368 resultados para Delegation
Resumo:
Predicate encryption has an advantage over traditional public-key or identity-based encryption, since predicate encryption systems provide more flexible control over access to encrypted data. We focus on delegation capabilities in predicate systems. More specifically, we investigate delegatable encryption systems supporting disjunctive predicate evaluations. We present formal security definitions of delegatable predicate encryption and provide the first delegatable predicate encryption scheme which supports disjunctive predicate evaluations in the public-key setting. We analyze the security of the proposed system and give a security proof. In addition, we present a delegatable predicate encryption in the symmetric-key setting and discuss the related security issues.
Resumo:
The paper addresses the issue of providing access control via delegation and constraint management across multiple security domains. Specifically, this paper proposes a novel Delegation Constraint Management model to manage and enforce delegation constraints across security domains. An algorithm to trace the authority of delegation constraints is introduced as well as an algorithm to form a delegation constraint set and detect/prevent potential conflicts. The algorithms and the management model are built upon a set of formal definitions of delegation constraints. In addition, a constraint profile based on XACML is proposed as a means to express the delegation constraint. The paper also includes a protocol to exchange delegation constraints (in the form of user commitments) between the involved entities in the delegation process.
Resumo:
Delegation, from the technical point of view, is widely considered as a potential approach in addressing the problem of providing dynamic access control decisions in activities with a high level of collaboration, either within a single security domain or across multiple security domains. Although delegation continues to attract significant attention from the research community, presently, there is no published work that presents a taxonomy of delegation concepts and models. This paper intends to address this gap by presenting a set of taxonomic criteria relevant to the concept of delegation and applies the taxonomy to a selection of significant delegation models published in the literature.
Resumo:
This paper introduces a model to facilitate delegation, including ad-hoc delegation, in cross security domain activities. Specifically, this paper proposes a novel delegation constraint management model to manage and track delegation constraints across security domains. An algorithm to trace the authority of delegation constraints is introduced as well as an algorithm to form a delegation constraint set and detect/prevent potential conflicts. The algorithms and the management model are built upon a set of formal definitions of delegation constraints.
Resumo:
Delegation, from a technical point of view, is widely considered as a potential approach in addressing the problem of providing dynamic access control decisions in activities with a high level of collaboration, either within a single security domain or across multiple security domains. Although delegation continues to attract significant attention from the research community, presently, there is no published work that presents a taxonomy of delegation concepts and models. This article intends to address this gap by presenting a set of taxonomic criteria relevant to the concept of delegation. This article also applies the taxonomy to a selection of significant delegation models published in the literature.
Resumo:
Delegation is a powerful mechanism to provide flexible and dynamic access control decisions. Delegation is particularly useful in federated environments where multiple systems, with their own security autonomy, are connected under one common federation. Although many delegation schemes have been studied, current models do not seriously take into account the issue of delegation commitment of the involved parties. In order to address this issue, this paper introduces a new mechanism to help parties involved in the delegation process to express commitment constraints, perform the commitments and track the committed actions. This mechanism looks at two different aspects: pre-delegation commitment and post-delegation commitment. In pre-delegation commitment, this mechanism enables the involved parties to express the delegation constraints and address those constraints. The post-delegation commitment phase enables those parties to inform the delegator and service providers how the commitments are conducted. This mechanism utilises a modified SAML assertion structure to support the proposed delegation and constraint approach.
Resumo:
It is not uncommon for enterprises today to be faced with the demand to integrate and incor- porate many different and possibly heterogeneous systems which are generally independently designed and developed, to allow seamless access. In effect, the integration of these systems results in one large whole system that must be able, at the same time, to maintain the local autonomy and to continue working as an independent entity. This problem has introduced a new distributed architecture called federated systems. The most challenging issue in federated systems is to find answers for the question of how to efficiently cooperate while preserving their autonomous characteristic, especially the security autonomy. This thesis intends to address this issue. The thesis reviews the evolution of the concept of federated systems and discusses the organisational characteristics as well as remaining security issues with the existing approaches. The thesis examines how delegation can be used as means to achieve better security, especially authorisation while maintaining autonomy for the participating member of the federation. A delegation taxonomy is proposed as one of the main contributions. The major contribution of this thesis is to study and design a mechanism to support dele- gation within and between multiple security domains with constraint management capability. A novel delegation framework is proposed including two modules: Delegation Constraint Man- agement module and Policy Management module. The first module is designed to effectively create, track and manage delegation constraints, especially for delegation processes which require re-delegation (indirect delegation). The first module employs two algorithms to trace the root authority of a delegation constraint chain and to prevent the potential conflict when creating a delegation constraint chain if necessary. The first module is designed for conflict prevention not conflict resolution. The second module is designed to support the first module via the policy comparison capability. The major function of this module is to provide the delegation framework the capability to compare policies and constraints (written under the format of a policy). The module is an extension of Lin et al.'s work on policy filtering and policy analysis. Throughout the thesis, some case studies are used as examples to illustrate the discussed concepts. These two modules are designed to capture one of the most important aspects of the delegation process: the relationships between the delegation transactions and the involved constraints, which are not very well addressed by the existing approaches. This contribution is significant because the relationships provide information to keep track and en- force the involved delegation constraints and, therefore, play a vital role in maintaining and enforcing security for transactions across multiple security domains.
Resumo:
We present a technique for delegating a short lattice basis that has the advantage of keeping the lattice dimension unchanged upon delegation. Building on this result, we construct two new hierarchical identity-based encryption (HIBE) schemes, with and without random oracles. The resulting systems are very different from earlier lattice-based HIBEs and in some cases result in shorter ciphertexts and private keys. We prove security from classic lattice hardness assumptions.
Resumo:
Shared eHealth records systems offer promising benefits for improving healthcare through high availability of information and improved decision making; however, their uptake has been hindered by concerns over the privacy of patient information. To address these privacy concerns while balancing the requirements of healthcare professionals to have access to the information they need to provide appropriate care, the use of an Information Accountability Framework (IAF) has been proposed. For the IAF and so called Accountable-eHealth systems to become a reality, the framework must provide for a diverse range of users and use cases. The initial IAF model did not provide for more diverse use cases including the need for certain users to delegate access to another user in the system to act on their behalf while maintaining accountability. In this paper, we define the requirements for delegation of access in the IAF, how such access policies would be represented in the Framework, and implement and validate an expanded IAF model.
Resumo:
The high degree of variability and inconsistency in cash flow study usage by property professionals demands improvement in knowledge and processes. Until recently limited research was being undertaken on the use of cash flow studies in property valuations but the growing acceptance of this approach for major investment valuations has resulted in renewed interest in this topic. Studies on valuation variations identify data accuracy, model consistency and bias as major concerns. In cash flow studies there are practical problems with the input data and the consistency of the models. This study will refer to the recent literature and identify the major factors in model inconsistency and data selection. A detailed case study will be used to examine the effects of changes in structure and inputs. The key variable inputs will be identified and proposals developed to improve the selection process for these key variables. The variables will be selected with the aid of sensitivity studies and alternative ways of quantifying the key variables explained. The paper recommends, with reservations, the use of probability profiles of the variables and the incorporation of this data in simulation exercises. The use of Monte Carlo simulation is demonstrated and the factors influencing the structure of the probability distributions of the key variables are outline. This study relates to ongoing research into functional performance of commercial property within an Australian Cooperative Research Centre.
Resumo:
The issue of whether improved building services such as air quality, provision of daylight, thermal comfort etc, have a positive impact on the health and productivity of building occupants is still an open question. There is significant anecdotal evidence supporting the notion that health and productivity of building occupants can be improved by improving the quality of the indoor environment, but there are actually few published quantitative studies to substantiate this contention. This paper reports on a comprehensive review of the worldwide literature which relates health of building occupants with the different aspects of the indoor environment which are believed to impact of these issues, with a particular focus on studies in Australia, The paper analyses the existing research and identifies the key deficiencies in our existing understanding of this problem. The key focus of this research is office and school buildings, but the scope of the literature surveyed includes all commercial buildings, including industrial buildings. There is a notable absence of detailed studies on this link in Australian buildings, although there are studies on thermal comfort, and a number of studies on indoor air quality in Australia, which do not make the connection to health and productivity. Many international studies have focused on improved lighting, and in particular the provision of daylight in buildings, but again there are few studies in Australia which focus in this area.
Resumo:
What role can climatically appropriate subdivision design play in decreasing the use of energy required to cool premises by maximising access to natural ventilation? How can this design be achieved? The subdivision design stage is critical to urban and suburban sustainability outcomes, as significant changes after development are constrained by the configuration of the subdivision, and then by the construction of the dwellings. Existing Australian lot rating methodologies for energy efficiency, such as that by the Sustainable Energy Development Authority (SEDA), focus on reducing heating needs by increasing solar access, a key need in Australia’s temperate zone. A recent CRC CI project, Sustainable Subdivisions: Energy (Miller and Ambrose 2005) examined these guidelines to see if they could be adapted for use in subtropical South East Queensland (SEQ). Correlating the lot ratings with dwelling ratings, the project found that the SEDA guidelines would need to be modified for use to make allowance for natural ventilation. In SEQ, solar access for heating is less important than access to natural ventilation, and there is a need to reduce energy used to cool dwellings. In Queensland, the incidence of residential air-conditioning was predicted to reach 50 per cent by the end of 2005 (Mickel 2004). The CRC-CI, Sustainable Subdivisions: Ventilation Project (CRC-CI, in progress), aims to verify and quantify the role natural ventilation has in cooling residences in subtropical climates and develop a lot rating methodology for SEQ. This paper reviews results from an industry workshop that explored the current attitudes and methodologies used by a range of professionals involved in subdivision design and development in SEQ. Analysis of the workshop reveals that a key challenge for sustainability is that land development in subtropical SEQ is commonly a separate process from house design and siting. Finally, the paper highlights some of the issues that regulators and industry face in adopting a lot rating methodology for subdivisions offering improved ventilation access, including continuing disagreement between professionals over the desirability of rating tools.
Resumo:
The following paper considers the question, where to office property? In doing so, it focuses, in the first instance, on identifying and describing a selection of key forces for change present within the contemporary operating environment in which office property functions. Given the increasingly complex, dynamic and multi-faceted character of this environment, the paper seeks to identify only the primary forces for change, within the context of the future of office property. These core drivers of change have, for the purposes of this discussion, been characterised as including a range of economic, demographic and socio-cultural factors, together with developments in information and communication technology. Having established this foundation, the paper proceeds to consider the manner in which these forces may, in the future, be manifested within the office property market. Comment is offered regarding the potential future implications of these forces for change together with their likely influence on the nature and management of the physical asset itself. Whilst no explicit time horizon has been envisioned in the preparation of this paper particular attention has been accorded short to medium term trends, that is, those likely to emerge in the office property marketplace over the coming two decades. Further, the paper considers the question posed, in respect of the future of office property, in the context of developed western nations. The degree of commonality seen in these mature markets is such that generalisations may more appropriately and robustly be applied. Whilst some of the comments offered with respect to the target market may find application in other arenas, it is beyond the scope of this paper to explicitly consider highly heterogeneous markets. Given also the wide scope of this paper key drivers for change and their likely implications for the commercial office property market are identified at a global level (within the above established parameters). Accordingly, the focus is necessarily such that it serves to reflect overarching directions at a universal level (with the effect being that direct applicability to individual markets - when viewed in isolation on a geographic or property type specific basis – may not be fitting in all instances)