l-ucon: towards layered access control with ucon

IEEE; IEEE Computer Society; IEEE Technical Committee on Scalable Computing (TCSC)

a state-adaptive access control model for web-based idrs system

Huazhong Univ Sci & Technol, Natl Tech Univ Ukraine, Huazhong Normal Univ, Harbin Inst Technol, IEEE Ukraine Sect, I& M/CI Joint Chapter

Using Graphs to Visualise and Detect Anomalies in Access Control System Transactions

Physical Access Control Systems are commonly used to secure doors in buildings such as airports, hospitals, government buildings and offices. These systems are designed primarily to provide an authentication mechanism, but they also log each door access as a transaction in a database. Unsupervised learning techniques can be used to detect inconsistencies or anomalies in the mobility data, such as a cloned or forged Access Badge, or unusual behaviour by staff members. In this paper, we present an overview of our method of inferring directed graphs to represent a physical building network and the flows of mobility within it. We demonstrate how the graphs can be used for Visual Data Exploration, and outline how to apply algorithms based on Information Theory to the graph data in order to detect inconsistent or abnormal behaviour.

Event-driven implicit authentication for mobile access control

In order to protect user privacy on mobile devices, an event-driven implicit authentication scheme is proposed in this paper. Several methods of utilizing the scheme for recognizing legitimate user behavior are investigated. The investigated methods compute an aggregate score and a threshold in real-time to determine the trust level of the current user using real data derived from user interaction with the device. The proposed scheme is designed to: operate completely in the background, require minimal training period, enable high user recognition rate for implicit authentication, and prompt detection of abnormal activity that can be used to trigger explicitly authenticated access control. In this paper, we investigate threshold computation through standard deviation and EWMA (exponentially weighted moving average) based algorithms. The result of extensive experiments on user data collected over a period of several weeks from an Android phone indicates that our proposed approach is feasible and effective for lightweight real-time implicit authentication on mobile smartphones.

DACA: architecture to implement dynamic access control mechanisms on business tier components

Access control is a software engineering challenge in database applications. Currently, there is no satisfactory solution to dynamically implement evolving fine-grained access control mechanisms (FGACM) on business tiers of relational database applications. To tackle this access control gap, we propose an architecture, herein referred to as Dynamic Access Control Architecture (DACA). DACA allows FGACM to be dynamically built and updated at runtime in accordance with the established fine-grained access control policies (FGACP). DACA explores and makes use of Call Level Interfaces (CLI) features to implement FGACM on business tiers. Among the features, we emphasize their performance and their multiple access modes to data residing on relational databases. The different access modes of CLI are wrapped by typed objects driven by FGACM, which are built and updated at runtime. Programmers prescind of traditional access modes of CLI and start using the ones dynamically implemented and updated. DACA comprises three main components: Policy Server (repository of metadata for FGACM), Dynamic Access Control Component (DACC) (business tier component responsible for implementing FGACM) and Policy Manager (broker between DACC and Policy Server). Unlike current approaches, DACA is not dependent on any particular access control model or on any access control policy, this way promoting its applicability to a wide range of different situations. In order to validate DACA, a solution based on Java, Java Database Connectivity (JDBC) and SQL Server was devised and implemented. Two evaluations were carried out. The first one evaluates DACA capability to implement and update FGACM dynamically, at runtime, and, the second one assesses DACA performance against a standard use of JDBC without any FGACM. The collected results show that DACA is an effective approach for implementing evolving FGACM on business tiers based on Call Level Interfaces, in this case JDBC.

Managing sales people strategically when promoting new products: Incorporating market orientation into a sales management control framework

Salespeople play a pivotal role in promoting new products. Therefore, managers need to know what control mechanism (i.e., output-based control, behavior-based control, or knowledge-based control) can improve their salespeople's new product sales performance. Furthermore, managers may be able to assist salespeople in performing better by having a strong market orientation. The literature has been inconsistent regarding the effects of sales management control mechanisms and has not yet incorporated market orientation into a sales management control framework. The current study surveyed 315 Taiwanese salespeople from publicly traded electronics companies with the aim of contributing to the sales management literature. The results show that sales management controls can directly affect salespeople's innovativeness, which, in turn, affects new product sales performance. However, sales management controls cannot affect performance directly. Furthermore, market orientation can positively moderate the relationship between salespeople's innovativeness and new product sales performance.