Review of the Techniques for User Management System



Similar documents
Development of a User Management Module for Internet TV Systems

Review of the Techniques for Smart Learning Systems

A Study of Key management Protocol for Secure Communication in Personal Cloud Environment

A Study on Analysis and Implementation of a Cloud Computing Framework for Multimedia Convergence Services

UPS battery remote monitoring system in cloud computing

Design and Implementation of a Streaming Server Management System

Security Threats on National Defense ICT based on IoT

The Sensitive Information Management System for Merger and Acquisition (M&A) Transactions

Crime Hotspots Analysis in South Korea: A User-Oriented Approach

Studying Security Weaknesses of Android System

Integration of Hadoop Cluster Prototype and Analysis Software for SMB

A Study on User Access Control Method using Multi-Factor Authentication for EDMS

Cloud Computing Services and its Application

Mobile Hybrid Cloud Computing Issues and Solutions

Sharing Of Multi Owner Data in Dynamic Groups Securely In Cloud Environment

Heterogeneous Workload Consolidation for Efficient Management of Data Centers in Cloud Computing

GENERIC SECURITY FRAMEWORK FOR CLOUD COMPUTING USING CRYPTONET

N TH THIRD PARTY AUDITING FOR DATA INTEGRITY IN CLOUD. R.K.Ramesh 1, P.Vinoth Kumar 2 and R.Jegadeesan 3 ABSTRACT

Research on Operation Management under the Environment of Cloud Computing Data Center

On Cloud Computing Technology in the Construction of Digital Campus

Collaboration Service Integration Platform Using Context-Aware Role-Based Access Model

Study on Architecture and Implementation of Port Logistics Information Service Platform Based on Cloud Computing 1

A Resilient Device Monitoring System in Collaboration Environments

Success factors for the implementation of ERP to the Agricultural Products Processing Center

A Method for Load Balancing based on Software- Defined Network

Cloud Computing based Livestock Monitoring and Disease Forecasting System

Home Appliance Control and Monitoring System Model Based on Cloud Computing Technology

SECURING CLOUD DATA COMMUNICATION USING AUTHENTICATION TECHNIQUE

Research on Storage Techniques in Cloud Computing

International Journal of Scientific & Engineering Research, Volume 6, Issue 5, May ISSN

Security Considerations for Public Mobile Cloud Computing

Dynamic Query Updation for User Authentication in cloud Environment

A Survey on Security Threats and Security Technology Analysis for Secured Cloud Services

How To Balance In Cloud Computing

A Proxy-Based Data Security Solution in Mobile Cloud

86 Int. J. Engineering Systems Modelling and Simulation, Vol. 6, Nos. 1/2, 2014

Method of Fault Detection in Cloud Computing Systems

Industrial Control Systems Vulnerabilities and Security Issues and Future Enhancements

Big Data Collection Study for Providing Efficient Information

Analysis of Cloud Computing Vulnerabilities

Data Outsourcing based on Secure Association Rule Mining Processes

Mobile Cloud Computing Security Considerations

Comparison of Cloud Service Quality Information Publication Based on Cloud Service Quality Model

A Fuzzy AHP based Multi-criteria Decision-making Model to Select a Cloud Service

Chapter 1: Introduction

Development of Object-Oriented Analysis and Design Methodology for Secure Web Applications

Security Measures of Personal Information of Smart Home PC

IMAV: An Intelligent Multi-Agent Model Based on Cloud Computing for Resource Virtualization

MALLET-Privacy Preserving Influencer Mining in Social Media Networks via Hypergraph

Migration Improved Scheduling Approach In Cloud Environment

Design and Implementation of Automatic Attendance Check System Using BLE Beacon

Data Protection Act Guidance on the use of cloud computing

The Design and Implementation of the Integrated Model of the Advertisement and Remote Control System for an Elevator

CLOUD COMPUTING AND SECURITY: VULNERABILITY ANALYSIS AND PREVENTIVE SOLUTIONS

A Dynamic Resource Management with Energy Saving Mechanism for Supporting Cloud Computing

Security Threats in Cloud Computing Environments 1

International Journal of Computer Science Trends and Technology (IJCST) Volume 3 Issue 3, May-June 2015

Design of a Subtitle System for Internet TV Systems

An Explorative Model for B2B Cloud Service Adoption in Korea - Focusing on IaaS Adoption

Smart Integrated Multiple Tracking System Development for IOT based Target-oriented Logistics Location and Resource Service

A Road Map on Security Deliverables for Mobile Cloud Application

A Review of Cloud Environment and Recognition of Highly Secure Public Data Verification Architecture using Secure Public Verifier Auditor

Data Structure and Switch Categorization for Mobility Management Service in Software Defined Networking

Performance Gathering and Implementing Portability on Cloud Storage Data

A Study for Home and Mobile U-Healthcare System

Personal Health Care Management System Developed under ISO/IEEE with Bluetooth HDP

Security Analyzing in UNIX for Cloud Computing Environment

Cloud deployment model and cost analysis in Multicloud

Scalable Multiple NameNodes Hadoop Cloud Storage System

Cloud Storage Solution for WSN Based on Internet Innovation Union

Access Control Framework of Personal Cloud based on XACML

Standardization Requirements Analysis on Big Data in Public Sector based on Potential Business Models

A Digital Door Lock System for the Internet of Things with Improved Security and Usability

Protecting Privacy Secure Mechanism for Data Reporting In Wireless Sensor Networks

Keywords Distributed Computing, On Demand Resources, Cloud Computing, Virtualization, Server Consolidation, Load Balancing

Lecture and Presentation Topics (tentative) CS 7301: Recent Advances in Cloud Computing

An Efficiency Keyword Search Scheme to improve user experience for Encrypted Data in Cloud

A Robust Multimedia Contents Distribution over IP based Mobile Networks

Secure Sharing of Electronic Medical Records in Cloud Computing

Research of Enterprise Private Cloud Computing Platform Based on OpenStack. Abstract

Resource Allocation Avoiding SLA Violations in Cloud Framework for SaaS

A Comparison of PaaS clouds with a Detailed Reference to Security and Geoprocessing Services

Transcription:

, pp.87-91 http://dx.doi.org/10.14257/astl.2014.46.20 Review of the Techniques for User Management System Jaegeol Yim *, Gyeyoung Lee *, Kyungsoo Ham * *Dongguk University at Gyeongju Korea, {yim, lky, ham}@dongguk.ac.kr Abstract. User management is one of the most important problems we have to solve in implementing a large computer system. A user management system should guarantee authorized users to access system resources and restrict unauthorized users from accessing system resources. Many research results about user management have been published. This paper reviews the techniques for user management. Keywords: User Management, Account Management, Access control 1 Introduction A user management system is a vital component of any practical computer application software. A user management system has to prevent the disclosure of information to unauthorized individuals or systems. For example, a user management system should protect credit card numbers and passwords of the cards in a customer database from malicious persons. On the other hand, a user management system should allow all resources to be used by authorized persons. To this end, a user management system has to be able to authenticate and authorize users. In other words, it should be able to confirm the identity of a person and control authenticated users' access to system resources. Reflecting the roles of user management system, we can notice that it is closely related to access control and security. This paper reviews the techniques that are useful for designing user management systems. 2 Techniques for User Management 2.1 Policy-based Access Control The authors of [1] introduced a policy-based access control to solve security and privacy problems of social networking. It controls access based on privacy policies. A ISSN: 2287-1233 ASTL Copyright 2014 SERSC

Policy-Based Access Control (PBAC) consists of an Integrated Authentication, an Access Control Handler and a Privacy Policy Controller. Integrated Authentication is based on identifying the user and his/her the mobile device. This identifies a user with combination of user authentication (user's name/password) and device authentication. Access Control Handler assigns an authority to an authenticated user based on the user's role, purpose and condition. Privacy Policy Controller securely manages the personal data disclosed by a user in the social network environment. Privacy Policy Controller issues privacy notices when Personal Information Protection Act is violated. Combining a relational database management system and a policy evaluation engine, the authors of [2] introduced a new access control system for large databases [2]. The system has several advantages in including: - Rules are stored, evaluated, and enforced by the database system - This system allows access control for entire rows as well as individual fields. - This system is DBMS-independent - Applications need not be aware of the new access control module. - Policy rules follow common trust management approach for writing policy rules. The authors of [3] introduced a policy-based access control model to support access control based on privacy policies. This system is a systematic and comprehensive privacy policy based on the purpose, condition, and role of the user and helps to protect users from potential dangers in social network environments. The proposed system consists of IAM(Integrated Authentication Mechanism), ACHM (Access Control Handler Mechanism), and PPCM (Privacy Policy Controller Mechanism) IAM is based on identifying the user and the mobile device, such as a cellular phone, a smartphone, or a tablet PC. This is a method of identification that combines user authentication based on certificates or a username/password with device authentication based on dynamic information. ACHM is given authority according to that of the authenticated user through the IAM. Access control is enabled based on the role, purpose, and condition defined below. PPCM securely manages the personal data disclosed by a user in the social network environment. The purpose of collecting personal or sensitive information is clearly stated by SNS, and it is important to gather a minimum level of data on SNS users. Unique identifying information, such as a social security number, is not stored, or, in the case of Korea, is only used for encryption. PPCM issues privacy notices when Personal Information Protection Act is violated. Users can set up a privacy policy for their desired security level, and this is automatically managed when making, using and collecting personal data. The privacy policy in this mechanism is built on XACML [4]. This policy document indicates the status of access control and specifies the privacy protection policies. 88 Copyright 2014 SERSC

2.2 Light-Weight Access Control Mechanism Authorization specifies authenticated user's access right to resources. Legacy authorization mechanisms can be categorized into two models: centralized authorization model and distributed authorization model. In centralized authorization model, a centralized trusted authority is responsible for controlling access. The centralized trusted authority is overloaded when the system is a relatively large-scale network. On the other hand, in distributed authorization model, each subject manages its own policy for authorization and maintaining consistency is difficult. The authors of [5] introduced Light-Weight Access Control mechanism as an alternative for the existing methods. In this mechanism, an authorization server issues an authoricate that is a certificate for authorization and contains rules for authorization. The process of the authorization consists of the following six steps: maintaining authorization policy, key distribution, issuing authoricate, request for service, verify the authoricate, and permit or dent. 2.3 Access control for cloud computing systems Cloud computing architectures can make full use of powerful machines by creating virtual machines on them and rearrange the computing power for different applications [6]. In cloud systems, infrastructure, platform and software are regarded as services. Infrastructure as a service (IaaS)/ platform as a service (PaaS)/ software as a service (SaaS) corresponds to hardware/operating system/application software of traditional computer systems [7]. After analyzing security in traditional systems and cloud system, the authors of [7] introduced access control architecture for cloud computing systems. In the architecture, light weighted services are implemented on virtual machines, core applications run on powerful servers or clusters, and the administrator node is kept in secure environment. In a virtual cluster based Cloud Computing environment, the sharing of infrastructure introduces two problems on user management: usability and security [8]. The authors of [8] proposed a uniform user management system that is fit for the scale expansion and interconnection of dynamic virtualization environment. The user management system supplies a global user space for different virtual infrastructures and application services in one cloud, and allows user system interconnection among homogeneous cloud instances. The authors of [9] proposed an access control model for negative authorization to provide the user with the ability and flexibility of specifying the objects to which access is not desired through the means of negative authorization. Comparing to filtering mechanism that block unwanted information and services, negative authorization has the advantage of saving precious computation and network resources because access control happens prior to actual access in negative authorization. Copyright 2014 SERSC 89

2.4 Other related works Virtual environments have recently gained a lot of attention. The concept of avatars and the introduction of social abilities in virtual environments have recently encouraged people to participate in creativity while having fun. The authors of [10] proposed a novel joint hierarchical nodes based user management infrastructure for the development of scalable and consistent virtual worlds. 3 Conclusions Reviewing the previous related works, we conclude that our user management system should be role based and unified. For further study, we are now implementing a practical user management system for IPTV systems. Acknowledgements. This research was supported by Basic Science Research Program through the National Research Foundation of Korea(NRF) funded by the Ministry of Education (NRF-2011-0006942) and by Development of Global Culture and Tourism IPTV Broadcasting Station Project through the Industrial Infrastructure Program for Fundamental Technologies funded by the Ministry of Knowledge Economy (10037393). References 1. Kim, K., Hong, S., Kim, J.: A Study on Policy-based Access Control Model in SNS, IJMUE Vol.7, No. 3, 143-150 (2012) 2. Opyrchal, L., Cooper, J., Poyar, R., Lenahan, B., Zeinner, D.: Bouncer: Policy-Based Fine Grained Access Control in Large Databases," IJSIA Vol. 5, No.2, 1-16 (2011) 3. Kim, K., Hong, S., and Kim, J.: A Study on Policy-based Access Control Model in SNS. IJMUE Vol.7, No. 3, 143-150 (2012). 4. OASIS, OASIS: Extensible access control markup language(xacml) V2.0. OASIS Specification, Available at www. Oasis-open.org/committees/xacml (2005). 5. Kim, G., Han, J.: Light-weight Access Control Mechanism based on Authoricate issued for Smart Home," IJSH Vol. 2, No.4, 49-58 (2008) 6. H. Gonz alez-v elez and M. Kontagora, Performance evaluation of MapReduce using full virtualisation on a departmental cloud, Int. J. Appl. Math. Comput. Sci., 21, pp. 275-284 (2011). 7. Xixu Fu, Kaijun Wu and XiZhang Gong, "Implement Access Control Architecture to Enhance Security and Availability of Cloud Computing Systems," IJSIA Vol. 6, No.2, 245-250 (2012) 8. J. Lin, X. Lu, L. Yu, Y. Zou, L. Zha, "VegaWarden: A Uniform User Management System for Cloud Applications," IEEE Fifth International Conference on Networking, Architecture and Storage (NAS), pp. 457-464 (2010) 90 Copyright 2014 SERSC

9. X. Li, J. He and T. Zhang, "Negative Authorization in Access Control for Cloud Computing," IJSIA Vol. 6, No.2, 307-312, (2012) 10. U. Farooq, J. Glauert, "Joint Hierarchical Nodes Based User Management (JoHNUM) Infrastructure for the Development of Scalable and Consistent Virtual Worlds," 13th IEEE/ACM International Symposium on Distributed Simulation and Real Time Applications, pp. 105-112 (2009) Copyright 2014 SERSC 91

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information