832 resultados para role based access control
Resumo:
Access control (AC) is a necessary defense against a large variety of security attacks on the resources of distributed enterprise applications. However, to be effective, AC in some application domains has to be fine-grain, support the use of application-specific factors in authorization decisions, as well as consistently and reliably enforce organization-wide authorization policies across enterprise applications. Because the existing middleware technologies do not provide a complete solution, application developers resort to embedding AC functionality in application systems. This coupling of AC functionality with application logic causes significant problems including tremendously difficult, costly and error prone development, integration, and overall ownership of application software. The way AC for application systems is engineered needs to be changed. In this dissertation, we propose an architectural approach for engineering AC mechanisms to address the above problems. First, we develop a framework for implementing the role-based access control (RBAC) model using AC mechanisms provided by CORBA Security. For those application domains where the granularity of CORBA controls and the expressiveness of RBAC model suffice, our framework addresses the stated problem. In the second and main part of our approach, we propose an architecture for an authorization service, RAD, to address the problem of controlling access to distributed application resources, when the granularity and support for complex policies by middleware AC mechanisms are inadequate. Applying this architecture, we developed a CORBA-based application authorization service (CAAS). Using CAAS, we studied the main properties of the architecture and showed how they can be substantiated by employing CORBA and Java technologies. Our approach enables a wide-ranging solution for controlling the resources of distributed enterprise applications.
Resumo:
Private data stored on smartphones is a precious target for malware attacks. A constantly changing environment, e.g. switching network connections, can cause unpredictable threats, and require an adaptive approach to access control. Context-based access control is using dynamic environmental information, including it into access decisions. We propose an "ecosystem-in-an-ecosystem" which acts as a secure container for trusted software aiming at enterprise scenarios where users are allowed to use private devices. We have implemented a proof-of-concept prototype for an access control framework that processes changes to low-level sensors and semantically enriches them, adapting access control policies to the current context. This allows the user or the administrator to maintain fine-grained control over resource usage by compliant applications. Hence, resources local to the trusted container remain under control of the enterprise policy. Our results show that context-based access control can be done on smartphones without major performance impact.
Resumo:
Collaborative sharing of information is becoming much more needed technique to achieve complex goals in today's fast-paced tech-dominant world. Personal Health Record (PHR) system has become a popular research area for sharing patients informa- tion very quickly among health professionals. PHR systems store and process sensitive information, which should have proper security mechanisms to protect patients' private data. Thus, access control mechanisms of the PHR should be well-defined. Secondly, PHRs should be stored in encrypted form. Cryptographic schemes offering a more suitable solution for enforcing access policies based on user attributes are needed for this purpose. Attribute-based encryption can resolve these problems, we propose a patient-centric framework that protects PHRs against untrusted service providers and malicious users. In this framework, we have used Ciphertext Policy Attribute Based Encryption scheme as an efficient cryptographic technique, enhancing security and privacy of the system, as well as enabling access revocation. Patients can encrypt their PHRs and store them on untrusted storage servers. They also maintain full control over access to their PHR data by assigning attribute-based access control to selected data users, and revoking unauthorized users instantly. In order to evaluate our system, we implemented CP-ABE library and web services as part of our framework. We also developed an android application based on the framework that allows users to register into the system, encrypt their PHR data and upload to the server, and at the same time authorized users can download PHR data and decrypt it. Finally, we present experimental results and performance analysis. It shows that the deployment of the proposed system would be practical and can be applied into practice.
Resumo:
Health Information Systems (HIS) make extensive use of Information and Communication Technologies (ICT). The use of ICT aids in improving the quality and efficiency of healthcare services by making healthcare information available at the point of care (Goldstein, Groen, Ponkshe, and Wine, 2007). The increasing availability of healthcare data presents security and privacy issues which have not yet been fully addressed (Liu, Caelli, May, and Croll, 2008a). Healthcare organisations have to comply with the security and privacy requirements stated in laws, regulations and ethical standards, while managing healthcare information. Protecting the security and privacy of healthcare information is a very complex task (Liu, May, Caelli and Croll, 2008b). In order to simplify the complexity of providing security and privacy in HIS, appropriate information security services and mechanisms have to be implemented. Solutions at the application layer have already been implemented in HIS such as those existing in healthcare web services (Weaver et al., 2003). In addition, Discretionary Access Control (DAC) is the most commonly implemented access control model to restrict access to resources at the OS layer (Liu, Caelli, May, Croll and Henricksen, 2007a). Nevertheless, the combination of application security mechanisms and DAC at the OS layer has been stated to be insufficient in satisfying security requirements in computer systems (Loscocco et al., 1998). This thesis investigates the feasibility of implementing Security Enhanced Linux (SELinux) to enforce a Role-Based Access Control (RBAC) policy to help protect resources at the Operating System (OS) layer. SELinux provides Mandatory Access Control (MAC) mechanisms at the OS layer. These mechanisms can contain the damage from compromised applications and restrict access to resources according to the security policy implemented. The main contribution of this research is to provide a modern framework to implement and manage SELinux in HIS. The proposed framework introduces SELinux Profiles to restrict access permissions over the system resources to authorised users. The feasibility of using SELinux profiles in HIS was demonstrated through the creation of a prototype, which was submitted to various attack scenarios. The prototype was also subjected to testing during emergency scenarios, where changes to the security policies had to be made on the spot. Attack scenarios were based on vulnerabilities common at the application layer. SELinux demonstrated that it could effectively contain attacks at the application layer and provide adequate flexibility during emergency situations. However, even with the use of current tools, the development of SELinux policies can be very complex. Further research has to be made in order to simplify the management of SELinux policies and access permissions. In addition, SELinux related technologies, such as the Policy Management Server by Tresys Technologies, need to be researched in order to provide solutions at different layers of protection.
Resumo:
XACML has become the defacto standard for enterprise- wide, policy-based access control. It is a structured, extensible language that can express and enforce complex access control policies. There have been several efforts to extend XACML to support specific authorisation models, such as the OASIS RBAC profile to support Role Based Access Control. A number of proposals for authorisation models that support business processes and workflow systems have also appeared in the literature. However, there is no published work describing an extension to allow XACML to be used as a policy language with these models. This paper analyses the specific requirements of a policy language to express and enforce business process authorisation policies. It then introduces BP-XACML, a new profile that extends the RBAC profile for XACML so it can support business process authorisation policies. In particular, BP-XACML supports the notion of tasks, and constraints at the level of a task instance, which are important requirements in enforcing business process authorisation policies.
Resumo:
基于角色的管理模型被用于管理大型RBAC(role-based access control)系统的授权关系,UARBAC具有可扩展、细粒度等优点.UARBAC的管理操作包含隐式授权.隐式授权分析说明UARBAC管理操作的两类缺陷,包括两个定义缺陷,即无法创建客体和虚悬引用,以及一个实施缺陷,即不支持最小授权.通过修改管理操作更正定义缺陷,提出实施缺陷的改进方案.定义实施最小授权的最小角色匹配问题,证明该问题是NP难,并给出基于贪心算法的可行方案,帮助管理员选择合适的管理操作将最小角色集合授予用户.
Resumo:
研究了传统RBAC(基于角色的访问控制)的4个层次模型,分析了在企业规模不断扩大背景下传统RBAC的不足,并借鉴DTE模型域和型的思想,提出了通过引入主体和客体的属性(区域)参数以及虚拟权限的解决方法,极大地减少了角色的规模,降低了角色管理的复杂性,为进一步解决角色冲突等问题奠定了基础。
Resumo:
本文通过扩展权限的定义:给权限增加一个标示位来区别主体、访问的客体属于相同域和属于不同域时的权限,这样解决了采用对等角色时授予给非本域主体过大权限的问题。同时主体在访问非本域的客体时可以申请临时角色,这样避免了仅仅采用对等角色去访问非本域客体的简单化,更有利于最小权限的实现。通过这两点的改进。使基于角色的访问控制模型更加适合分布式访问控制的特点。[著者文摘]
Resumo:
文中对基于角色访问控制(role-based access control, RBAC)研究中的两大热点——模型的建立和实现进行了较深入的研究,提出了一种新的RBAC模型——NRBAC模型.这一模型除具有全面性外,比之已有的RBAC96 模型还具有接近现实世界和形式统一的优点.针对NRBAC模型的实现,文中又提出了一种新的RBAC实现机制——基于时间戳和素数因子分解的二进制双钥-锁对( TPB-2-KLP)访问控制方案.它不仅能很好地克服已有RBAC实现机制存在的缺点,还兼备了对锁向量修改次数少和发生溢出可能性小的优点.
Resumo:
Generally, smart campus applications do not consider the role of the user with his/her position in a university environment, consequently irrelevant information is delivered to the users. This dissertation proposes a location-based access control model, named Smart-RBAC, extending the functionality of Role-based Access Control Model (RBAC) by including user’s location as the contextual attribute, to solve the aforementioned problem. Smart-RBAC model is designed with a focus on content delivery to the user in order to offer a feasible level of flexibility, which was missing in the existing location-based access control models. An instance of the model, derived from Liferay’s RBAC, is implemented by creating a portal application to test and validate the Smart-RBAC model. Additionally, portlet-based applications are developed to assess the suitability of the model in a smart campus environment. The evaluation of the model, based on a popular theoretical framework, demonstrates the model’s capability to achieve some security goals like “Dynamic Separation of Duty” and “Accountability”. We believe that the Smart-RBAC model will improve the existing smart campus applications since it utilizes both, role and location of the user, to deliver content.
Resumo:
Rollbaserad åtkomstkontroll är en standardiserad och väl etablerad modell för att hantera åtkomsträttigheter i informationssystem. Den vedertagna ANSI-standarden 359-2004 saknar dock stöd för att geografiskt avgränsa rollbehörigheter. Informationssystem som behandlar geografiska data och de senaste årens ökade spridning av mobila enheter påkallar ett behov av att sådana rumsliga aspekter diskuteras inom kontexten av rollbaserad åtkomstkontroll. Arbetet syftar till att bringa klarhet i hur det befintliga kunskapstillståndet inom ämnesområdet rollbaserad åtkomst kontroll med geografisk avgränsning ser ut, och vilka aspekter hos detta som står i behov av vidare utveckling. Genom de teoretiska referensramar som skapats vid inledande litteraturstudier har en efterföljande systematisk litteraturgenomgång möjliggjorts, där vetenskapligt material selekterats genom fördefinierade urvalskriterier. Sammanställningen och analysen av den systematiska litteraturgenomgångens resultat har i samverkan med de teoretiska referensramarna lett fram till arbetets huvudsakliga kunskapsbidrag: en områdesöversikt där ämnets state-of-the-art presenteras och en strukturerad lista över angelägna forsknings- och utvecklingsbehov inom området.
Resumo:
L'obiettivo della tesi è la creazione di un'infrastruttura di tipo RBAC (Role Based Access Control), adibita al controllo degli accessi all'interno del linguaggio di coordinazione TuCSoN. Il punto di partenza si basa sull'analisi del lavoro sviluppato dall'Ing. Galassi: "Modello di sicurezza e controllo di accesso in una infrastruttura di coordinazione: architettura e implementazione". Usando questa come base teorica di partenza, si sono estrapolati i concetti chiave e si è data vita ad un'implementazione funzionante e di semplice utilizzo di RBAC in TuCSoN.
Resumo:
File system security is fundamental to the security of UNIX and Linux systems since in these systems almost everything is in the form of a file. To protect the system files and other sensitive user files from unauthorized accesses, certain security schemes are chosen and used by different organizations in their computer systems. A file system security model provides a formal description of a protection system. Each security model is associated with specified security policies which focus on one or more of the security principles: confidentiality, integrity and availability. The security policy is not only about “who” can access an object, but also about “how” a subject can access an object. To enforce the security policies, each access request is checked against the specified policies to decide whether it is allowed or rejected. The current protection schemes in UNIX/Linux systems focus on the access control. Besides the basic access control scheme of the system itself, which includes permission bits, setuid and seteuid mechanism and the root, there are other protection models, such as Capabilities, Domain Type Enforcement (DTE) and Role-Based Access Control (RBAC), supported and used in certain organizations. These models protect the confidentiality of the data directly. The integrity of the data is protected indirectly by only allowing trusted users to operate on the objects. The access control decisions of these models depend on either the identity of the user or the attributes of the process the user can execute, and the attributes of the objects. Adoption of these sophisticated models has been slow; this is likely due to the enormous complexity of specifying controls over a large file system and the need for system administrators to learn a new paradigm for file protection. We propose a new security model: file system firewall. It is an adoption of the familiar network firewall protection model, used to control the data that flows between networked computers, toward file system protection. This model can support decisions of access control based on any system generated attributes about the access requests, e.g., time of day. The access control decisions are not on one entity, such as the account in traditional discretionary access control or the domain name in DTE. In file system firewall, the access decisions are made upon situations on multiple entities. A situation is programmable with predicates on the attributes of subject, object and the system. File system firewall specifies the appropriate actions on these situations. We implemented the prototype of file system firewall on SUSE Linux. Preliminary results of performance tests on the prototype indicate that the runtime overhead is acceptable. We compared file system firewall with TE in SELinux to show that firewall model can accommodate many other access control models. Finally, we show the ease of use of firewall model. When firewall system is restricted to specified part of the system, all the other resources are not affected. This enables a relatively smooth adoption. This fact and that it is a familiar model to system administrators will facilitate adoption and correct use. The user study we conducted on traditional UNIX access control, SELinux and file system firewall confirmed that. The beginner users found it easier to use and faster to learn then traditional UNIX access control scheme and SELinux.
