
More informationComponents- Based Access Control Architecture
Issue s in Informing Science and Information Technology Volume 6, 2009 Components- Based Access Control Architecture Adesina S. Sodiya and Adebukola S. Onashoga Department of Computer Science, University
More informationOracle SOA Suite Then and Now:
Oracle SOA Suite Then and Now: The Evolution from 10g to 11g Shane Goss Impac Services Agenda SOA Suite 11g New Features Highlight new features of SOA 11g Some products have added features and functionality
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 7 Access Control Fundamentals
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 7 Access Control Fundamentals Objectives Define access control and list the four access control models Describe logical access control
More informationRewrite-Based Access Control Policies in Distributed Environments
Rewrite-Based Access Control Policies in Distributed Environments Maribel Fernández King s College London Joint work with Clara Bertolissi (LIF, Univ. Marseilles) 12th CREST Open Workshop - Security and
More informationInternational Journal on Recent and Innovation Trends in Computing and Communication ISSN 2321 8169. Volume: 1 Issue: 1 23 28 DATABASE SECURITY
DATABASE SECURITY Kamaljeet Kaur Computer Science & Engineering Department Guru Nanak Dev Engg. College, Ludhiana. Punjab-India meetk.89@gmail.com Abstract Ensuring the security of databases is a complex
More informationBPCMont: Business Process Change Management Ontology
BPCMont: Business Process Change Management Ontology Muhammad Fahad DISP Lab (http://www.disp-lab.fr/), Université Lumiere Lyon 2, France muhammad.fahad@univ-lyon2.fr Abstract Change management for evolving
More informationNCSU SSO. Case Study
NCSU SSO Case Study 2 2 NCSU Project Requirements and Goals NCSU Operating Environment Provide support for a number Apps and Programs Different vendors have their authentication databases End users must
More informationExtending XACML for Open Web-based Scenarios
Extending XACML for Open Web-based Scenarios Claudio A. Ardagna 1, Sabrina De Capitani di Vimercati 1, Stefano Paraboschi 2, Eros Pedrini 1, Pierangela Samarati 1, Mario Verdicchio 2 1 DTI - Università
More informationExercises in Mathematical Analysis I
Università di Tor Vergata Dipartimento di Ingegneria Civile ed Ingegneria Informatica Eercises in Mathematical Analysis I Alberto Berretti, Fabio Ciolli Fundamentals Polynomial inequalities Solve the
More informationAccess Control of Cloud Service Based on UCON
Access Control of Cloud Service Based on UCON Chen Danwei, Huang Xiuli, and Ren Xunyi Nanjing University of posts & Telecommunications, New Model Street No.66, 210003, Nanjing, China chendw@njupt.edu.cn,
More informationA Model for Secure Multimedia Document Database System in a Distributed Environment
IEEE TRANSACTIONS ON MULTIMEDIA, VOL. 4, NO. 2, JUNE 2002 215 A Model for Secure Multimedia Document Database System in a Distributed Environment James B. D. Joshi, Student Member, IEEE, Zhaohui Kevin
More informationSecure Database Development
Secure Database Development Jan Jurjens () and Eduardo B. Fernandez (2) () Computing Department, The Open University, Milton Keynes, MK7 8LA GB http://www.jurjens.de/jan (2) Dept. of Computer Science,
More informationData-centric Security
Data-centric Security Rui Melo Biscaia rui.biscaia@watchfulsoftware.com Watchful Software Director, Product Management Dead Horse Wisdom Graham, Texas Beat the horse faster, in an attempt to make it go
More informationITM661 Database Systems. Database Security and Administration
ITM661 Database Systems Database Security and Administration Outline Introduction to Database Security Issues Types of Security Threats to databases Database Security and DBA Access Protection, User Accounts,
More information