Search results for: role based access control
43258 RAPDAC: Role Centric Attribute Based Policy Driven Access Control Model
Authors: Jamil Ahmed
Abstract:
Access control models aim to decide whether a user should be denied or granted access to the user‟s requested activity. Various access control models have been established and proposed. The most prominent of these models include role-based, attribute-based, policy based access control models as well as role-centric attribute based access control model. In this paper, a novel access control model is presented called “Role centric Attribute based Policy Driven Access Control (RAPDAC) model”. RAPDAC incorporates the concept of “policy” in the “role centric attribute based access control model”. It leverages the concept of "policy‟ by precisely combining the evaluation of conditions, attributes, permissions and roles in order to allow authorization access. This approach allows capturing the "access control policy‟ of a real time application in a well defined manner. RAPDAC model allows making access decision at much finer granularity as illustrated by the case study of a real time library information system.Keywords: authorization, access control model, role based access control, attribute based access control
Procedia PDF Downloads 15943257 SPBAC: A Semantic Policy-Based Access Control for Database Query
Authors: Aaron Zhang, Alimire Kahaer, Gerald Weber, Nalin Arachchilage
Abstract:
Access control is an essential safeguard for the security of enterprise data, which controls users’ access to information resources and ensures the confidentiality and integrity of information resources [1]. Research shows that the more common types of access control now have shortcomings [2]. In this direction, to improve the existing access control, we have studied the current technologies in the field of data security, deeply investigated the previous data access control policies and their problems, identified the existing deficiencies, and proposed a new extension structure of SPBAC. SPBAC extension proposed in this paper aims to combine Policy-Based Access Control (PBAC) with semantics to provide logically connected, real-time data access functionality by establishing associations between enterprise data through semantics. Our design combines policies with linked data through semantics to create a "Semantic link" so that access control is no longer per-database and determines that users in each role should be granted access based on the instance policy, and improves the SPBAC implementation by constructing policies and defined attributes through the XACML specification, which is designed to extend on the original XACML model. While providing relevant design solutions, this paper hopes to continue to study the feasibility and subsequent implementation of related work at a later stage.Keywords: access control, semantic policy-based access control, semantic link, access control model, instance policy, XACML
Procedia PDF Downloads 9143256 Access Control System for Big Data Application
Authors: Winfred Okoe Addy, Jean Jacques Dominique Beraud
Abstract:
Access control systems (ACs) are some of the most important components in safety areas. Inaccuracies of regulatory frameworks make personal policies and remedies more appropriate than standard models or protocols. This problem is exacerbated by the increasing complexity of software, such as integrated Big Data (BD) software for controlling large volumes of encrypted data and resources embedded in a dedicated BD production system. This paper proposes a general access control strategy system for the diffusion of Big Data domains since it is crucial to secure the data provided to data consumers (DC). We presented a general access control circulation strategy for the Big Data domain by describing the benefit of using designated access control for BD units and performance and taking into consideration the need for BD and AC system. We then presented a generic of Big Data access control system to improve the dissemination of Big Data.Keywords: access control, security, Big Data, domain
Procedia PDF Downloads 13443255 An Attribute Based Access Control Model with POL Module for Dynamically Granting and Revoking Authorizations
Authors: Gang Liu, Huimin Song, Can Wang, Runnan Zhang, Lu Fang
Abstract:
Currently, resource sharing and system security are critical issues. This paper proposes a POL module composed of PRIV ILEGE attribute (PA), obligation and log which improves attribute based access control (ABAC) model in dynamically granting authorizations and revoking authorizations. The following describes the new model termed PABAC in terms of the POL module structure, attribute definitions, policy formulation and authorization architecture, which demonstrate the advantages of it. The POL module addresses the problems which are not predicted before and not described by access control policy. It can be one of the subject attributes or resource attributes according to the practical application, which enhances the flexibility of the model compared with ABAC. A scenario that illustrates how this model is applied to the real world is provided.Keywords: access control, attribute based access control, granting authorizations, privilege, revoking authorizations, system security
Procedia PDF Downloads 35943254 Component Lifecycle and Concurrency Model in Usage Control (UCON) System
Authors: P. Ghann, J. Shiguang, C. Zhou
Abstract:
Access control is one of the most challenging issues facing information security. Access control is defined as, the ability to permit or deny access to a particular computational resource or digital information by an unauthorized user or subject. The concept of usage control (UCON) has been introduced as a unified approach to capture a number of extensions for access control models and systems. In UCON, an access decision is determined by three factors: Authorizations, obligations and conditions. Attribute mutability and decision continuity are two distinct characteristics introduced by UCON for the first time. An observation of UCON components indicates that, the components are predefined and static. In this paper, we propose a new and flexible model of usage control for the creation and elimination of some of these components; for example new objects, subjects, attributes and integrate these with the original UCON model. We also propose a model for concurrent usage scenarios in UCON.Keywords: access control, concurrency, digital container, usage control
Procedia PDF Downloads 32043253 Enhance Security in XML Databases: XLog File for Severity-Aware Trust-Based Access Control
Authors: A: Asmawi, L. S. Affendey, N. I. Udzir, R. Mahmod
Abstract:
The topic of enhancing security in XML databases is important as it includes protecting sensitive data and providing a secure environment to users. In order to improve security and provide dynamic access control for XML databases, we presented XLog file to calculate user trust values by recording users’ bad transaction, errors and query severities. Severity-aware trust-based access control for XML databases manages the access policy depending on users' trust values and prevents unauthorized processes, malicious transactions and insider threats. Privileges are automatically modified and adjusted over time depending on user behaviour and query severity. Logging in database is an important process and is used for recovery and security purposes. In this paper, the Xlog file is presented as a dynamic and temporary log file for XML databases to enhance the level of security.Keywords: XML database, trust-based access control, severity-aware, trust values, log file
Procedia PDF Downloads 30043252 The Role of Access Control Techniques in Creating a Safe Cyberspace for Children
Authors: Sara Muslat Alsahali, Nout Mohammed Alqahtani
Abstract:
Digital technology has changed the world, and with the increasing number of children accessing the Internet, it has now become an integral part of children's lives from their early years. With the rapid development of digital technology, the risks children face on the internet also evolve from cyberbullying to misuse, sexual exploitation, and abuse of their private information over the Internet. Digital technology, with its advantages and disadvantages, is now a fact of our life. Therefore, knowledge of how to reduce its risks and maximize its benefits will help shape the growth and future of a new generation of digital citizens. This paper will discuss access control techniques that help to create secure cyberspace where children can be safe without depriving them of their rights and freedom to use the internet and preventing them from its benefits. Also, it sheds light on its challenges and problems by classifying the methods of parental controlling into two possibilities asynchronous and synchronous techniques and choosing YouTube as a case study of access control techniques.Keywords: access control, cyber security, kids, parental monitoring
Procedia PDF Downloads 13743251 Survey of Access Controls in Cloud Computing
Authors: Monirah Alkathiry, Hanan Aljarwan
Abstract:
Cloud computing is one of the most significant technologies that the world deals with, in different sectors with different purposes and capabilities. The cloud faces various challenges in securing data from unauthorized access or modification. Consequently, security risks and levels have greatly increased. Therefore, cloud service providers (CSPs) and users need secure mechanisms that ensure that data are kept secret and safe from any disclosures or exploits. For this reason, CSPs need a number of techniques and technologies to manage and secure access to the cloud services to achieve security goals, such as confidentiality, integrity, identity access management (IAM), etc. Therefore, this paper will review and explore various access controls implemented in a cloud environment that achieve different security purposes. The methodology followed in this survey was conducting an assessment, evaluation, and comparison between those access controls mechanisms and technologies based on different factors, such as the security goals it achieves, usability, and cost-effectiveness. This assessment resulted in the fact that the technology used in an access control affects the security goals it achieves as well as there is no one access control method that achieves all security goals. Consequently, such a comparison would help decision-makers to choose properly the access controls that meet their requirements.Keywords: access controls, cloud computing, confidentiality, identity and access management
Procedia PDF Downloads 13143250 Green Design Study of Prefabricated Community Control Measures in Response to Public Health Emergencies
Authors: Enjia Zhang
Abstract:
During the prevention and control of the COVID-19 pandemic, all communities in China were gated and under strict management, which was highly effective in preventing the spread of the epidemic from spreading. Based on the TRIZ theory, this paper intends to propose green design strategies of community control in response to public health emergencies and to optimize community control facilities according to the principle of minimum transformation. Through the questionnaire method, this paper investigates and summarizes the situation and problems of community control during the COVID-19 pandemic. Based on these problems, the TRIZ theory is introduced to figure out the problems and associates them with prefabricated facilities. Afterward, the innovation points and solutions of prefabricated community control measures are proposed by using the contradiction matrix. This paper summarizes the current situation of community control under public health emergencies and concludes the problems such as simple forms of temporary roadblocks, sudden increase of community traffic pressure, and difficulties to access public spaces. The importance of entrance and exit control in community control is emphasized. Therefore, the community control measures are supposed to focus on traffic control, and the external access control measures, including motor vehicles, non-motor vehicles, residents and non-residents access control, and internal public space access control measures, including public space control shared with the society or adjacent communities, are proposed in order to make the community keep the open characteristics and have the flexibility to deal with sudden public health emergencies in the future.Keywords: green design, community control, prefabricated structure, public health emergency
Procedia PDF Downloads 12943249 Development of a Sequential Multimodal Biometric System for Web-Based Physical Access Control into a Security Safe
Authors: Babatunde Olumide Olawale, Oyebode Olumide Oyediran
Abstract:
The security safe is a place or building where classified document and precious items are kept. To prevent unauthorised persons from gaining access to this safe a lot of technologies had been used. But frequent reports of an unauthorised person gaining access into security safes with the aim of removing document and items from the safes are pointers to the fact that there is still security gap in the recent technologies used as access control for the security safe. In this paper we try to solve this problem by developing a multimodal biometric system for physical access control into a security safe using face and voice recognition. The safe is accessed by the combination of face and speech pattern recognition and also in that sequential order. User authentication is achieved through the use of camera/sensor unit and a microphone unit both attached to the door of the safe. The user face was captured by the camera/sensor while the speech was captured by the use of the microphone unit. The Scale Invariance Feature Transform (SIFT) algorithm was used to train images to form templates for the face recognition system while the Mel-Frequency Cepitral Coefficients (MFCC) algorithm was used to train the speech recognition system to recognise authorise user’s speech. Both algorithms were hosted in two separate web based servers and for automatic analysis of our work; our developed system was simulated in a MATLAB environment. The results obtained shows that the developed system was able to give access to authorise users while declining unauthorised person access to the security safe.Keywords: access control, multimodal biometrics, pattern recognition, security safe
Procedia PDF Downloads 33543248 Structured Access Control Mechanism for Mesh-based P2P Live Streaming Systems
Authors: Chuan-Ching Sue, Kai-Chun Chuang
Abstract:
Peer-to-Peer (P2P) live streaming systems still suffer a challenge when thousands of new peers want to join into the system in a short time, called flash crowd, and most of new peers suffer long start-up delay. Recent studies have proposed a slot-based user access control mechanism, which periodically determines a certain number of new peers to enter the system, and a user batch join mechanism, which divides new peers into several tree structures with fixed tree size. However, the slot-based user access control mechanism is difficult for accurately determining the optimal time slot length, and the user batch join mechanism is hard for determining the optimal tree size. In this paper, we propose a structured access control (SAC) mechanism, which constructs new peers to a multi-layer mesh structure. The SAC mechanism constructs new peer connections layer by layer to replace periodical access control, and determines the number of peers in each layer according to the system’s remaining upload bandwidth and average video rate. Furthermore, we propose an analytical model to represent the behavior of the system growth if the system can utilize the upload bandwidth efficiently. The analytical result has shown the similar trend in system growth as the SAC mechanism. Additionally, the extensive simulation is conducted to show the SAC mechanism outperforms two previously proposed methods in terms of system growth and start-up delay.Keywords: peer-to-peer, live video streaming system, flash crowd, start-up delay, access control
Procedia PDF Downloads 31743247 Facial Recognition Technology in Institutions of Higher Learning: Exploring the Use in Kenya
Authors: Samuel Mwangi, Josephine K. Mule
Abstract:
Access control as a security technique regulates who or what can access resources. It is a fundamental concept in security that minimizes risks to the institutions that use access control. Regulating access to institutions of higher learning is key to ensure only authorized personnel and students are allowed into the institutions. The use of biometrics has been criticized due to the setup and maintenance costs, hygiene concerns, and trepidations regarding data privacy, among other apprehensions. Facial recognition is arguably a fast and accurate way of validating identity in order to guard protected areas. It guarantees that only authorized individuals gain access to secure locations while requiring far less personal information whilst providing an additional layer of security beyond keys, fobs, or identity cards. This exploratory study sought to investigate the use of facial recognition in controlling access in institutions of higher learning in Kenya. The sample population was drawn from both private and public higher learning institutions. The data is based on responses from staff and students. Questionnaires were used for data collection and follow up interviews conducted to understand responses from the questionnaires. 80% of the sampled population indicated that there were many security breaches by unauthorized people, with some resulting in terror attacks. These security breaches were attributed to stolen identity cases, where staff or student identity cards were stolen and used by criminals to access the institutions. These unauthorized accesses have resulted in losses to the institutions, including reputational damages. The findings indicate that security breaches are a major problem in institutions of higher learning in Kenya. Consequently, access control would be beneficial if employed to curb security breaches. We suggest the use of facial recognition technology, given its uniqueness in identifying users and its non-repudiation capabilities.Keywords: facial recognition, access control, technology, learning
Procedia PDF Downloads 12543246 Channels Splitting Strategy for Optical Local Area Networks of Passive Star Topology
Authors: Peristera Baziana
Abstract:
In this paper, we present a network configuration for a WDM LANs of passive star topology that assume that the set of data WDM channels is split into two separate sets of channels, with different access rights over them. Especially, a synchronous transmission WDMA access algorithm is adopted in order to increase the probability of successful transmission over the data channels and consequently to reduce the probability of data packets transmission cancellation in order to avoid the data channels collisions. Thus, a control pre-transmission access scheme is followed over a separate control channel. An analytical Markovian model is studied and the average throughput is mathematically derived. The performance is studied for several numbers of data channels and various values of control phase duration.Keywords: access algorithm, channels division, collisions avoidance, wavelength division multiplexing
Procedia PDF Downloads 29643245 Research and Implementation of Cross-domain Data Sharing System in Net-centric Environment
Authors: Xiaoqing Wang, Jianjian Zong, Li Li, Yanxing Zheng, Jinrong Tong, Mao Zhan
Abstract:
With the rapid development of network and communication technology, a great deal of data has been generated in different domains of a network. These data show a trend of increasing scale and more complex structure. Therefore, an effective and flexible cross-domain data-sharing system is needed. The Cross-domain Data Sharing System(CDSS) in a net-centric environment is composed of three sub-systems. The data distribution sub-system provides data exchange service through publish-subscribe technology that supports asynchronism and multi-to-multi communication, which adapts to the needs of the dynamic and large-scale distributed computing environment. The access control sub-system adopts Attribute-Based Access Control(ABAC) technology to uniformly model various data attributes such as subject, object, permission and environment, which effectively monitors the activities of users accessing resources and ensures that legitimate users get effective access control rights within a legal time. The cross-domain access security negotiation subsystem automatically determines the access rights between different security domains in the process of interactive disclosure of digital certificates and access control policies through trust policy management and negotiation algorithms, which provides an effective means for cross-domain trust relationship establishment and access control in a distributed environment. The CDSS’s asynchronous,multi-to-multi and loosely-coupled communication features can adapt well to data exchange and sharing in dynamic, distributed and large-scale network environments. Next, we will give CDSS new features to support the mobile computing environment.Keywords: data sharing, cross-domain, data exchange, publish-subscribe
Procedia PDF Downloads 12443244 Hybrid Knowledge Approach for Determining Health Care Provider Specialty from Patient Diagnoses
Authors: Erin Lynne Plettenberg, Jeremy Vickery
Abstract:
In an access-control situation, the role of a user determines whether a data request is appropriate. This paper combines vetted web mining and logic modeling to build a lightweight system for determining the role of a health care provider based only on their prior authorized requests. The model identifies provider roles with 100% recall from very little data. This shows the value of vetted web mining in AI systems, and suggests the impact of the ICD classification on medical practice.Keywords: electronic medical records, information extraction, logic modeling, ontology, vetted web mining
Procedia PDF Downloads 17243243 Analysis of Cascade Control Structure in Train Dynamic Braking System
Authors: B. Moaveni, S. Morovati
Abstract:
In recent years, increasing the usage of railway transportations especially in developing countries caused more attention to control systems railway vehicles. Consequently, designing and implementing the modern control systems to improve the operating performance of trains and locomotives become one of the main concerns of researches. Dynamic braking systems is an important safety system which controls the amount of braking torque generated by traction motors, to keep the adhesion coefficient between the wheel-sets and rail road in optimum bound. Adhesion force has an important role to control the braking distance and prevent the wheels from slipping during the braking process. Cascade control structure is one of the best control methods for the wide range of industrial plants in the presence of disturbances and errors. This paper presents cascade control structure based on two forward simple controllers with two feedback loops to control the slip ratio and braking torque. In this structure, the inner loop controls the angular velocity and the outer loop control the longitudinal velocity of the locomotive that its dynamic is slower than the dynamic of angular velocity. This control structure by controlling the torque of DC traction motors, tries to track the desired velocity profile to access the predefined braking distance and to control the slip ratio. Simulation results are employed to show the effectiveness of the introduced methodology in dynamic braking system.Keywords: cascade control, dynamic braking system, DC traction motors, slip control
Procedia PDF Downloads 36543242 The Influence of the Visual and the Direct Physical Accessibility on the Sense of Control of Saudi Women in the Home Environment
Authors: Ahdab H. Mahdaly, Debajyoti Pati, Sharran Parkinson, Lee S. Duemer
Abstract:
The importance of providing employed mothers with the right physical environment inside the home is not an easy task, especially when the culture is involved. This study examines the typical Saudi home as a personal, emotional, social and cultural setting, especially on the interactions between the physical design and perceived control of working mothers. However, owing to the scarcity of published literature on Saudi homes, American employed mothers were included in the study to provide a baseline. With the ongoing transformations in women’s role in Saudi Arabia, there is a perception that traditional home designs may not afford the appropriate sense of control inside the home. Saudi Arabia has numerous interacting layers of socio-cultural-religious forces that affect residential design, and understanding the moderating role of the Saudi home is vital to the ongoing national policy transition on women. The study investigated one narrow, albeit critical, influence of home design on ones sense of control – direct visual and physical accessibility between sets of rooms. Ten subjects, five Saudis and five American, examined visual and physical access between 171 room sets, and provided qualitative responses on how each access influences their sense of control. Three main themes emerged, with potential effects on control: 1- Openness, 2- Proximity, and 3- Separation. Data suggest that although the Saudi home is a substantially more complex setting than the American ones, a class of spaces that can be termed as ‘Neutral Rooms’ serving as cultural separators may represent the ideal solution for optimizing sense of control, without ignoring cultural-religious traditions, during the transition of the Saudi women.Keywords: direct physical accessibility, home environment, sense of control, visual accessibility, working mothers
Procedia PDF Downloads 31143241 Using IoT on Single Input Multiple Outputs (SIMO) DC–DC Converter to Control Smart-home
Authors: Auwal Mustapha Imam
Abstract:
The aim of the energy management system is to monitor and control utilization, access, optimize and manage energy availability. This can be realized through real-time analyses and energy sources and loads data control in a predictive way. Smart-home monitoring and control provide convenience and cost savings by controlling appliances, lights, thermostats and other loads. There may be different categories of loads in the various homes, and the homeowner may wish to control access to solar-generated energy to protect the storage from draining completely. Controlling the power system operation by managing the converter output power and controlling how it feeds the appliances will satisfy the residential load demand. The Internet of Things (IoT) provides an attractive technological platform to connect the two and make home automation and domestic energy utilization easier and more attractive. This paper presents the use of IoT-based control topology to monitor and control power distribution and consumption by DC loads connected to single-input multiple outputs (SIMO) DC-DC converter, thereby reducing leakages, enhancing performance and reducing human efforts. A SIMO converter was first developed and integrated with the IoT/Raspberry Pi control topology, which enables the user to monitor and control power scheduling and load forecasting via an Android app.Keywords: flyback, converter, DC-DC, photovoltaic, SIMO
Procedia PDF Downloads 4743240 Towards a Secure Storage in Cloud Computing
Authors: Mohamed Elkholy, Ahmed Elfatatry
Abstract:
Cloud computing has emerged as a flexible computing paradigm that reshaped the Information Technology map. However, cloud computing brought about a number of security challenges as a result of the physical distribution of computational resources and the limited control that users have over the physical storage. This situation raises many security challenges for data integrity and confidentiality as well as authentication and access control. This work proposes a security mechanism for data integrity that allows a data owner to be aware of any modification that takes place to his data. The data integrity mechanism is integrated with an extended Kerberos authentication that ensures authorized access control. The proposed mechanism protects data confidentiality even if data are stored on an untrusted storage. The proposed mechanism has been evaluated against different types of attacks and proved its efficiency to protect cloud data storage from different malicious attacks.Keywords: access control, data integrity, data confidentiality, Kerberos authentication, cloud security
Procedia PDF Downloads 33543239 An Algorithm Based on Control Indexes to Increase the Quality of Service on Cellular Networks
Authors: Rahman Mofidi, Sina Rahimi, Farnoosh Darban
Abstract:
Communication plays a key role in today’s world, and to support it, the quality of service has the highest priority. It is very important to differentiate between traffic based on priority level. Some traffic classes should be a higher priority than other classes. It is also necessary to give high priority to customers who have more payment for better service, however, without influence on other customers. So to realize that, we will require effective quality of service methods. To ensure the optimal performance of the network in accordance with the quality of service is an important goal for all operators in the mobile network. In this work, we propose an algorithm based on control parameters which it’s based on user feedback that aims at minimizing the access to system transmit power and thus improving the network key performance indicators and increasing the quality of service. This feedback that is known as channel quality indicator (CQI) indicates the received signal level of the user. We aim at proposing an algorithm in control parameter criterion to study improving the quality of service and throughput in a cellular network at the simulated environment. In this work we tried to parameter values have close to their actual level. Simulation results show that the proposed algorithm improves the system throughput and thus satisfies users' throughput and improves service to set up a successful call.Keywords: quality of service, key performance indicators, control parameter, channel quality indicator
Procedia PDF Downloads 20343238 A Secure System for Handling Information from Heterogeous Sources
Authors: Shoohira Aftab, Hammad Afzal
Abstract:
Information integration is a well known procedure to provide consolidated view on sets of heterogeneous information sources. It not only provides better statistical analysis of information but also facilitates users to query without any knowledge on the underlying heterogeneous information sources The problem of providing a consolidated view of information can be handled using Semantic data (information stored in such a way that is understandable by machines and integrate-able without manual human intervention). However, integrating information using semantic web technology without any access management enforced, will results in increase of privacy and confidentiality concerns. In this research we have designed and developed a framework that would allow information from heterogeneous formats to be consolidated, thus resolving the issue of interoperability. We have also devised an access control system for defining explicit privacy constraints. We designed and applied our framework on both semantic and non-semantic data from heterogeneous resources. Our approach is validated using scenario based testing.Keywords: information integration, semantic data, interoperability, security, access control system
Procedia PDF Downloads 35743237 Central African Republic Government Recruitment Agency Based on Identity Management and Public Key Encryption
Authors: Koyangbo Guere Monguia Michel Alex Emmanuel
Abstract:
In e-government and especially recruitment, many researches have been conducted to build a trustworthy and reliable online or application system capable to process users or job applicant files. In this research (Government Recruitment Agency), cloud computing, identity management and public key encryption have been used to management domains, access control authorization mechanism and to secure data exchange between entities for reliable procedure of processing files.Keywords: cloud computing network, identity management systems, public key encryption, access control and authorization
Procedia PDF Downloads 35843236 BTG-BIBA: A Flexibility-Enhanced Biba Model Using BTG Strategies for Operating System
Authors: Gang Liu, Can Wang, Runnan Zhang, Quan Wang, Huimin Song, Shaomin Ji
Abstract:
Biba model can protect information integrity but might deny various non-malicious access requests of the subjects, thereby decreasing the availability in the system. Therefore, a mechanism that allows exceptional access control is needed. Break the Glass (BTG) strategies refer an efficient means for extending the access rights of users in exceptional cases. These strategies help to prevent a system from stagnation. An approach is presented in this work for integrating Break the Glass strategies into the Biba model. This research proposes a model, BTG-Biba, which provides both an original Biba model used in normal situations and a mechanism used in emergency situations. The proposed model is context aware, can implement a fine-grained type of access control and primarily solves cross-domain access problems. Finally, the flexibility and availability improvement with the use of the proposed model is illustrated.Keywords: Biba model, break the glass, context, cross-domain, fine-grained
Procedia PDF Downloads 54143235 Data Confidentiality in Public Cloud: A Method for Inclusion of ID-PKC Schemes in OpenStack Cloud
Authors: N. Nalini, Bhanu Prakash Gopularam
Abstract:
The term data security refers to the degree of resistance or protection given to information from unintended or unauthorized access. The core principles of information security are the confidentiality, integrity and availability, also referred as CIA triad. Cloud computing services are classified as SaaS, IaaS and PaaS services. With cloud adoption the confidential enterprise data are moved from organization premises to untrusted public network and due to this the attack surface has increased manifold. Several cloud computing platforms like OpenStack, Eucalyptus, Amazon EC2 offer users to build and configure public, hybrid and private clouds. While the traditional encryption based on PKI infrastructure still works in cloud scenario, the management of public-private keys and trust certificates is difficult. The Identity based Public Key Cryptography (also referred as ID-PKC) overcomes this problem by using publicly identifiable information for generating the keys and works well with decentralized systems. The users can exchange information securely without having to manage any trust information. Another advantage is that access control (role based access control policy) information can be embedded into data unlike in PKI where it is handled by separate component or system. In OpenStack cloud platform the keystone service acts as identity service for authentication and authorization and has support for public key infrastructure for auto services. In this paper, we explain OpenStack security architecture and evaluate the PKI infrastructure piece for data confidentiality. We provide method to integrate ID-PKC schemes for securing data while in transit and stored and explain the key measures for safe guarding data against security attacks. The proposed approach uses JPBC crypto library for key-pair generation based on IEEE P1636.3 standard and secure communication to other cloud services.Keywords: data confidentiality, identity based cryptography, secure communication, open stack key stone, token scoping
Procedia PDF Downloads 38443234 Design of an Ensemble Learning Behavior Anomaly Detection Framework
Authors: Abdoulaye Diop, Nahid Emad, Thierry Winter, Mohamed Hilia
Abstract:
Data assets protection is a crucial issue in the cybersecurity field. Companies use logical access control tools to vault their information assets and protect them against external threats, but they lack solutions to counter insider threats. Nowadays, insider threats are the most significant concern of security analysts. They are mainly individuals with legitimate access to companies information systems, which use their rights with malicious intents. In several fields, behavior anomaly detection is the method used by cyber specialists to counter the threats of user malicious activities effectively. In this paper, we present the step toward the construction of a user and entity behavior analysis framework by proposing a behavior anomaly detection model. This model combines machine learning classification techniques and graph-based methods, relying on linear algebra and parallel computing techniques. We show the utility of an ensemble learning approach in this context. We present some detection methods tests results on an representative access control dataset. The use of some explored classifiers gives results up to 99% of accuracy.Keywords: cybersecurity, data protection, access control, insider threat, user behavior analysis, ensemble learning, high performance computing
Procedia PDF Downloads 12843233 Bridge Healthcare Access Gap with Artifical Intelligence
Authors: Moshmi Sangavarapu
Abstract:
The US healthcare industry has undergone tremendous digital transformation in recent years, but critical care access to lower-income ethnicities is still in its nascency. This population has historically showcased substantial hesitation to seek any medical assistance. While the lack of sufficient financial resources plays a critical role, the existing cultural and knowledge barriers also contribute significantly to widening the access gap. It is imperative to break these barriers to ensure timely access to therapeutic procedures that can save important lives! Based on ongoing research, healthcare access barriers can be best addressed by tapping the untapped potential of caregiver communities first. They play a critical role in patients’ diagnoses, building healthcare knowledge and instilling confidence in required therapeutic procedures. Recent technological advancements have opened many avenues by developing smart ways of reaching the large caregiver community. A digitized go-to-market strategy featuring connected media coupled with smart IoT devices and geo-location targeting can be collectively leveraged to reach this key audience group. AI/ML algorithms can be thoroughly trained to identify relevant data signals from users' location and browsing behavior and determine useful marketing touchpoints. The web behavior can be further assimilated with natural language processing to identify contextually relevant interest topics and decipher potential caregivers on digital avenues to serve that brand message. In conclusion, grasping the true health access journey of any lower-income ethnic group is important to design beneficial touchpoints that can alleviate patients’ concerns and allow them to break their own access barriers and opt for timely and quality healthcare.Keywords: healthcare access, market access, diversity barriers, patient journey
Procedia PDF Downloads 5443232 Public Policy as a Component of Entrepreneurship Ecosystems: Challenges of Implementation
Authors: José Batista de Souza Neto
Abstract:
This research project has as its theme the implementation of public policies to support micro and small businesses (MSEs). The research problem defined was how public policies for access to markets that drive the entrepreneurial ecosystem of MSEs are implemented. The general objective of this research is to understand the process of implementing a public policy to support the entrepreneurial ecosystem of MSEs by the Support Service for Micro and Small Enterprises of the State of São Paulo (SEBRAESP). Public policies are constituent elements of entrepreneurship ecosystems that influence the creation and development of ventures from the action of the entrepreneur. At the end of the research, it is expected to achieve the results for the following specific objectives: (a) understand how the entrepreneurial ecosystem of MSEs is constituted; (b) understand how market access public policies for MSEs are designed and implemented; (c) understand SEBRAE's role in the entrepreneurship ecosystem; and (d) offer an action plan and monitor its execution up to march, 2023. The field research will be conducted based on Action Research, with a qualitative and longitudinal approach to the data. Data collection will be based on narratives produced since 2019 when the decision to implement Comércio Brasil program, a public policy focused on generating market access for 4280 MSEs yearly, was made. The narratives will be analyzed by the method of document analysis and narrative analysis. It is expected that the research will consolidate the relevance of public policies to market access for MSEs and the role of SEBRAE as a protagonist in the implementation of these public policies in the entrepreneurship ecosystem will be demonstrated. Action research is recognized as an intervention method, it is expected that this research will corroborate its role in supporting management processes.Keywords: entrepreneurship, entrepreneurship ecosystem, public policies, SEBRAE, action research
Procedia PDF Downloads 18643231 Design and Implementation of a Memory Safety Isolation Method Based on the Xen Cloud Environment
Authors: Dengpan Wu, Dan Liu
Abstract:
In view of the present cloud security problem has increasingly become one of the major obstacles hindering the development of the cloud computing, put forward a kind of memory based on Xen cloud environment security isolation technology implementation. And based on Xen virtual machine monitor system, analysis of the model of memory virtualization is implemented, using Xen memory virtualization system mechanism of super calls and grant table, based on the virtual machine manager internal implementation of access control module (ACM) to design the security isolation system memory. Experiments show that, the system can effectively isolate different customer domain OS between illegal access to memory data.Keywords: cloud security, memory isolation, xen, virtual machine
Procedia PDF Downloads 40943230 Place and Role of Corporate Governance in Japan
Authors: Feddaoui Amina
Abstract:
In a broad sense, corporate governance covers the organization of the control and management. The term is also used in a narrower sense, to refer to the relationship between shareholders, and the company’s board. There are a lot of discussions devoted to the understanding of the corporate governance role and its principles. In this paper, we are going to describe the definition of corporate governance as a control system and its principles, and find the role of corporate governance and its pillars. Finally, we are going to drop the theoretical study on the case of Japan.Keywords: corporate governance, place, role, Japan
Procedia PDF Downloads 33643229 The Effect of Visual Fluency and Cognitive Fluency on Access Rates of Web Pages
Authors: Xiaoying Guo, Xiangyun Wang
Abstract:
Access rates is a key indicator of reflecting the popularity of web pages. Having high access rates are very important for web pages, especially for news web pages, online shopping sites and searching engines. In this paper, we analyzed the influences of visual fluency and cognitive fluency on access rates of Chinese web pages. Firstly, we conducted an experiment of scoring the web pages. Twenty-five subjects were invited to view top 50 web pages of China, and they were asked to give a score in a 5-point Likert-scale from four aspects, including complexity, comfortability, familiarity and usability. Secondly, the obtained results was analyzed by correlation analysis and factor analysis in R. By factor analysis; we analyzed the contributions of visual fluency and cognitive fluency to the access rates. The results showed that both visual fluency and cognitive fluency affect the access rate of web pages. Compared to cognitive fluency, visual fluency play a more important role in user’s accessing of web pages.Keywords: visual fluency, cognitive fluency, visual complexity, usability
Procedia PDF Downloads 379