This document discusses different methodologies for access control and their interactions. It begins by introducing access control as a major security component for organizations to implement regulatory constraints. It then describes several common access control models in more detail, including Mandatory Access Control (MAC), Discretionary Access Control (DAC), and Role-Based Access Control (RBAC). MAC controls access based on a system-wide security policy, while DAC allows individual users some control over access permissions. The document analyzes advantages and limitations of each model and their suitability for different environments.
A Proposed Security Model for Web Enabled Business Process Management SystemCSCJournals
Many organizations in industry and civilian government start deploying Business Process Management systems (BPMS) and technology in their IT applications. This could lead to a dramatic operational efficiency improvement on their business and administrative environments. With these atmospheres, the security issue is becoming a much more important challenge in the BPMS literature. The Role-Based Access Control (RBAC) model has been accepted as a promise security model solution and standard. RBAC is able to accomplish the central administration of an organizational specific security policy. It is also able to meet the secure processing needs of many commercial and civilian government organizations. In spite of these facts, RBAC model is not reliable when applying to the BPMS without further modifications and extensions. RBAC is modified to fit with Service oriented (SRBAC), but still not reliable enough to handle BPMS. Authors of that research proposed a security model based on SRBAC model to be more reliable when using with BPMS. Authors of that research named that proposed security model as Improved Role Based Access Control (IRBAC). The IRBAC model is directly applicable to the BPMS. Authors defined a graphical representation and technical implementation of the IRBAC model. This IRBAC model is tested using simple case study. The test compares between the IRBAC model and SRBAC model where IRBAC is implemented in two cases (IRBAC with caching and IRBAC with no caching). The test results show the validity and performability of the IRBAC model.
The document discusses the requirements for an effective security system, including support from management, risk analysis, resource allocation, clear policies and responsibilities, and different types of controls. It also defines key security concepts like threats, vulnerabilities, risks, and countermeasures. Finally, it explains universal security principles such as least privilege, defense in depth, minimization, and compartmentalization that are commonly used to design effective security systems.
International Refereed Journal of Engineering and Science (IRJES) irjes
International Refereed Journal of Engineering and Science (IRJES)
Ad hoc & sensor networks, Adaptive applications, Aeronautical Engineering, Aerospace Engineering
Agricultural Engineering, AI and Image Recognition, Allied engineering materials, Applied mechanics,
Architecture & Planning, Artificial intelligence, Audio Engineering, Automation and Mobile Robots
Automotive Engineering….
International Journal of Engineering Inventions (IJEI) provides a multidisciplinary passage for researchers, managers, professionals, practitioners and students around the globe to publish high quality, peer-reviewed articles on all theoretical and empirical aspects of Engineering and Science.
The peer-reviewed International Journal of Engineering Inventions (IJEI) is started with a mission to encourage contribution to research in Science and Technology. Encourage and motivate researchers in challenging areas of Sciences and Technology.
This document provides background information on separation of duties and proposes a framework for assessing separation of duties in SAP R/3 environments. It discusses threats to security from unauthorized access and the importance of separation of duties to prevent fraud. The document then proposes seven principles for separating duties in the financial accounting module of SAP R/3 to reduce fraud opportunities. It provides an overview of role-based access controls in SAP R/3 and how user authorizations are defined and assigned through profiles to control system access.
MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES ijwscjournal
Information security covers many areas within an enterprise. Each area has security vulnerabilities and, hopefully, some corresponding countermeasures that raise the security level and
provide better protection. The fundamental concepts in information security are the security model, which outlines how security is to be implemented. A security policy outlines how data is accessed, what level of security is required, and what actions should be taken when these requirements are not met. A security model is a statement that outlines the requirements necessary to properly support and implement a certain security policy. An important concept in the design and analysis of secure systems is the security model, because it incorporates the security policy that should be enforced in the system. A model is a symbolic representation of a policy. It maps the desires of the policy makers into a set of rules that are to be followed by a computer system. In the paper we propose a model driven security assessment and verification for business service. The Security Assessment and Verification verifies whether the Application and Services are secure based on the Service Level Agreement and generates the report on the level of security features. It is designed to help business owners, operators and staff to assess the security of their business. It covers potential areas of vulnerability, and provides suggestions for adapting your security to reduce the risk of crime against your business. A security policy states that no one from a lower security level should be able to view or modify information at a higher security level, the supporting security model will outline the necessary logic and rules that need to be implemented to
ensure that under no circumstances can a lower-level subject access a higher-level object in an unauthorized manner. The security policy is an abstract term that represents the objectives and goals a system must meet and accomplish to be deemed secure and acceptable.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
A study on security responsibilities and adoption in cloudeSAT Journals
Abstract Cloud computing is one of the popular enterprise models where computing resources are made available on-demand to the user as needed. Due to this increasing demand for more clouds there is an ever growing threat of security becoming a major issue. cloud computing is a construct that allows you to access applications that actually reside at a location other than your computer or other Internet-connected device, most often, this will be a distant data center. In a simple, topological sense, a cloud computing solution is made up of several elements: clients, the datacenter, and distributed servers. Each element has a purpose and plays a specific role in delivering a functional cloud based application, the increased degree of connectivity and the increasing amount of data has led many providers and in particular data centers to employ larger infrastructures with dynamic load and access balancing. So this paper shall look at ways in which security responsibilities and Cloud Adoption Keywords: Cloud Computing, Service models, Cloud Security, Secure Cloud Adoption,
A Proposed Security Model for Web Enabled Business Process Management SystemCSCJournals
Many organizations in industry and civilian government start deploying Business Process Management systems (BPMS) and technology in their IT applications. This could lead to a dramatic operational efficiency improvement on their business and administrative environments. With these atmospheres, the security issue is becoming a much more important challenge in the BPMS literature. The Role-Based Access Control (RBAC) model has been accepted as a promise security model solution and standard. RBAC is able to accomplish the central administration of an organizational specific security policy. It is also able to meet the secure processing needs of many commercial and civilian government organizations. In spite of these facts, RBAC model is not reliable when applying to the BPMS without further modifications and extensions. RBAC is modified to fit with Service oriented (SRBAC), but still not reliable enough to handle BPMS. Authors of that research proposed a security model based on SRBAC model to be more reliable when using with BPMS. Authors of that research named that proposed security model as Improved Role Based Access Control (IRBAC). The IRBAC model is directly applicable to the BPMS. Authors defined a graphical representation and technical implementation of the IRBAC model. This IRBAC model is tested using simple case study. The test compares between the IRBAC model and SRBAC model where IRBAC is implemented in two cases (IRBAC with caching and IRBAC with no caching). The test results show the validity and performability of the IRBAC model.
The document discusses the requirements for an effective security system, including support from management, risk analysis, resource allocation, clear policies and responsibilities, and different types of controls. It also defines key security concepts like threats, vulnerabilities, risks, and countermeasures. Finally, it explains universal security principles such as least privilege, defense in depth, minimization, and compartmentalization that are commonly used to design effective security systems.
International Refereed Journal of Engineering and Science (IRJES) irjes
International Refereed Journal of Engineering and Science (IRJES)
Ad hoc & sensor networks, Adaptive applications, Aeronautical Engineering, Aerospace Engineering
Agricultural Engineering, AI and Image Recognition, Allied engineering materials, Applied mechanics,
Architecture & Planning, Artificial intelligence, Audio Engineering, Automation and Mobile Robots
Automotive Engineering….
International Journal of Engineering Inventions (IJEI) provides a multidisciplinary passage for researchers, managers, professionals, practitioners and students around the globe to publish high quality, peer-reviewed articles on all theoretical and empirical aspects of Engineering and Science.
The peer-reviewed International Journal of Engineering Inventions (IJEI) is started with a mission to encourage contribution to research in Science and Technology. Encourage and motivate researchers in challenging areas of Sciences and Technology.
This document provides background information on separation of duties and proposes a framework for assessing separation of duties in SAP R/3 environments. It discusses threats to security from unauthorized access and the importance of separation of duties to prevent fraud. The document then proposes seven principles for separating duties in the financial accounting module of SAP R/3 to reduce fraud opportunities. It provides an overview of role-based access controls in SAP R/3 and how user authorizations are defined and assigned through profiles to control system access.
MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES ijwscjournal
Information security covers many areas within an enterprise. Each area has security vulnerabilities and, hopefully, some corresponding countermeasures that raise the security level and
provide better protection. The fundamental concepts in information security are the security model, which outlines how security is to be implemented. A security policy outlines how data is accessed, what level of security is required, and what actions should be taken when these requirements are not met. A security model is a statement that outlines the requirements necessary to properly support and implement a certain security policy. An important concept in the design and analysis of secure systems is the security model, because it incorporates the security policy that should be enforced in the system. A model is a symbolic representation of a policy. It maps the desires of the policy makers into a set of rules that are to be followed by a computer system. In the paper we propose a model driven security assessment and verification for business service. The Security Assessment and Verification verifies whether the Application and Services are secure based on the Service Level Agreement and generates the report on the level of security features. It is designed to help business owners, operators and staff to assess the security of their business. It covers potential areas of vulnerability, and provides suggestions for adapting your security to reduce the risk of crime against your business. A security policy states that no one from a lower security level should be able to view or modify information at a higher security level, the supporting security model will outline the necessary logic and rules that need to be implemented to
ensure that under no circumstances can a lower-level subject access a higher-level object in an unauthorized manner. The security policy is an abstract term that represents the objectives and goals a system must meet and accomplish to be deemed secure and acceptable.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
A study on security responsibilities and adoption in cloudeSAT Journals
Abstract Cloud computing is one of the popular enterprise models where computing resources are made available on-demand to the user as needed. Due to this increasing demand for more clouds there is an ever growing threat of security becoming a major issue. cloud computing is a construct that allows you to access applications that actually reside at a location other than your computer or other Internet-connected device, most often, this will be a distant data center. In a simple, topological sense, a cloud computing solution is made up of several elements: clients, the datacenter, and distributed servers. Each element has a purpose and plays a specific role in delivering a functional cloud based application, the increased degree of connectivity and the increasing amount of data has led many providers and in particular data centers to employ larger infrastructures with dynamic load and access balancing. So this paper shall look at ways in which security responsibilities and Cloud Adoption Keywords: Cloud Computing, Service models, Cloud Security, Secure Cloud Adoption,
Strategies for assessing cloud securityArun Gopinath
IBM provides strategies for assessing cloud security risks. Key steps include developing a strategic cloud security roadmap, identifying risks specific to public and private cloud models, and conducting assessments of cloud security architectures. IBM security experts evaluate cloud security programs against best practices and provide recommendations to address gaps through additional controls, policies, identity management, or managed security services. Thorough testing also examines network and application vulnerabilities from an attacker's perspective.
IBM provides strategies for assessing cloud security risks. Key steps include developing a strategic cloud security roadmap, identifying risks specific to public and private cloud models, and conducting assessments of cloud security architectures. IBM security experts evaluate cloud security programs against best practices and provide recommendations to address gaps through additional controls, policies, identity management, or managed security services. Regular technical testing also helps evaluate security weaknesses impacting data protection.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
AUTHENTICATE SYSTEM OBJECTS USING ACCESS CONTROL POLICY BASED MANAGEMENTEditor IJCATR
The network level access control policy is based on policy rule. The policy rule is a basic
building of a policy based system. Each policy contains set of conditions and actions. Here conditions
are evaluated to determine whether the actions are performed. The existing work is based on packet
filtering scenario. Here every policy can be translated into canonical form. That uses the “First
Matching Rule” resolution strategy. The access control matrix is proposed to translate the policy. The
Generalized Aryabhata Reminder Theorem (GART) is used for to construct the access control matrix.
In this access control matrix rows represent users and columns represent files. In which each user is
associated with key and each digital file is associated with lock.
1) An enterprise content management (ECM) system provides a single, centralized system to systematically manage an organization's complex and growing information in both structured and unstructured formats.
2) Key functionalities of an ECM system include user interface, information governance, features like workflow and data processing, and secure information repositories.
3) Implementing an ECM system aims to improve information sharing, automate processes, facilitate compliance, and enhance decision making, productivity, and an organization's reputation.
Abstraction and Automation: A Software Design Approach for Developing Secure ...iosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
This document discusses access control in the Windows operating system. It begins with defining access control and its importance for maintaining security. It then outlines the main access control models of mandatory access control, discretionary access control, and role-based access control. The document proceeds to examine Windows' implementation of access control through Active Directory, identification and authentication, authorization and accounting. It concludes by explaining how Windows enforces access control decisions based on a user's token and an object's security descriptor.
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
This document summarizes a research thesis that proposes a trusted cloud computing platform (TCCP) to address critical security issues in cloud computing. The TCCP is designed to provide a closed box execution environment for virtual machines to guarantee confidentiality and integrity of computations outsourced to infrastructure as a service cloud providers. It allows customers to remotely verify whether a cloud provider's backend is running a trusted TCCP implementation before launching a virtual machine. The TCCP leverages advances in trusted computing technologies to securely manage virtual machines and cloud infrastructure through protocols for node registration and virtual machine launch and migration. The goal of the TCCP is to extend the capabilities of traditional trusted platforms to the complex, distributed environments of cloud computing infra
Certification Authority Monitored Multilevel and Stateful Policy Based Author...CSCJournals
Services oriented grids will be more prominent among other kinds of grids in the present distributed environments. With the advent of online government services the governmental grids will come up in huge numbers. Apart from common security issues as in other grids, the authorization in service oriented grids faces certain shortcomings and needs to be looked upon differently. The CMMS model presented here overcomes all these shortcomings and adds to the simplicity of implementation because of its tight similarities with certain government services and their functioning. The model is used to prototype a State Police Information Grid (SPIG). Small technological restructuring is required in PKIX and X.509 certificates.
SecureGRC™ is a world-leading solution for all enterprises, including small and medium businesses. SecureGRC™ includes all security and IT-GRC functions required to be compliant with easy to adopt compliance management framework with ready to use frameworks, leading edge context based inference engines, most advanced alert processing and easy to use logging and monitoring solution.
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
This document discusses conceptualizing an integration between Enterprise Architecture Management (EAM) and Information System Security Risk Management (ISSRM). It proposes mapping concepts from an ISSRM domain model to the ArchiMate enterprise architecture modeling language. This would allow security risks and their impacts on business services to be represented and analyzed within an enterprise's architecture. Key concepts from ISSRM like assets, security goals, risks and treatments are mapped to equivalent concepts in ArchiMate's business, application and technology layers. The mapping is meant to support a risk-oriented design of an enterprise architecture that meets business services' security goals.
This document proposes using role-based access control (RBAC) to improve database intrusion detection. It discusses how RBAC restricts access to databases based on user roles. Administrators who access sensitive attributes would have their audit logs mined to determine attribute sensitivity. This information could then be used to detect intrusions using fewer rules. The document outlines the RBAC model and relationships between users, jobs, and access. It also describes implementing RBAC in 6 steps and using a formula to represent the RBAC access control process to better secure database attributes and detect intrusions.
SLA Based Information Security Metric for Cloud Computing from COBIT 4.1 Fram...ijcncs
This document summarizes an article from the International Journal of Computer Networks and Communications Security about developing service level agreement (SLA) based information security metrics for cloud computing using the COBIT framework. The article discusses how information security metrics can help cloud customers and providers measure and improve security. It also explains that while SLAs are commonly used to measure performance, they do not typically address information security risks. The article proposes using elements of the COBIT framework to build SLA-based information security metrics for cloud computing.
This document proposes a context-aware solution for dynamically assigning responsibilities and access rights to agents in a critical infrastructure security architecture during a crisis. It introduces the concept of agent responsibility, which is assigned based on the crisis type and severity. Responsibilities define an agent's obligations and accountabilities for tasks, as well as the necessary rights and capabilities. The architecture enhances an existing multi-agent reaction system called ReD by integrating a mechanism for dynamically changing responsibility assignments according to the crisis context, and granting access rights based on the agents' responsibilities. This allows the architecture to quickly adapt its response by reallocating functions when agents are compromised during an attack.
Need of Adaptive Authentication in defending the borderless Enterprisehardik soni
ProactEye Adaptive Access & Identity Management solution can help administrators consolidate, control, and simplify access privileges. Privileges can be simplified and controlled irrespective of critical applications hosted in traditional data centres, private clouds, public clouds, or a hybrid combination of all these spaces.
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
This document defines and discusses the complementary perfect triple connected domination number of a graph. It begins by introducing concepts like triple connected graphs and triple connected dominating sets. It then defines a complementary perfect triple connected dominating set as a triple connected dominating set where the induced subgraph on the remaining vertices has a perfect matching. The complementary perfect triple connected domination number is the minimum cardinality of such sets. The document determines this number for some standard graph classes and establishes bounds for general graphs, exploring relationships with other graph parameters.
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
This document presents a novel fast-acting PI controller for regulating the dc-link voltage of a DSTATCOM (distribution static compensator). A DSTATCOM is used to mitigate power quality issues and compensate for nonlinear loads. Conventionally, a PI controller is used but has slow transient response. The paper proposes a fast-acting dc-link voltage controller based on the energy of the dc-link capacitor. It provides mathematical equations to design the gains of the conventional PI controller to achieve similar fast transient response as the proposed controller. Detailed simulations in MATLAB validate that the proposed controller has improved transient performance during load variations compared to the conventional controller.
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
Strategies for assessing cloud securityArun Gopinath
IBM provides strategies for assessing cloud security risks. Key steps include developing a strategic cloud security roadmap, identifying risks specific to public and private cloud models, and conducting assessments of cloud security architectures. IBM security experts evaluate cloud security programs against best practices and provide recommendations to address gaps through additional controls, policies, identity management, or managed security services. Thorough testing also examines network and application vulnerabilities from an attacker's perspective.
IBM provides strategies for assessing cloud security risks. Key steps include developing a strategic cloud security roadmap, identifying risks specific to public and private cloud models, and conducting assessments of cloud security architectures. IBM security experts evaluate cloud security programs against best practices and provide recommendations to address gaps through additional controls, policies, identity management, or managed security services. Regular technical testing also helps evaluate security weaknesses impacting data protection.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
AUTHENTICATE SYSTEM OBJECTS USING ACCESS CONTROL POLICY BASED MANAGEMENTEditor IJCATR
The network level access control policy is based on policy rule. The policy rule is a basic
building of a policy based system. Each policy contains set of conditions and actions. Here conditions
are evaluated to determine whether the actions are performed. The existing work is based on packet
filtering scenario. Here every policy can be translated into canonical form. That uses the “First
Matching Rule” resolution strategy. The access control matrix is proposed to translate the policy. The
Generalized Aryabhata Reminder Theorem (GART) is used for to construct the access control matrix.
In this access control matrix rows represent users and columns represent files. In which each user is
associated with key and each digital file is associated with lock.
1) An enterprise content management (ECM) system provides a single, centralized system to systematically manage an organization's complex and growing information in both structured and unstructured formats.
2) Key functionalities of an ECM system include user interface, information governance, features like workflow and data processing, and secure information repositories.
3) Implementing an ECM system aims to improve information sharing, automate processes, facilitate compliance, and enhance decision making, productivity, and an organization's reputation.
Abstraction and Automation: A Software Design Approach for Developing Secure ...iosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
This document discusses access control in the Windows operating system. It begins with defining access control and its importance for maintaining security. It then outlines the main access control models of mandatory access control, discretionary access control, and role-based access control. The document proceeds to examine Windows' implementation of access control through Active Directory, identification and authentication, authorization and accounting. It concludes by explaining how Windows enforces access control decisions based on a user's token and an object's security descriptor.
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
This document summarizes a research thesis that proposes a trusted cloud computing platform (TCCP) to address critical security issues in cloud computing. The TCCP is designed to provide a closed box execution environment for virtual machines to guarantee confidentiality and integrity of computations outsourced to infrastructure as a service cloud providers. It allows customers to remotely verify whether a cloud provider's backend is running a trusted TCCP implementation before launching a virtual machine. The TCCP leverages advances in trusted computing technologies to securely manage virtual machines and cloud infrastructure through protocols for node registration and virtual machine launch and migration. The goal of the TCCP is to extend the capabilities of traditional trusted platforms to the complex, distributed environments of cloud computing infra
Certification Authority Monitored Multilevel and Stateful Policy Based Author...CSCJournals
Services oriented grids will be more prominent among other kinds of grids in the present distributed environments. With the advent of online government services the governmental grids will come up in huge numbers. Apart from common security issues as in other grids, the authorization in service oriented grids faces certain shortcomings and needs to be looked upon differently. The CMMS model presented here overcomes all these shortcomings and adds to the simplicity of implementation because of its tight similarities with certain government services and their functioning. The model is used to prototype a State Police Information Grid (SPIG). Small technological restructuring is required in PKIX and X.509 certificates.
SecureGRC™ is a world-leading solution for all enterprises, including small and medium businesses. SecureGRC™ includes all security and IT-GRC functions required to be compliant with easy to adopt compliance management framework with ready to use frameworks, leading edge context based inference engines, most advanced alert processing and easy to use logging and monitoring solution.
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
This document discusses conceptualizing an integration between Enterprise Architecture Management (EAM) and Information System Security Risk Management (ISSRM). It proposes mapping concepts from an ISSRM domain model to the ArchiMate enterprise architecture modeling language. This would allow security risks and their impacts on business services to be represented and analyzed within an enterprise's architecture. Key concepts from ISSRM like assets, security goals, risks and treatments are mapped to equivalent concepts in ArchiMate's business, application and technology layers. The mapping is meant to support a risk-oriented design of an enterprise architecture that meets business services' security goals.
This document proposes using role-based access control (RBAC) to improve database intrusion detection. It discusses how RBAC restricts access to databases based on user roles. Administrators who access sensitive attributes would have their audit logs mined to determine attribute sensitivity. This information could then be used to detect intrusions using fewer rules. The document outlines the RBAC model and relationships between users, jobs, and access. It also describes implementing RBAC in 6 steps and using a formula to represent the RBAC access control process to better secure database attributes and detect intrusions.
SLA Based Information Security Metric for Cloud Computing from COBIT 4.1 Fram...ijcncs
This document summarizes an article from the International Journal of Computer Networks and Communications Security about developing service level agreement (SLA) based information security metrics for cloud computing using the COBIT framework. The article discusses how information security metrics can help cloud customers and providers measure and improve security. It also explains that while SLAs are commonly used to measure performance, they do not typically address information security risks. The article proposes using elements of the COBIT framework to build SLA-based information security metrics for cloud computing.
This document proposes a context-aware solution for dynamically assigning responsibilities and access rights to agents in a critical infrastructure security architecture during a crisis. It introduces the concept of agent responsibility, which is assigned based on the crisis type and severity. Responsibilities define an agent's obligations and accountabilities for tasks, as well as the necessary rights and capabilities. The architecture enhances an existing multi-agent reaction system called ReD by integrating a mechanism for dynamically changing responsibility assignments according to the crisis context, and granting access rights based on the agents' responsibilities. This allows the architecture to quickly adapt its response by reallocating functions when agents are compromised during an attack.
Need of Adaptive Authentication in defending the borderless Enterprisehardik soni
ProactEye Adaptive Access & Identity Management solution can help administrators consolidate, control, and simplify access privileges. Privileges can be simplified and controlled irrespective of critical applications hosted in traditional data centres, private clouds, public clouds, or a hybrid combination of all these spaces.
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
This document defines and discusses the complementary perfect triple connected domination number of a graph. It begins by introducing concepts like triple connected graphs and triple connected dominating sets. It then defines a complementary perfect triple connected dominating set as a triple connected dominating set where the induced subgraph on the remaining vertices has a perfect matching. The complementary perfect triple connected domination number is the minimum cardinality of such sets. The document determines this number for some standard graph classes and establishes bounds for general graphs, exploring relationships with other graph parameters.
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
This document presents a novel fast-acting PI controller for regulating the dc-link voltage of a DSTATCOM (distribution static compensator). A DSTATCOM is used to mitigate power quality issues and compensate for nonlinear loads. Conventionally, a PI controller is used but has slow transient response. The paper proposes a fast-acting dc-link voltage controller based on the energy of the dc-link capacitor. It provides mathematical equations to design the gains of the conventional PI controller to achieve similar fast transient response as the proposed controller. Detailed simulations in MATLAB validate that the proposed controller has improved transient performance during load variations compared to the conventional controller.
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
This document summarizes the use of data mining techniques in analyzing stock market data and foreign exchange rates. It discusses how data mining can be used to discover patterns and correlations in large financial datasets that may not be apparent to analysts. Specific techniques mentioned include neural networks, clustering, regression, and decision trees. Applications include predicting stock prices, detecting credit card fraud, and modeling foreign exchange markets. The document also notes some challenges in using data mining for financial data due to the dynamic nature of markets.
This document summarizes a review of experimental and numerical investigations into friction stir welds of AA6063-T6 aluminum alloy. It begins with an abstract and introduction discussing friction stir welding as a solid-state joining process without melting. The amount of heat conducted into the workpiece determines weld quality and tool life. The document then reviews various research using simulation to determine temperature distribution and develop relationships between input parameters and peak temperature. Experimental results for tensile strength and hardness of welded specimens are also reported and compared to simulation results.
This document summarizes a review of experimental and numerical investigations into friction stir welds of AA6063-T6 aluminum alloy. It begins with an abstract and introduction discussing friction stir welding as a solid-state joining process without melting. The amount of heat conducted into the workpiece determines weld quality. Understanding heat transfer is important to improve the process. Many studies have used simulation to determine temperature distribution under different welding conditions. The objective of this research was to develop a finite element simulation of AA6063-T6 aluminum alloy friction stir welding. Trend line equations would be developed to understand relationships between peak temperature and thermal conductivity, specific heat, and density. Tensile tests and hardness measurements were conducted on welded specimens
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
This document discusses a study that examines the interrelationships between trust, perceived risk, and behavioral intention for technology acceptance and internet banking. The study develops an integrated model to explain how trust and perceived risk influence consumers' behavioral intention to use internet banking services. The research was conducted through a survey of 432 young Chinese consumers and analyzed the relationships between trust, perceived risk, and behavioral intention regarding the adoption of internet banking services in China.
This document summarizes and compares different methods for performing keyword searches in relational databases. It discusses candidate network-based methods, Steiner-tree based algorithms, and backward expanding keyword search approaches. It also evaluates methods that aim to improve search efficiency and accuracy, such as integrating multiple related tuple units and developing structure-aware indexes. The overall goal is to find an effective and efficient approach to keyword search over relational database structures.
This document outlines a gym diet progress over several months. It lists four dates - Day 0, Day 90, Day 170, and Day 630 - which likely correspond to checkpoints in a long-term fitness and diet regimen. The brief listing of dates suggests monitoring changes over an extended period of time spent focusing on diet and exercise goals at the gym.
This document contains a map of Bellagio and surrounding areas with labels for various locations, including boat terminals, parking areas, roads, and hamlets. It also includes indexes and sections with useful addresses, emergency contact information, details on how to reach Bellagio, general information about the town, listings of churches, tours, transportation services, accommodations, restaurants, attractions, and more.
La Unión Europea ha acordado un paquete de sanciones contra Rusia por su invasión de Ucrania. Las sanciones incluyen restricciones a las transacciones con bancos rusos clave y la prohibición de la venta de aviones y equipos a Rusia. Los líderes de la UE esperan que las sanciones aumenten la presión económica sobre Rusia y la disuadan de continuar su agresión contra Ucrania.
El documento proporciona definiciones y breves descripciones de varios conceptos relacionados con la geografía y la geología. Habla sobre el cambio climático, el calentamiento global, las estaciones del año (verano, otoño, invierno, primavera), la tectónica de placas, Alfred Wegener y su teoría de la deriva continental, tipos de fósiles, eras geológicas (Precámbrica, Paleozoica, Mesozoica, Cenozoica) y sus características principales.
Apresentação avaliação das reservas minerais da vetriaTriunfoRi
1. O documento descreve as fases da avaliação de reservas minerais, incluindo a classificação de recursos (inferido, indicado, medido) e reservas (provável, provada).
2. São detalhadas as atividades para estimar os recursos minerais inferidos, como mapeamento geológico, geofísica, sondagem e testes de laboratório.
3. Os resultados da exploração de uma jazida mostram uma zona de superfície enriquecida com alto teor de ferro e uma zona inferior com
O documento discute os conceitos de liberdade e inexorabilidade. Afirma que a liberdade humana é o livre arbítrio e está sujeita à responsabilidade, enquanto a inexorabilidade é aquilo que está fora de nosso controle. Também apresenta condições para o exercício responsável da liberdade, como autocontrole e consideração das consequências dos atos.
In an organization specifically as virtual as cloud there is need for access control systems to constrain
users direct or backhanded action that could lead to breach of security. In cloud, apart from owner access
to confidential data the third party auditing and accounting is done which could stir up further data leaks.
To control such data leaks and integrity, in past several security policies based on role, identity and user
attributes were proposed and found ineffective since they depend on static policies which do not monitor
data access and its origin. Provenance on the other hand tracks data usage and its origin which proves the
authenticity of data. To employ provenance in a real time system like cloud, the service provider needs to
store metadata on the subject of data alteration which is universally called as the Provenance Information.
This paper presents a provenance-policy based access control model which is designed and integrated with
the system that not only makes data auditable but also incorporates accountability for data alteration
events.
Comprehensive Analysis of Contemporary Information Security Challengessidraasif9090
this could involve clicking on a designated upload button, dragging and dropping files into a specific area, or selecting files from a file explorer window.
Supported File Types: Specify which types of documents can be uploaded to the platform. This might include common formats such as PDFs, Word documents, Excel spreadsheets, images (JPG, PNG, etc.), and others.
IN-DEPTH ANALYSIS AND SYSTEMATIC LITERATURE REVIEW ON RISK BASED ACCESS CONTR...ijcseit
This document provides a systematic literature review of risk-based access control models in cloud computing. It begins with an introduction to access control systems, traditional static models, and dynamic risk-based models. A methodology for the literature review is then described involving search criteria, quality evaluation, and data extraction. Key findings include the identification of security risks for cloud consumers and providers, common risk factors used in access control models, and risk estimation techniques. The review contributes an in-depth analysis of recent research on applying risk-based access control in cloud environments.
PLANT LEAF DISEASES IDENTIFICATION IN DEEP LEARNINGCSEIJJournal
Crop diseases constitute a big threat to plant existence, but their rapid identification remains difficult in many parts of the planet because of the shortage of the required infrastructure. In computer vision, plant leaf detection made possible by deep learning has paved the way for smartphone-assisted disease diagnosis. employing a public dataset of 4,306 images of diseased and healthy plant leaves collected under controlled conditions, we train a deep convolutional neural network to spot one crop species and 4 diseases (or absence thereof). The trained model achieves an accuracy of 97.35% on a held-out test set, demonstrating the feasibility of this approach. Overall, the approach of coaching deep learning models on increasingly large and publicly available image datasets presents a transparent path toward smartphoneassisted crop disease diagnosis on a large global scale. After the disease is successfully predicted with a decent confidence level, the corresponding remedy for the disease present is displayed that may be taken as a cure.
Access Control Methods presentation.pptxchafinwalker
The document discusses various access control methods and concepts. It begins by defining access control and its importance for security. It then examines four main access control models: Discretionary Access Control (DAC), Mandatory Access Control (MAC), Role-Based Access Control (RBAC), and Rule-Based Access Control (RuBAC). Each model has unique strengths and weaknesses for different security needs. The document also explores the differences between dedicated, shared, and virtual devices, and how blocking and buffering can improve input/output performance. Role-Based Access Control (RBAC) is highlighted as particularly effective due to its balance of security and efficiency.
CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...IJNSA Journal
This document proposes a cloud-based access control model for selectively encrypting documents with traitor detection. It aims to address the high computational overhead of key management and secret sharing in existing attribute-based encryption approaches for cloud data security. The proposed model uses efficient algorithms and protocols like aggregate equality oblivious commitment-based envelope protocol and fast access control vector broadcast group key management to reduce overhead. It also introduces a traitor tracing technique to identify any traitors in the two-layer encryption environment for cloud computing.
Access control is a collection of methods that enforce confidentiality and integrity by controlling access to resources. It allows only authorized users to access permitted objects like files, devices, or network connections. There are different models of access control, including discretionary access control (DAC) where owners set access rules, mandatory access control (MAC) where rules are based on security labels, and role-based access control (RBAC) where rules are based on user roles. Effective access control requires policies, least privilege, auditing, and technical controls like access control lists that implement the rules.
Review of access control models for cloud computingcsandit
The relationship between users and resources is dynamic in the cloud, and service providers
and users are typically not in the same security domain. Identity-based security (e.g.,
discretionary or mandatory access control models) cannot be used in an open cloud computing
environment, where each resource node may not be familiar, or even do not know each other.
Users are normally identified by their attributes or characteristics and not by predefined
identities. There is often a need for a dynamic access control mechanism to achieve crossdomain
authentication. In this paper, we will focus on the following three broad categories of
access control models for cloud computing: (1) Role-based models; (2) Attribute-based
encryption models and (3) Multi-tenancy models. We will review the existing literature on each
of the above access control models and their variants (technical approaches, characteristics,
applicability, pros and cons), and identify future research directions for developing access
control models for cloud computing environments.
REVIEW OF ACCESS CONTROL MODELS FOR CLOUD COMPUTINGcscpconf
The relationship between users and resources is dynamic in the cloud, and service providers
and users are typically not in the same security domain. Identity-based security (e.g.,
discretionary or mandatory access control models) cannot be used in an open cloud computing
environment, where each resource node may not be familiar, or even do not know each other.
Users are normally identified by their attributes or characteristics and not by predefined
identities. There is often a need for a dynamic access control mechanism to achieve crossdomain
authentication. In this paper, we will focus on the following three broad categories of
access control models for cloud computing: (1) Role-based models; (2) Attribute-based
encryption models and (3) Multi-tenancy models. We will review the existing literature on each
of the above access control models and their variants (technical approaches, characteristics,
applicability, pros and cons), and identify future research directions for developing access
control models for cloud computing environments.
database-security-access-control-models-a-brief-overview-IJERTV2IS50406.pdfDr Amit Phadikar
This document discusses database security and access control models. It provides an overview of three main access control models: discretionary access control (DAC), mandatory access control (MAC), and role-based access control (RBAC). DAC allows users discretion over their own data and to share access privileges. However, it is vulnerable to Trojan horse attacks where a user's privileges are abused. MAC enforces security based on classification levels and prevents reading or writing outside of clearance levels. RBAC assigns system access based on user roles and duties. The document examines advantages and limitations of each model and how they enforce database security policies.
This document proposes a novel role-based cross-domain access control scheme for cloud storage. It aims to address problems with time constraints and location constraints when accessing data across different cloud domains. The proposed scheme combines domain RBAC, role-based access control, and attribute-based access control. Each user is assigned attributes and roles. Data is encrypted with attribute-based encryption before being uploaded. Domains are separated and manage their own users, roles, and permissions to allow cross-domain access while minimizing time delays in accessing data located in different domains.
This document provides background information on separation of duties and proposes a framework for assessing separation of duties in SAP R/3 environments. It discusses threats to security from unauthorized access and the importance of separation of duties as an internal control. The document then proposes seven principles for separating duties in the financial accounting module of SAP R/3 and describes how SAP R/3 implements role-based access control through authorization objects, authorizations, profiles and transaction codes.
The IT security team was tasked with auditing the company's access control policies and system configurations to ensure least privilege access. Without proper access controls, employees could access data they have no valid need to see. The audit will analyze mandatory access controls, which classify data and restrict access based on security clearances. This helps prevent unauthorized access to sensitive information and helps the company comply with security regulations. The team aims to identify any weaknesses or misconfigurations that could be exploited, and to provide recommendations to strengthen access controls and security.
The document proposes a Cloud Information Accountability (CIA) framework to provide distributed accountability for data sharing in the cloud. The CIA framework uses Java ARchive (JAR) files to automatically log any access to user data in the cloud. When user data is sent to cloud service providers, it is enclosed in JAR files along with access policies and a logging mechanism. Any access to the data will then trigger authenticated logging local to the JAR files. This provides a decentralized yet enforceable way to track how user data is used throughout the dynamic cloud environment. The authors implement and test the CIA framework on a cloud testbed and find that it efficiently and effectively provides accountability for user data in distributed cloud systems.
This document discusses the importance of identity governance and privileged access management (PAM) for cybersecurity. It states that identity governance involves managing user access to systems and data to ensure only authorized access, while PAM focuses on securing privileged accounts that have extensive system access. The document argues that implementing these two approaches together provides enhanced visibility and control over access, helps streamline compliance with regulations, improves operational efficiency through automation, and better enables organizations to manage security risks.
CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...IJNSA Journal
Cloud computing refers to a type of networked computing whereby an application can be run on connected servers instead of local servers. Cloud can be used to store data, share resources and also to provide services. Technically, there is very little difference between public and private cloud architecture. However, the security and privacy of the data is a very big issue when sensitive data is being entrusted to third party cloud service providers. Thus encryption with a fine grained access control is inevitable to enforce security in clouds. Several techniques implementing attribute based encryption for fine grained access control have been proposed. Under such approaches, the key management overhead is a little bit high in terms of computational complexity. Also, secret sharing mechanisms have added complexity. Moreover, they lack mechanisms to handle existence of traitors. Our proposed approach addresses these requirements and reduces the overhead of the key management as well as secret sharing by using efficient algorithms and protocols. Also, a traitor tracing technique is introduced into the cloud computing two layer encryption environment.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
1 hour ago
Srinivas Goud Thadakapally
week 3 discussion
COLLAPSE
Top of Form
Separation in a network is essential, of course. It would be more annoyed with that much knowledgeability and security features if it were only about security. However, it makes this network much more flexible, and in some ways makes it more secure. It reduces the potential for internal and external attacks on the same network and makes it harder for someone to take over the network. Furthermore, this separation keeps our data away from third parties. Separation of access is essential in a network, for example, to ensure that a user cannot access the whole network. It is common for specific applications and software installations on the personal computer to operate in the background. In this regard, it is possible to customize the software operating mode to make the software operation hidden to not be visible to the user. No one server or group of servers is going to have to withstand many other servers. The first line of defense in any IT environment is resource partitioning to enable critical infrastructure to handle all requests without overloading the primary server (Jaeger et al., 2016).
Separation is basically the process of using multiple processes with some type of separation for Process separation of access to objects and data. Separation (or transient segregation) can occur in both physical and logical network segments. The trick with security is to keep it away from the IT infrastructure. For example, a firewall is still strictly considered a technical security tool because it is not supposed to affect business activities. it is possible to separate administrative control, physical systems, and data between those with different roles within the organization. The behavior within the network is like partitioning an IT environment into discrete services, although some elements of this concept have not been adopted in Active Directory–in particular, policies and modules. A system administrator can move control of the administrative control of physical systems or systems within the network to a different server. However, when implementing security controls on deployments, it becomes essential to understand the scale at which the resources need to be distributed. Simply put, separation makes IT more secure (Liu et al., 2019).
References
Jaeger, B., Kraft, R., Luhn, S., Selzer, A., & Waldmann, U. (2016, August). Access Control and Data Separation Metrics in Cloud Infrastructures. In 2016 11th International Conference on Availability, Reliability, and Security (ARES) (pp. 205-210). IEEE.
Liu, W., Zhang, K., Tu, B., & Lin, K. (2019, August). HyperPS: A Hypervisor Monitoring Approach Based on Privilege Separation. In 2019 IEEE 21st International Conference on High-Performance Computing and Communications; IEEE 17th International Conference on Smart City; IEEE 5th International Conference on Data Science and Systems (HPCC/SmartCity/DSS) (pp. 981-988). IEEE.
Bott.
1 hour ago
Srinivas Goud Thadakapally
week 3 discussion
COLLAPSE
Top of Form
Separation in a network is essential, of course. It would be more annoyed with that much knowledgeability and security features if it were only about security. However, it makes this network much more flexible, and in some ways makes it more secure. It reduces the potential for internal and external attacks on the same network and makes it harder for someone to take over the network. Furthermore, this separation keeps our data away from third parties. Separation of access is essential in a network, for example, to ensure that a user cannot access the whole network. It is common for specific applications and software installations on the personal computer to operate in the background. In this regard, it is possible to customize the software operating mode to make the software operation hidden to not be visible to the user. No one server or group of servers is going to have to withstand many other servers. The first line of defense in any IT environment is resource partitioning to enable critical infrastructure to handle all requests without overloading the primary server (Jaeger et al., 2016).
Separation is basically the process of using multiple processes with some type of separation for Process separation of access to objects and data. Separation (or transient segregation) can occur in both physical and logical network segments. The trick with security is to keep it away from the IT infrastructure. For example, a firewall is still strictly considered a technical security tool because it is not supposed to affect business activities. it is possible to separate administrative control, physical systems, and data between those with different roles within the organization. The behavior within the network is like partitioning an IT environment into discrete services, although some elements of this concept have not been adopted in Active Directory–in particular, policies and modules. A system administrator can move control of the administrative control of physical systems or systems within the network to a different server. However, when implementing security controls on deployments, it becomes essential to understand the scale at which the resources need to be distributed. Simply put, separation makes IT more secure (Liu et al., 2019).
References
Jaeger, B., Kraft, R., Luhn, S., Selzer, A., & Waldmann, U. (2016, August). Access Control and Data Separation Metrics in Cloud Infrastructures. In 2016 11th International Conference on Availability, Reliability, and Security (ARES) (pp. 205-210). IEEE.
Liu, W., Zhang, K., Tu, B., & Lin, K. (2019, August). HyperPS: A Hypervisor Monitoring Approach Based on Privilege Separation. In 2019 IEEE 21st International Conference on High-Performance Computing and Communications; IEEE 17th International Conference on Smart City; IEEE 5th International Conference on Data Science and Systems (HPCC/SmartCity/DSS) (pp. 981-988). IEEE.
Bott.
The document summarizes two recent studies on access control. It discusses the authors' contributions in each study, their motivations, and potential additional areas of study. The first study introduced metrics to evaluate access control rule sets and provide a scientific method for comparing rule sets. The second study surveyed access control in fog computing, highlighting security challenges and providing requirements and taxonomies for access control models. It suggests attribute-based encryption as an area for further fog computing access control research.
1. Anshula Garg, Prof. Pradeep Mishra / International Journal of Engineering Research and
Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 2, Issue 5, September- October 2012, pp.342-345
Methodologies for Access Control and their Interactions
Anshula GARG*, Prof. Pradeep Mishra
Department of Computer Science & Engineering, Shri Shankaracharya Institute of Professional Management &
Technology,
&
Shri Shankaracharya College of Engineering & Technology, Bhilai
Abstract:
We propose the use of process-based operational control model. This paper addresses
access-control methods in the construction of various types of access control policies for
privacy systems in the present paper. Segregation organization.
of duties and least privilege are two key business Formal models for process control systems are
principles that protect an organization’s valuable essential for verification of system properties and
data and resources from deliberate or accidental detection of interactions [1]. Verifying properties is
information leak, or data corruption by staff. As an important requirement. It is particularly relevant
a substantial amount of this information is stored in the privacy domain, as companies need to prove
on computer systems then control over computer their privacy commitments to their consumers, i.e. a
access represents a major security component corporation needs to show that its practices are
through its implementation of the key business compliant with their published privacy policy. The
principles. possibility of specifying and verifying systems
Access control systems have been the subject formally will lead to much tighter and reliable
of considerable academic research. Some of these privacy systems than can be considered now.
systems represent complex solutions, theoretically Verifying a system policy can be equivalent to
grounded in logic and mathematics, while others proving the impossibility of some situations.
have addressed ease of use from a management or Thurner suggested, reducing complexity
programming perspective. To facilitate this requires the reduction of included artifacts and
process, certain business principles are applied as focusing on a single system view [2]. Decoupling of
structurally fundamental to the access control entities and attributes is a common technique. Role
paradigm. Based Access Control (RBAC) is an example for
separation between users and access-rights by
Keywords: introducing roles [3].
Business Process, Access Control, Mandatory
Access Control, Role-Based Access Control. II. Access Control Models
Access control models are generally
I. Introduction concerned with whether subjects, any entity that can
Authorization or access control within manipulate information (i.e. user, user process,
computer systems of organizations is a major system process), can access objects, entities through
component of the application of regulatory which information flows through the actions of a
constraints. Access control is required to replicate subject (i.e. directory, file, screen, keyboard,
the complex regulatory requirements within a memory, storage, printer), and how this access can
heterogeneous mix of hardware and software by occur. Access control models are usually seen as
ensuring that users are properly assigned the frameworks for implementing and ensuring the
resources to ensure the fulfillment of their integrity of security policies that mandate how
responsibilities and resources are not accessible to information can be accessed and shared on a system.
those agents who lack the required levels of The most common, oldest, and most well-known
authorization. access control models are Mandatory Access Control
Process control systems, which are a special and Discretionary Access Control but limitations
type of access systems, currently suffer from the inherent to each has stimulated further research into
complexity of privacy models, leading to difficulty alternatives including Role Based Access Control,
of verification, since enforcement in privacy is Dynamic Typed Access Control, and Domain Type
increasingly dependent on business function and Enforcement.
human behavior, where business context (process)
has to be considered in issuing access rights. Access 1.1. Mandatory Access Control (MAC)
rights may depend not only on the role of the person
in the organization, but also on the process in which MAC was an authorization method devised
the person is involved at the time of access. for the US military based upon the US classification
Prerequisite for such a policy system is an enterprise system and the assignment of access rights
control framework that takes into consideration an according to clearance. A system-wide policy
342 | P a g e
2. Anshula Garg, Prof. Pradeep Mishra / International Journal of Engineering Research and
Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 2, Issue 5, September- October 2012, pp.342-345
decrees who is allowed to have access; individual than MAC, it does so through the dilution of the
user cannot alter that access. It relies on the system security model. DAC incurs scalability and
to control access. Specifically, the MAC model is management problems as the numbers of users and
somewhat inflexible and unsuited to situations where resources increases, particularly in respect of the
practical constraints such as staff sickness and ACM implementation of the model.
holidays require a softening of the strict security Additionally, users do not necessarily
requirements. For instance, flexibility may be understand their assigned rights and responsibilities
required to facilitate delegation of responsibilities and system security can be seriously undermined by
and the selective elevation of access rights and the inappropriate use of root or administrator access
privileges. Traditional MAC mechanisms have been capabilities. In DAC an individual user can set an
tightly coupled to a few security models. Recently, access control mechanism to allow or deny access to
systems supporting flexible security models start to an object.
appear (e.g., SELinux, Trusted Solaris, TrustedBSD, Discretionary Access Control (DAC) works
etc.). both as a centralized security model and a distributed
MAC is relatively straightforward and is model. A centralized security model is when an
considered a good model for commercial systems administrator or team of administrators distributes
that operate in hostile environments (web servers access to data, applications and network devices. All
and financial institutions) where the risk of attack is requests for access changes need to be completed by
very high, confidentiality is a primary access control this single department. In a large organization this
concern, or the objects being protected are valuable. can be very time consuming, especially if the
The assignment and enforcement of security administrators are off site or outsourced.
levels by the system under the MAC model places A distributed model allows responsible and
restrictions on user actions that, while adhering to knowledgeable personnel to distribute access to data
security policies, prevents dynamic alteration of the and applications. In large companies this may be a
underlying policies, and requires large parts of the manager, supervisor, or team lead. In small
operating system and associated utilities to be organizations it may simply be the most computer
“trusted” and placed outside of the access control savvy team member. The benefit of a distributed
frame- work. model is that delays can be avoided since the
administration of accounts is dispersed.
2.1.1. Biba Integrity Model Allowing users to control object access
permissions has a side-effect of opening the system
Bell-LaPadulas model describes methods for up to Trojan horse susceptibility. The lack of
assuring confidentiality of information flows; Biba constraints on copying info from one file to another
developed a similar method aimed at information makes it difficult to maintain safety policies and
integrity. Integrity is maintained through adherence verify that safety policies have are not compromised
to reading writing principles that can be thought of while opening potential exploits for Trojan horses.
as a reverse of the Bell-LaPadula principles.
In the Biba model, integrity levels are low to 2.3. Role-Based Access Control
high with objects labeled high having high integrity.
A subject can read objects at a higher level but can Whilst MAC was the generally accepted
only write to objects of lower levels. This is known authorization model within the military and DAC
as the low water mark principle and assigns created evolved into the access control system applied to the
objects the lowest integrity level that contributed to major operating systems, the academic world was
the creation of the object. Because the MAC method shifting its attention elsewhere within the field of
is primary developed for purposes where authorization. Research was directed towards the
confidentiality is far more important than integrity, formal analysis of access control systems and to the
Bibas influence was minor on further development development of scalable models of access control
of MAC models. that were more appropriate to complex
heterogeneous computer systems, such as Role-
Based Access Control (RBAC) [4, 5].
2.2. Discretionary Access Control (DAC) David Ferraiolo and Richard Kuhn outlined their
basic RBAC model as a more appropriate system of
The Discretionary Access control (DAC) model control in civilian government or commercial
provides flexibility of assignment of access rights to organizations than either the multilayer security of
the owner of resources, hence the title. The DAC MAC or the user-centered security model of DAC
model subsequently evolved into Access Control [4]. Matunda Nyanchama and Sylvia Osborn
Lists and the attributes-based system of access concentrated on the development of a hierarchical
control that is familiar to users of modern operating role graph model for role-based access control based
systems. Although DAC provides greater flexibility upon organizational hierarchies. Ravi Sandhu et al
343 | P a g e
3. Anshula Garg, Prof. Pradeep Mishra / International Journal of Engineering Research and
Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 2, Issue 5, September- October 2012, pp.342-345
developed a family of RBAC models to provide a type administrative controls. [7] It is claimed that
reference point for further RBAC development [5]. DTE models can implement the Bell-LaPadula
The principle of the RBAC model is the confidentiality model as well as some of the more
abstraction of resources from users via a set of roles. robust integrity features in DAC and RBAC.
Consequently, the set of users are mapped many-to-
many to the set of roles; a given user can occupy a 2.5. Business Process Access Control (BPAC)
number of roles and a number of users can occupy a Model
given role. The set of roles is mapped many-to-many
to the set of resources.
BPAC provides a formal underlying structure
RBAC marks a great advance in access control; and analysis model to ensure that the business
the administrative issues of large systems still exist,
principles are properly implemented and maintained.
albeit in a markedly more manageable form. In large
It is a workflow based system of access control that
systems, memberships, role inheritance, and the
properly addresses the key business principles. This
need for finer-grained customized privileges make
model concentrates on the mappings of users to roles
administration potentially unwieldy. RBAC supports and roles to tasks, the mapping of roles to resources
data abstraction through transactions; it cannot be in RBAC and the mapping of tasks to resources in
used to ensure permissions on sequences of
workflow-based access control is also a significant
operations need to be controlled. To do this, a less
part of the security model that requires careful
general and more sophisticated access control model
consideration.
must be used. RBAC assumes that all permissions
needed to perform a job function can be neatly
encapsulated. In fact, role engineering has turned out
III. Results and Discussion
As we have discussed, a number of access
to be a difficult task. The challenge of RBAC is the
control models for workflows [2], web services, and
contention between strong security and easier
role based access control on the web [5], possibly
administration. For stronger security, it is better for
coupled by sophisticated policy, combination
each role to be more granular, thus having multiple
algorithms. However, they have mostly remained
roles per user. For easier administration, it is better
within the classical framework. Even more liberal
to have fewer roles to manage. Organizations need to
models such as those for DRM based on usage [6]
comply with privacy and other regulatory mandates
have assumed that servers know their clients pretty
and to improve enforcement of security policies
well: they might not know their names but they
while lowering overall risk and administrative costs.
know everything about what, when, and how can be
Meanwhile, Web-based and other types of new
used by these clients.
applications are proliferating, and the Web services
application model promises to add to the complexity
by weaving separate components together over the IV. Conclusions
Internet to deliver application services. Moreover, Access Control models have come quite a
the allocation of files and servers (therefore, access ways since the initial implementations of MAC and
control) may be incompatible with organization DAC in the early 70’s. Researchers have learned
structure (therefore, process) that requires users to volumes about the complexities of maintaining
focus on practical matters such as opening accounts security policies through model applications and
and paying bills. RBAC products have sometimes with RBAC, BPAC have come very close to
proved challenging to implement and will, for some seamlessly integrating integrity and confidentiality.
organizations, need to be combined with rule-based Future work in the area of models for access
and other more time-tested access control methods control is likely to be focused on the proliferation of
to achieve the most practical value. Business Process Access Control models and case
study analysis of their relative effectiveness. Oracle
has incorporated BPAC as part of their database
2.4. Domain Type Enforcemet (DTE) Model
management access controls as has the SQL: 2004
standard, PostgreSQL, and SAP. Solaris, Windows
Domain Type Enforcement (DTE) is an Active Directory, and SELinux all also provide
extension of Type Enforcement (TE) and is itself support for the use of Business Process Access
extended into Dynamic Typed Access Control Control.
(DTAC). The principle of type enforcement is more
that flexible policy expressions are possible when References
objects are assigned to types and thus columns in the [1] G. Karjoth and M. Schunter, A Privacy
access control matrix are replaced by types. The Policy Model for Enterprises, 5th IEEE
DTE extension to this is to assign subjects to Computer Security Foundations Workshop,
domains and complete the matrix transformation so 271-281, 2002.
the access control matrix is now a domain definition [2] V. Thurner, A formally founded description
table (DDT) with rows of domains and columns of technique for business processes, Technical
types. DTAC expanded upon this to include RBAC
344 | P a g e
4. Anshula Garg, Prof. Pradeep Mishra / International Journal of Engineering Research and
Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 2, Issue 5, September- October 2012, pp.342-345
Report, Technical University of Munich,
Germany, 1997.
[3] D. Ferraiolo, D. Kuhn, R. Chandramouli,
Role-Based Access Control, Artech House,
2003.
[4] Ferraiolo, D. F., and Kuhn, D. R. Role
based access control. In
Proceedings of 15th National Computer
Security Conference (1992).
[5] Sandhu, R. S., Coyne, E. J., Feinstein, H.
L., and Youman, C. E. Rolebased access
control models. IEEE Computer 29, 2
(1996), 38–47.
[6] Roscheisen, M., and Winograd, T. A
communication agreement framework for
access/action control. In Proc. of the SS&P
(1996), IEEE Press, pp. 154-163.
[7] J. A. Solworth and R. H. Sload. Security
property based administrative controls.
2005.
345 | P a g e