Дисертації з теми "Access control decisions"

Social media has become an integral part of the Internet and has revolutionized interpersonal communication. The lines of separation between content creators and content consumers have blurred as normal users have platforms such as social media sites, blogs and microblogs at their disposal on which they can create and consume content as well as have the opportunity to interact with other users. This change has also led to several well documented privacy problems for the users. The privacy problems faced by social media users can be categorized into institutional privacy (related to the social network provider) and social privacy (related to the interpersonal communication between social media users) problems. The work presented in this thesis focuses on the social privacy issues that affect users on social media due to their interactions with members in their network who may represent various facets of their lives (such as work, family, school, etc.). In such a scenario, it is imperative for them to be able to appropriately control access to their information such that it reaches the appropriate audience. For example, a person may not want to share the same piece of information with their boss at work and their family members. These boundaries are defined by the nature of relationships people share with each other and are enforced by controlling access during communication. In real life, people are accustomed to do this but it becomes a greater challenge while interacting online. The primary contribution of the work presented in this thesis is to design an access control recommendation mechanism for social media users which would ease the burden on the user while sharing information with their contacts on the social network. The recommendation mechanism presented in this thesis, REACT (REcommending Access Control decisions To social media users), leverages information defining interpersonal relationships between social media users in conjunction with information about the content in order to appropriately represent the context of information disclosure. Prior research has pointed towards ways in which to employ information residing in the social network to represent social relationships between individuals. REACT relies on extensive empirical evaluation of such information in order to identify the most suitable types of information which can be used to predict access control decisions made by social media users. In particular, the work in this thesis advances the state of art in the following ways: (i) An empirical study to identify the most appropriate network based community detection algorithm to represent the type of interpersonal relationships in the resulting access control recommendation mechanism. This empirical study examines a goodness of fit of the communities produced by 8 popular network based community detection algorithms with the access control decisions made by social media users. (ii) Systematic feature engineering to derive the most appropriate profile attribute to represent the strength or closeness between social media users. The relationship strength is an essential indicator of access control preferences and the endeavor is to identify the minimal subset of attributes which can accurately represent this in the resulting access control recommendation mechanism. (iii) The suitable representation of interpersonal relationships in conjunction with information about the content that result in the design of an access control recommendation mechanism, REACT, which considers the overall context of information disclosure and is shown to produce highly accurate recommendations.

Whitelisting IP addresses and hostnames allow organizations to employ a default-deny approach to network traffic. Organizations employing a default-deny approach can stop many malicious threats, even including zero-day attacks, because it only allows explicitly stated legitimate activities. However, creating a comprehensive whitelist for a default-deny approach is difficult due to user-supplied destinations that can only be known at the time of usage. Whitelists, therefore, interfere with user experience by denying network traffic to user-supplied legitimate destinations. In this thesis, we focus on creating dynamic whitelists that are capable of allowing user-supplied network activity. We designed and built a system called Harbinger, which leverages user interface activity to provide contextual information in which network activity took place. We built Harbinger for Microsoft Windows operating systems and have tested its usability and effectiveness on four popular Microsoft applications. We find that Harbinger can reduce false positives-positive detection rates from 44%-54% to 0%-0.4% in IP and DNS whitelists. Furthermore, while traditional whitelists failed to detect propagation attacks, Harbinger detected the same attacks 96% of the time. We find that our system only introduced six milliseconds of delay or less for 96% of network activity.

Role based access control (RBAC) is widely used in health care systems today. Some of the biggest systems in use at Norwegian hospitals utilizes role based integration. The basic concept of RBAC is that users are assigned to roles, permissions are assigned to roles and users acquire permissions by being members of roles. An alternative approach to the role based access distribution, is that information should be available only to those who are taking active part in a patient’s treatment. This approach is called decision based access control (DBAC). While some RBAC implementations grant access to a groups of people by ward, DBAC ensures that access to relevant parts of the patient’s medical record is given for treatment purposes regardless of which department the health care worker belongs to. Until now the granularity which the legal framework describes has been difficult to follow. The practical approach has been to grant access to entire wards or organizational units in which the patient currently resides. Due to the protection of personal privacy, it is not acceptable that any medical record is available to every clinician at all times. The most important reason to implement DBAC where RBAC exists today, is to get an access control model that is more dynamic. The users should have the access they need to perform their job at all times, but not more access than needed. With RBAC, practice has shown that it is very hard to make dynamic access rules when properties such as time and tasks of an employee’s work change. This study reveals that pretty much all security measures in the RBAC systems can be overridden by the use of emergency access features. These features are used extensively in everyday work at the hospitals, and thereby creates a security risk. At the same time conformance with the legal framework is not maintained. Two scenarios are simulated in a fictional RBAC and DBAC environment in this report. The results of the simulation show that a complete audit of the logs containing access right enhancements in the RBAC environment is unfeasible at a large hospital, and even checking a few percent of the entries is also a very large job. Changing from RBAC to DBAC would probably affect this situation to the better. Some economical advantages are also pointed out. If a change is made, a considerable amount of time that is used by health care workers to unblock access to information they need in their everyday work will be saved.

Margrave is a specification language and analysis tool for access control policies with semantics based in order-sorted logic. The clear logical roots of Margrave's semantics makes policies specified in the Margrave language both machine analyzable and relatively easy for users to reason about. However, the decision conflict resolution declaration and policy set features of Margrave do not have semantics that are as cleanly rooted in order-sorted logic as Margrave policies and queries are. Additionally, the current semantics of decision conflict resolution declarations and of policy sets do not permit users to take full advantage of the multi-decision capabilities of Margrave policies. The purposes of this thesis are (i) to provide a unified extension to the semantics for policies and policy combination, (ii) to cleanly support decision conflict resolution mechanisms in a general way within those semantics and (iii) to provide insight into the properties of policy combination and decision conflict resolution for multi-decision policies in general. These goals are achieved via the realization that policy combinators may be treated as policies operating within environments extended with the results of the policies to be combined, allowing policy combinators to be defined as if they were policies. The ability to treat policy combinators as policies means that users' current understanding of policies can be easily extended to policy combinators. Additionally, the tools that Margrave has for supporting policies can be leveraged as the Margrave language and analysis tool grow to provide fuller support for policy combination and rule conflict resolution declarations.

Different solutions have been used for each security aspects (access control, application security) to secure enterprise web applications. However combining "
enterprise-level"
and "
application-level"
security aspects in one layer could give great benefits such as reusability, manageability, and scalability. In this thesis, adding a new layer to n-tier web application architectures to provide a common evaluation and enforcement environment for both enterprise-level and application level policies to bring together access controlling with application-level security. Removing discrimination between enterprise-level and application-level security policies improves manageability, reusability and scalability of whole system. Resource Access Decision (RAD) specification has been implemented and used as authentication mechanism for this layer. RAD service not only provides encapsulating domain specific factors to give access decisions but also can form a solid base to apply positive and negative security model to secure enterprise web applications. Proposed solution has been used in a real life system and test results have been presented.

El escenario actual de las redes móviles se caracteriza por la creciente demanda de los usuarios por los servicios de datos, circunstancia que se ha visto potenciada por la popularidad de los teléfonos inteligentes y el auge de aplicaciones que necesitan de una conexión permanente a internet, como aquellas que hacen uso de recursos "en la nube" o los servicios de streaming para vídeo. El consumo de datos crece exponencialmente, tanto para los países desarrollados como en los países en desarrollo, y esto ha llevado a los operadores a plantearse soluciones que permitan proveer dichas condiciones de acceso. Las redes heterogéneas se caracterizan por utilizar diferentes tecnologías de una manera coherente y organizada para proveer a los usuarios con la calidad de servicio requerida en sus comunicaciones, de tal manera que la comunicación sea para estos "transparente". Dicha heterogeneidad se puede dar a nivel de acceso, con la coexistencia de tecnologías como 802.11, WiMAX y redes móviles en sus diferentes generaciones, o incluso a nivel de capas dentro de las redes móviles con la coexistencia de macro, micro, pico y femto celdas. Haciendo un uso organizado de estos múltiples recursos, es posible optimizar las prestaciones de la red y proveer a los usuarios con una mejor calidad de servicio. Pero la posibilidad de mejorar las prestaciones de la red no se da sólo por el uso simultáneo de estas tecnologías de acceso. Para mejorar la eficiencia en el uso del espectro electromagnético, un recurso limitado y subutilizado según diferentes estudios, se propuso la tecnología de cognitive radio. Por medio de esta tecnología es posible que un usuario sea capaz de medir el instante en el que una parte del espectro electromagnético no esta siendo utilizado para enviar información, siempre evitando interferir en las comunicaciones de aquellos usuarios que usan dicho espectro regularmente. En el presente trabajo se proveen diferentes soluciones dentro del contexto de las redes heterogéneas que buscan optimizar el uso de los recursos disponibles en la red para proveer a los usuarios con la calidad de servicio esperada, ya sea por medio del control de acceso o la gestión de recursos. Por un lado se estudia el efecto que la reserva de canales para realizar handoff espectral tiene sobre las prestaciones para los usuarios secundarios en un sistema de cognitive radio. Por otro lado se estudian políticas de acceso para una red en la que dos tecnologías de acceso están disponibles: TDMA y WCDMA, y los usuarios tienen acceso a los servicios de voz y datos. Por otro lado
Performance requirements on mobile networks are tighter than ever as a result of the adoption of mobile devices such as smartphones or tablets, and the QoS levels that mobile applications demand for their correct operation. The data traffic volume carried in mobile networks for 2012 is the same as the total internet traffic in 2000, and this exponential growth tendency will continue in years to come. In order to fulfill users¿ expectations, it is imperative for mobile networks to make the best use of the available resources. Heterogeneous networks (Hetnets) have the ability to integrate several technologies in a coherent and efficient manner in order to enhance users¿ experience. The first challenge of heterogeneous networks is to integrate several radio access technologies, which exist as a result of simultaneous technology developments and a paced replacement of legacy technology. A joint management of several RAT¿s enhances network¿s efficiency, and this influences user¿s experience. Another challenge of heterogeneous networks is the improvement of current macrocells through an efficient use of the electromagnetic spectrum. Some approaches aim to optimize the antennas or use higher-order modulation techniques, but a more disruptive approach is the use of dynamic spectrum techniques through a technology known as cognitive radio. Finally, heterogeneous networks should be able to integrate several layers. In addition to the well studied micro and pico cells, a new generation of cheaper and easily configurable small cell networks have been proposed. However, its success is attached to its ability to adapt to the current context of mobile networks.
Pacheco Páramo, DF. (2013). Performance analysis of access control and resource management methods in heterogeneous networks [Tesis doctoral]. Editorial Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/34782
Alfresco

Over the last decade, the wide deployment of wireless access technologies (e.g. WiFi, 3G, and LTE) and the remarkable growth in the volume of streaming video content have significantly altered the telecommunications field. These developments introduce new challenges to the research community including the need to develop new solutions (e.g. traffic models and transport protocols) to address changing traffic patterns and the characteristics of wireless links and the need for new evaluation methods that generate higher fidelity results under more realistic scenarios. Unfortunately, for the last two decades, simulation studies have been the main tool for researchers in wireless networks. In spite of the advantages of simulation studies, overall they have had a negative influence on the credibility of published results. In partial response to this simulation crisis, the research community has adopted testing and evaluation using implementation-based experiments. Implementation-based experiments include field experiments, prototypes, emulations, and testbeds. An example of an implementation-based experiment is the MANIAC Challenge, a wireless networking competition that we designed and hosted, which included creation and operation of ad hoc networks using commodity hardware. However, the lack of software tools to facilitate these sorts of experiments has created new challenges. Currently, researchers must practice kernel programming in order to implement networking experiments, and there is an urgent need to lower the barriers of entry to wireless network experimentation. With respect to the growth in video traffic over wireless networks, the main challenge is a mismatch between the design concepts of current internet protocols (e.g. the Transport Control Protocol (TCP)) and the reality of modern wireless networks and streaming video techniques. Internet protocols were designed to be deployed over wired networks and often perform poorly over wireless links; video encoding is highly loss tolerant and delay-constrained and yet, for reasons of expedience is carried using protocols that emphasize reliable delivery at the cost of potentially high delay. This dissertation addresses the lack of software tools to support implementation-based networking experiments and the need to improve the performance of video streaming over wireless access networks. We propose a new software tool that allows researchers to implement experiments without a need to become kernel programmers. The new tool, called the Flexible Internetwork Stack (FINS) Framework, is available under an open source license. With our tool, researchers can implement new network layers, protocols, and algorithms, and redesign the interconnections between the protocols. It offers logging and monitoring capabilities as well as dynamic reconfigurability of the modules' attributes and interconnections during runtime. We present details regarding the architecture, design, and implementation of the FINS Framework and provide an assessment of the framework including both qualitative and quantitative comparison with significant previous tools. We also address the problem of HTTP-based adaptive video streaming (HAVS) over WiFi access networks. We focus on the negative influence of wireless last-hop connections on network utilization and the end-user quality of experience (QoE). We use a cross-layer approach to design three controllers. The first and second controllers adopt a heuristic cross-layer design, while the third controller formulates the HAVS problem as a Markov decision process (MDP). By solving the model using reinforcement learning, we achieved 20% performance improvement (after enough training) with respect to the performance of the best heuristic controller under unstable channel conditions. Our simulation results are backed by a system prototype using the FINS Framework. Although it may seem predictable to achieve more gain in performance and in QoE by using cross-layer design, this dissertation not only presents a new technique that improves performance, but also suggests that it is time to move cross-layer and machine-learning-based approaches from the research field to actual deployment. It is time to move cognitive network techniques from the simulation environment to real world implementations.
Ph. D.

Losses resulting from traumatic injuries and occupational disease are prevalent in the small business sector of Australian industry. Although the true size of the problem is unclear, it is estimated that the losses amount to more than $8 billion annually. The hazard control measures to counter these losses are largely known and are available to small businesses but they are not widely adopted. Regulators and other bodies have employed a range of intervention strategies to influence decision-makers in small businesses but most have focussed on the dissemination of printed materials or broadbased advertising campaigns with limited success......... The research concludes that the listening processes at the heart of social marketing add to the methods already used in the OHS discipline by forcing the marketer to listen to the subjective assessment of risk as perceived by targets as well as to question the evidence base that supports the legitimacy and efficacy of the proposed intervention. The TTM was found to be a useful means of categorising small business decision-maker behaviour and assessing the readiness for change of individuals and therefore the messages that are needed to unfreeze behaviour. The TTM also provides a tool for evaluation of the impact of an intervention.As a result of this research it is suggested that opinion leaders, who are employed within a social marketing model to diffuse information, multiply the effort of those wishing to increase the adoption of an innovation. Thus engagement of opinion leaders by an OHS authority for the communication of risk control messages may be more cost-effective than attempting to visit every workplace within an industry group. Thus, although social marketing is not in the general repertoire of OHS interventions, it appears to be extremely useful as a framework for interventions and, when used in concert with a stages of change model, provides natural lead indicators for evaluating the impact of OHS interventions. Application of social marketing to people who have the responsibility for the health and safety of others was unique.
Doctor of Philosphy

A new promising approach for wireless network optimization is from a cross-layer perspective. This thesis focuses on exploiting channel state information (CSI) from the physical layer for optimal transmission scheduling at the medium access control (MAC) layer. The first part of the thesis considers exploiting CSI via a distributed channel-aware MAC protocol. The MAC protocol is analysed using a centralized design approach and a non-cooperative game theoretic approach. Structural results are obtained and provably convergent stochastic approximation algorithms that can estimate the optimal transmission policies are proposed. Especially, in the game theoretic MAC formulation, it is proved that the best response transmission policies are threshold in the channel state and there exists a Nash equilibrium at which every user deploys a threshold transmission policy. This threshold result leads to a particularly efficient stochastic-approximation-based adaptive learning algorithm and a simple distributed implementation of the MAC protocol. Simulations show that the channel-aware MAC protocols result in system throughputs that increase with the number of users. The thesis also considers opportunistic transmission scheduling from the perspective of a single user using Markov Decision Process (MDP) approaches. Both channel state in-formation and channel memory are exploited for opportunistic transmission. First, a finite horizon MDP transmission scheduling problem is considered. The finite horizon formulation is suitable for short-term delay constraints. It is proved for the finite horizon opportunistic transmission scheduling problem that the optimal transmission policy is threshold in the buffer occupancy state and the transmission time. This two-dimensional threshold structure substantially reduces the computational complexity required to compute and implement the optimal policy. Second, the opportunistic transmission scheduling problem is formulated as an infinite horizon average cost MDP with a constraint on the average waiting cost. An advantage of the infinite horizon formulation is that the optimal policy is stationary. Using the Lagrange dynamic programming theory and the super modularity method, it is proved that the stationary optimal transmission scheduling policy is a randomized mixture of two policies that are threshold in the buffer occupancy state. A stochastic approximation algorithm and a Q-learning based algorithm that can adaptively estimate the optimal transmission scheduling policies are then proposed.

Fueled by the rapid advancement in digital and wireless technologies, the ever-increasing capabilities of wireless devices have placed upon us a tremendous challenge - how to put all of this capability to effective use. Individually, wireless devices have outpaced the ability of users to optimally configure them. Collectively, the complexity is far more daunting. Research in cognitive networks seeks to provide a solution to the diffculty of effectively using the expanding capabilities of wireless networks by embedding greater degrees of intelligence within the network itself. In this dissertation, we address some fundamental questions related to cognitive networks, such as "What is a cognitive network?" and "What methods may be used to design a cognitive network?" We relate cognitive networks to a common artificial intelligence (AI) framework, the multi-agent system (MAS). We also discuss the key elements of learning and reasoning, with the ability to learn being the primary differentiator for a cognitive network. Having discussed some of the fundamentals, we proceed to further illustrate the cognitive networking principle by applying it to two problems: multichannel topology control for dynamic spectrum access (DSA) and routing in a mobile ad hoc network (MANET). The multichannel topology control problem involves confguring secondary network parameters to minimize the probability that the secondary network will cause an outage to a primary user in the future. This requires the secondary network to estimate an outage potential map, essentially a spatial map of predicted primary user density, which must be learned using prior observations of spectral occupancy made by secondary nodes. Due to the complexity of the objective function, we provide a suboptimal heuristic and compare its performance against heuristics targeting power-based and interference-based topology control objectives. We also develop a genetic algorithm to provide reference solutions since obtaining optimal solutions is impractical. We show how our approach to this problem qualifies as a cognitive network. In presenting our second application, we address the role of network state observations in cognitive networking. Essentially, we need a way to quantify how much information is needed regarding the state of the network to achieve a desired level of performance. This question is applicable to networking in general, but becomes increasingly important in the cognitive network context because of the potential volume of information that may be desired for decision-making. In this case, the application is routing in MANETs. Current MANET routing protocols are largely adapted from routing algorithms developed for wired networks. Although optimal routing in wired networks is grounded in dynamic programming, the critical assumption, static link costs and states, that enables the use of dynamic programming for wired networks need not apply to MANETs. We present a link-level model of a MANET, which models the network as a stochastically varying graph that possesses the Markov property. We present the Markov decision process as the appropriate framework for computing optimal routing policies for such networks. We then proceed to analyze the relationship between optimal policy and link state information as a function of minimum distance from the forwarding node. The applications that we focus on are quite different, both in their models as well as their objectives. This difference is intentional and signficant because it disassociates the technology, i.e. cognitive networks, from the application of the technology. As a consequence, the versatility of the cognitive networks concept is demonstrated. Simultaneously, we are able to address two open problems and provide useful results, as well as new perspective, on both multichannel topology control and MANET routing. This material is posted here with permission from the IEEE. Such permission of the IEEE does not in any way imply IEEE endorsement of any of Virginia Tech library's products or services. Internal or personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution must be obtained from the IEEE by writing to pubs-permissions@ieee.org. By choosing to view this material, you agree to all provisions of the copyright laws protecting it.
Ph. D.

La première partie de l’étude est consacrée à l’invocation, intra et extra muros, du droit à un procès équitable. Sont analysés ainsi, dans un premier temps, l’applicabilité directe de l’article 6 et la subsidiarité de la Convention par rapport au droit national et de la Cour Européenne des Droits de l’Homme par rapport aux juridictions nationales. Le droit à un procès équitable étant un droit jurisprudentiel, l’étude se focalise, dans un second temps, sur l’invocabilité des arrêts de la Cour Européenne et plus précisément sur l’invocabilité directe de l’arrêt qui constate une violation du droit à un procès équitable dans une affaire mettant en cause l’Etat et l’invocabilité de l’interprétation conforme à l’arrêt qui interprète l’article 6 dans une affaire mettant en cause un Etat tiers. L’introduction dans l’ordre juridique français et hellénique de la possibilité de réexamen de la décision pénale définitive rendue en violation de la Convention a fait naitre un nouveau droit d’accès à la Cour de cassation lequel trouve son terrain de prédilection aux violations de l’article 6 et constitue peut-être le pas le plus important pour le respect du droit à un procès équitable après l’acceptation (par la France et la Grèce) du droit de recours individuel. Quant au faible fondement de l’autorité de la chose interprétée par la Cour Européenne, qui est d’ailleurs un concept d’origine communautaire, cela explique pourquoi un dialogue indirect entre la Cour Européenne et la Cour de cassation est possible sans pour autant changer en rien l’invocabilité de l’interprétation conforme et le fait que l’existence d’un précédent oblige la Cour de cassation à motiver l’interprétation divergente qu’elle a adoptée.La seconde partie de l’étude, qui est plus volumineuse, est consacrée aux garanties de bonne administration de la justice (article 6§1), à la présomption d’innocence (article 6§2), aux droits qui trouvent leur fondement conventionnel dans l’article 6§1 mais leur fondement logique dans la présomption d’innocence et aux droits de la défense (article 6§3). Sont ainsi analysés le droit à un tribunal indépendant, impartial et établi par la loi, le délai raisonnable, le principe de l’égalité des armes, le droit à une procédure contradictoire, le droit de la défense d’avoir la parole en dernier, la publicité de l’audience et du prononcé des jugements et arrêts, l’obligation de motivation des décisions, la présomption d’innocence, dans sa dimension procédurale et personnelle, le « droit au mensonge », le droit de l’accusé de se taire et de ne pas contribuer à son auto-incrimination, son droit d’être informé de la nature et de la cause de l’accusation et de la requalification envisagée des faits, son droit au temps et aux facilités nécessaires à la préparation de la défense, y compris notamment la confidentialité de ses communications avec son avocat et le droit d’accès au dossier, son droit de comparaître en personne au procès, le droit de la défense avec ou sans l’assistance d’un avocat, le droit de l’accusé d’être représenté en son absence par son avocat, le droit à l’assistance gratuite d’un avocat lorsque la situation économique de l’accusé ne permet pas le recours à l’assistance d’un avocat mais les intérêts de la justice l’exigent, le droit d’interroger ou faire interroger les témoins à charge et d’obtenir la convocation et l’interrogation des témoins à décharge dans les mêmes conditions que les témoins à charge et le droit à l’interprétation et à la traduction des pièces essentielles du dossier. L’analyse est basée sur la jurisprudence strasbourgeoise et centrée sur la position qu’adoptent la Cour de cassation française et l’Aréopage
The first party of the study is dedicated to the invocation of the right to a fair trial intra and extra muros and, on this basis, it focuses on the direct applicability of Article 6 and the subsidiarity of the Convention and of the European Court of Human Rights. Because of the fact that the right to a fair trial is a ‘‘judge-made law’’, the study also focuses on the invocability of the judgments of the European Court and more precisely on the direct invocability of the European Court’s judgment finding that there has been a violation of the Convention and on the request for an interpretation in accordance with the European Court’s decisions. The possibility of reviewing the criminal judgment made in violation of the Convention has generated a new right of access to the Court of cassation which particularly concerns the violations of the right to a fair trial and is probably the most important step for the respect of the right to a fair trial after enabling the right of individual petition. As for the weak conventional basis of the authority of res interpretata (“autorité de la chose interprétée”), this fact explains why an indirect dialogue between the ECHR and the Court of cassation is possible but doesn’t affect the applicant’s right to request an interpretation in accordance with the Court’s decisions and the duty of the Court of cassation to explain why it has decided to depart from the (non-binding) precedent.The second party of the study is bigger than the first one and is dedicated to the guarantees of the proper administration of justice (Article 6§1), the presumption of innocence (Article 6§2), the rights which find their conventional basis on the Article 6§1 but their logical explanation to the presumption of innocence and the rights of defence (Article 6§3). More precisely, the second party of the study is analyzing the right to an independent and impartial tribunal established by law, the right to a hearing within a reasonable time, the principle of equality of arms, the right to adversarial proceedings, the right of the defence to the last word, the right to a public hearing and a public pronouncement of the judgement, the judge’s duty to state the reasons for his decision, the presumption of innocence, in both its procedural and personal dimensions, the accused’s right to lie, his right to remain silent, his right against self-incrimination, his right to be informed of the nature and the cause of the accusation and the potential re-characterisation of the facts, his right to have adequate time and facilities for the preparation of the defence, including in particular the access to the case-file and the free and confidential communication with his lawyer, his right to appear in person at the trial, his right to defend either in person or through legal assistance, his right to be represented by his counsel, his right to free legal aid if he hasn’t sufficient means to pay for legal assistance but the interests of justice so require, his right to examine or have examined witnesses against him and to obtain the attendance and examination of witnesses on his behalf under the same conditions as witnesses against him and his right to the free assistance of an interpreter and to the translation of the key documents. The analysis is based on the decisions of the European Court of Human Rights and focuses on the position taken by the French and the Greek Court of Cassation (Areopagus) on each one of the above mentioned rights

With the increasing popularity of information systems and digital devices, data leakage has become a serious threat on a global scale. Access control is recognised as the first defence to guarantee that only authorised users can access sensitive data and thus prevent data leakage. However, currently widely used attributebased access control (ABAC) is costly to configure and manage for large-scale information systems. Furthermore, misconfiguration and policy explosion are two significant challenges for ABAC strategies. In recent years, machine learning technologies have been more applied in access control decision-making to improve the automation and performance of access control decisions. Nevertheless, existing studies usually fail to consider the dynamic class imbalance problem in access control and thus achieve poor performance on minority classes. In addition, the concept drift problem caused by the evolving user and resource attributes, user behaviours, and access environments is also challenging to tackle. This thesis focuses on leveraging machine learning algorithms to make more accurate and adaptive access control decisions. Specifically, a minority class boosted framework is proposed to address the possible concept drifts caused by evolving users’ behaviours and system environments. Its basic idea is to adopt an incremental batch learning strategy to update the classifier continuously. Within this framework, a boosting window (BW) algorithm is specially designed to boost the performance of the minority class since the minority class is fatal for data protection in access control problems. Furthermore, to improve the overall performance of access control, this study adopts a knowledge graph to mine the interlinked relationships between users and resources. A knowledge graph construction algorithm is designed to build a domain-specific knowledge graph. The constructed knowledge graph is also adopted into an online learning framework for access control decision-making. The proposed frameworks and algorithms are evaluated and verified through two open-source real-world Amazon datasets. Experimental results show that the proposed BW algorithm effectively boosts the performance of the minority class. Furthermore, using topological features extracted from our constructed access control knowledge graph can improve access control performance in both offline and online learning scenarios.

碩士
華梵大學
資訊管理學系碩士班
98
In the internal network, the defense demand gradually increased, the Network Access Control (NAC) is able to perform the user’s identity authentication and test the security such as anti-virus software enable and update virus patterns, install the operation system patch(es) and so on before user access internal network. The NAC is able to isolated user until his information equipment repaired to prevent virus or worm if user’s equipment does not meet security policy. For an organization, the pre-deployment assessment of NAC system might includes: the extent of changes to the existing network infrastructure, difficulty of deployment, functional requirements, the user's access control and cost aspects. These assessments is more involved in network management, the user's computer management, access control and many other units. Therefore, the NAC solution evaluation becomes more difficult and complex because of a number of assessment criteria of choice . This study proposes the NAC solution decision-making model which utilize the NAC standards and information technology security products selecting guides to develop evaluation criteria of NAC for criteria evaluation questionnaires. The questionnaires were conducted on experts. We utilized the Analytic Hierarchy Process (AHP) to determine the weighted values of various principles and to find out the important principles of the evaluation criteria and utilized Fuzzy Synthetic Decision method to determine the NAC solution selection priority as an organization select NAC solution reference basis. The results show that the system integrity and the cost of attention are most import to decision-makers. Therefore, the most in need of consideration of issues for the NAC implement are risk reducing and implement cost to an organization.

Tese de doutoramento em Ciências e Tecnologias da Informação, apresentada ao Departamento de Engenharia Informática da Faculdade de Ciências e Tecnologia da Universidade de Coimbra
O espectro rádio tem vindo a ser regulado de um modo estático. Ou seja, este encontra-se essencialmente dividido em bandas de frequência licenciadas, com utilização restringida a um número limitado de utilizadores autorizados, e em algumas bandas de frequência não licenciadas para utilização livre. Devido à falta de flexibilidade resultante desta abordagem, partes significativas do espectro rádio encontram-se subutilizadas. Em simultâneo, outras bandas de frequência estão a ficar cada vez mais saturadas, nomeadamente as não licenciadas em áreas densamente povoadas. O Rádio Cognitivo é um paradigma recente cujo objetivo é melhorar o nível de eficiência na utilização do espectro rádio. Os seus princípios gerais consistem em permitir que dispositivos sem fios não licenciados (os denominados Utilizadores Secundários) possam aceder às bandas de frequência licenciadas desde que estes não interferiram de forma prejudicial com os utilizadores licenciados (os denominados Utilizadores Primários). A abordagem preponderante na área de Rádio Cognitivo consiste em ter utilizadores secundários com capacidade para, de um modo dinâmico, detetar e aceder a oportunidades espectrais, ou seja, bandas de frequência que não estão a ser acedidas pelos respetivos utilizadores primários num determinado momento numa determinada localização. Neste contexto, os utilizadores secundários devem ser capazes de analisar o espectro rádio com precisão e, de preferência, possuírem mecanismos de aprendizagem baseados em observação local e experiência passada. Apesar da área de Rádio Cognitivo ter implicações na totalidade das camadas das pilhas protocolares de comunicação, os seus problemas fundamentais localizam-se nos níveis físico (PHY) e de controlo de acesso ao meio (MAC). Em particular, os protocolos de controlo de acesso ao meio desempenham um papel fundamental no âmbito de operações de controlo de acesso ao espectro rádio e de suporte à cooperação entre utilizadores secundários. Os utilizadores primários, quanto a eles, devem manter-se abstraídos das operações de Rádio Cognitivo e, em consequência, não estarem sujeitos a qualquer tipo de alteração em cenários de Rádio Cognitivo. Esta tese apresenta cinco contribuições, essencialmente relacionadas com o nível do controlo de acesso ao meio, com o objetivo de incrementar os níveis de proteção dos utilizadores primários e de desempenho dos utilizadores secundários em redes de Rádio Cognitivo distribuídas, especialmente quando os utilizadores secundários não têm antecipadamente acesso a qualquer tipo de informação, tal como a localização de utilizadores primários. Neste tipo de cenário, não existe qualquer entidade central responsável por recolher e processar dados de origem diversa ou tomar decisões de acesso ao espectro rádio. Ou seja, as soluções propostas adequam-se a utilizadores secundários que operam de um modo autónomo e cooperativo. Estes tomam as suas decisões baseando-se, essencialmente, em observações locais, em eventuais resultados de aprendizagem e em dados trocados entre si. A primeira contribuição desta tese consiste numa descrição da área de Rádio Cognitivo através de um estado da arte detalhado. A segunda contribuição resulta na definição de um protocolo de controlo de acesso ao meio apoiado num mecanismo inovador, designado COSBET (Cooperative Sense-Before-Transmit), que oferece um nível superior de proteção dos utilizadores primários em cenários de Rádio Cognitivo distribuídos sujeitos ao problema do utilizador primário oculto. Este tipo de anomalia ocorre quando um utilizador secundário é incapaz de detetar as atividades de um determinado utilizador primário apesar de poder provocar interferências na respetiva área de abrangência. Tal como já foi referido, na área de Rádio Cognitivo, é considerado desejável os utilizadores secundários terem capacidades de aprendizagem baseadas em observação local e experiência passada. No entanto, em cenários distribuídos, o problema do utilizador primário oculto afeta negativamente a qualidade dos resultados de aprendizagem obtidos e, em consequência, o nível efetivamente alcançado em termos de proteção dos utilizadores primários. Sendo assim, esta tese também analisa esta questão e propõe uma solução destinada a tratá-la, estando esta terceira contribuição baseada num conceito chave designado FIBASC (Filtering Based on Suspicious Channels). A troca de informação de controlo em redes de Rádio Cognitivo distribuídas é frequentemente suportada por um canal partilhado e acessível à globalidade dos utilizadores secundários. Este é o designado canal de controlo comum (CCC), sendo igualmente esta a abordagem seguida pelo protocolo COSBET-MAC proposto. No entanto, os CCC estão sujeitos a problemas de saturação. A ocorrência deste tipo de problema impede os utilizadores secundários de tirarem pleno proveito das potencialidades oferecidas pelo Rádio Cognitivo, acabando por limitar os níveis de desempenho de comunicação alcançáveis. Sendo assim, nesta tese também analisamos esta questão e propomos uma solução destinada a abordá-la, correspondendo esta à nossa quarta contribuição. A solução proposta, designada CORHYS (Cognitive Radio Hybrid Signalling), baseia-se num esquema de sinalização híbrido que recorre simultaneamente a um CCC e aos canais de dados que vão sendo alocados de forma dinâmica. A quinta e última contribuição desta tese consiste na definição de uma estratégia adicional, igualmente localizada no nível do controlo de acesso ao meio, destinada a melhorar o desempenho dos utilizadores secundários em cenários de Rádio Cognitivo distribuídos em que se recorre a um CCC. Fazem parte das suas linhas orientadoras a otimização da reutilização espacial do espectro rádio e a redução do tráfego de controlo gerado entre utilizadores secundários. As soluções de Rádio Cognitivo propostas no âmbito desta tese foram avaliadas em ambiente de simulação, sendo esta uma prática comum, nomeadamente devido a limitações de tempo e de outros tipos de recursos. Para o efeito, recorreu-se ao OMNET++ (Objective Modular Network Testbed in C++), um simulador baseado em eventos discretos e de código aberto. A totalidade das contribuições da presente tese podem ser aplicadas em conjunto. A integração destas deu origem a uma solução única e otimizada de controlo de acesso ao meio destinada a cenários de Rádio Cognitivo distribuídos. Esta aborda as duas principais preocupações existentes em cenários de Rádio Cognitivo: proteger os utilizadores primários de qualquer tipo de interferência prejudicial; e melhorar o desempenho de comunicação dos utilizadores secundários. Tanto quanto sabemos, as várias soluções propostas e o nível de completude que a utilização conjunta destas permite não são oferecidos por qualquer outra proposta de controlo de acesso ao meio existente para cenários de Rádio Cognitivo distribuídos. As contribuições desta tese também apontam direções que podem ser seguidas no âmbito de outros protocolos de controlo de acesso ao meio, especialmente aqueles que se destinam a redes de Rádio Cognitivo distribuídas.
The radio spectrum has been statically regulated, i.e., essentially partitioned into licensed frequency bands, which are accessed exclusively by authorized users, and unlicensed frequency bands that can be freely accessed. Due to this inflexible policy, large portions of the entire radio spectrum remain unused independently of time and location in the world, while some frequency bands suffer from increasing levels of saturation, particularly the unlicensed ones in densely populated areas. Cognitive Radio (CR) is a recent paradigm that aims at improving efficiency regarding spectrum utilization. Its principles consist in allowing unlicensed wireless devices (i.e., secondary users) to access licensed frequency bands provided that the respective incumbent users (i.e., primary users) do not suffer any harmful interference. The most preponderant CR approach consists in having a secondary user (SU) dynamically locating and accessing spectrum opportunities, i.e., frequency bands that are not being accessed by any primary user (PU) at a given time and location. Consequently, sensing the spectrum and learning through local observation and past experience, which enables proactive spectrum decision, are key CR issues. Despite CR has implications in all the layers of the communication protocol stack, its fundamentals are mainly related to the physical (PHY) and medium access control (MAC) levels. In fact, CR MAC protocols are at the heart of spectrum access control and cooperation between SUs. PUs are expected to be unware of CR operations and, consequently, should not suffer any modification under CR scenarios. This thesis provides five contributions, essentially related to the MAC level, with the aim of improving the protection of PUs and the communication performance of SUs in cooperative distributed CR networks, particularly when there is no access to any a priori known information, such as the locations of primary transmitters. In this type of scenario, there are no central entities that collect and fuse data, or take spectrum decisions. That is, the proposed solutions fit into totally autonomous and cooperating SUs, i.e., SUs that take their own decisions based on local observation, on learning outcomes if any is available, and on data they exchange with each other. The first contribution of this thesis consists in a description of the CR area through an indepth state of the art. The second contribution lies in the definition of a CR MAC protocol that follows a novel approach, named Cooperative Sense-Before-Transmit (COSBET), which provides a higher protection of PUs in distributed CR scenarios that suffer from the hidden PU problem. This issue occurs when a SU cannot sense the activities of a given PU despite it can cause harmful interference to its coverage area. As already mentioned, CR considers that the SUs might have learning capabilities based on local observation and past experience. However, in distributed scenarios, the hidden PU problem affects the accuracy of learning and, therefore, the effectiveness of PU protection. For that reason, in this thesis we also discuss this issue and propose a novel solution that addresses it. This solution is based on a key concept named FIBASC (Filtering Based on Suspicious Channels). Utilizing a common control channel (CCC), i.e., a channel that is available to all the SUs in a CR network, for signalling purposes is a frequent practice concerning existing distributed CR MAC solutions. It is also the solution adopted by COSBET-MAC. However, a CCC is susceptible to saturation and can, therefore, become a performance bottleneck that inhibits the SUs from taking full advantage of CR potentialities. Consequently, the fourth contribution of this thesis consists in analysing this issue and addressing it through a novel solution, which we named CORHYS (Cognitive Radio Hybrid Signalling). CORHYS is based on a hybrid signalling approach that performs signalling over the CCC and over the allocated data channels simultaneously. The fifth and last contribution of this thesis consists in a MAC-level strategy that aims at further improving the performance of SUs in distributed CR scenarios that are based on a CCC. The key guidelines for this strategy are optimizing the spatial reuse of the radio spectrum and reducing control traffic. The CR solutions that resulted from this thesis were evaluated through simulation, which is a common practice, particularly due to time and other resource restrictions. For this purpose, we used OMNET++ (Objective Modular Network Testbed in C++), an open source discrete event simulator. The contributions of this thesis can be applied jointly and were successfully integrated with each other, which resulted in an optimized CR MAC solution that addresses the two main concerns in distributed CR scenarios: protecting the PUs from harmful interference; and improving the communication performance of the SUs. To the best of our knowledge, the proposed solutions and the level of completeness that they jointly achieve are not found in any other existing distributed CR MAC proposal. We also note that they define directions that can be followed by other CR MAC protocols, particularly those that target distributed CR networks.

abstract: Access control is necessary for information assurance in many of today's applications such as banking and electronic health record. Access control breaches are critical security problems that can result from unintended and improper implementation of security policies. Security testing can help identify security vulnerabilities early and avoid unexpected expensive cost in handling breaches for security architects and security engineers. The process of security testing which involves creating tests that effectively examine vulnerabilities is a challenging task. Role-Based Access Control (RBAC) has been widely adopted to support fine-grained access control. However, in practice, due to its complexity including role management, role hierarchy with hundreds of roles, and their associated privileges and users, systematically testing RBAC systems is crucial to ensure the security in various domains ranging from cyber-infrastructure to mission-critical applications. In this thesis, we introduce i) a security testing technique for RBAC systems considering the principle of maximum privileges, the structure of the role hierarchy, and a new security test coverage criterion; ii) a MTBDD (Multi-Terminal Binary Decision Diagram) based representation of RBAC security policy including RHMTBDD (Role Hierarchy MTBDD) to efficiently generate effective positive and negative security test cases; and iii) a security testing framework which takes an XACML-based RBAC security policy as an input, parses it into a RHMTBDD representation and then generates positive and negative test cases. We also demonstrate the efficacy of our approach through case studies.
Dissertation/Thesis
M.S. Computer Science 2014

Choć sama problematyka udostępniania informacji publicznej jest przedmiotem wielu publikacji, to jednak kwestia udostępniania takich informacji przez podmioty prywatne nie doczekała się jak dotychczas kompleksowego opracowania. Celem rozprawy jest zatem całościowe zbadanie i omówienie problematyki udostępniania informacji publicznej przez podmioty prywatne, wychodząc od uwarunkowań prawnomiędzynarodowych oraz konstytucyjnych, a kończąc na praktycznych aspektach funkcjonowania regulacji ustawowej. Po krótkim wprowadzeniu, pracę rozpoczyna rys historyczny międzynarodowych regulacji w przedmiocie udostępniania informacji publicznej oraz analiza prawodawstwa wybranych państw obcych (Niemiec, Francji, Wielkiej Brytanii i USA) w zakresie udostępniania takich informacji przez podmioty prywatne. Dalej, już na gruncie polskich regulacji, badany jest zakres podmiotowy obowiązku udostępniania informacji, omawiane jest pojęcie informacji publicznej, sposoby jej udostępniania i możliwość odmowy udostepnienia żądanej informacji. Analizowane jest samo pojęcie podmiotu prywatnego, a szczegółowo omawiane główne typy podmiotów prywatnych, które obowiązane są do udostępniania informacji publicznej z racji wykonywanych zadań publicznych (m.in. przedsiębiorstwa energetyczne, przedsiębiorcy telekomunikacyjni, operatorzy publicznego transportu zbiorowego, przedsiębiorcy prowadzący działalność w zakresie gospodarki komunalnej, podmioty prowadzące szkoły i placówki oświaty, uczelnie niepubliczne, podmioty udzielające świadczeń z zakresu powszechnej opieki zdrowotnej, organizacje pozarządowe) z jednoczesnym wskazaniem na występowanie szeregu innych prywatnych podmiotów obowiązanych. Szczegółowo omawiane są także kwestie proceduralne związane tak z udostępnianiem jak i brakiem udostępnienia żądanej informacji, w tym wydawaniem przez podmioty prywatne decyzji administracyjnych oraz zaskarżaniem decyzji lub bezczynności podmiotów prywatnych do sądu administracyjnego. Analizowana jest także kwestia nadużywania prawa dostępu do informacji oraz aspekty odpowiedzialności karnej za nieudostępnienie informacji publicznej. Choć podmioty prywatne partycypują w działalności szeroko pojętego państwa (publicznoprawnej wspólnoty), to jednak ich rola nigdy nie będzie tożsama z rolą odgrywaną w tym zakresie przez organy władzy lub inne podmioty publiczne. Zakres kontroli społecznej nad działaniami podmiotów prywatnych nie może być zatem taki sam, jak nad działaniami władz i podmiotów publicznych. Przeprowadzone badania pozwalają dostrzec, że jakkolwiek podmioty prywatne są obowiązane do udostępniania informacji publicznych, to tylko w takim zakresie swojej działalności, w jakim wykonują zadania publiczne. Te zaś należy rozumieć jako zadania wykonywane w interesie ogólnym w ramach obowiązku służby publicznej (ang. public/universal service obligation – PSO/USO) nałożonego na podmiot prywatny ustawą, decyzją administracyjną lub umową zawartą z właściwym organem władzy publicznej. Nakładanie na podmioty prywatne obowiązków w zakresie udostępniania informacji musi przy tym respektować ich podstawowe wolności i prawa, w tym autonomię informacyjną oraz wolność działalności gospodarczej. Musi być także proporcjonalne do funkcji, jakie konkretny podmiot prywatny pełni w życiu publicznoprawnej wspólnoty. Ostatni rozdział rozprawy prezentuje wnioski de lege lata i de lege ferenda. Wnioski de lege lata wskazują kierunek interpretacji obowiązujących przepisów bliższy celom regulacji, jakim jest transparentność działalności szeroko pojętego państwa, a jednocześnie uwzględniający potrzebę ochrony interesów podmiotów prywatnych. Główne wnioski de lege ferenda wskazują zaś na potrzebę przemodelowania aktualnej regulacji ustawowej, nie tylko celem jej doprecyzowania, ale także dostosowania do ram normatywnych zakreślonych przez ustrojodawcę.
Although the issue of sharing public information has been the subject of many research and non-research publications, the issue of sharing such information by private entities has not yet been comprehensively discussed. Therefore, the purpose of this dissertation is to comprehensively research and analyse the issue of sharing public information by private entities, starting from international law through constitutional law, and ending with practical aspects of application of statutory regulations. After a short introduction, the dissertation begins with a historical outline of international regulations on access to public information and the analysis of the legislation applicable in selected foreign countries (i.e. Germany, France, UK and USA) as regards sharing such information by private entities. Further, the scope of obliged entities, the concept of public information, the methods of its sharing and the possibility of refusing to share the information requested are examined under the Polish regulations. The concept of the private entity is also explained in the dissertation. Typical private entities obliged to share public information due to providing public services (e.g. energy undertakings, telecommunications undertakings, public transport operators, municipal economy undertakings, schools and educational establishments, universities, universal health care providers, NGOs) are discussed in detail, and other obliged entities are specified. The dissertation studies in detail the procedural issues related to sharing the requested information as well as the refusal to share such information, including the issuing of administrative decisions by private entities and appealing against the decisions or inaction of private entities to administrative courts. The abuse of the right to public information and aspects of criminal liability for failure to share public information are also analysed. Although private entities participate in the activities of the broadly understood state (public law community), their role will never be the same as the role played by the authorities or other public entities in this regard. Therefore, the scope of social control over the activities of private entities cannot be the same as the one over the activities of the authorities and public entities. The studies indicate that even though private entities are obliged to share public information, this obligation is limited to the activities in which they perform public functions. These should be understood as providing services of general interests (SGI) under specific public/universal service obligation (PSO/USO) imposed on a private entity by the law, administrative decision or contract concluded with the competent public authority. Imposing obligations on private entities regarding the access to public information must respect the fundamental freedoms and rights of these entities, including their privacy, their information autonomy and economic freedom. It must be proportional to the functions that a particular private entity performs in a public community life. The last chapter presents the de lege lata and de lege ferenda conclusions. De lege lata conclusions indicate the direction of interpretation of the binding provisions which is closer to the purpose of the regulation on access to public information, i.e. the transparency of the activities of the broadly defined state, and provides protection for the interests of private entities. The main de lege ferenda conclusions indicate the need for remodelling of the current statutory regulation, not only to clarify it, but also to adapt it to the normative framework outlined by the constitution-maker.