Дисертації з теми "Time based access control"
Щоб переглянути інші типи публікацій з цієї теми, перейдіть за посиланням: Time based access control.
Оформте джерело за APA, MLA, Chicago, Harvard та іншими стилями
Ознайомтеся з топ-50 дисертацій для дослідження на тему "Time based access control".
Біля кожної праці в переліку літератури доступна кнопка «Додати до бібліографії». Скористайтеся нею – і ми автоматично оформимо бібліографічне посилання на обрану працю в потрібному вам стилі цитування: APA, MLA, «Гарвард», «Чикаго», «Ванкувер» тощо.
Також ви можете завантажити повний текст наукової публікації у форматі «.pdf» та прочитати онлайн анотацію до роботи, якщо відповідні параметри наявні в метаданих.
Переглядайте дисертації для різних дисциплін та оформлюйте правильно вашу бібліографію.
1
Jaggi, Felix P. "An access control model based on time and events." Thesis, University of British Columbia, 1990. http://hdl.handle.net/2429/28945.
Анотація:
A new access control model incorporating the notion of time and events is introduced. It allows the specification of fine-grained and flexible security policies which are sensitive to the operating environment. The system constraints, expressed in terms of access windows and obligations, are stored in extended access control lists. The addition of a capability mechanism gives another dimension of protection and added flexibility, so that the flexibility and expressive power of the system constraints is fully supported by the underlying mechanism. The approach is compared to several existing models and its' expressive power is demonstrated by showing the new model can be used to specify different existing security models as well as some special problems. The model is then adapted to work in a distributed environment.Science, Faculty of
Computer Science, Department of
Graduate
2
Alsarhani, Sami. "Reasoning about history based access control policy using past time operators of interval temporal logic." Thesis, De Montfort University, 2014. http://hdl.handle.net/2086/10406.
Анотація:
Interval Temporal Logic (ITL) is a flexible notation for the propositional and first-order logical reasoning about periods of time that exist in specifications of hardware and software systems. ITL is different from other temporal logics since it can deal with both sequential and parallel composition and provides powerful and extensible specification and verification methods for reasoning about properties such as safety, time projection and liveness. Most imperative programming constructs can be seen as ITL formula that form the basis of an executable framework called Tempura that is used for the development and testing of ITL specifications.\\ ITL has only future operators, but the use of past operators make specifications referring to history more succinct; that is, there are classes of properties that can be expressed by means of much shorter formulas. What is more, statements are easier to express (simplicity) when past operators are included. Moreover, using past operators does not increase the complexity of interval temporal logic regarding the formula size and the simplicity. This thesis introduces past time of interval temporal logic where, instead of future time operators Chop, Chopstar, and Skip, we have past operators past Chop, past Chopstar and past Skip. The syntax and semantics of past time ITL are given together with its axiom and proof system. Furthermore, Security Analysis Toolkit for Agents (SANTA) operators such always-followed-by and the strong version of it has been given history based semantics using past time operators. In order to evaluate past time interval temporal logic, the problem of specification, verification of history based access control policies has been selected. This problem has already been solved using future time of interval temporal logic ITL but the drawback is that policy rules are not succinct and simple. However, the use of past time operators of ITL produces simple and succinct policy rules. The verification technique used to proof the safety property of history based access control policies is adapted for past time ITL to show that past time operators of interval temporal logic can specify and verify a security scenario such as history based access control policy.
3
Knight, G. S. "Scenario-based access control." Thesis, National Library of Canada = Bibliothèque nationale du Canada, 2000. http://www.collectionscanada.ca/obj/s4/f2/dsk1/tape3/PQDD_0021/NQ54421.pdf.
4
Aktoudianakis, Evangelos. "Relationship based access control." Thesis, University of Surrey, 2016. http://epubs.surrey.ac.uk/809642/.
Анотація:
Relationship Based Access Control (ReBAC) has emerged as a popular alternative to traditional access control models, such as Role Based Access Control (RBAC) and Attribute Based Access Control (ABAC). However, some of the model's aspects, such as its expression language and delegation abilities have not been studied in depth. Further-more, existing ReBAC models cater to single policy control, thus not taking into account cases were many access control policies might apply to a single access control object. We propose a ReBAC model, set theoretic ReBac (STReBAC), which bases its expression language on set theory. Our model is expressive and exible, catering to the above problems, and able to overcome access control challenges as discussed by popular ReBAC models without needing to alter its formal grammar. Additionally, we extend our model to handle situations where more than one policy applies to the same access control object. To achieve this we have combined our STReBAC model with PTaCL which is an evaluation framework for ABAC. We provide a solution which is compatible with many industrial standards, such as eXtensible Access Control Markup Language (XACML) and Ponder, and formalise techniques used by those very standards to extend our model without sacri�cing its original exibility. As part of our research, we implement a demonstrator that proves how our formal model can be applied to real life industrial problems, whether as a stand alone project or as part of a larger access control mechanism. To demonstrate the above, we implement our model in terms of Application Programming Interface (API)s that are widely used by today's industry. This shows that our STReBAC models can be translated into implementations which are exible and scalable.
5
Magnussen, Gaute, and Stig Stavik. "Access Control in Heterogenous Health Care Systems : A comparison of Role Based Access Control Versus Decision Based Access Control." Thesis, Norwegian University of Science and Technology, Department of Computer and Information Science, 2006. http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-9295.
Анотація:
Role based access control (RBAC) is widely used in health care systems today. Some of the biggest systems in use at Norwegian hospitals utilizes role based integration. The basic concept of RBAC is that users are assigned to roles, permissions are assigned to roles and users acquire permissions by being members of roles. An alternative approach to the role based access distribution, is that information should be available only to those who are taking active part in a patients treatment. This approach is called decision based access control (DBAC). While some RBAC implementations grant access to a groups of people by ward, DBAC ensures that access to relevant parts of the patients medical record is given for treatment purposes regardless of which department the health care worker belongs to. Until now the granularity which the legal framework describes has been difficult to follow. The practical approach has been to grant access to entire wards or organizational units in which the patient currently resides. Due to the protection of personal privacy, it is not acceptable that any medical record is available to every clinician at all times. The most important reason to implement DBAC where RBAC exists today, is to get an access control model that is more dynamic. The users should have the access they need to perform their job at all times, but not more access than needed. With RBAC, practice has shown that it is very hard to make dynamic access rules when properties such as time and tasks of an employees work change. This study reveals that pretty much all security measures in the RBAC systems can be overridden by the use of emergency access features. These features are used extensively in everyday work at the hospitals, and thereby creates a security risk. At the same time conformance with the legal framework is not maintained. Two scenarios are simulated in a fictional RBAC and DBAC environment in this report. The results of the simulation show that a complete audit of the logs containing access right enhancements in the RBAC environment is unfeasible at a large hospital, and even checking a few percent of the entries is also a very large job. Changing from RBAC to DBAC would probably affect this situation to the better. Some economical advantages are also pointed out. If a change is made, a considerable amount of time that is used by health care workers to unblock access to information they need in their everyday work will be saved.
6
Klöck, Clemens. "Auction-based Medium Access Control." [S.l. : s.n.], 2007. http://digbib.ubka.uni-karlsruhe.de/volltexte/1000007323.
7
Macfie, Alex. "Semantic role-based access control." Thesis, University of Westminster, 2014. https://westminsterresearch.westminster.ac.uk/item/964y2/semantic-role-based-access-control.
Анотація:
In this thesis we propose two semantic ontological role-based access control (RBAC) reasoning processes. These processes infer user authorisations according to a set of role permission and denial assignments, together with user role assignments. The first process, SO-RBAC (Semantic Ontological Role-Based Access Control) uses OWL-DL to store the ontology, and SWRL to perform reasoning. It is based mainly on RBAC models previously described using Prolog. This demonstrates the feasibility of writing an RBAC model in OWL and performing reasoning inside it, but is still tied closely to descriptive logic concepts, and does not effectively exploit OWL features such as the class hierarchy. To fully exploit the capabilities of OWL, it was necessary to enhance the SO-RBAC model by programming it in OWL-Full. The resulting OWL-Full model, ESO-RBAC (Enhanced Semantic Ontological Role-Based Access Control), uses Jena for performing reasoning, and allows an object-oriented definition of roles and of data items. The definitions of roles as classes, and users as members of classes representing roles, allows user-role assignments to be defined in a way that is natural to OWL. All information relevant to determining authorisations is stored in the ontology. The resulting RBAC model is more flexible than models based on predicate logic and relational database systems. There are three motivations for this research. First, we found that relational database systems do not implement all of the features of RBAC that we modelled in Prolog. Furthermore, implementations of RBAC in database management systems is always vendor-specific, so the user is dependent on a particular vendor's procedures when granting permissions and denials. Second, Prolog and relational database systems cannot naturally represent hierarchical data, which is the backbone of any semantic representation of RBAC models. An RBAC model should be able to infer user authorisations from a hierarchy of both roles and data types, that is, determine permission or denial from not just the type of role (which may include sub-roles), but also the type of data (which may include sub-types). Third, OWL reasoner-enabled ontologies allow us to describe and manipulate the semantics of RBAC differently, and consequently to address the previous two problems efficiently. The contribution of this thesis is twofold. First, we propose semantic ontological reasoning processes, which are domain and implementation independent, and can be run from any distributed computing environment. This can be developed through integrated development environments such as NetBeans and using OWL APIs. Second, we have pioneered a way of exploiting OWL and its reasoners for the purpose of defining and manipulating the semantics of RBAC. Therefore, we automatically infer OWL concepts according to a specific stage that we define in our proposed reasoning processes. OWL ontologies are not static vocabularies of terms and constraints that define the semantics of RBAC. They are repositories of concepts that allow ad-hoc inference, with the ultimate goal in RBAC of granting permissions and denials.
8
Belokosztolszki, András. "Role-based access control policy administration." Thesis, University of Cambridge, 2004. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.615798.
9
Pang, Kenneth K. (Kenneth Kwok Kit) 1976. "Fine-grained event-based access control." Thesis, Massachusetts Institute of Technology, 1998. http://hdl.handle.net/1721.1/47532.
Анотація:
Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science; and, Thesis (B.S.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 1998.Includes bibliographical references (leaf 46).
by Kenneth K. Pang.
B.S.
M.Eng.
10
Montrieux, Lionel. "Model-based analysis of role-based access control." Thesis, Open University, 2013. http://oro.open.ac.uk/38672/.
Анотація:
Model-Driven Engineering (MDE) has been extensively studied. Many directions have been explored, sometimes with the dream of providing a fully integrated approach for designers, developers and other stakeholders to create, reason about and modify models representing software systems. Most, but not all, of the research in MDE has focused on general-purpose languages and models, such as Java and UML. Domain-specific and cross-cutting concerns, such as security, are increasingly essential parts of a software system, but are only treated as second-class citizens in the most popular modelling languages. Efforts have been made to give security, and in particular access control, a more prominent place in MDE, but most of these approaches require advanced knowledge in security, programming (often declarative), or both, making them difficult to use by less technically trained stakeholders. In this thesis, we propose an approach to modelling, analysing and automatically fixing role-based access control (RBAC) that does not require users to write code or queries themselves. To this end, we use two UML profiles and associated OCL constraints that provide the modelling and analysis features. We propose a taxonomy of OCL constraints and use it to define a partial order between categories of constraints, that we use to propose strategies to speed up the models’ evaluation time. Finally, by representing OCL constraints as constraints on a graph, we propose an automated approach for generating lists of model changes that can be applied to an incorrect model in order to fix it. All these features have been fully integrated into a UML modelling IDE, IBM Rational Software Architect.
11
Stenbakk, Bjørn-Erik Sæther, and Gunnar René Øie. "Role-Based Information Ranking and Access Control." Thesis, Norwegian University of Science and Technology, Department of Computer and Information Science, 2005. http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-9236.
Анотація:
This thesis presents a formal role-model based on a combination of approaches towards rolebased access control. This model is used both for access control and information ranking. Purpose: Healthcare information is required by law to be strictly secured. Thus an access control policy is needed, especially when this information is stored in a computer system. Roles, instead of just users, have been used for enforcing access control in computer systems. When a healthcare employee is granted access to information, only the relevant information should be presented by the system, providing better overview and highlighting critical information stored among less important data. The purpose of this thesis is to enable efficiency and quality improvements in healthcare by using IT-solutions that address both access control and information highlighting. Methods: We have developed a formal role model in a previous project. It has been manually tested, and some possible design choices were identified. The project report pointed out that more work was required, in the form of making design choices, implementing a prototype, and extending the model to comply with the Norwegian standard for electronic health records. In preparing this thesis, we reviewed literature about the extensions that we wanted to make to that model. This included deontic logic, delegation and temporal constraints. We made decisions on some of the possible design choices. Some of the topics that were presented in the previous project are also re-introduced in this thesis. The theories are explained through examples, which are later used as a basis for an illustrating scenario. The theory and scenario were used for requirement elicitation for the role-model, and for validating the model. Based on these requirements a formal role-model was developed. To comply with the Norwegian EHR standard the model includes delegation and context based access control. An access control list was also added to allow for patients to limit or deny access to their record information for any individual. To validate the model, we implemented parts of the model in Prolog and tested it with data from the scenario. Results: The test results show rankings for information and controls access to it correctly, thus validating the implemented parts of the model. Other results are a formal model, an executable implementation of parts of the model, recommendations for model design, and the scenario. Conclusions: Using the same role-model for access control and information ranking works, and allows using flexible ways to define policies and information needs.
12
Zhang, Xiushan. "L2 cache replacement based on inter-access time per access count prediction." Diss., Online access via UMI:, 2009.
13
Hu, Wendong. "Medium access control protocols for cognitive radio based dynamics spectrum access networks." Diss., Restricted to subscribing institutions, 2008. http://proquest.umi.com/pqdweb?did=1580792591&sid=28&Fmt=2&clientId=1564&RQT=309&VName=PQD.
14
Kutlu, Akif. "Wireless medium access control protocols for real-time industrial applications." Thesis, University of Sussex, 1997. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.362214.
Анотація:
Wireless Communication is the only solution for data transfer between mobile terminals to access the sensors and actuators in industrial environment Control Area Network (CAN) is desirable solution for many industrial applications since it meets the requirements of real-time transfer of messages between systems. In situations where the use of a cable is not feasible it is important and necessary to design wireless medium access control protocols for CAN to provide real-time communications. This thesis deals with modelling, simulation and performance analysis of wireless medium access control protocols for CAN. The main issue in this concept is to determine prioritisation of the messages in the wireless environment. In order to accomplish this, a Wireless Medium Access Control protocol called WMAC is first proposed for distributed environment. The prioritisation in the WMAC protocol is achieved by performing an operation of timing the interframe gap. In this method, every message within the network is assigned a unique time period before the transmission of the message. These individual time periods distinguish messages from each other and provides message priority. Second access method called Remote Frame Medium Access Control (RFMAC) protocol is proposed for centralised wireless environment. Since the central node organises the message traffic the prioritisation is accomplished automatically by the central node. Both protocols are evaluated by using simulation techniques. The third access method called Comb is designed by using an additional overhead which consist of binary sequence. The prioritisation in this access method is managed by the overhead. Additionally, the interconnection of wireless nodes is investigated. The results of the simulations and performance analysis show that the proposed protocols operating in the centralised and distributed environments are capable of supporting the prioritisation of the messages required for real-time industrial applications in a wireless environment.
15
Nadipelly, Vinaykumar. "Dynamic Scoping for Browser Based Access Control System." TopSCHOLAR®, 2012. http://digitalcommons.wku.edu/theses/1149.
Анотація:
We have inorganically increased the use of web applications to the point of using them for almost everything and making them an essential part of our everyday lives. As a result, the enhancement of privacy and security policies for the web applications is becoming increasingly essential. The importance and stateless nature of the web infrastructure made the web a preferred target of attacks. The current web access control system is a reason behind the victory of attacks. The current web consists of two major components, the browser and the server, where the effective access control system needs to be implemented. In terms of an access control system, the current web has adopted the inadequate same origin policy and same session policy for the browser and server, respectively. The current web access control system policies are sufficient for the earlier day's web, which became inadequate to address the protection needs of today's web.
In order to protect the web application from un-trusted contents, we provide an enhanced browser based access control system by enabling the dynamic scoping. Our security model for the browser will allow the client and trusted web application contents to share a common library and protect web contents from each other, while they still get executed at different trust levels. We have implemented a working model of an enhanced browser based access control system in Java, under the Lobo browser.
16
He, Qingfeng. "Requirements-Based Access Control Analysis and Policy Specification." NCSU, 2005. http://www.lib.ncsu.edu/theses/available/etd-08072005-113622/.
Анотація:
Access control is a mechanism for achieving confidentiality and integrity in software systems. Access control policies (ACPs) define how access is managed and the high-level rules of who can access what information under certain conditions. Traditionally, access control policies have been specified in an ad-hoc manner, leaving systems vulnerable to security breaches. ACP specification is often isolated from requirements analysis, resulting in policies that are not in compliance with system requirements. This dissertation introduces the Requirements-based Access Control Analysis and Policy Specification (ReCAPS) method for deriving access control policies from various sources, including software requirements specifications (SRS), software designs, and high-level security/privacy policies. The ReCAPS method is essentially an analysis method supported by a set of heuristics and a software tool: the Security and Privacy Requirements Analysis Tool (SPRAT). The method was developed in two formative case studies and validated in two summative case studies. All four case studies involved operational systems, and ReCAPS evolved as a result of the lessons learned from applying the method to these case studies. Further validation of the method was performed via an empirical study to evaluate the usefulness and effectiveness of the approach. Results from these evaluations indicate that the process and heuristics provided by the ReCAPS method are useful for specifying database-level and application-level ACPs. Additionally, ReCAPS integrates policy specification into software development, thus providing a basic framework for ensuring compliance between different levels of policies, system requirements and software design. The method also improves the quality of requirements specifications and system designs by clarifying ambiguities and resolving conflicts across these artifacts.
17
Chen, Liang. "Analyzing and developing role-based access control models." Thesis, Royal Holloway, University of London, 2011. http://repository.royalholloway.ac.uk/items/1de9694d-de0f-c437-5a35-82a813abdd1a/10/.
Анотація:
Role-based access control (RBAC) has become today's dominant access control model, and many of its theoretical and practical aspects are well understood. However, certain aspects of more advanced RBAC models, such as the relationship between permission usage and role activation and the interaction between inheritance and constraints, remain poorly understood. Moreover, the computational complexity of some important problems in RBAC remains unknown. In this thesis we consider these issues, develop new RBAC models and answer a number of these questions. We develop an extended RBAC model that proposes an alternative way to distinguish between activation and usage hierarchies. Our extended RBAC model has well-defined semantics, derived from a graph-based interpretation of RBAC state. Pervasive computing environments have created a requirement for access control systems in which authorization is dependent on spatio-temporal constraints. We develop a family of simple, expressive and flexible spatio-temporal RBAC models, and extend these models to include activation and usage hierarchies. Unlike existing work, our models address the interaction between spatio-temporal constraints and inheritance in RBAC, and are consistent and compatible with the ANSI RBAC standard. A number of interesting problems have been defined and studied in the context of RBAC recently. We explore some variations on the set cover problem and use these variations to establish the computational complexity of these problems. Most importantly, we prove that the minimal cover problem -- a generalization of the set cover problem -- is NP-hard. The minimal cover problem is then used to determine the complexity of the inter-domain role mapping problem and the user authorization query problem in RBAC. We also design a number of efficient heuristic algorithms to answer the minimal cover problem, and conduct experiments to evaluate the quality of these algorithms.
18
Wang, Kaining. "Context-based coalition access control for ubiquitous computing." Thesis, University of Ottawa (Canada), 2006. http://hdl.handle.net/10393/27193.
Анотація:
The need for coalition access control among individuals and organizations has increased significantly in the past years as the need for spontaneous access to information increases. However, a significant deterrent to the ability to connect in a spontaneous manner in coalition collaborative applications is the difficulty in users from different domains being able to access resources or services located and owned by other entities. Coalition access control encompasses control mechanisms dealing with access between users of two or more different organizations or enterprises. These users could be co-located or remotely located.
The thesis first presents a delegation based D-TMAC model that extends traditional TMAC across organizations for formal coalition environments, and a context-based coalition access control model, which apply context information as conditions on delegation. Then the thesis proposes a Session-based Coalition Access Control Architecture (SCACA) and provides practical implementation that enables dynamic coalition access control over a communication session in a spontaneous manner. The presented system architecture and methodology leverages the IETF SIP protocol as an underlying communication mechanism in order to greatly minimize the administration overhead and rapidly adapt the dynamic nature of access control in spontaneous coalition environments.
The result is that, during a spontaneous coalition communication across organizations, every endpoint can access other endpoints' resources and share its own resources to all the other endpoints as well. Moreover, these privileges will dynamically change as the status of the coalition communication changes.
19
Loock, Marianne. "CBAC – a model for conflict-based access control." Thesis, University of Pretoria, 2012. http://hdl.handle.net/2263/25423.
Анотація:
Organisations that seek a competitive advantage cannot afford to compromise their brand reputation or expose it to disrepute. When employees leek information, it is not only the breach of confidentiality that is a problem, but it also causes a major brand reputation problem for the organisation. Any possible breach of confidentiality should be minimised by implementing adequate security within the organisation and among its employees. An important issue to address is the development of suitable access control models that are able to restrict access not only to unauthorised data sets, but also to unauthorised combinations of data sets. Within organisations such as banks, clients may exist that are in conflict with one another. This conflict results from the fact that clients are functioning in the same business domain and that their information should be shielded from one another because they are in competition for various reasons. When information on any of these conflicting clients is extracted from their data sets via a data-mining process and used to their detriment or to the benefit of the guilty party, this is considered a breach of confidentiality. In data-mining environments, access control usually strips the data of any identity so as to concentrate on tendencies and ensure that data cannot be traced back to a respondent. There is an active research field in data mining that focuses specifically on ‘preserving’ the privacy of the data during the data-mining process. However, this approach does not account for those situations when data mining needs to be performed to give answers to specific clients. In such cases, when the clients’ identity cannot be stripped, it is essential to minimise the chances of a possible breach of confidentiality. For this reason, this thesis investigated an environment where conflicting clients’ information can easily be gathered and used or sold, as to justify the inclusion of conflict management in the proposed access control model. This thesis presents the Conflict-based Access Control (CBAC) model. The model makes it possible to manage conflict on different levels of severity among the clients of an organisation – not only as specified by the clients, but also as calculated by the organisation. Both types of conflict have their own cut-off points when the conflict is considered to be of no value any longer. Finally, a proof-of-concept prototype illustrates that the incorporation of conflict management is a viable solution to the problem of access control as it minimises the chances of a breach of confidentialityThesis (PhD)--University of Pretoria, 2012.
Computer Science
unrestricted
20
Davuluri, Chowdary Venkata Ram Mohan. "Role-Based Access Control in Collaborative Research Environments." The Ohio State University, 2010. http://rave.ohiolink.edu/etdc/view?acc_num=osu1285036690.
21
Shen, Ziyi. "Red Door: Firewall Based Access Control in ROS." Thesis, University of North Texas, 2020. https://digital.library.unt.edu/ark:/67531/metadc1752358/.
Анотація:
ROS is a set of computer operating system framework designed for robot software development, and Red Door, a lightweight software firewall that serves the ROS, is intended to strengthen its security. ROS has many flaws in security, such as clear text transmission of data, no authentication mechanism, etc. Red Door can achieve identity verification and access control policy with a small performance loss, all without modifying the ROS source code, to ensure the availability and authentication of ROS applications to the greatest extent.
22
Khayat, Etienne J. "Role-based access control (RBAC) : formal modelling and risk-based administration." Thesis, London South Bank University, 2006. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.435233.
23
Jemel, Mayssa. "Stockage des données locales : sécurité et disponibilité." Thesis, Paris, ENST, 2016. http://www.theses.fr/2016ENST0053.
Анотація:
Le progrès technologique offre désormais de plus en plus aux utilisateurs divers équipements connectés et intelligents. En conséquence, la gestion des données entre ces équipements a fait l’objet d’ un nombre croissant d’études. Les applications déjà proposées sont principalement basées sur des solutions propriétaires dites solutions privées ou fermées. Toutefois, cette stratégie a toujours montré ses insuffisances en termes de problèmes de sécurité, de coût, de simplicité pour les développeurs et de transparence des solutions. Migrant vers des solutions standardisées, HTML5 propose de nouvelles fonctionnalités pour répondre aux exigences des entreprises et des utilisateurs. L’objectif principal est de mettre à la disposition des développeurs web un langage simple pour la mise en œuvre des applications concurrentes à moindre coût. Ces applications ne sont pas liées ni aux dispositifs utilisés ni aux logiciels installés. Trois contributions font l’objet de nos travaux. Dans la première partie, nous proposons un Coffre Fort Client basé sur les APIs HTML5 de stockage. Tout d’abord, nous commençons par le renforcement de la sécurité de ces API pour fournir une base sécurisée à notre Coffre Fort Client. Dans la deuxième contribution, nous proposons un protocole de synchronisation appelé SyncDS qui est caractérisé par son efficacité avec une consommation minimale des ressources. Nous traitons enfin les problèmes de sécurité, et nous nous concentrons principalement sur le contrôle d’accès dans le cas de partage des données tout en respectant les exigences des Coffres FortsDue to technological advancements, people are constantly manipulating multiple connected and smart devices in their daily lives. Cross-device data management, therefore, remains the concern of several academic and industrial studies. The proposed frameworks are mainly based on proprietary solutions called private or closed solutions. This strategy has shown its deficiency on security issues, cost, developer support and customization. In recent years, however, the Web has faced a revolution in developing standardized solutions triggered by the significant improvements of HTML5. With this new version, innovative features and APIs are introduced to follow business and user requirements. The main purpose is to provide the web developer with a vendor-neutral language that enables the implementation of competing application with lower cost. These applications are related neither to the used devices nor to the installed software. The main motivation of this PhD thesis is to migrate towards the adoption of standardized solutions to ensure secure and reliable cross-device data management in both the client and server side. There is already a proposed standardized Cloud Digital Safe on the server side storage that follows the AFNOR specification while there is no standardized solution yet on the client-side. This thesis is focused on two main areas : 1) the proposal of a standardized Client Digital Safe where user data are stored locally and 2) the synchronization of these data between the Client and the Cloud Digital Safe and between the different user devices. We contribute in this research area in three ways. First, we propose a Client Digital Safe based on HTML5 Local Storage APIs. We start by strengthening the security of these APIs to be used by our Client Digital Safe. Second, we propose an efficient synchronization protocol called SyncDS with minimum resource consumption that ensures the synchronization of user data between the Client and the Cloud Digital Safe. Finally, we address security concerns, in particular, the access control on data sharing following the Digital Safe requirements
24
Rondinini, Giorgia. "Role-Based Access Control in ambienti cloud multi-region." Bachelor's thesis, Alma Mater Studiorum - Università di Bologna, 2020.
Анотація:
Negli ultimi anni si è assistito a un incremento dell'uso del cloud, con cambiamenti nel tipo di servizi distribuiti tramite esso e nel tipo di infrastruttura utilizzata per supportare tali servizi. Il comprensibile desiderio di migliorare i servizi offerti, diminuendo però i costi di gestione e manutenzione, sta portando infatti all'utilizzo di infrastrutture cloud eterogenee, spesso distribuite su più aree geografiche. Tale eterogeneità delle infrastrutture rende complicato garantire la sicurezza dei sistemi, in un mondo in cui gli attacchi informatici sono sempre più diffusi ed è sempre più importante impedire ai non autorizzati di accedere a dati e funzioni protette.
Lo scopo di questa tesi è creare un sistema di controllo degli accessi basato sui ruoli, o RBAC, atto a operare in modo distribuito in un ambiente cloud multi-region. Nei primi capitoli della tesi è descritto l'ambito in cui si è svolta la progettazione del sistema, ovvero il cloud computing e la sua sicurezza. Nel Capitolo 4 si trova una descrizione generale del sistema di gestione degli accessi creato. Successivamente sono stati spiegati gli strumenti utilizzati per la realizzazione del sistema e come esso sia stato creato. Negli ultimi capitoli sono poi riportati i test effettuati per valutare il sistema creato e i loro risultati.
25
Villegas, Wilfred. "A trust-based access control scheme for social networks." Thesis, McGill University, 2008. http://digitool.Library.McGill.CA:80/R/?func=dbin-jump-full&object_id=22020.
Анотація:
The personal data being published on online social networks is presenting new challenges in sharing of this digital content. This thesis proposes an access control scheme called Personal Data Access Control, or PDAC, which allows users to share data among their friends, using a trust computation to determine which friends should be given access. This trust computation uses previous interactions among a user's friends to classify his or her peers into one of three protection zones, which determine whether that peer gains access to the user's data. Additionally, the user may designate certain friends as attesters who will aid the user in determining which peers are trustworthy enough to be given access to his or her data. Simulations of the PDAC scheme were performed to evaluate its effectiveness in enforcing data access privileges. The results show that PDAC preserves confidentiality by exploiting the trust that is captured in existing social networks.Les données personnelles publiées sur internet par l'entremise des nouveaux réseaux sociaux virtuels présentent des défis considérables en ce qui attrait à l'échange numérique. Cette thèse propose un système de contrôle d'accès appelé Personal Data Access Control, ou PDAC, qui permet aux utilisateurs d'échanger leurs données personnelles avec leurs amis de façon mesurée, en utilisant un calcul de confiance. Ce calcul de confiance utilise comme critères d'évaluation les interactions antérieures entre l'utilisateur et chacun de ses amis afin de classer chacune de ses connaissances dans une de trois zones de protection. Ces zones délimitent le niveau d'accès accordé aux données de l'utilisateur. De plus, l'utilisateur peut assigner certains amis come vérificateurs qui donnent leur approbation et ainsi détermine en toute confidentialité qui devrait avoir accès a ses données. Nos résultats d'analyse démontrent que le PDAC accorde privilèges d'accès aux données de façon efficace. Ces simulations démontrent aussi que le PDAC préserve la confidentialité en saisissant les niveaux de confiance qui existe dans les réseaux sociaux virtuels d'aujourd'hui actuels.
26
Moré, Andre, and Ermias Gebremeskel. "HopsWorks : A project-based access control model for Hadoop." Thesis, KTH, Skolan för informations- och kommunikationsteknik (ICT), 2015. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-175742.
Анотація:
The growth in the global data gathering capacity is producing a vast amount of data which is getting vaster at an increasingly faster rate. This data properly analyzed can represent great opportunity for businesses, but processing it is a resource-intensive task. Sharing can increase efficiency due to reusability but there are legal and ethical questions that arise when data is shared. The purpose of this thesis is to gain an in depth understanding of the different access control methods that can be used to facilitate sharing, and choose one to implement on a platform that lets user analyze, share, and collaborate on, datasets. The resulting platform uses a project based access control on the API level and a fine-grained role based access control on the file system to give full control over the shared data to the data owner.I dagsläget så genereras och samlas det in oerhört stora mängder data som växer i ett allt högre tempo för varje dag som går. Den korrekt analyserade datan skulle kunna erbjuda stora möjligheter för företag men problemet är att det är väldigt resurskrävande att bearbeta. Att göra det möjligt för organisationer att dela med sig utav datan skulle effektivisera det hela tack vare återanvändandet av data men det dyker då upp olika frågor kring lagliga samt etiska aspekter när man delar dessa data. Syftet med denna rapport är att få en djupare förståelse för dom olika åtkomstmetoder som kan användas vid delning av data för att sedan kunna välja den metod som man ansett vara mest lämplig att använda sig utav i en plattform. Plattformen kommer att användas av användare som vill skapa projekt där man vill analysera, dela och arbeta med DataSets, vidare kommer plattformens säkerhet att implementeras med en projekt-baserad åtkomstkontroll på API nivå och detaljerad rollbaserad åtkomstkontroll på filsystemet för att ge dataägaren full kontroll över den data som delas
27
Kolovski, Vladimir. "A logic-based framework for Web access control policies." College Park, Md. : University of Maryland, 2008. http://hdl.handle.net/1903/8180.
Анотація:
Thesis (Ph. D.) -- University of Maryland, College Park, 2008.Thesis research directed by: Dept. of Computer Science. Title from t.p. of PDF. Includes bibliographical references. Published by UMI Dissertation Services, Ann Arbor, Mich. Also available in paper.
28
OLSSON, JOAKIM. "Method for gesture based authentication in physical access control." Thesis, KTH, Maskinkonstruktion (Inst.), 2016. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-209339.
Анотація:
ASSA Abloy är den största globala leverantören av intelligenta lås och säkerhetslösningar. Företaget strävar ständigt efter att utveckla nya och innovativa lösningar för fysisk passerkontroll. Ett koncept som företaget ville undersöka riktade sig mot att göra det möjligt för användaren att enkelt låsa upp en dörr med hjälp av gester, vilket resulterar i en användarvänlig upplevelse. Tanken var att använda en wearable som en credential-enhet och identifiera användarens gester med sensorerna som tillhandahålls av denna. Gesten som används i denna avhandling var knackar, vilket innebär att användaren låser uppdörren genom att knacka på den. Huvudsyftet med detta arbete var att utveckla ett system som tillåter knackar att användas som en metod för autentisering och att utvärdera systemet baserat på systemsäkerhet och användarvänlighet. Systemet som har utvecklats består av två accelerometersensorer; en belägen i wearablen och en belägen i låset/dörren. Signalerna från varje sensor bearbetas och analyseras för att detektera knackar. Tidskorrelationen mellan knackar som detekteras av varje sensor analyseras för att kontrollera att de härstammar från samma användare. En teoretisk modell av systemet har utvecklats för att underlätta utvärdering av systemet. Utvärderingen av systemet visade att både systemetsäkerheten och användarvänligheten uppnår tillfredsställande värden. Denna avhandling visar att konceptet har stor potential men det krävs ytterligare arbete. Metoderna som har används för att utvärdera systemet i denna avhandling kan på samma sätt användas för att utvärdera system under fortsatt arbete.ASSA Abloy is the largest global supplier of intelligent locks and security solutions. The company constantly strives to develop new and innovative solutions for physical access control. One concept the company wanted to investigate aimed to allow the user to effortlessly unlock a door using gestures, resulting in a seamless experience. The idea was to use a wearable as a credential device and identifying the user gestures with the sensors supplied by the wearable. The gesture used in this thesis project were knocks, meaning that the user unlocks the door by knocking on it. The main objective of this thesis project was to develop a system allowing knocks to be used as a method of authentication and evaluate the system based on system security and user convenience. The system developed consists of two accelerometer sensors; one located in the wearable and one located in the lock/door. The signals from each sensor are processed and analyzed to detect knocks. The time correlation between the knocks detected by each sensor are analyzed to verify that they originate from the same user. A theoretical model of the system was developed to facilitate the evaluation of the system. The evaluation of the system showed that both the system security and the user continence attained satisfying values. This thesis shows that the concept has high potential but further work is needed. The framework of methods used to evaluate the system in this thesis can in the same way be used to evaluate systems during any further work.
29
Jiangcheng, Qin. "User Behavior Trust Based Cloud Computing Access Control Model." Thesis, Blekinge Tekniska Högskola, Institutionen för datalogi och datorsystemteknik, 2016. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-12708.
Анотація:
Context. With the development of computer software, hardware, and communication technologies, a new type of human-centered computing model, called Cloud Computing (CC) has been established as a commercial computer network service. However, the openness of CC brings huge security challenge to the identity-based access control system, as it not able to effectively prevent malicious users accessing; information security problems, system stability problems, and also the trust issues between cloud service users (CSUs) and cloud service providers (CSPs) are arising therefrom. User behavior trust (UBT) evaluation is a valid method to solve security dilemmas of identity-based access control system, but current studies of UBT based access control model is still not mature enough, existing the problems like UBT evaluation complexity, trust dynamic update efficiency, evaluation accuracy, etc. Objective. The aim of the study is to design and develop an improved UBT based CC access control model compare to the current state-of-art. Including an improved UBT evaluation method, able to reflect the user’s credibility according to the user’s interaction behavior, provides access control model with valid evidence to making access control decision; and a dynamic authorization control and re-allocation strategy, able to timely response to user’s malicious behavior during entire interaction process through real-time behavior trust evaluation. Timely updating CSUs trust value and re-allocating authority degree. Methods. This study presented a systematical literature review (SLR) to identify the working structure of UBT based access control model; summarize the CSUs’ behaviors that can be collected as UBT evaluation evidence; identify the attributes of trust that will affect the accuracy of UBT evaluation; and evaluated the current state-of-art of UBT based access control models and their potential advantages, opportunities, and weaknesses. Using the acquired knowledge, design a UBT based access control model, and adopt prototype method to simulate the performance of the model, in order to verify its validation, verify improvements, and limitations. Results. Through the SLR, two types of UBT based access control model working structures are identified and illustrated, essential elements are summarized, and a dynamic trust and access update module is described; 23 CSU’s behavior evidence items are identified and classified into three classes; four important trust attributes, influences, and corresponding countermeasures are identified and summarized; and eight current state-of-art of UBT based access control models are identified and evaluated. A Triple Dynamic Window based Access Control model (TDW) was designed and established as a prototype, the simulation result indicates the TDW model is well performed on the trust fraud problem and trust expiration problem. Conclusions. From the research results that we obtained from this study, we have identified several basic elements of UBT evaluation method, evaluated the current state-of-art UBT based access control models. Towards the weaknesses of trust fraud prevention and trust expiration problem, this paper designed a TDW based access control model. In comparing to the current state-of-art of UBT models, the TDW model has the following advantages, such as it is effectively preventing trust fraud problem with “slow rise” principle, able to timely response to malicious behavior by constantly aggravate punishment strategy (“rapid decrease” principle), effectively prevent malicious behavior and malicious user, and able to reflect the recent credibility of accessing user by expired trust update strategy and most recent trust calculation; finally, it has simple and customizable data structure, simple trust evaluation method, which has good scalability.
30
Subedi, Harendra. "Mathematical Modelling of Delegation in Role Based Access Control." Thesis, KTH, Skolan för informations- och kommunikationsteknik (ICT), 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-222381.
Анотація:
One of the most widespread access control model that assigns permissions to a user is Role Based Access Control (RBAC). The basic idea is to limit the access to resources by using the indirection of roles, which are associated both to users and permissions. There has been research conducted with respect to clarifying RBAC and its components, as well as in creating mathematical models describing different aspects of its administrative issues in RBAC. But, till date no work has been done in terms of formalization (Mathematical Modelling) of delegation and revocation of roles in RBAC. Which provides most important extensions of the policy and provides flexibility in the user to user delegation of roles, especially in the environment where roles are organized in a hierarchy. The process allows a user with a role that is higher in the hierarchy to assign a part of the role to someone who is lower in the hierarchy or at the same level. This can be done for a limited time or permanently. The reverse process is called revocation and it consists of ending different types of delegations. This thesis has found the answer to the following research question i.e. how different mathematical Modelling for delegation and revocation of Roles in RBAC can be performed? This thesis presents different types of delegation and techniques for revocation with a comprehensive mathematical Modelling of both processes. As this can be clearly visible that this thesis objective is to derive a mathematical models for delegation and revocation of roles in RBAC policy, for deriving mathematical models formal method is applied. The mathematical models developed include grant and transfer delegation with and without role hierarchy, time based revocation, user based revocation and cascading revocation. The case scenario of an organization using RBAC is used to illustrate and clarify the mathematical models. The mathematical models presented here can serve as a starting point for developing, implementations of delegation and revocation on top of existing authorization modules based on the RBAC model.
31
Rohrer, Felix. "DR BACA: dynamic role based access control for Android." Thesis, Boston University, 2013. https://hdl.handle.net/2144/12203.
Анотація:
Thesis (M.S.)--Boston UniversityAndroid, as an open platform, dominates the booming mobile market. However, its permission mechanism is inflexible and often results in over-privileged applications. This in turn creates severe security issues. Aiming to support the Principle of Least Privilege, we propose a Dynamic Role Based Access Control for Android (DR BACA) model and implement the DR BACA system to address these problems. Our system offers multi-user management on Android mobile devices, comparable to traditional workstations, and provides fine-grained Role Based Access Control (RBAC) to en- hance Android security at both the application and permission level. Moreover, by leveraging context-aware capabilities of mobile devices and Near Field communication (NFC) technology, our solution supports dynamic RBAC that provides more flexible access control while still being able to mitigate some of the most serious security risks on mobile devices. The DR BACA system is highly scalable, suitable for both end- users and large business environments. It simplifies configuration and management of Android devices and can help enterprises to deal with security issues by implementing a uniform security policy. We show that our DR BACA system can be deployed and used with eet:se. With a proper security policy, our evaluation shows that DR BACA can effectively mitigate the security risks posed by both malicious and vulnerable non-malicious applications while incurring only a small overall system overhead.
32
Ramesh, Chithrupa. "Contention-based Multiple Access Architectures for Networked Control Systems." Licentiate thesis, KTH, Reglerteknik, 2011. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-29781.
Анотація:
Networked Control Systems (NCSs) use a wireless network for communication between sensors and controllers, and require a Medium Access Controller (MAC) to arbitrate access to the shared medium. Traditionally, a MAC for control systems is chosen primarily based on the delay it introduces in the closed loop. This thesis focuses on the design of a contention-based MAC, in a time-varying, resource-constrained network for closed loop systems. In this thesis, we advocate the use of a state-aware MAC, as opposed to an agnostic MAC, for NCSs. A state-aware MAC uses the state of the plant to influence access to the network. The state-aware policy is realized using two different approaches in the MAC: a regulatory formulation and an adaptive prioritization. Our first approach is a regulatory MAC, which serves to reduce the traffic in the network. We use a local state-based scheduler to select a few critical data packets to send to the MAC. We analyze the impact of such a scheduler on the closed loop system, and show that there is a dual effect for the control signal, which makes determining the optimal controller difficult. We also identify restrictions on the scheduling criterion that result in a separation of the scheduler, observer and controller designs. Our second approach is a prioritized MAC that uses state-based priorities called Attentions, to determine access to the network. We use a dominance protocol called tournaments, to evaluate priorities in a contention-based setting, and analyze the resulting performance of the MAC. We also consider a NCS that uses a wireless multihop mesh network for communication between the controller and actuator. We design an optimal controller, which uses packet delivery predictions from a recursive Bayesian network estimator.QC 20110216
33
Alohaly, Manar Fathi. "Frameworks for Attribute-Based Access Control (ABAC) Policy Engineering." Thesis, University of North Texas, 2020. https://digital.library.unt.edu/ark:/67531/metadc1707241/.
Анотація:
In this disseration we propose semi-automated top-down policy engineering approaches for attribute-based access control (ABAC) development. Further, we propose a hybrid ABAC policy engineering approach to combine the benefits and address the shortcomings of both top-down and bottom-up approaches. In particular, we propose three frameworks: (i) ABAC attributes extraction, (ii) ABAC constraints extraction, and (iii) hybrid ABAC policy engineering. Attributes extraction framework comprises of five modules that operate together to extract attributes values from natural language access control policies (NLACPs); map the extracted values to attribute keys; and assign each key-value pair to an appropriate entity. For ABAC constraints extraction framework, we design a two-phase process to extract ABAC constraints from NLACPs. The process begins with the identification phase which focuses on identifying the right boundary of constraint expressions. Next is the normalization phase, that aims at extracting the actual elements that pose a constraint. On the other hand, our hybrid ABAC policy engineering framework consists of 5 modules. This framework combines top-down and bottom-up policy engineering techniques to overcome the shortcomings of both approaches and to generate policies that are more intuitive and relevant to actual organization policies. With this, we believe that our work takes essential steps towards a semi-automated ABAC policy development experience.
34
Adams, William Joseph. "Decentralized Trust-Based Access Control for Dynamic Collaborative Environments." Diss., Virginia Tech, 2006. http://hdl.handle.net/10919/26592.
Анотація:
The goal of this research was to create a decentralized trust-based access control (TBAC) system for a dynamic
collaborative environment (DCE). By building a privilege management infrastructure (PMI) based on trust, user
access was determined using behavior grading without the need for pre-configured, centrally managed role
hierarchies or permission sets. The PMI provided TBAC suitable for deployment in a rapidly assembled, highly
fluid, collaborative environment.DCEs were assembled and changed membership as required to achieve the goals of the group. A feature of these environments was that there was no way of knowing who would join the group, no way of refusing anyone entry into group, and no way of determining how long members would remain in the group. DCEs were formed quickly to enable participants to share information while, at the same time, allowing them to retain control over the resources that they brought with them to the coalition.
This research progressed the state of the art in the fields of access control and trust management. The Trust Management System developed through this research effectively implemented a decentralized access control scheme. Each resource owner independently evaluated the reputation and risk of network members to make access decisions. Because the PMI system used past behavior as an indication of future performance, no a priori user or resource configuration was required.
Ph. D.
35
Park, Sang Mork. "PRIVACY-PRESERVING ATTRIBUTE-BASED ACCESS CONTROL IN A GRID." Wright State University / OhioLINK, 2010. http://rave.ohiolink.edu/etdc/view?acc_num=wright1283121251.
36
Balasubramanian, Kavitha. "Channel adaptive real-time medium access control protocols for industrial wireless networks." [Ames, Iowa : Iowa State University], 2007.
37
Cheng, Zhuo. "Hybrid Power Control in Time Division Scheduling Wideband Code Division Multiplex Access." Thesis, KTH, Kommunikationssystem, CoS, 2011. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-91097.
Анотація:
With high date rates using Enhanced Uplink (EUL), a conventional signal to interference ratio (SIR) based power control algorithm may lead to a power rush due to self interference or incompatible SIR target [2]. Time division (TD) scheduling in Wideband Code Division Multiplex Access (WCDMA) is considered to be a key feature in achieving high user data rates. Unfortunately, power oscillation/peak is observed in time division multiplexing (TDM) at the transition between active and inactive transmission time intervals [1]. Therefore there is a need to revisit power control algorithms for different time division scheduling scenarios. The objective of power control in the context of this study is to minimize the required rise over thermal noise (RoT) for a given data rate, subject to the constraint that the physical layer control channel quality is sufficient (assuming that the dedicated physical control channel (DPCCH) SIR should not go below 3dB with a probability of at most 5%). Another goal is to minimize the local oscillation in power (power peaks) that may occur, for example due to transitions between active and inactive transmission time intervals. The considered hybrid power control schemes are: (1) non-parametric Generalized rake receiver SIR (GSIR) Inner Loop Power Control (ILPC) during active transmission time intervals + Received Signal Code Power (RSCP) ILPC during inactive transmission time intervals and (2) RSCP ILPC during active transmission time intervals + GSIR ILPC during inactive transmission time intervals. Both schemes are compared with pure GSIR and pure RSCP ILPC. Link level simulations with multiple users connected to a single cell show that: The power peak problem is obviously observed in GSIR + GSIR transmit power control (TPC), but in general it performs well in all time division scenarios studied. GSIR outperforms other TPC methods in terms of RoT, especially in the TU channel model. This is because it is good in combating instantaneously changed fading and accurately estimates SIR. Among all TPC methods presented, GSIR + GSIR TPC is best in maintaining the quality of the DPCCH channel. No power rush is observed when using GSIR + GSIR TPC. RSCP + RSCP eliminates the power peak problem and outperforms other TPC methods presented under the 3GPP Pedestrial A (pedA) 3km/h channel in terms of RoT. However, in general it is worse in maintaining the control channel’s quality than GSIR + GSIR TPC. GSIR + RSCP ILPC eliminates the power peak problem and out-performs GSIR power control in the scenario of 2 and 4 TDM high data rate (HDR) UE and 2 TDM HDR UE coexistence with 4 Code DivisionMultiplex (CDM) LDR UE, in the pedA 3km/h channel, in terms of RoT. However, the control channel quality is not maintained as well during inactive transmission time intervals. It is not recommended to use RSCP + GSIR TPC since it performs worst among these TPC methods for most of the cases in terms of RoT, even though it is the second best in maintaining the control channel quality. The power peak is visible when using RSCP + GSIR TPC. To maintain the control channel’s quality, a minimum SIR condition is always used on top of all proposed TPC methods. However, when there are several connected TDM HDR UEs in the cell, results indicates that it is challenging to meet the quality requirement on the control channels. So it may become necessary to limit the number of connected terminals in a cell in a time division scenario.Med den höga datahastighet som Enhanced Uplink (EUL) medger kan en konventionell algoritm för effektkontroll baserad på signal to interference ratio (SIR) leda till effekthöjning beroende på självinterferens eller felaktigt SIR mål. Time division (TD) schedulering vid Wideband Code Division Multiple Access (WCDMA) anses vara en nyckelfunktion för att uppnå höga datahastigheter. I övergången mellan aktiv och inaktiv transmissionstidsintervall vid time division multiplexing (TDM) har effektoscillering/effektpeak observerats. Detta gör det nödvändigt att se över algoritmerna för effektkontroll vid olika scenarion av TD schedulering. Målet med effektkontrollen i denna studie är att minimera rise over thermal noise (RoT) för en given datahastighet givet begränsningen att kvaliteten på physical layer control channel är tillräcklig (beaktande att dedicated physical control channel (DPCCH) SIR inte understiger 3dB med en sannolikhet på som mest 5%). Ett annat mål är att minimera den lokala effektoscillationen (effektpeakar) som kan inträffa till exempel vid övergång mellan aktiv och inaktiv transmissionstidsintervall. De undersökta hybrida metoderna för effektkontroll är: (1) icke-parametrisk Generalized rake receiver SIR (GSIR) Inner Loop Power Control (ILPC) vid aktiv transmissionstidsintervall + Received Signal Code Power (RSCP) ILPC vid inaktiv transmissionstidsintervall och (2) RSCP ILPC under aktiv transmissionstidsintervall + GSIR ILPC under inaktiv transmissiontidsintervall. Båda metoderna jämförs med ren GSIR och ren RSCP ILPC. Länk nivå simulering med flera användare anslutna till en enda cell visar att: Problemet med effektpeakar observeras tydligt vid GSIR + GSIR transmit power control (TPC) men generellt sett presterar den bra i alla studerade TD scenarion. GSIR presterar bättre än andra TPC metoder beträffande RoT, speciellt i TU kanal modellen. Detta beror på att metoden är bra på att motverka momentant förändrad fading och med god precision estimerar SIR. Bland alla presenterade TPC metoder är GSIR + GSIR TPC den bästa på att behålla en god kvalitet på DPCCH kanalen. Ingen effekthöjning har observerats vid GSIR + GSIR TPC. RSCP + RSCP eliminerar problemet med effektpeakar och presterar bättre än andra TPC metoder presenterade under 3GPPs Pedestrial A (pedA) 3km/h kanal beträffande RoT. Dock är metoden generellt sett sämre på att behålla kontrollkanalens kvalitet än GSIR + GSIR TPC. GSIR + GSIR ILPC eliminerar problemet med effektpeakar och presterar bättre än GSIR power control i ett scenario med 2 och 4 TDM high data rate (HDR) UE och 2 TDM HDR UE tillsammans med 4 Code Division Multiplex (CDM) LDR UE i pedA 3km/h kanalen beträffande RoT. Dock kan inte kvaliteten på kontrollkanalen behållas i detta fall heller under inaktiv transmissionstidsintervall. Det är inte rekommenderat att använda RSCP + GSIR TPC eftersom den presterar sämst av alla TPC metoder beträffande RoT i de allra flesta fall. Till dess fördel är att den är den näst bästa på att behålla kvaliteten på kontrollkanalen. Effektpeakar har observerats när RSCP + GSIR TPC använts. För att behålla kontrollkanalens kvalitet används alltid en minimum SIR nivå ovanpå alla föreslagna TPC metoder. När det finns flera anslutna TDM HDR UEs i cellen indikerar resultaten att det är en utmaning att behålla kvalitetskraven på kontrollkanalen. På grund av detta kan det bli nödvändigt att begränsa antalet anslutna terminaler i en cell i ett TD scenario.
38
Neekzad, Behnam. "Space-time behavior of millimeter wave channel and directional medium access control." College Park, Md.: University of Maryland, 2008. http://hdl.handle.net/1903/8181.
Анотація:
Thesis (Ph. D.) -- University of Maryland, College Park, 2008.Thesis research directed by: Dept. of Electrical and Computer Engineering. Title from t.p. of PDF. Includes bibliographical references. Published by UMI Dissertation Services, Ann Arbor, Mich. Also available in paper.
39
Geepalla, Emsaieb Mosbah. "Model-driven approaches to analysing time- and location-dependent access control specifications." Thesis, University of Birmingham, 2013. http://etheses.bham.ac.uk//id/eprint/4562/.
Анотація:
This thesis deals with a challenging problem related to the analysis of Access Control systems which depend on time and location against undesirable scenarios such as inconsistency. In particular, this thesis first provides formal algebraic notations for the Access Control specifications in the context of a Spatio- Temporal Role Based Access Control (STRBAC) model. In order to analyse STRBAC specifications to detect inconsistencies and semi-consistencies, this thesis utilises Alloy and Timed Automata. A key challenge is how to automatically generate analysable formalisation such as Alloy and Timed Automata from the specifications. This thesis employs Model-Driven Architecture (MDA) technology to automate the transformation of the STRBAC model to Alloy as well as to Timed Automata and Timed Computation Tree Logic (TCTL). This is accomplished by defining one set of transformation rules for mapping STRBAC features to Alloy features and another set for mapping the features of the STRBAC model to Timed Automata and TCTL features. In addition, we present a comparative study between Alloy and Timed Automata from capability and performance points of view, following which we demonstrate that current Access Control models are not adequate for representing Physical Access Control (PAC) specifications and then discuss some of the limitations of the current models, which we highlight by conducting a case study involving the modelling of an Access Control mechanism used by British Telecom (BT). To overcome such limitations, we present an extension of the STRBAC model which considers the physical aspects of Access Control systems.
40
Manian, Vijay. "Voting enabled role-based access control model for distributed collaboration." [Gainesville, Fla.] : University of Florida, 2005. http://purl.fcla.edu/fcla/etd/UFE0011941.
41
Sun, Xumin 1972. "Medium access control with congestion feedback in CDMA based networks." Thesis, McGill University, 2000. http://digitool.Library.McGill.CA:80/R/?func=dbin-jump-full&object_id=33347.
Анотація:
The research reported here deals with the design of the uplink flow control in a CDMA-based wireless access network. Demand from each source is assumed infinitely divisible, the control is rate-based and the service model is ATM/ABR (Available Bit Rate). The flow control problem in general is to manage---dynamically, and subject to prescribed constraints on transmitter power and signal-to-interference ratio---the instantaneous allocation of rate to individual sources. Our particular interest is in settings where the controller has access to information on downstream congestion (real or virtual) for each connection, and where quality-of-service is specified on time scales that are slow relative to the rate of channel variation. Our objective is to exploit the congestion feedback, as well as the temporal flexibility in the quality-of-service specification, to refine the match between resource allocation and need. We propose a framework in which the problem can be posed precisely, and provide a solution in the case that there is but a single base station. The solution has two components. One describes the set of rate allocations that are consistent with the power and SIR constraints. The other uses the congestion feedback, modeled by the states of certain reference buffers downstream of the base station, to select a specific rate allocation within the admissible rate region. The benefit in terms of call-carrying capacity is indicated through simulations.
42
Hsu, Chen-Ning, and 徐振寧. "Authorization-based Access Control with Time-range Limitation for App Transfer." Thesis, 2015. http://ndltd.ncl.edu.tw/handle/85249397571134628867.
Анотація:
碩士國立臺灣科技大學
資訊管理系
103
This paper design a mechanism of Authorization-based Access Control with Time-range Limitation for App Transfer. Developers upload App to the App Market, afterward he can select the setting for time-zone that can transfer App. When users download the App from the App Market, it will simultaneously obtain authorized time message of App. We propose the method for using the concept of hash functions, setting to a time-zone while we conduct a hash operation of hash value. Therefore we through several times multiple hash operation, we can obtain for several continuous time segments.
43
Chu, Shao-I., and 朱紹儀. "Research on Time-of-day Internet Access Management by Quota-based Priority Control." Thesis, 2007. http://ndltd.ncl.edu.tw/handle/61428458158295196807.
Анотація:
博士國立臺灣大學
電機工程學研究所
95
There exists abusive and unfair Internet access during peak hours by users of a free-of-charge or flat-rate network even under a quota-based priority control (QPC). To effectively managing the Internet access over time based on QPC, this thesis studies and analyzes two classes of schemes: time-of-day pricing (TDP) and quota scheduling (QS). TDP is an incentive control method, where users can flexibly allocate the daily quota by virtual price. QS allocates the daily quota to individual time periods to directly and forcedly limit the maximum volume usage of each user during peak hours. The TDP design takes advantage of the empirical data to characterize user demand and quota-allocation behavior with respect to time and pricing. In-depth analyses of empirical data reveal distinctive behavior patterns of myopic and prudent quota allocations over time and both patterns indicate high preference for peak-hour access. The user models adopt general utility functions and capture how pricing affects user behavior as prudent or myopic. Preference parameters of users’ utility over time are then estimated by collecting easily measurable user volumes. The TDP design problem is then formulated and solved as a Stackelberg game. Numerical results shows that the TDP design leads to significant improvements in peak-hour abuse and fairness, peak shaving and load balancing over pure QPC. The methodology of TDP requires only two simple and short-period data collections from an operational network. One is from the network with QPC; the other is from the network without quota control. Results demonstrate the effectiveness of TDP design methodology when applied to Internet access environments with frequent changes. Two QS schemes, load balancing-based quota scheduling (LB-QS) and peak shaving-based quota scheduling (PS-QS), are proposed. LB-QS intends to equalize average traffic over time by proportional quota allocation to time periods of control. There is no empirical data of traffic usage needed for the LB-QS design. PS-QS aims at reducing total traffic of peak hours by utilizing an aggregate empirical data-based user model. This model needs the measurement data collected from a network with QPC to approximate user quota allocation behavior over time. Both QS schemes are compulsive control measures. Performances of TDP and QS are evaluated and compared over the empirical data of a 5000-user network. Results demonstrate TDP significantly outperforms both LB-QS and PS-QS in regulating the Internet access over time. This is because TDP exploits user behavior modeling and pricing to induce user behavior over time, avoiding congestion at the time of quota renewal. As for calculation complexity, the TDP design needs to solve an optimization problem, while the QS design only requires simple mathematical operations. However, the CPU time for TDP calculation takes about 1 minute. Recommendations are given for selecting an effective Internet access scheme based on data availability and traffic pattern over time. We further study how to manage the user traffic over a profitable and multi-service network by designing pricing and bandwidth allocation at the same time. Although pricing and bandwidth allocation of individual services are two important and coupled resource management functions, they are treated separately in most of the literature. In this thesis, we design for a service provider an integrated pricing and bandwidth allocation (IPBA) scheme for a popular network service, where each user is guaranteed with a minimum bandwidth for transmission according to the service class subscribed. Revenue maximization of service provisioning is the service provider’s objective. The design problem is formulated as a nonlinear programming problem. It adopts an empirical user demand model, where a user’s usage time for a service class is a function of prices. Constrained by the total bandwidth limitation, the revenue-maximizing price design induces user demands for individual classes, which in turn determines an optimal allocation of bandwidth. Analyses of the IPBA solution demonstrate that the price increases with traffic intensity while the bandwidth allocation is insensitive to the variation. Results also reveal that when users’ demand for a class is relatively sensitive to the price of other class. Over the same network capacity, the total revenue of offering more than one service classes is higher than that of offering only single service class.
44
Chu, Shao-I. "Research on Time-of-day Internet Access Management by Quota-based Priority Control." 2007. http://www.cetd.com.tw/ec/thesisdetail.aspx?etdun=U0001-1007200711363700.
45
Lin, Mu-Ting, and 林睦庭. "A Study on Time-Based Assured Deletion and Access Control in Cloud Storage Service." Thesis, 2014. http://ndltd.ncl.edu.tw/handle/12877450973031200134.
Анотація:
碩士國立中興大學
資訊管理學系所
102
Cloud storage brings us a different view about storage and changes our life. From the files have to save in the disk or USB and carry around to as long as there has Internet that can download the files we need. For fault-tolerance, the files store in the cloud must have backed up, which maintain by the cloud vendor. However, there has danger that even deleted the files, the employee in cloud vendor may still own the backups, and the sensitive data may be leakage. This study proposed a time-based assured deletion for protecting the file in cloud storage for different structures. Time-based assured deletion means when creating the file, user can assign a deletion time to it. Before the deletion time, user can access the file in anytime. While the deletion time passing, the file is deleting and permanently inaccessible to anybody. It is to avoid someone may still own the file backup upon request of deleting files. The structure proposed by this study can apply on single user or organization that interacts with cloud storage to increase its practicality. Besides, the access control also proposes to protect files from unauthorized access before achieving deletion time. This study provides visions of incorporating value-added security features into today's cloud storage service.
46
Gama, Sithembiso G. "Energy efficient distributed receiver based cooperative medium access control protocol for wireless sensor networks." Thesis, 2013. http://hdl.handle.net/10413/11421.
Анотація:
Wireless sensor networks are battery operated computing and sensing devices that collaborate to
achieve a common goal for a specific application. They are formed by a cluster of sensor nodes
where each sensor node is composed of a single chip with embedded memory (microprocessor), a
transceiver for transmission and reception (resulting in the most energy consumption), a sensor device
for event detection and a power source to keep the node alive. Due to the environmental nature
of their application, it is not feasible to change or charge the power source once a sensor node is deployed.
The main design objective in WSNs (Wireless Sensor Networks) is to define effective and
efficient strategies to conserve energy for the nodes in the network. With regard to the transceiver,
the highest consumer of energy in a sensor node, the factors contributing to energy consumption in
wireless sensor networks include idle listening, where nodes keep listening on the channel with no
data to receive; ovehearing, where nodes hears or intercept data that is meant for a different node;
and collision, which occurs at the sink node when it receives data from different nodes at the same
time. These factors all arise during transmission or reception of data in the Transceiver module in
wireless sensor networks.
A MAC (Medium Access Control) protocol is one of the techniques that enables successful operation
while minimizing the energy consumption in the network. Its task is to avoid collision,
reduce overhearing and to reduce idle listening by properly managing the state of each node in the
network. The aim, when designing a MAC protocol for WSNs is to achieve a balance amongst
minimum energy consumption, minimum latency, maximum fault-tolerance and providing QoS
(Quality of Service).
To carefully achieve this balance, this dissertation has proposed, designed, simulated and analyzed
a new cooperative MAC scheme with an overhearing avoidance technique with the aim of
minimizing energy consumption by attempting to minimize the overhearing in the WSN. The new
MAC protocol for WSNs supports the cooperative diversity and overhearing communications in
order to reduce the effects of energy consumption thus increase the network lifetime, providing improved
communication reliability and further mitigating the effects of multipath fading in WSNs.
The MAC scheme in this work focuses on cooperation with overhearing avoidance and reducing
transmissions in case of link failures in order to minimize energy consumption. The cooperative
MAC scheme presented herein uses the standard IEEE 802.15.4 scheme as its base physical
model. It introduces cooperation, overhearing avoidance, receiver based relay node selection and a Markov-based channel state estimation. The performance analysis of the developed Energy Efficient
Distributed Receiver based MAC (E2DRCMAC) protocol for WSNs shows an improvement
from the standard IEEE 802.15.4 MAC layer with regard to the energy consumption, throughput,
reliability of message delivery, bit error rates, system capacity, packet delay, packet error rates, and
packet delivery ratios.M.Sc.Eng. University of KwaZulu-Natal, Durban 2013.
47
Watwe, Siddharth P. "Efficient Schemes for Improving the Performance of Clock Synchronization Protocols in Wireless Sensor Networks Using TDMA- based MAC Protocols." Thesis, 2015. http://etd.iisc.ernet.in/2005/3550.
Анотація:
Clock synchronization in a wireless sensor network (WSN) is essential as it provides
a consistent and a coherent time frame for all the nodes across the network. Typically,
clock synchronization is achieved by message passing using carrier sense multiple
access (CSMA) for media access. The nodes try to synchronize with each other, by
sending synchronization request messages. If many nodes try to send messages simultaneously, contention-based schemes cannot efficiently avoid collisions which results in message losses and affects the synchronization accuracy. Since the nodes in a WSN have limited energy, it is required that the energy consumed by the clock synchronization protocols is as minimum as possible. This can be achieved by reducing the duration for which the clock synchronization protocols execute. Synchronous clock synchronization
protocols in WSNs execute the clock synchronization process at each node, roughly
during the same real-time interval, called synchronization phase. The duration when
there is no synchronization activity is called the synchronization interval. Synchronization phases are divided into synchronization rounds. The energy consumed by these protocols depends on the duration of the synchronization phase and how frequently the synchronization phase is executed. Hence, to minimize the energy consumption by each
node, the duration of synchronization phase should be as small as possible. Due to different drift rates of the clocks, the synchronization phases at different nodes drift apart and special techniques are required to keep them in sync. An existing protocol, called improved weighted-average based clock synchronization (IWICS) uses a pullback technique to achieve this. If a message from (i + 1)th synchronization round is received by a node still executing the ith synchronization round, the receiving node reduces its next synchronization interval to ensure greater overlap in the synchronization rounds. The reduction in overlap is a gradual and continuous phenomenon, and so, it can be detected and dealt with continuously.
In this thesis, first, we make use of TDMA-based MAC protocols, instead of CSMA, to
deal with the problem of message losses. We discuss the challenges of using TDMA-based
MAC protocols for clock synchronization and how to overcome these challenges. Second,
The IWICS protocol calculates the virtual drift rate which we use to modify the duration of the synchronization interval so that there is more overlap between the synchronization phases of neighbouring nodes. We refer to this technique as drift rate correction. Finally, we propose a different pullback technique where the pullback detection is carried out in each of the synchronization phase as opposed to the old pullback mechanism where it would be detected only when an out-of-round synchronization message is received.
The proposed pullback technique when applied to the current synchronization interval
ensures that the synchronization phases, that follow the current synchronization interval,
are better synchronized with each other. As a result of this, we are able to reduce
the duration of synchronization phases further. The IWICS protocol with all these
modifications incorporated is termed as the TIWICS (TDMA-based IWICS) protocol.
Simulation and experimental results confirm that the TIWICS protocol performs better
in comparison to the existing protocols.
48
Yu, Jiunn-Der, and 余俊德. "Job-Based Access Control Model." Thesis, 1999. http://ndltd.ncl.edu.tw/handle/49551906890045281070.
Анотація:
碩士元智大學
電機與資訊工程研究所
87
Due to the popularity of the Internet and electronic commerce, information security technology becomes more and more important. Generally speaking, information security technology includes authentication, data encryption and decryption, key management and access control and so. In this plan we will study the access control model. The purpose of access control is to limit the permission and action of the legal users. Traditional access control methods, such as the access control matrix, access control lists(ACLs), mandatory access control (MAC) and discretionary access control (DAC), can not satisfy the needs of today’s demand. The Role-Based access control (RBAC), suggested by National Institute of Standards and Technology (NIST), is the access control model. In RBAC, permissions are associated with roles. How to perform permission assignment for objects and users for a complex is a problem. This paper will discuss permission assignment of objects and address an access control model to solve the problems of RBAC.
49
Huang, Tzu-Wei, and 黃賜瑋. "Distributed Task-Role Based Access Control." Thesis, 2004. http://ndltd.ncl.edu.tw/handle/72068048471456468998.
Анотація:
碩士國立成功大學
會計學系碩博士班
92
This research project applies the Task-Role Based Access Control mechanism to a distributed (database) environment. The Task-Role Based Access Control mechanism has a secure trusted computing based component that the traditional RBAC approach falls short of. This secure trusted computing-based component is designed according to secure trusted computing-based algorithm, which ensures the security and integrity of schedule transactions. In order to investigate its practical implications, we will apply the DTRBAC approach to a case study of a multi-national enterprise.
50
Huang, Wan-Ling, and 黃婉琳. "The Distributed Role-based Access Control." Thesis, 1998. http://ndltd.ncl.edu.tw/handle/80632796341997456133.
Анотація:
碩士國立臺灣大學
資訊工程學系研究所
86
In this thesis, we develop the architecture of multi-level AC (Administrato rCenter, what is to manage the configuration of the system and to check the pe rmission of the user) distributed role-based access control. In our architec ture, the higher level AC is the central server, which isresponsible for the a ffairs of the enterprise level, and the local AC is responsible for authorizin g the day-to-day work. The lower level AC is mainlyresponsible for revoking th e grant, and can be a backup server of the highestlevel AC.