To see the other types of publications on this topic, follow the link: Authorizations.
Dissertations / Theses on the topic 'Authorizations'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 dissertations / theses for your research on the topic 'Authorizations.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
Lui, W. C., and 雷永祥. "Flexible authorizations in workflow management systems." Thesis, The University of Hong Kong (Pokfulam, Hong Kong), 2002. http://hub.hku.hk/bib/B42577135.
Full text
2
Lui, W. C. "Flexible authorizations in workflow management systems." Click to view the E-thesis via HKUTO, 2002. http://sunzi.lib.hku.hk/hkuto/record/B42577135.
Full text
3
Firman, Fikri. "Outdoor Small Cell Deployment with Complementary Spectrum Authorizations, Licensed (LSA) and Unlicensed (LAA) : Techno-Economic Analysis." Thesis, KTH, Skolan för informations- och kommunikationsteknik (ICT), 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-207140.
Full textAbstract:
The significant increase in mobile data traffc has put a considerable load on the wireless mobile networks. In the current highly competitive market, Mobile Network Operators (MNOs) have to strive to provide additional capacityof their network, by also considering the cost factor to make their business sustainable. Along with advances in spectrum-efficient technologies, small cells deployment have provided cost-efficient methods to provide additional capacity for indoor and outdoor subscribers. The gain of better spectrum utilization and opportunistic spectrum access have motivated the deployment of wireless networks utilizing below 6GHz spectrum, where there are opportunities for mobile networks to access the spectrum by co-existing with incumbent users and technologies. Two emerging complementary spectrum authorizations have attracted industry and academia, Licensed Shared Access (LSA) and License Assisted Access(LAA). In this thesis, the techno-economic aspects of operating under individual authorization (LSA) and general authorization (LAA) regimes are investigated and compared. The dynamics of operating under unlicensed spectrum are represented considering the scenario of two MNOs co-existing following the regulatory requirements. The results show that choosing the appropriate channel selection mechanism is of high importance when operating under the unlicensed regime (LAA). The results indicate that LAA can be an alternative for cost-efficient deployment method in some scenarios, for example when there is a low or moderate availability of LSA bandwidth. For the future work, we suggest an optimized user association to the small cells to provide a better load balancing mechanism.<br>Den avsevärda ökningen av den mobila datatrafiken har skapat stor belastning på de trådlösa mobilnäten. I den nuvarande mycket konkurrensutsatta marknaden, måste mobiloperatörerna (MNO) sträva efter att skapa ytterligare kapacitet i deras nätverk, samtidigt som de måste tänka på kostnadsfaktorerför att göra sin verksamhet hållbar. Tillsammans med framsteginom spektrumeffektiv teknik och driftsättning av små basstationer, ha rman fått fram kostnadseffektiva metoder för att öka kapaciteten för inom- och utomhusanvändare. Fördelen av bättre spektrumanvändning för frekvenser under 6 GHz och opportunistiska tillgång av spektrum, har motiverat utbyggnaden av trådlösanätverk. Detta möjliggör för mobila nätverk att använda spektrumet genom att samexistera med etablerade användare och tekniker. Två nya kompletterande spektrumtillstånd har lockat industrin och den akademiska världen, Licensed Shared Access (LSA) och License Assisted Access (LAA). I denna avhandling, har de tekno-ekonomiska aspekterna av LSA och LAA regimer undersökts och jämförts. Dynamiken av drift i olicensierat spektrum representeras i scenariot av två mobilnätsoperatörer samexisterar och följer lagkraven. Resultaten indikerar att valet av lämplig mekanism t.ex. val av rätt kanal är av stor betydelse vid användning av olicensierad regim (LAA). Resultatentyder på att LAA kan vara ett alternativ för kostnadseffektiv distributionsmetod i vissa scenarier, till exempel när det finns en låg eller måttlig tillgång på LSA bandbredd. För det framtida arbetet, föreslår vi en optimerad användarassociation till de små cellerna för att ge en bättre lastbalansering mekanism.
4
Ruan, Chun, University of Western Sydney, of Science Technology and Environment College, and School of Computing and Information Technology. "Models for authorization and conflict resolution." THESIS_CSTE_CIT_Ruan_C.xml, 2003. http://handle.uws.edu.au:8081/1959.7/546.
Full textAbstract:
Access control is a significant issue in any secure computer system. Authorization models provide a formalism and framework for specifying and evaluating access control policies that determine how access is granted and delegated among particular users. The aim of this dissertation is to investigate flexible decentralized authorization model supporting authorization delegation, both positive and negative authorization, and conflict resolution. A graph based authorization framework is proposed which can support authorization delegations and both positive and negative authorizations. In particular, it is shown that the existing conflict resolution methods are limited when applied to decentralized authorization models and cyclic authorizations can even lead to undesirable situations. A new conflict resolution policy is then proposed, which can support well controlled delegation by giving predecessors higher priorities along the delegation path. The thesis provides a formal description of the proposed model and detailed descriptions of algorithms to implement it. The model is represented using labelled digraphs, which provide a formal basis for proving the semantic correctness of the model. A weighted graph based model is presented which allows grantors to further express degrees of certainties about their granting of authorizations. The work is further extended to consider more complex domains where subjects, objects and access rights are hierarchically structured and authorization inheritance along the hierarchies taken into account. A precise semantics is given which is based on stable model semantics, and, several important properties of delegatable authorization programs investigated. The framework provides users a reasonable method to express complex security policy. To address the many situations in which users may need to be granted or delegated authorizations for a limited period of time, a temporal decentralized authorization model is proposed in which temporal authorization delegations and negations are allowable. Proper semantic properties are further investigated. Finally, as an application, the thesis shows how the proposed authorization model can be used in a e-consent system on health data. A system architecture for e-consent is presented and different types of e-consent models discussed. The proposed model is shown to provide users a good framework for representing and evaluating these models.<br>Doctor of Philosphy (PhD)
5
Pachas, Pérez Diego. "Mining Exploration in Peru: A Brief Scope on the Main Authorizations for the Development of an Exploration Project in Peru." Derecho & Sociedad, 2015. http://repositorio.pucp.edu.pe/index/handle/123456789/118585.
Full textAbstract:
The purpose of the author in this article is to outline the main licenses regarding mineral exploration and publicize the usual paperwork and contingencies obtaining these permits.It also presents alternatives to traditional procedures, which are more useful in practice to expedite to start of mining exploration activities in Peru.<br>El fin del autor en este artículo es hacer un esbozo de los principales títulos habilitantes para lo referente a la exploración minera, así como dar a conocer los trámites y usuales contingencias que acarrean la obtención de estos permisos. Asimismo, se presentanalternativas a las tradicionales autorizaciones, que son más útiles en la práctica para agilizarel comienzo de actividades de exploración minera en el Perú.
6
Crampton, Jason Alexis Valentine. "Authorization and antichains." Thesis, Birkbeck (University of London), 2002. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.271717.
Full text
7
Humenn, Polar. "The authorization calculus." Related electronic resource: Current Research at SU : database of SU dissertations, recent titles available, full text:, 2008. http://wwwlib.umi.com/cr/syr/main.
Full text
8
Kini, Pranab. "Towards improving the performance of enterprise authorization systems using speculative authorization." Thesis, University of British Columbia, 2010. http://hdl.handle.net/2429/29561.
Full textAbstract:
With the emergence of tighter corporate policies and government regulations, access control has become an integral part of business requirements in enterprises. The authorization process in enterprise systems follow the request-response model, where a policy enforcement point intercepts application requests, obtains authorization decisions from a remote policy decision point, and enforces those decisions. The two advantages of this model are (1) the separation between the application and authorization logic (2) reduction of authorization policy administration. However, the authorization process adds to the already existing latency for accessing resources, affecting enterprises negatively in terms of responsiveness of their systems. This dissertation presents an approach to reduce latency introduced by the authorization process.
We present Speculative Authorization (SPAN), a prediction technique to address the problem of latency in enterprise authorization systems. SPAN predicts the possible future requests that could be made by a client, based on the present and past behavior of the client. Authorization decisions to the predicted requests are fetched even before the requests are made by the client, thus reducing the latency. SPAN is designed using a clustering technique that combines information about requests made by different clients in order to make predictions for a particular client. We present our results in terms of hit rate and precision, and demonstrate that SPAN improves the performance of authorization infrastructures. We also calculate the additional load incurred by the system to compute responses to the predicted requests, and provide measures to reduce the unnecessary load.
Caching is a simple and inexpensive technique, popularly used to improve the latency of enterprise authorization systems. On the other hand, we have not seen any implementation of techniques like SPAN to reduce latency. To demonstrate the effectiveness of such techniques, we implement caching and SPAN in the same system, and show that combining the two techniques can further improve the performance of access control systems.
9
Cabarkapa, Dragan. "Authorization Architecture for SWoT." Thesis, KTH, Radio Systems Laboratory (RS Lab), 2013. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-134639.
Full textAbstract:
Social Web of Things (SWoT) is a user centric framework which facilitates interaction between software agents deployed on smart things and in the cloud. Software agents deployed on smart things are remotely accessible, host sensitive resources, and often represent high value targets. SWoT currently does not feature adequate security mechanisms which could protect software agents from unauthorized access. In this thesis, we aim to rectify this deficiency by introducing platform independent, exible, and user centric authorization mechanism inSWoT. We derive requirements and design of abstract authorization architecture from the preceding seminal work performed in SENSEI project. SENSEI and SWoT share same problem domain, but while SENSEI addresses enterprise use cases SWoT focusses on consumer use cases. This single but fundamental difference motivates adaptations of SENSEI contributions for application in SWoT. To realize concrete authorization architecture we perform extensive study of various authorization solutions. Results of our study indicate that novel User Managed Access (UMA) protocol represents promising solution for SWoT. We present the Authorization as a Service solution for SWoT framework, based on UMA protocol. This solution enables users to manage and control communication between software agents deployed on smart things and in the cloud from single centralized location. It also features runtime association of software agents, management, evaluation, and enforcement of access permissions for resources provided by software agents.<br>"Social Web of Things" (SWOT) är en användarcentrerad ram som underlättar samverkan mellan agenter som körs på smarta saker och i molnet. Agenter som körs på smarta saker är fjärråtkomst, värd känsliga resurser, och ofta utgör högt värde mål. För närvarande SWOT ramverket omfattar inte lämpliga säkerhetsmekanismer som skulle kunna skydda dessa agenter från obehörig åtkomst. I denna uppsats vill vi rätta till detta brist genom att införa plattformsoberoende, flexibel och användarvänlig centrerad auktorisation mekanism i SWOT ramen. Vi härleda krav och design av abstrakt tillstånd arkitektur från föregående sädes-arbete som utförs i ett SENSEI projektet. SENSEI och SWOT delar samma problem domän, men samtidigt SENSEI behandlar ärenden företagsbruk SWOT fokuserar på konsumenten användningsfall. Denna singel men grundläggande skillnaden motiverar anpassningar av SENSEI avgifter för ansökan i SWOT. Till realisera konkreta tillstånd arkitektur vi utför ett omfattande studie av olika lösningar för tillstånd. Resultat av vår studie tyder på att en ny användarhanterad tillgång (UMA) Protokollet utgör lovande lösning för SWOT. Vi presenterar tillståndet som en service lösning för SWOT ramverk, baserat på UMA-protokollet. Denna lösning gör det möjligt för användare att hantera och kontrollera kommunikationen mellan agenter utplacerade på smarta saker och i molnet från enstaka centraliserad plats. Dessutom gör vår lösning dynamisk sammanslutning av agenter, ledning, utvärdering och tillsyn av tillträde behörigheter för resurser som tillhandahålls av agenter.
10
Björkenvall, Anton. "Authorization Tool for Usersand Media Archives in WordPress : A Role Based Authorization Plugin." Thesis, Uppsala universitet, Institutionen för informationsteknologi, 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:uu:diva-371460.
Full textAbstract:
Access control is the central element of computer security and its principal objectives are to implement secure authentication and authorization in a system. Authentication is the verification that the credentials of a user are valid and authorization is the granting of permissions to a user to access system resources. This thesis describes the design and implementation of an authorization plugin, calledFile Authorization Manager, for WordPress built upon an already existing authentication plugin, called privateContent. Due to various factors mentioned in the thesis the implementation of said authorization plugin is, in its current state, not feature complete and therefore not working as intended. Due to these factors this thesis not only describes the design and implementation of an authorization plugin, but also the intricacies with developing plugins that alter the core functions of WordPress.
11
Odyurt, Uraz. "Evaluation of Single Sign-On Frameworks, as a Flexible Authorization Solution : OAuth 2.0 Authorization Framework." Thesis, Linnéuniversitetet, Institutionen för datavetenskap (DV), 2014. http://urn.kb.se/resolve?urn=urn:nbn:se:lnu:diva-37097.
Full textAbstract:
This work introduces the available authorization frameworks for the purpose of Single Sign-On functionality within an enterprise, along with the fundamental technicalities. The focus of the work is on SAML 2.0 and OAuth 2.0 frame- works. Following the details related to available protocol flows, supported client profiles and security considerations, the two frameworks are compared in accordance with a set of factors given in a criteria. The report discusses the possibilities provided by a Microsoft Windows based infrastructure, as well as different scenarios and their feasibility in an enterprise environment. The preferred framework, OAuth 2.0, is selected according to the given criteria and the comparative discussions.
12
Taskazan, Feyza. "Use Of Pki For Process Authorization." Master's thesis, METU, 2004. http://etd.lib.metu.edu.tr/upload/2/1219203/index.pdf.
Full textAbstract:
Enterprises require an information security solution that provides privacy, integrity, authentication and access controls for processes. License management systems are developed to be a solution for process authorization in different platforms. However, security threats on processes cannot be controlled with existing license management mechanisms. The need is a complete system that is independent from implementation, platform, and application. In this thesis, we design a complete system for process authorization based on Public Key Infrastructure (PKI) technology.
13
Lin, Wenjie. "Secure Multi-party Authorization in Clouds." The Ohio State University, 2015. http://rave.ohiolink.edu/etdc/view?acc_num=osu1429041745.
Full text
14
James, Malcolm. "The authorization and glorification of plunder." Thesis, Cardiff Metropolitan University, 2015. http://hdl.handle.net/10369/7570.
Full textAbstract:
Research in taxation often treats it as a branch of law or economics, but in this thesis I argue that this obscures the fact that tax systems are not based on scientific, techno-rational principles, but are socially constructed phenomena, embodying fundamental, value-based decisions imbricated in power relationships. I demonstrate that throughout history tax systems have reflected the prevailing state form and the dominant power relationships underpinning them and that we are currently living in a neoliberal state, in which societal relations are determined by economic principles. I therefore argue that the UK tax system tends to be utilized to encourage individuals to engage in economic, entrepreneurial activity and are presented as being governed by techno-rational, economic principles, but are, in fact, a rationalizing discourse for the transfer of power from labour to capital and from poorer to wealthier taxpayers. This transformation is underpinned by the exercise of power, but in a neoliberal state power operates in a covert, capillary fashion through assemblages and the construction of knowledge, rather than in an overt, hierarchical fashion. I demonstrate how the contemporary debates relating to tax simplification and the use of general principles rather than detailed rules in tax legislation have been, or might be, used to further entrench neoliberal values in the tax system, but that the failure to achieve significant simplification due to its open and transparent nature demonstrates the limits of power and the more opaque nature of general principles might have more potential for achieving this. However, no power can be absolute and I argue that the increased public interest in and awareness of taxation since 2010, which led to the emergence of UK Uncut, demonstrates that there is always the potential for resistance to a hegemonic discourse, which may lead to the emergence of alternative discourses.
15
Lui, W. C. "Security models for authorization, delegation and accountability." Click to view the E-thesis via HKUTO, 2005. http://sunzi.lib.hku.hk/hkuto/record/B32053745.
Full text
16
Hakobyan, Davit. "Authentication and Authorization Systems in Cloud Environments." Thesis, KTH, Skolan för informations- och kommunikationsteknik (ICT), 2012. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-102870.
Full textAbstract:
The emergence of cloud computing paradigm offers attractive and innovative computing services through resource pooling and virtualization techniques. Cloud providers deliver various types of computing services to customers according to a pay-per-use economic model. However, this technology shift introduces a new concern for enterprises and businesses regarding their privacy and security. Security as a Service is a new cloud service model for the security enhancement of a cloud environment. This is a way of centralizing security solutions under the control of professional security specialists. Identity and access control services are one of the areas of cloud security services, and sometimes, are presented under the term Identity as a Service. This master thesis research is focused on identity-security solutions for cloud environments. More specifically, architecture of a cloud security system is designed and proposed for providing two identity services for cloud-based systems: authentication and authorization. The main contribution of this research is to design these services using service-oriented architectural approach, which will enable cloud-based application service providers to manage their online businesses in an open, flexible, interoperable and secure environment. First, the architecture of the proposed services is described. Through this architecture all system entities that are necessary for managing and providing those identity services are defined. Then, the design and specification of each service is described and explained. These services are based on existing and standardized security mechanisms and frameworks. As a demonstration, a prototype system of an authorization service is implemented and tested based on the designed authorization solution. The implementation is done using Web Service technology respective to the service-oriented design approach. It is shown that both services are at least computationally secure against potential security risks associated with replay attacks, message information disclosure, message tampering, repudiation and impersonation. The designed security system ensures a secure and reliable environment for cloud-based application services which is very easy to deploy and exploit on cloud-based platforms.
17
Lui, W. C., and 雷永祥. "Security models for authorization, delegation and accountability." Thesis, The University of Hong Kong (Pokfulam, Hong Kong), 2005. http://hub.hku.hk/bib/B32053745.
Full text
18
李妙轉. "論行政授權 =Administrative authorization". Thesis, University of Macau, 2016. http://umaclib3.umac.mo/record=b3534548.
Full text
19
Siebach, Jacob Aaron Jess. "The Abacus: A New Approach to Authorization." BYU ScholarsArchive, 2021. https://scholarsarchive.byu.edu/etd/9221.
Full textAbstract:
The purpose of this thesis is to investigate the implementation of digital authorization for computer systems, specifically how to implement an efficient and secure authorization engine that uses policies and attributes to calculate authorization. The architecture for the authorization engine is discussed, the efficiency of the engine is characterized by various tests, and the security model is reviewed against other presently existing models. The resulting efforts showed an increase in efficiency of almost two orders of magnitude, along with a reduction in the amount of processing power required to run the engine. The main focus of the work is how to provide precise, performant authorization using policies and attributes in a way that does not require the authorization engine to break domain boundaries by directly accessing data stores. Specifically, by pushing attributes from source domains into the authorization service, domains do not require the authorization service to have access to the data stores of the domain, nor is the authorization service required to have credentials to access data via APIs. This model also allows for a significant reduction in data motion as attributes need only be sent over the network once (when the attribute changes) as opposed to every time that the engine needs the attribute or every time that an attribute cache needs to be refreshed, resulting in a more secure way to store attributes for authorization purposes.
20
Calzavara, Stefano <1985>. "Static verification and enforcement of authorization policies." Doctoral thesis, Università Ca' Foscari Venezia, 2013. http://hdl.handle.net/10579/3044.
Full textAbstract:
La tesi affronta il problema della verifica e dell'imposizione di politiche di autorizzazione tramite tecniche di analisi statica. I contributi principali sono tre: una semantica formale per grsecurity, che permette di validare in modo efficiente una serie di proprietà di sicurezza desiderabili per una gestione degli accessi basata su ruoli; un'estensione di RCF basata su logica affine per garantire il rispetto di espressive politiche di autorizzazione relative all'utilizzo di risorse; una metodologia di verifica per applicazioni Android atta a garantire una forma di controllo degli accessi protetta da acquisizione indebita di privilegi. Tutte le tecniche proposte sono dimostrate corrette e sono discusse le problematiche relative alla loro implementazione pratica.<br>The thesis addresses the problem of the verification and enforcement of authorization policies through static analysis techniques. The main contributions are threefold: a formal semantics for grsecurity, which allows us to effectively validate a number of desirable security properties for role-based access control systems; an extension of RCF based on affine logic, to guarantee the enforcement of expressive authorization policies predicating on resource usage bounds; a verification methodology for Android applications, targeted to the enforcement of an access control policy robust against privilege escalation attacks. All the proposed techniques are proved sound and the issues related to their practical implementation are discussed.
21
De, Young Paul. "Effect of Medicaid prior authorization on drug utilization." CONNECT TO ELECTRONIC THESIS, 2007. http://dspace.wrlc.org/handle/1961/4249.
Full text
22
Witt, Lucas D. "A formal approach toward authenticated authorization without identification." [Ames, Iowa : Iowa State University], 2008.
Find full text
23
Chaudhary, Nadeem. "Optimizing performance of workflow executions under authorization control." Thesis, University of Warwick, 2013. http://wrap.warwick.ac.uk/59642/.
Full textAbstract:
“Business processes or workflows are often used to model enterprise or scientific applications. It has received considerable attention to automate workflow executions on computing resources. However, many workflow scenarios still involve human activities and consist of a mixture of human tasks and computing tasks. Human involvement introduces security and authorization concerns, requiring restrictions on who is allowed to perform which tasks at what time. Role- Based Access Control (RBAC) is a popular authorization mechanism. In RBAC, the authorization concepts such as roles and permissions are defined, and various authorization constraints are supported, including separation of duty, temporal constraints, etc. Under RBAC, users are assigned to certain roles, while the roles are associated with prescribed permissions. When we assess resource capacities, or evaluate the performance of workflow executions on supporting platforms, it is often assumed that when a task is allocated to a resource, the resource will accept the task and start the execution once a processor becomes available. However, when the authorization policies are taken into account,” this assumption may not be true and the situation becomes more complex. For example, when a task arrives, a valid and activated role has to be assigned to a task before the task can start execution. The deployed authorization constraints may delay the workflow execution due to the roles’ availability, or other restrictions on the role assignments, which will consequently have negative impact on application performance. When the authorization constraints are present to restrict the workflow executions, it entails new research issues that have not been studied yet in conventional workflow management. This thesis aims to investigate these new research issues. First, it is important to know whether a feasible authorization solution can be found to enable the executions of all tasks in a workflow, i.e., check the feasibility of the deployed authorization constraints. This thesis studies the issue of the feasibility checking and models the feasibility checking problem as a constraints satisfaction problem. Second, it is useful to know when the performance of workflow executions will not be affected by the given authorization constraints. This thesis proposes the methods to determine the time durations when the given authorization constraints do not have impact. Third, when the authorization constraints do have the performance impact, how can we quantitatively analyse and determine the impact? When there are multiple choices to assign the roles to the tasks, will different choices lead to the different performance impact? If so, can we find an optimal way to conduct the task-role assignments so that the performance impact is minimized? This thesis proposes the method to analyze the delay caused by the authorization constraints if the workflow arrives beyond the non-impact time duration calculated above. Through the analysis of the delay, we realize that the authorization method, i.e., the method to select the roles to assign to the tasks affects the length of the delay caused by the authorization constraints. Based on this finding, we propose an optimal authorization method, called the Global Authorization Aware (GAA) method. Fourth, a key reason why authorization constraints may have impact on performance is because the authorization control directs the tasks to some particular roles. Then how to determine the level of workload directed to each role given a set of authorization constraints? This thesis conducts the theoretical analysis about how the authorization constraints direct the workload to the roles, and proposes the methods to calculate the arriving rate of the requests directed to each role under the role, temporal and cardinality constraints. Finally, the amount of resources allocated to support each individual role may have impact on the execution performance of the workflows. Therefore, it is desired to develop the strategies to determine the adequate amount of resources when the authorization control is present in the system. This thesis presents the methods to allocate the appropriate quantity for resources, including both human resources and computing resources. Different features of human resources and computing resources are taken into account. For human resources, the objective is to maximize the performance subject to the budgets to hire the human resources, while for computing resources, the strategy aims to allocate adequate amount of computing resources to meet the QoS requirements.
24
Donchevskaya, E. "REACH (Registration, Evaluation, Authorization and Restriction of Chemicals)." Thesis, Видавництво СумДУ, 2009. http://essuir.sumdu.edu.ua/handle/123456789/13426.
Full text
25
Hamedtoolloei, Hamidreza. "A service-oriented architecture for authentication and authorization." Diss., Connect to a 24 p. preview or request complete full text in PDF format. Access restricted to UC campuses, 2009. http://wwwlib.umi.com/cr/ucsd/fullcit?p1460003.
Full textAbstract:
Thesis (M.S.)--University of California, San Diego, 2009.<br>Title from first page of PDF file (viewed January 9, 2009). Available via ProQuest Digital Dissertations. Includes bibliographical references (p. 94-97).
26
Yao, Danfeng. "Privacy-aware authentication and authorization in trust management." View abstract/electronic edition; access limited to Brown University users, 2008. http://gateway.proquest.com/openurl?url_ver=Z39.88-2004&rft_val_fmt=info:ofi/fmt:kev:mtx:dissertation&res_dat=xri:pqdiss&rft_dat=xri:pqdiss:3318375.
Full text
27
Truong, Anh. "Efficient Automated Security Analysis of Complex Authorization Policies." Doctoral thesis, Università degli studi di Trento, 2015. https://hdl.handle.net/11572/368624.
Full textAbstract:
Access Control is becoming increasingly important for today's ubiquitous systems. Sophisticated security requirements need to be ensured by authorization policies for increasingly complex and large applications. As a consequence, designers need to understand such policies and ensure that they meet the desired security constraints while administrators must also maintain them so as to comply with the evolving needs of systems and applications. These tasks are greatly complicated by the expressiveness and the dimensions of the authorization policies. It is thus necessary to provide policy designers and administrators with automated analysis techniques that are capable to foresee if, and under what conditions, security properties may be violated. For example, some analysis techniques have already been proposed in the literature for Role-Based Access Control (RBAC) policies. RBAC is a security model for access control that has been widely adopted in real-world applications. Although RBAC simplifies the design and management of policies, modifications of RBAC policies in complex organizations are difficult and error prone activities due to the limited expressiveness of the basic RBAC model. For this reason, RBAC has been extended in several directions to accommodate various needs arising in the real world such as Administrative RBAC (ARBAC) and Temporal RBAC (TRBAC). This Dissertation presents our research efforts to find the best trade-off between scalability and expressiveness for the design and benchmarking of analysis techniques for authorization policies. We review the state-of-the-art of automated analysis for authorization policies, identify limitations of available techniques and then describe our approach that is based on recently developed symbolic model checking techniques based on Satisfiability Modulo Theories (SMT) solving (for expressiveness) and carefully tuned heuristics (for scalability). Particularly, we present the implementation of the techniques on the automated analysis of ARBAC and ATRBAC policies and discuss extensive experiments that show that the proposed approach is superior to other state-of-the-art analysis techniques. Finally, we discuss directions for extensions.
28
Truong, Anh. "Efficient Automated Security Analysis of Complex Authorization Policies." Doctoral thesis, University of Trento, 2015. http://eprints-phd.biblio.unitn.it/1438/1/PhD-Thesis_AnhTuanTruong.pdf.
Full textAbstract:
Access Control is becoming increasingly important for today's ubiquitous systems. Sophisticated security requirements need to be ensured by authorization policies for increasingly complex and large applications. As a consequence, designers need to understand such policies and ensure that they meet the desired security constraints while administrators must also maintain them so as to comply with the evolving needs of systems and applications. These tasks are greatly complicated by the expressiveness and the dimensions of the authorization policies. It is thus necessary to provide policy designers and administrators with automated analysis techniques that are capable to foresee if, and under what conditions, security properties may be violated. For example, some analysis techniques have already been proposed in the literature for Role-Based Access Control (RBAC) policies. RBAC is a security model for access control that has been widely adopted in real-world applications. Although RBAC simplifies the design and management of policies, modifications of RBAC policies in complex organizations are difficult and error prone activities due to the limited expressiveness of the basic RBAC model. For this reason, RBAC has been extended in several directions to accommodate various needs arising in the real world such as Administrative RBAC (ARBAC) and Temporal RBAC (TRBAC). This Dissertation presents our research efforts to find the best trade-off between scalability and expressiveness for the design and benchmarking of analysis techniques for authorization policies. We review the state-of-the-art of automated analysis for authorization policies, identify limitations of available techniques and then describe our approach that is based on recently developed symbolic model checking techniques based on Satisfiability Modulo Theories (SMT) solving (for expressiveness) and carefully tuned heuristics (for scalability). Particularly, we present the implementation of the techniques on the automated analysis of ARBAC and ATRBAC policies and discuss extensive experiments that show that the proposed approach is superior to other state-of-the-art analysis techniques. Finally, we discuss directions for extensions.
29
Boussemart, Déborah. "La sécurisation des permis de construire contre les recours abusifs." Thesis, Sorbonne Paris Cité, 2015. http://www.theses.fr/2015USPCB124/document.
Full textAbstract:
La présente thèse s'intéresse à la systématisation des menaces d'annulation des permis de construire. Elle a pour objet d'analyser la réalité des recours abusifs devant le juge administratif français. Le phénomène de multiplication des recours abusifs pose le problème de l'instrumentalisation du juge par des requérants malveillants. Cette instrumentalisation transforme le prétoire en une sorte de marché juridictionnel et se traduit en pratique par des coûts contentieux et transactionnels de plus en plus lourds pour les bénéficiaires d'autorisation d'urbanisme. Des instruments de régulation procédurale existent mais sont apparus insuffisants jusqu'à la réforme du contentieux d'urbanisme de 2013. Cette réforme apporte des solutions innovantes. L'optimisme pousse à croire que ces mesures seront efficaces, mais un brin de pessimisme conduit à l'analyse d'autres solutions. Ainsi, le but de cette thèse est, d'une part, d'analyser les écueils actuels qui ont conduit à l'insécurité des bénéficiaires d'autorisation d'urbanisme et, d'autre part, d'analyser la pertinence des instruments juridiques régissant le droit de l'urbanisme avec un focus particulier sur les apports de la réforme des procédures contentieuses en urbanisme de 2013<br>The present dissertation is interested in the systematization of the threats of construction authorizations cancellation. This discussion examines the reality of overuses of the right of individual recourse in order to examine issues which could enhance the legal certainty of construction authorizations. The rapid growth of the overused recourses number leads to the manipulation of the law and of the judge. This transforms the courtroom in an odd market where the judge is the tool of a bad regulation. The result is significant. The reason for that is very simple: litigation is quite expensive and amicable settlements too. However, regulatory measures exist but they are not effective. The 2013 reform brought several innovative changes. Optimism leads us to believe these changes will be effective. But a more pessimistic viewpoint leads to highlight the other solutions. Hence, the purpose of this thesis work is to analyze the obstacles and limits of the existing tools which have led to insecure construction authorizations. Furthermore, it aims to analyze the relevance of existing legal instruments in urban planning law
30
Lamotte-Schubert, Manuel [Verfasser], and Christoph [Akademischer Betreuer] Weidenbach. "Automatic authorization analysis / Manuel Lamotte-Schubert. Betreuer: Christoph Weidenbach." Saarbrücken : Saarländische Universitäts- und Landesbibliothek, 2015. http://d-nb.info/1077211538/34.
Full text
31
Chatvichienchai, Somchai. "Studies on Translating Access Authorization Policies of XML Documents." 京都大学 (Kyoto University), 2004. http://hdl.handle.net/2433/147569.
Full text
32
Fernández, Alexis Martínez. "Authorization schema for electronic health-care records : For Uganda." Thesis, KTH, Kommunikationssystem, CoS, 2012. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-101165.
Full textAbstract:
This master’s thesis project began at the Karolinska University Hospital. This thesis discusses how to design an authorization schema focused on ensuring each patient’s data privacy within a hospital information system. It begins with an overview of the current problem, followed by a review of related work. The overall project’s goal is to create and evaluate an authorization schema that can ensure each patient’s data confidentiality. Authorization has currently become a very important aspect in information systems, to the point of being a necessity when implementing a complete system for managing access control in certain complex environments. This requirement lead to the approach that this master thesis takes for effectively reasoning about authorization requests in situations where a great number of parameters could affect the access control assessment. This study is part of the ICT4MPOWER project developed in Sweden by both public and private organizations with the objective of improving health-care aid in Uganda through the use of information and communication technologies. More concretely, this work defines an authorization schema that can cope with the increasing needs of sophisticated access control methods where a complex environment exists and policies require certain flexibility.<br>Detta examensarbete projektet startade vid Karolinska Universitetssjukhuset. Denna avhandling diskuterar hur man designar ett tillstånd schema fokuserat på att säkerställa varje patients dataskydd inom ett sjukhus informationssystem. Det börjar med en översikt över det aktuella problemet, följt av en genomgång av arbete. Projektets övergripande mål är att skapa och utvärdera ett tillstånd schema som kan garantera varje patient data sekretess. Bemyndigande har för närvarande blivit en mycket viktig aspekt i informationssystem, till den grad att vara nödvändigt att genomföra komplett system för hantering av åtkomstkontroll i vissa komplexa miljöer. Detta är i själva verket den strategi som detta examensarbete tar för att effektivt resonemang om en ansökan om godkännande i situationer där ett stort antal parametrar kan påverka i åtkomstkontroll bedömningen. Denna studie är en del av ICT4MPOWER projektet utvecklades i Sverige av både offentliga och privata organisationer i syfte att förbättra stödet sjukvård i Uganda med användning av informations-och kommunikationsteknik.<p> Mer konkret definierar detta arbete ett tillstånd schema som kan hantera de ökande behoven av sofistikerade metoder för åtkomstkontroll där en komplex miljö finns och politik kräver en viss flexibilitet.
33
Jacobs, David. "An XML Based Authorization Framework for Web-based Applications." NSUWorks, 2001. http://nsuworks.nova.edu/gscis_etd/607.
Full textAbstract:
The World Wide Web is increasingly being used to deliver services. The file based authorization schemes originally designed into web servers are woefully inadequate for enforcing the security policies needed by these services. This has led to the chaotic situation where each application is forced to develop its own security framework for enforcing the policies it requires. In tum, this has led to more numerous security vulnerabilities and greater maintenance headaches.
This dissertation lays out an authorization framework that enforces a wide range of security policies crucial to many web-based business applications. The solution is described in three steps. First, it specifies the stakeholders in an authorization system, the roles they play, and the crucial authorization policies that web applications commonly require. Secondly, it maps out the design of the XML based authorization language (AZML), showing how it provides for maintenance to be divided into proscribed roles and for the expression of required policies. Lastly, it demonstrates through a scenario the use of the XML authorization language for enforcing policies in a web-based application. It also explores the issues of how maintenance should be handled, what would be required to scale the authorization service and how to more tightly couple the authorization service to the web server.
34
ROSENDO, Daniel. "A high-level authorization framework for software-defined networks." Universidade Federal de Pernambuco, 2017. https://repositorio.ufpe.br/handle/123456789/25356.
Full textAbstract:
Submitted by Pedro Barros (pedro.silvabarros@ufpe.br) on 2018-08-01T19:37:51Z
No. of bitstreams: 2
license_rdf: 811 bytes, checksum: e39d27027a6cc9cb039ad269a5db8e34 (MD5)
DISSERTAÇÃO Daniel Rosendo.pdf: 3709439 bytes, checksum: cfcbfd0960c6e9bae38ba5ff1dc7d748 (MD5)<br>Approved for entry into archive by Alice Araujo (alice.caraujo@ufpe.br) on 2018-08-02T20:45:49Z (GMT) No. of bitstreams: 2
license_rdf: 811 bytes, checksum: e39d27027a6cc9cb039ad269a5db8e34 (MD5)
DISSERTAÇÃO Daniel Rosendo.pdf: 3709439 bytes, checksum: cfcbfd0960c6e9bae38ba5ff1dc7d748 (MD5)<br>Made available in DSpace on 2018-08-02T20:45:49Z (GMT). No. of bitstreams: 2
license_rdf: 811 bytes, checksum: e39d27027a6cc9cb039ad269a5db8e34 (MD5)
DISSERTAÇÃO Daniel Rosendo.pdf: 3709439 bytes, checksum: cfcbfd0960c6e9bae38ba5ff1dc7d748 (MD5)
Previous issue date: 2017-03-14<br>FACEPE<br>Network Access Control (NAC) management is a critical task. Misconfigurations may result in vulnerabilities that may compromise the overall network security. Traditional access control setups rely on firewalls, IEEE 802.1x, VLAN, ACL, and LDAP. These approaches work well for stable and small networks and are hard to integrate and configure. Besides, they are inflexible and require per-device and vendor-specific configurations, being error-prone. The Software-Defined Networking (SDN) paradigm overcomes architectural problems of traditional networks, simplifies the network design and operation, and offers new opportunities (programmability, flexibility, dynamicity, and standardization) to manage these issues. Furthermore, SDN reduces the human intervention, which in turn also reduce operational costs and misconfigurations. Despite this, access control management remains a challenge, once managing security policies involves dealing with a large set of access control rules; detection of conflicting policies; defining priorities; delegating rights; reacting to dynamic network states and events. This dissertation explores the use of SDN to mitigate these problems. We present HACFlow, a novel SDN framework for network access control management based on the OrBAC model. HACFlow aims to simplify and automate the NAC management. It allows network operators to govern rights of network entities by defining dynamic, fine-grained, and high-level access control policies. To illustrate the operation of HACFlow we present through a step by step how the main management tasks are executed. Our study case is a Smart City network environment. We conducted many experiments to analyze the scalability and performance of HACFlow, and the results show that it requires a time in the order of milliseconds to execute all the management tasks, even managing many policies. Besides, we compare HACFlow against related approaches.<br>Gerenciar o controle de acesso entre recursos (usuários, máquinas, serviços, etc.) em uma rede é uma tarefa crítica. Erros de configuração podem resultar em vulnerabilidades que podem comprometer a segurança da rede como um todo. Em redes tradicionais, esse controle de acesso é implementado através de firewalls, IEEE 802.1x, VLAN, ACL, and LDAP. Estas abordagens funcionam bem em redes menores e estáveis, e são difíceis de configurar e integrar. Além disso, são inflexíveis e requerem configurações individuais e específicas de cada fabricante, sendo propensa à erros. O paradigma de Redes Definidas por Software (SDN) supera os problemas arquiteturais das redes tradicionais, simplifica o projeto e operação da rede, e proporciona novas oportunidades (programabilidade, flexibilidade, dinamicidade, e padronização) para lidar com os problemas enfrentados em redes tradicionais. Apesar das vantagens do SDN, o gerenciamento de políticas de controle de acesso na rede continua sendo uma tarefa difícil. Uma vez que, gerenciar tais políticas envolve lidar com uma grande quantidade de regras; detectar e resolver conflitos; definir prioridades; delegar papéis; e adaptar tais regras de acordo com eventos e mudanças de estado da rede. Esta dissertação explora o paradigma SDN a fim de mitigar tais problemas. Neste trabalho, apresentamos o HACFlow, um framework SDN para gerenciamento de políticas de controle de acesso na rede baseado no modelo OrBAC. HACFlow tem como principal objetivo simplificar e automatizar tal gerenciamento. HACFlow permite que operadores da rede governe os privilégios das entidades da rede através da definição de políticas de controle de acesso dinâmicas, em alto nível, e com alta granularidade. Para ilustrar o funcionamento do HACFlow apresentamos um passo a passo de como as principais tarefas de genrenciamento de controle de acesso são realizadas. Nosso estudo de caso é um ambiente de rede de uma cidade inteligente. Vários experimentos foram realizados a fim de analisar a escalabilidade e performance do HACFlow. Os resultados mostram que o HACFlow requer um tempo na ondem de milissegundos para executar cada uma das tarefas de gerenciamento, mesmo lidando com uma grande quantidade de regras. Além disso, nós comparamos HACFlow com propostas relacionadas existentes na literatura.
35
Lorch, Markus. "PRIMA - Privilege Management and Authorization in Grid Computing Environments." Diss., Virginia Tech, 2004. http://hdl.handle.net/10919/26995.
Full textAbstract:
Computational grids and other heterogeneous, large-scale distributed systems require more powerful and more flexible authorization mechanisms to realize fine-grained access-control of resources. Computational grids are increasingly used for collaborative problem-solving and advanced science and engineering applications. Usage scenarios for advanced grids require support for small, dynamic working groups, direct delegation of access privileges among users, procedures for establishing trust relationships without requiring organizational level agreements, precise management by individuals of their privileges, and retention of authority by resource providers. Existing systems fail to provide the necessary flexibility and granularity to support these scenarios. The reasons include the overhead imposed by required administrator intervention, coarse granularity that only allows for all-or-nothing access control decisions, and the inability to implement finer-grained access control without requiring trusted application code.
PRIMA, the model and system developed in this research, focuses on management and enforcement of fine-grained privileges. The PRIMA model introduces novel approaches that can be used in place of, or in combination with existing access control mechanisms. PRIMA enables the users of a system to manage access to their own assets directly without the need for, and costs of intervention by technical personnel. System administrators benefit from more flexible and fine-grained definition of access privileges and policies. A novel access control decision and enforcement model with support for legacy applications has been developed. The model uses on-demand account leasing and implements expressive enforcement mechanisms built on existing low-overhead security primitives of the operating systems. The combination of the PRIMA components constitutes a comprehensive security model that facilitates highly dynamic authorization scenarios and increases security through least privilege access to resources. In summary, PRIMA mechanisms enable the use of fine-grained access rights, reduce administrative costs to resource providers, enable ad-hoc and dynamic collaboration scenarios, and provide improved security service to long-lived grid communities.<br>Ph. D.
36
Tran, Florén Simon. "Implementation and Analysis of Authentication and Authorization Methods in a Microservice Architecture : A Comparison Between Microservice Security Design Patterns for Authentication and Authorization Flows." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-301620.
Full textAbstract:
Microservices have emerged as an attractive alternative to more classical monolithic software application architectures. Microservices provides many benefits that help with code base comprehension, deployability, testability, and scalability. As the Information technology (IT) industry has grown ever larger, it makes sense for the technology giants to adopt the microservice architecture to make use of these benefits. However, with new software solutions come new security vulnerabilities, especially when the technology is new and vulnerabilities are yet to be fully mapped out. Authentication and authorization are the cornerstone of any application that has a multitude of users. However, due to the lack of studies of microservices, stemming from their relatively young age, there are no standardized design patterns for how authentication and authorization are best implemented in a microservice. This thesis investigates an existing microservice in order to secure it by applying what is known as a security design pattern for authentication and authorization. Different security patterns were tested and compared on performance. The differing levels of security provided by these approaches assisted in identifying an acceptable security versus performance trade-off. Ultimately, the goal was to give the patterns greater validity as accepted security patterns within the area of microservice security. Another goal was to find such a security pattern suitable for the given microservice used in this project. The results showed a correlation between increased security and longer response times. For the general case a security pattern which provided internal authentication and authorization but with some trust between services was suggested. If horizontal scaling was used the results showed that normal services proved to be the best target. Further, it was also revealed that for lower user counts the performance penalties were close to equal between the tested patterns. This meant that for the specific case where microservices sees lower amounts of traffic the recommended pattern was the one that implemented the maximum amount access control checks. In the case for the environment where the research were performed low amounts of traffic was seen and the recommended security pattern was therefore one that secured all services of the microservices.<br>Mikrotjänster har framträtt som ett mer attraktivt alternativ än mer konventionella mjukvaruapplikationsarkitekturer såsom den monolitiska. Mikrotjänster erbjuder flera fördelar som underlättar med en helhetsförståelse för kodbasen, driftsättning, testbarhet, och skalbarhet. Då IT industrin har växt sig allt större, så är det rimligt att tech jättar inför mikrotjänstarkitekturen för att kunna utnyttja dessa fördelar. Nya mjukvarulösningar medför säkerhetsproblem, speciellt då tekniken är helt ny och inte har kartlagts ordentligt. Autentisering och auktorisering utgör grunden för applikationer som har ett flertal användare. Då mikrotjänster ej hunnit blivit utförligt täckt av undersökning, på grund av sin relativt unga ålder, så finns det ej några standardiserade designmönster för hur autentisering och auktorisering är implementerade till bästa effekt i en mikrotjänst. Detta examensarbete undersöker en existerande mikrotjänst för att säkra den genom att applicera vad som är känt som ett säkerhetsdesignmönster för autentisering och auktorisering. Olika sådana mönster testades och jämfördes baserat på prestanda i olika bakgrunder. De varierade nivåerna av säkerhet från de olika angreppssätten som säkerhetsmönstrena erbjöd användes för att identifiera en acceptabel kompromiss mellan säkerhet mot prestanda. Målet är att i slutändan så kommer detta att ge mönstren en högre giltighet när det kommer till att bli accepterade som säkerhetsdesignmönster inom området av mikrotjänstsäkerhet. Ett annat mål var att hitta den bästa kandidaten bland dessa säkerhetsmönster för den givna mikrotjänsten som användes i projektet. Resultaten visade på en korrelation mellan ökad säkerhet och längre responstider. För generella fall rekommenderas det säkerhetsmönster som implementerade intern autentisering och auktorisering men med en viss del tillit mellan tjänster. Om horisontell skalning användes visade resultaten att de normala tjänsterna var de bästa valet att lägga dessa resurser på. Fortsättningsvis visade resultaten även att för ett lägre antal användare så var den negativa effekten på prestandan nästan likvärdig mellan de olika mönstren. Detta innebar att det specifika fallet då mikrotjänster ser en lägre mängd trafik så är det rekommenderade säkerhetsmönstret det som implementerad flest åtkomstkontroller. I fallet för den miljö där undersökningen tog plats förekom det en lägre mängd trafik och därför rekommenderades det säkerhetsmönster som säkrade alla tjänster närvarande i mikrotjänsten.
37
Mohan, Apurva. "Design and implementation of an attribute-based authorization management system." Diss., Georgia Institute of Technology, 2011. http://hdl.handle.net/1853/39585.
Full textAbstract:
The proposed research is in the area of attribute-based authorization systems. We address two specific research problems in this area. First, evaluating authorization policies in multi-authority systems where there are multiple stakeholders in the disclosure of sensitive data. The research proposes to consider all the relevant policies related to authorization in real time upon the receipt of an access request and to resolve any differences that these individual policies may have in authorization. Second, to enable a lot of entities to participate in the authorization process by asserting attributes on behalf of the principal accessing resources. Since it is required that these asserted attributes be trusted by the authorization system, it is necessary that these entities are themselves trusted by the authorization system. Two frameworks are proposed to address these issues. In the first contribution a dynamic authorization system is proposed which provides conflict detection and resolution among applicable policies in a multi-authority system. The authorization system is dynamic in nature and considers the context of an access request to adapt its policy selection, execution and conflict handling based on the access environment. Efficient indexing techniques are used to increase the speed of authorization policy loading and evaluation. In the second contribution, we propose a framework for service providers to evaluate trust in entities asserting on behalf of service users in real time upon receipt of an access request. This trust evaluation is done based on a reputation system model, which is designed to protect itself against known attacks on reputation systems.
38
Bai, Yun, of Western Sydney Nepean University, and School of Computing and Information Technology. "On formal specification of authorization policies and their transformations : thesis." THESIS_XXX_CIT_Bai_Y.xml, 2000. http://handle.uws.edu.au:8081/1959.7/564.
Full textAbstract:
Most of today's information systems are quite complex and often involve multi-user resource-sharing. In such a system, authorization policies are needed to ensure that the information flows in the desired way and to prevent illegal access to the system resource. Overall, authorization policies provide the ability to limit and control accesses to systems, applications and information. These policies need to be updated to capture the changing requirements of applications, systems and users. These updatings are implemented through the transformation of authorization policies. In this thesis, the author proposes a logic based formal approach to specifying authorization policies and to reason about the transformation and sequence of transformations of authorization policies and its application in object oriented databases. The author defines the structure of the policy transformation and employs model-based semantics to perform the transformation under the principle of minimum change. The language is modified to consider a sequence of authorization policy transformations. It handles more complex transformations and solves certain problems. The language is able to represent incomplete information, default authorizations and allows denials to be expressed explicitly. The proposed language is used to specify a variety of well known access control policies such as static separation of duty, dynamic separation of duty and Chinese wall security policy. The authorization formalization is also applied to object oriented databases.<br>Doctor of Philosophy (PhD)
39
Ciordas, Ionut Ovidiu. "Fine-grained authorization in the Great Plains network virtual organization." Diss., Columbia, Mo. : University of Missouri-Columbia, 2007. http://hdl.handle.net/10355/4967.
Full textAbstract:
Thesis (M.S.)--University of Missouri-Columbia, 2007.<br>The entire dissertation/thesis text is included in the research.pdf file; the official abstract appears in the short.pdf file (which also appears in the research.pdf); a non-technical general description, or public abstract, appears in the public.pdf file. Title from title screen of research.pdf file (viewed on January 3, 2008) Includes bibliographical references.
40
Wei, Qiang. "Towards improving the availability and performance of enterprise authorization systems." Thesis, University of British Columbia, 2009. http://hdl.handle.net/2429/13853.
Full textAbstract:
Authorization protects application resources by allowing only authorized entities to access them. Existing authorization solutions are widely based on the request-response model, where a policy enforcement point intercepts application requests, obtains authorization decisions from a remote policy decision point, and enforces those decisions. This model enables sharing the decision point as an authorization service across multiple applications. But, with many requests and resources, using a remote shared decision point leads to increased latency and presents the risk of introducing a bottleneck and/or a single point of failure. This dissertation presents three approaches to addressing these problems.
The first approach introduces and evaluates the mechanisms for authorization recycling in role-based access control systems. The algorithms that support these mechanisms allow a local secondary decision point to not only reuse previously-cached decisions but also infer new and correct decisions based on two simple rules, thereby masking possible failures of the central authorization service and reducing the network delays. Our evaluation results suggest that authorization recycling improves the availability and performance of distributed access control solutions.
The second approach explores a cooperative authorization recycling system, where each secondary decision point shares its ability to make decisions with others through a discovery service. Our system does not require cooperating secondary decision points to trust each other. To maintain cache consistency at multiple secondary decision points, we propose alternative mechanisms for propagating update messages. Our evaluation results suggest that cooperation further improves the availability and performance of authorization infrastructures.
The third approach examines the use of a publish-subscribe channel for delivering authorization requests and responses between policy decision points and enforcement points. By removing enforcement points' dependence on a particular decision point, this approach helps improve system availability, which is confirmed by our analytical analysis, and reduce system administration/development overhead. We also propose several subscription schemes for different deployment environments and study them using a prototype system.
We finally show that combining these three approaches can further improve the authorization system availability and performance, for example, by achieving a unified cooperation framework and using speculative authorizations.
41
Aas, Dag-Inge. "Authentication and Authorization for Native Mobile Applications using OAuth 2.0." Thesis, Norges teknisk-naturvitenskapelige universitet, Institutt for datateknikk og informasjonsvitenskap, 2013. http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-22969.
Full textAbstract:
OAuth 2.0 has in the recent years become the de-facto standard of doing API authorization and authentication on mobile devices. However, recent critics have claimed that OAuth does not provide sufficient security or ease-of-use for developers on mobile devices. In this thesis, I study four approaches to mobile authorization using OAuth 2.0, and suggest an improved solution based on current industry best-practices for security on Android. The end result is a solution which provides a native authorization flow for third-party developers to integrate with an existing API endpoint. However, the thesis shows that even with current industry best-practices the proposed solution does not provide a completely secure approach, and developers must keep the security consequences of that fact in mind when implementing OAuth on mobile devices.
42
Dasun, Weerasinghe P. W. H. "Parameter based identification, authentication and authorization method for mobile services." Thesis, City University London, 2010. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.510696.
Full text
43
Dahlberg, Robert. "THE PROGRAM PATHING TRUST MODEL FOR CRITICAL SYSTEM PROCESS AUTHORIZATION." VCU Scholars Compass, 2011. http://scholarscompass.vcu.edu/etd/237.
Full textAbstract:
Since computers are relied upon to run critical infrastructures – from nuclear power plants to electronic battlefield simulations – the concept of a “trusted” or tamperproof system has become even more important. Some applications have become so critical that it is imperative that they run as intended, without interference. The consequences of these systems not running as intended could be catastrophic. This research offers a solution for a key element for protecting these critical servers – validating process invocation sequences. The purpose of this research is to increase operating system security by detecting, validating, and enforcing process invocation sequences within a critical system. If the processes on a critical system are not those that are intended to run or support the critical system, or if a system is able to run processes in an unauthorized sequence, then the system is compromised and cannot be trusted. This research uses a computational theory approach to create a framework for a solution for the process invocation sequence problem. Using the Program Pathing Trust Model, a solution capable of identifying both valid and invalid process invocation sequences is developed.
44
Whitehead, Nathan. "Combining reason and authority for authorization of proof-carrying code /." Diss., Digital Dissertations Database. Restricted to UC campuses, 2008. http://uclibs.org/PID/11984.
Full text
45
Wang, Shujing. "Logic programming based formal representations for authorization and security protocols." Thesis, View thesis, 2008. http://handle.uws.edu.au:8081/1959.7/13380.
Full textAbstract:
Logic programming with answer set semantics has been considered appealing rule-based formalism language and applied in information security areas. In this thesis, we investigate the problems of authorization in distributed environments and security protocol verification and update. Authorization decisions are required in large-scale distributed environments, such as electronic commerce, remote resource sharing, etc. We adopt the trust management approach, in which authorization is viewed as a ‘proof of compliance" problem. We develop an authorization language AL with non-monotonic feature as the policy and credential specification language, which can express delegation with depth control, complex subject structures, both positive and negative authorizations, and separation of duty concepts. The theoretical foundation for language AL is the answer set semantics of logic programming. We transform AL to logic programs and the authorization decisions are based on answer sets of the programs. We also explore the tractable subclasses of language AL. We implement a fine grained access control prototype system for XML resources, in which the language AL¤ simplified from AL is the policy and credential specification language. We define XPolicy, the XML format of AL¤, which is a DTD for the XML policy documents. The semantics of the policy is based on the semantics of language AL. The system is implemented using Java programming. We investigate the security protocol verification problem in provable security approach. Based on logic programming with answer set semantics, we develop a unified framework for security protocol verification and update, which integrates protocol specification, verification and update. The update model is defined using forgetting techniques in logic programming. Through a case study protocol, we demonstrate an application of our approach.
46
Wang, Shujing. "Logic programming based formal representations for authorization and security protocols." View thesis, 2008. http://handle.uws.edu.au:8081/1959.7/13380.
Full textAbstract:
Thesis (Ph.D.) -- University of Western Sydney, 2008.<br>A thesis submitted for the degree of Doctor of Philosophy to the University of Western Sydney, College of Health and Science, School of Computing and Mathematics. Includes bibliography.
47
Bai, Yun. "On formal specification of authorization policies and their transformations : thesis." Thesis, View thesis View thesis, 2000. http://handle.uws.edu.au:8081/1959.7/564.
Full textAbstract:
Most of today's information systems are quite complex and often involve multi-user resource-sharing. In such a system, authorization policies are needed to ensure that the information flows in the desired way and to prevent illegal access to the system resource. Overall, authorization policies provide the ability to limit and control accesses to systems, applications and information. These policies need to be updated to capture the changing requirements of applications, systems and users. These updatings are implemented through the transformation of authorization policies. In this thesis, the author proposes a logic based formal approach to specifying authorization policies and to reason about the transformation and sequence of transformations of authorization policies and its application in object oriented databases. The author defines the structure of the policy transformation and employs model-based semantics to perform the transformation under the principle of minimum change. The language is modified to consider a sequence of authorization policy transformations. It handles more complex transformations and solves certain problems. The language is able to represent incomplete information, default authorizations and allows denials to be expressed explicitly. The proposed language is used to specify a variety of well known access control policies such as static separation of duty, dynamic separation of duty and Chinese wall security policy. The authorization formalization is also applied to object oriented databases.
48
Caddick, Andrew Brian. "Critical review of the quality of environmental authorizations in South Africa / Andrew Brian Caddick." Thesis, 2015. http://hdl.handle.net/10394/14480.
Full textAbstract:
This dissertation critically reviews the quality of South African environmental authorisations through
the application of a methodology adopted from the Lee and Colley (1999) environmental impact
assessment (EIA) report review package. The literature review shows that to date limited research
has been conducted on the quality of environmental authorisations nationally. Anecdotal evidence
suggests that environmental authorisations are of weak quality; hence the development of guidelines
on the compilation of environmental authorisations by the Department of Environmental Affairs
(DEA). In this dissertation, the quality of the environmental authorisations is critically reviewed
against the requirements of the National Environmental Management Act (Act No. 107 of 1998) and
departmental guidelines. The research concludes that only 64% of reviewed authorisations are
deemed satisfactory, while 36% were unsatisfactory. When the basic assessment report (BAR) and
scoping and environmental impact assessment (S&EIA) process authorisations are compared it is
concluded that the there is a minimal difference in quality. The BAR achieved a 69% satisfactory
rating while the S&EIA process achieved a 61% satisfactory rating. The dissertation concludes by
making recommendations to improve the quality of authorisations.<br>M (Environmental Management), North-West University, Potchefstroom Campus, 2015
49
Ruan, Chun. "Models for authorization and conflict resolution." Thesis, 2003. http://handle.uws.edu.au:8081/1959.7/546.
Full textAbstract:
Access control is a significant issue in any secure computer system. Authorization models provide a formalism and framework for specifying and evaluating access control policies that determine how access is granted and delegated among particular users. The aim of this dissertation is to investigate flexible decentralized authorization model supporting authorization delegation, both positive and negative authorization, and conflict resolution. A graph based authorization framework is proposed which can support authorization delegations and both positive and negative authorizations. In particular, it is shown that the existing conflict resolution methods are limited when applied to decentralized authorization models and cyclic authorizations can even lead to undesirable situations. A new conflict resolution policy is then proposed, which can support well controlled delegation by giving predecessors higher priorities along the delegation path. The thesis provides a formal description of the proposed model and detailed descriptions of algorithms to implement it. The model is represented using labelled digraphs, which provide a formal basis for proving the semantic correctness of the model. A weighted graph based model is presented which allows grantors to further express degrees of certainties about their granting of authorizations. The work is further extended to consider more complex domains where subjects, objects and access rights are hierarchically structured and authorization inheritance along the hierarchies taken into account. A precise semantics is given which is based on stable model semantics, and, several important properties of delegatable authorization programs investigated. The framework provides users a reasonable method to express complex security policy. To address the many situations in which users may need to be granted or delegated authorizations for a limited period of time, a temporal decentralized authorization model is proposed in which temporal authorization delegations and negations are allowable. Proper semantic properties are further investigated. Finally, as an application, the thesis shows how the proposed authorization model can be used in a e-consent system on health data. A system architecture for e-consent is presented and different types of e-consent models discussed. The proposed model is shown to provide users a good framework for representing and evaluating these models.
50
Narula, Pornthep. "Authorization management framework." 2002. http://hdl.handle.net/1993/21422.
Full text