Commenced in January 2007
Frequency: Monthly
Edition: International
Paper Count: 33828

Search results for: role based access control

33828 RAPDAC: Role Centric Attribute Based Policy Driven Access Control Model

Authors: Jamil Ahmed

Abstract:

Access control models aim to decide whether a user should be denied or granted access to the user‟s requested activity. Various access control models have been established and proposed. The most prominent of these models include role-based, attribute-based, policy based access control models as well as role-centric attribute based access control model. In this paper, a novel access control model is presented called “Role centric Attribute based Policy Driven Access Control (RAPDAC) model”. RAPDAC incorporates the concept of “policy” in the “role centric attribute based access control model”. It leverages the concept of "policy‟ by precisely combining the evaluation of conditions, attributes, permissions and roles in order to allow authorization access. This approach allows capturing the "access control policy‟ of a real time application in a well defined manner. RAPDAC model allows making access decision at much finer granularity as illustrated by the case study of a real time library information system.

Keywords: authorization, access control model, role based access control, attribute based access control

Procedia PDF Downloads 58
33827 An Attribute Based Access Control Model with POL Module for Dynamically Granting and Revoking Authorizations

Authors: Gang Liu, Huimin Song, Can Wang, Runnan Zhang, Lu Fang

Abstract:

Currently, resource sharing and system security are critical issues. This paper proposes a POL module composed of PRIV ILEGE attribute (PA), obligation and log which improves attribute based access control (ABAC) model in dynamically granting authorizations and revoking authorizations. The following describes the new model termed PABAC in terms of the POL module structure, attribute definitions, policy formulation and authorization architecture, which demonstrate the advantages of it. The POL module addresses the problems which are not predicted before and not described by access control policy. It can be one of the subject attributes or resource attributes according to the practical application, which enhances the flexibility of the model compared with ABAC. A scenario that illustrates how this model is applied to the real world is provided.

Keywords: access control, attribute based access control, granting authorizations, privilege, revoking authorizations, system security

Procedia PDF Downloads 280
33826 Access Control System for Big Data Application

Authors: Winfred Okoe Addy, Jean Jacques Dominique Beraud

Abstract:

Access control systems (ACs) are some of the most important components in safety areas. Inaccuracies of regulatory frameworks make personal policies and remedies more appropriate than standard models or protocols. This problem is exacerbated by the increasing complexity of software, such as integrated Big Data (BD) software for controlling large volumes of encrypted data and resources embedded in a dedicated BD production system. This paper proposes a general access control strategy system for the diffusion of Big Data domains since it is crucial to secure the data provided to data consumers (DC). We presented a general access control circulation strategy for the Big Data domain by describing the benefit of using designated access control for BD units and performance and taking into consideration the need for BD and AC system. We then presented a generic of Big Data access control system to improve the dissemination of Big Data.

Keywords: access control, security, Big Data, domain

Procedia PDF Downloads 52
33825 Enhance Security in XML Databases: XLog File for Severity-Aware Trust-Based Access Control

Authors: A: Asmawi, L. S. Affendey, N. I. Udzir, R. Mahmod

Abstract:

The topic of enhancing security in XML databases is important as it includes protecting sensitive data and providing a secure environment to users. In order to improve security and provide dynamic access control for XML databases, we presented XLog file to calculate user trust values by recording users’ bad transaction, errors and query severities. Severity-aware trust-based access control for XML databases manages the access policy depending on users' trust values and prevents unauthorized processes, malicious transactions and insider threats. Privileges are automatically modified and adjusted over time depending on user behaviour and query severity. Logging in database is an important process and is used for recovery and security purposes. In this paper, the Xlog file is presented as a dynamic and temporary log file for XML databases to enhance the level of security.

Keywords: XML database, trust-based access control, severity-aware, trust values, log file

Procedia PDF Downloads 218
33824 Component Lifecycle and Concurrency Model in Usage Control (UCON) System

Authors: P. Ghann, J. Shiguang, C. Zhou

Abstract:

Access control is one of the most challenging issues facing information security. Access control is defined as, the ability to permit or deny access to a particular computational resource or digital information by an unauthorized user or subject. The concept of usage control (UCON) has been introduced as a unified approach to capture a number of extensions for access control models and systems. In UCON, an access decision is determined by three factors: Authorizations, obligations and conditions. Attribute mutability and decision continuity are two distinct characteristics introduced by UCON for the first time. An observation of UCON components indicates that, the components are predefined and static. In this paper, we propose a new and flexible model of usage control for the creation and elimination of some of these components; for example new objects, subjects, attributes and integrate these with the original UCON model. We also propose a model for concurrent usage scenarios in UCON.

Keywords: access control, concurrency, digital container, usage control

Procedia PDF Downloads 249
33823 The Role of Access Control Techniques in Creating a Safe Cyberspace for Children

Authors: Sara Muslat Alsahali, Nout Mohammed Alqahtani

Abstract:

Digital technology has changed the world, and with the increasing number of children accessing the Internet, it has now become an integral part of children's lives from their early years. With the rapid development of digital technology, the risks children face on the internet also evolve from cyberbullying to misuse, sexual exploitation, and abuse of their private information over the Internet. Digital technology, with its advantages and disadvantages, is now a fact of our life. Therefore, knowledge of how to reduce its risks and maximize its benefits will help shape the growth and future of a new generation of digital citizens. This paper will discuss access control techniques that help to create secure cyberspace where children can be safe without depriving them of their rights and freedom to use the internet and preventing them from its benefits. Also, it sheds light on its challenges and problems by classifying the methods of parental controlling into two possibilities asynchronous and synchronous techniques and choosing YouTube as a case study of access control techniques.

Keywords: access control, cyber security, kids, parental monitoring

Procedia PDF Downloads 45
33822 Survey of Access Controls in Cloud Computing

Authors: Monirah Alkathiry, Hanan Aljarwan

Abstract:

Cloud computing is one of the most significant technologies that the world deals with, in different sectors with different purposes and capabilities. The cloud faces various challenges in securing data from unauthorized access or modification. Consequently, security risks and levels have greatly increased. Therefore, cloud service providers (CSPs) and users need secure mechanisms that ensure that data are kept secret and safe from any disclosures or exploits. For this reason, CSPs need a number of techniques and technologies to manage and secure access to the cloud services to achieve security goals, such as confidentiality, integrity, identity access management (IAM), etc. Therefore, this paper will review and explore various access controls implemented in a cloud environment that achieve different security purposes. The methodology followed in this survey was conducting an assessment, evaluation, and comparison between those access controls mechanisms and technologies based on different factors, such as the security goals it achieves, usability, and cost-effectiveness. This assessment resulted in the fact that the technology used in an access control affects the security goals it achieves as well as there is no one access control method that achieves all security goals. Consequently, such a comparison would help decision-makers to choose properly the access controls that meet their requirements.

Keywords: access controls, cloud computing, confidentiality, identity and access management

Procedia PDF Downloads 55
33821 Green Design Study of Prefabricated Community Control Measures in Response to Public Health Emergencies

Authors: Enjia Zhang

Abstract:

During the prevention and control of the COVID-19 pandemic, all communities in China were gated and under strict management, which was highly effective in preventing the spread of the epidemic from spreading. Based on the TRIZ theory, this paper intends to propose green design strategies of community control in response to public health emergencies and to optimize community control facilities according to the principle of minimum transformation. Through the questionnaire method, this paper investigates and summarizes the situation and problems of community control during the COVID-19 pandemic. Based on these problems, the TRIZ theory is introduced to figure out the problems and associates them with prefabricated facilities. Afterward, the innovation points and solutions of prefabricated community control measures are proposed by using the contradiction matrix. This paper summarizes the current situation of community control under public health emergencies and concludes the problems such as simple forms of temporary roadblocks, sudden increase of community traffic pressure, and difficulties to access public spaces. The importance of entrance and exit control in community control is emphasized. Therefore, the community control measures are supposed to focus on traffic control, and the external access control measures, including motor vehicles, non-motor vehicles, residents and non-residents access control, and internal public space access control measures, including public space control shared with the society or adjacent communities, are proposed in order to make the community keep the open characteristics and have the flexibility to deal with sudden public health emergencies in the future.

Keywords: green design, community control, prefabricated structure, public health emergency

Procedia PDF Downloads 39
33820 Structured Access Control Mechanism for Mesh-based P2P Live Streaming Systems

Authors: Chuan-Ching Sue, Kai-Chun Chuang

Abstract:

Peer-to-Peer (P2P) live streaming systems still suffer a challenge when thousands of new peers want to join into the system in a short time, called flash crowd, and most of new peers suffer long start-up delay. Recent studies have proposed a slot-based user access control mechanism, which periodically determines a certain number of new peers to enter the system, and a user batch join mechanism, which divides new peers into several tree structures with fixed tree size. However, the slot-based user access control mechanism is difficult for accurately determining the optimal time slot length, and the user batch join mechanism is hard for determining the optimal tree size. In this paper, we propose a structured access control (SAC) mechanism, which constructs new peers to a multi-layer mesh structure. The SAC mechanism constructs new peer connections layer by layer to replace periodical access control, and determines the number of peers in each layer according to the system’s remaining upload bandwidth and average video rate. Furthermore, we propose an analytical model to represent the behavior of the system growth if the system can utilize the upload bandwidth efficiently. The analytical result has shown the similar trend in system growth as the SAC mechanism. Additionally, the extensive simulation is conducted to show the SAC mechanism outperforms two previously proposed methods in terms of system growth and start-up delay.

Keywords: peer-to-peer, live video streaming system, flash crowd, start-up delay, access control

Procedia PDF Downloads 232
33819 Development of a Sequential Multimodal Biometric System for Web-Based Physical Access Control into a Security Safe

Authors: Babatunde Olumide Olawale, Oyebode Olumide Oyediran

Abstract:

The security safe is a place or building where classified document and precious items are kept. To prevent unauthorised persons from gaining access to this safe a lot of technologies had been used. But frequent reports of an unauthorised person gaining access into security safes with the aim of removing document and items from the safes are pointers to the fact that there is still security gap in the recent technologies used as access control for the security safe. In this paper we try to solve this problem by developing a multimodal biometric system for physical access control into a security safe using face and voice recognition. The safe is accessed by the combination of face and speech pattern recognition and also in that sequential order. User authentication is achieved through the use of camera/sensor unit and a microphone unit both attached to the door of the safe. The user face was captured by the camera/sensor while the speech was captured by the use of the microphone unit. The Scale Invariance Feature Transform (SIFT) algorithm was used to train images to form templates for the face recognition system while the Mel-Frequency Cepitral Coefficients (MFCC) algorithm was used to train the speech recognition system to recognise authorise user’s speech. Both algorithms were hosted in two separate web based servers and for automatic analysis of our work; our developed system was simulated in a MATLAB environment. The results obtained shows that the developed system was able to give access to authorise users while declining unauthorised person access to the security safe.

Keywords: access control, multimodal biometrics, pattern recognition, security safe

Procedia PDF Downloads 249
33818 Hybrid Knowledge Approach for Determining Health Care Provider Specialty from Patient Diagnoses

Authors: Erin Lynne Plettenberg, Jeremy Vickery

Abstract:

In an access-control situation, the role of a user determines whether a data request is appropriate. This paper combines vetted web mining and logic modeling to build a lightweight system for determining the role of a health care provider based only on their prior authorized requests. The model identifies provider roles with 100% recall from very little data. This shows the value of vetted web mining in AI systems, and suggests the impact of the ICD classification on medical practice.

Keywords: electronic medical records, information extraction, logic modeling, ontology, vetted web mining

Procedia PDF Downloads 93
33817 Facial Recognition Technology in Institutions of Higher Learning: Exploring the Use in Kenya

Authors: Samuel Mwangi, Josephine K. Mule

Abstract:

Access control as a security technique regulates who or what can access resources. It is a fundamental concept in security that minimizes risks to the institutions that use access control. Regulating access to institutions of higher learning is key to ensure only authorized personnel and students are allowed into the institutions. The use of biometrics has been criticized due to the setup and maintenance costs, hygiene concerns, and trepidations regarding data privacy, among other apprehensions. Facial recognition is arguably a fast and accurate way of validating identity in order to guard protected areas. It guarantees that only authorized individuals gain access to secure locations while requiring far less personal information whilst providing an additional layer of security beyond keys, fobs, or identity cards. This exploratory study sought to investigate the use of facial recognition in controlling access in institutions of higher learning in Kenya. The sample population was drawn from both private and public higher learning institutions. The data is based on responses from staff and students. Questionnaires were used for data collection and follow up interviews conducted to understand responses from the questionnaires. 80% of the sampled population indicated that there were many security breaches by unauthorized people, with some resulting in terror attacks. These security breaches were attributed to stolen identity cases, where staff or student identity cards were stolen and used by criminals to access the institutions. These unauthorized accesses have resulted in losses to the institutions, including reputational damages. The findings indicate that security breaches are a major problem in institutions of higher learning in Kenya. Consequently, access control would be beneficial if employed to curb security breaches. We suggest the use of facial recognition technology, given its uniqueness in identifying users and its non-repudiation capabilities.

Keywords: facial recognition, access control, technology, learning

Procedia PDF Downloads 42
33816 An Algorithm Based on Control Indexes to Increase the Quality of Service on Cellular Networks

Authors: Rahman Mofidi, Sina Rahimi, Farnoosh Darban

Abstract:

Communication plays a key role in today’s world, and to support it, the quality of service has the highest priority. It is very important to differentiate between traffic based on priority level. Some traffic classes should be a higher priority than other classes. It is also necessary to give high priority to customers who have more payment for better service, however, without influence on other customers. So to realize that, we will require effective quality of service methods. To ensure the optimal performance of the network in accordance with the quality of service is an important goal for all operators in the mobile network. In this work, we propose an algorithm based on control parameters which it’s based on user feedback that aims at minimizing the access to system transmit power and thus improving the network key performance indicators and increasing the quality of service. This feedback that is known as channel quality indicator (CQI) indicates the received signal level of the user. We aim at proposing an algorithm in control parameter criterion to study improving the quality of service and throughput in a cellular network at the simulated environment. In this work we tried to parameter values have close to their actual level. Simulation results show that the proposed algorithm improves the system throughput and thus satisfies users' throughput and improves service to set up a successful call.

Keywords: quality of service, key performance indicators, control parameter, channel quality indicator

Procedia PDF Downloads 51
33815 Channels Splitting Strategy for Optical Local Area Networks of Passive Star Topology

Authors: Peristera Baziana

Abstract:

In this paper, we present a network configuration for a WDM LANs of passive star topology that assume that the set of data WDM channels is split into two separate sets of channels, with different access rights over them. Especially, a synchronous transmission WDMA access algorithm is adopted in order to increase the probability of successful transmission over the data channels and consequently to reduce the probability of data packets transmission cancellation in order to avoid the data channels collisions. Thus, a control pre-transmission access scheme is followed over a separate control channel. An analytical Markovian model is studied and the average throughput is mathematically derived. The performance is studied for several numbers of data channels and various values of control phase duration.

Keywords: access algorithm, channels division, collisions avoidance, wavelength division multiplexing

Procedia PDF Downloads 202
33814 Data Confidentiality in Public Cloud: A Method for Inclusion of ID-PKC Schemes in OpenStack Cloud

Authors: N. Nalini, Bhanu Prakash Gopularam

Abstract:

The term data security refers to the degree of resistance or protection given to information from unintended or unauthorized access. The core principles of information security are the confidentiality, integrity and availability, also referred as CIA triad. Cloud computing services are classified as SaaS, IaaS and PaaS services. With cloud adoption the confidential enterprise data are moved from organization premises to untrusted public network and due to this the attack surface has increased manifold. Several cloud computing platforms like OpenStack, Eucalyptus, Amazon EC2 offer users to build and configure public, hybrid and private clouds. While the traditional encryption based on PKI infrastructure still works in cloud scenario, the management of public-private keys and trust certificates is difficult. The Identity based Public Key Cryptography (also referred as ID-PKC) overcomes this problem by using publicly identifiable information for generating the keys and works well with decentralized systems. The users can exchange information securely without having to manage any trust information. Another advantage is that access control (role based access control policy) information can be embedded into data unlike in PKI where it is handled by separate component or system. In OpenStack cloud platform the keystone service acts as identity service for authentication and authorization and has support for public key infrastructure for auto services. In this paper, we explain OpenStack security architecture and evaluate the PKI infrastructure piece for data confidentiality. We provide method to integrate ID-PKC schemes for securing data while in transit and stored and explain the key measures for safe guarding data against security attacks. The proposed approach uses JPBC crypto library for key-pair generation based on IEEE P1636.3 standard and secure communication to other cloud services.

Keywords: data confidentiality, identity based cryptography, secure communication, open stack key stone, token scoping

Procedia PDF Downloads 297
33813 Research and Implementation of Cross-domain Data Sharing System in Net-centric Environment

Authors: Xiaoqing Wang, Jianjian Zong, Li Li, Yanxing Zheng, Jinrong Tong, Mao Zhan

Abstract:

With the rapid development of network and communication technology, a great deal of data has been generated in different domains of a network. These data show a trend of increasing scale and more complex structure. Therefore, an effective and flexible cross-domain data-sharing system is needed. The Cross-domain Data Sharing System(CDSS) in a net-centric environment is composed of three sub-systems. The data distribution sub-system provides data exchange service through publish-subscribe technology that supports asynchronism and multi-to-multi communication, which adapts to the needs of the dynamic and large-scale distributed computing environment. The access control sub-system adopts Attribute-Based Access Control(ABAC) technology to uniformly model various data attributes such as subject, object, permission and environment, which effectively monitors the activities of users accessing resources and ensures that legitimate users get effective access control rights within a legal time. The cross-domain access security negotiation subsystem automatically determines the access rights between different security domains in the process of interactive disclosure of digital certificates and access control policies through trust policy management and negotiation algorithms, which provides an effective means for cross-domain trust relationship establishment and access control in a distributed environment. The CDSS’s asynchronous,multi-to-multi and loosely-coupled communication features can adapt well to data exchange and sharing in dynamic, distributed and large-scale network environments. Next, we will give CDSS new features to support the mobile computing environment.

Keywords: data sharing, cross-domain, data exchange, publish-subscribe

Procedia PDF Downloads 46
33812 Design and Implementation of a Memory Safety Isolation Method Based on the Xen Cloud Environment

Authors: Dengpan Wu, Dan Liu

Abstract:

In view of the present cloud security problem has increasingly become one of the major obstacles hindering the development of the cloud computing, put forward a kind of memory based on Xen cloud environment security isolation technology implementation. And based on Xen virtual machine monitor system, analysis of the model of memory virtualization is implemented, using Xen memory virtualization system mechanism of super calls and grant table, based on the virtual machine manager internal implementation of access control module (ACM) to design the security isolation system memory. Experiments show that, the system can effectively isolate different customer domain OS between illegal access to memory data.

Keywords: cloud security, memory isolation, xen, virtual machine

Procedia PDF Downloads 308
33811 Improving System Performance through User's Resource Access Patterns

Authors: K. C. Wong

Abstract:

This paper demonstrates a number of examples in the hope to shed some light on the possibility of designing future operating systems in a more adaptation-based manner. A modern operating system, we conceive, should possess the capability of 'learning' in such a way that it can dynamically adjust its services and behavior according to the current status of the environment in which it operates. In other words, a modern operating system should play a more proactive role during the session of providing system services to users. As such, a modern operating system is expected to create a computing environment, in which its users are provided with system services more matching their dynamically changing needs. The examples demonstrated in this paper show that user's resource access patterns 'learned' and determined during a session can be utilized to improve system performance and hence to provide users with a better and more effective computing environment. The paper also discusses how to use the frequency, the continuity, and the duration of resource accesses in a session to quantitatively measure and determine user's resource access patterns for the examples shown in the paper.

Keywords: adaptation-based systems, operating systems, resource access patterns, system performance

Procedia PDF Downloads 56
33810 Analysis of Cascade Control Structure in Train Dynamic Braking System

Authors: B. Moaveni, S. Morovati

Abstract:

In recent years, increasing the usage of railway transportations especially in developing countries caused more attention to control systems railway vehicles. Consequently, designing and implementing the modern control systems to improve the operating performance of trains and locomotives become one of the main concerns of researches. Dynamic braking systems is an important safety system which controls the amount of braking torque generated by traction motors, to keep the adhesion coefficient between the wheel-sets and rail road in optimum bound. Adhesion force has an important role to control the braking distance and prevent the wheels from slipping during the braking process. Cascade control structure is one of the best control methods for the wide range of industrial plants in the presence of disturbances and errors. This paper presents cascade control structure based on two forward simple controllers with two feedback loops to control the slip ratio and braking torque. In this structure, the inner loop controls the angular velocity and the outer loop control the longitudinal velocity of the locomotive that its dynamic is slower than the dynamic of angular velocity. This control structure by controlling the torque of DC traction motors, tries to track the desired velocity profile to access the predefined braking distance and to control the slip ratio. Simulation results are employed to show the effectiveness of the introduced methodology in dynamic braking system.

Keywords: cascade control, dynamic braking system, DC traction motors, slip control

Procedia PDF Downloads 292
33809 The Influence of the Visual and the Direct Physical Accessibility on the Sense of Control of Saudi Women in the Home Environment

Authors: Ahdab H. Mahdaly, Debajyoti Pati, Sharran Parkinson, Lee S. Duemer

Abstract:

The importance of providing employed mothers with the right physical environment inside the home is not an easy task, especially when the culture is involved. This study examines the typical Saudi home as a personal, emotional, social and cultural setting, especially on the interactions between the physical design and perceived control of working mothers. However, owing to the scarcity of published literature on Saudi homes, American employed mothers were included in the study to provide a baseline. With the ongoing transformations in women’s role in Saudi Arabia, there is a perception that traditional home designs may not afford the appropriate sense of control inside the home. Saudi Arabia has numerous interacting layers of socio-cultural-religious forces that affect residential design, and understanding the moderating role of the Saudi home is vital to the ongoing national policy transition on women. The study investigated one narrow, albeit critical, influence of home design on ones sense of control – direct visual and physical accessibility between sets of rooms. Ten subjects, five Saudis and five American, examined visual and physical access between 171 room sets, and provided qualitative responses on how each access influences their sense of control. Three main themes emerged, with potential effects on control: 1- Openness, 2- Proximity, and 3- Separation. Data suggest that although the Saudi home is a substantially more complex setting than the American ones, a class of spaces that can be termed as ‘Neutral Rooms’ serving as cultural separators may represent the ideal solution for optimizing sense of control, without ignoring cultural-religious traditions, during the transition of the Saudi women.

Keywords: direct physical accessibility, home environment, sense of control, visual accessibility, working mothers

Procedia PDF Downloads 232
33808 A Secure System for Handling Information from Heterogeous Sources

Authors: Shoohira Aftab, Hammad Afzal

Abstract:

Information integration is a well known procedure to provide consolidated view on sets of heterogeneous information sources. It not only provides better statistical analysis of information but also facilitates users to query without any knowledge on the underlying heterogeneous information sources The problem of providing a consolidated view of information can be handled using Semantic data (information stored in such a way that is understandable by machines and integrate-able without manual human intervention). However, integrating information using semantic web technology without any access management enforced, will results in increase of privacy and confidentiality concerns. In this research we have designed and developed a framework that would allow information from heterogeneous formats to be consolidated, thus resolving the issue of interoperability. We have also devised an access control system for defining explicit privacy constraints. We designed and applied our framework on both semantic and non-semantic data from heterogeneous resources. Our approach is validated using scenario based testing.

Keywords: information integration, semantic data, interoperability, security, access control system

Procedia PDF Downloads 261
33807 Central African Republic Government Recruitment Agency Based on Identity Management and Public Key Encryption

Authors: Koyangbo Guere Monguia Michel Alex Emmanuel

Abstract:

In e-government and especially recruitment, many researches have been conducted to build a trustworthy and reliable online or application system capable to process users or job applicant files. In this research (Government Recruitment Agency), cloud computing, identity management and public key encryption have been used to management domains, access control authorization mechanism and to secure data exchange between entities for reliable procedure of processing files.

Keywords: cloud computing network, identity management systems, public key encryption, access control and authorization

Procedia PDF Downloads 262
33806 The Role of Technology in Entrepreneurship: Key Findings from Women Start-Ups in Kaduna

Authors: Ogola Lois Kange

Abstract:

The study looked at the role technology had previously played and now plays in small and medium scale women-owned businesses starting up in Kaduna, which is an emerging entrepreneurship hub state in Nigeria. The study selected a random population of 20 businesses drawn from the north and south of Kaduna. The selection was based on a survey administered to 100 Women-owned businesses that had started up within the last 3-5years. Questionnaires were administered and analyzed based on the participants’ backgrounds, upbringing, exposure and access to technology. One of the key findings is that women-owned businesses can no longer thrive without the application of basic technology.

Keywords: business, entrepreneurship, start-up, technology, women

Procedia PDF Downloads 106
33805 A Robust Implementation of a Building Resources Access Rights Management System

Authors: Eugen Neagoe, Victor Balanica

Abstract:

A Smart Building Controller (SBC) is a server software that offers secured access to a pool of building specific resources, executes monitoring tasks and performs automatic administration of a building, thus optimizing the exploitation cost and maximizing comfort. This paper brings to discussion the issues that arise with the secure exploitation of the SBC administered resources and proposes a technical solution to implement a robust secure access system based on roles, individual rights and privileges (special rights).

Keywords: smart building controller, software security, access rights, access authorization

Procedia PDF Downloads 329
33804 Place and Role of Corporate Governance in Japan

Authors: Feddaoui Amina

Abstract:

In a broad sense, corporate governance covers the organization of the control and management. The term is also used in a narrower sense, to refer to the relationship between shareholders, and the company’s board. There are a lot of discussions devoted to the understanding of the corporate governance role and its principles. In this paper, we are going to describe the definition of corporate governance as a control system and its principles, and find the role of corporate governance and its pillars. Finally, we are going to drop the theoretical study on the case of Japan.

Keywords: corporate governance, place, role, Japan

Procedia PDF Downloads 227
33803 A New Bound on the Average Information Ratio of Perfect Secret-Sharing Schemes for Access Structures Based on Bipartite Graphs of Larger Girth

Authors: Hui-Chuan Lu

Abstract:

In a perfect secret-sharing scheme, a dealer distributes a secret among a set of participants in such a way that only qualified subsets of participants can recover the secret and the joint share of the participants in any unqualified subset is statistically independent of the secret. The access structure of the scheme refers to the collection of all qualified subsets. In a graph-based access structures, each vertex of a graph G represents a participant and each edge of G represents a minimal qualified subset. The average information ratio of a perfect secret-sharing scheme realizing a given access structure is the ratio of the average length of the shares given to the participants to the length of the secret. The infimum of the average information ratio of all possible perfect secret-sharing schemes realizing an access structure is called the optimal average information ratio of that access structure. We study the optimal average information ratio of the access structures based on bipartite graphs. Based on some previous results, we give a bound on the optimal average information ratio for all bipartite graphs of girth at least six. This bound is the best possible for some classes of bipartite graphs using our approach.

Keywords: secret-sharing scheme, average information ratio, star covering, deduction, core cluster

Procedia PDF Downloads 285
33802 The Effect of Visual Fluency and Cognitive Fluency on Access Rates of Web Pages

Authors: Xiaoying Guo, Xiangyun Wang

Abstract:

Access rates is a key indicator of reflecting the popularity of web pages. Having high access rates are very important for web pages, especially for news web pages, online shopping sites and searching engines. In this paper, we analyzed the influences of visual fluency and cognitive fluency on access rates of Chinese web pages. Firstly, we conducted an experiment of scoring the web pages. Twenty-five subjects were invited to view top 50 web pages of China, and they were asked to give a score in a 5-point Likert-scale from four aspects, including complexity, comfortability, familiarity and usability. Secondly, the obtained results was analyzed by correlation analysis and factor analysis in R. By factor analysis; we analyzed the contributions of visual fluency and cognitive fluency to the access rates. The results showed that both visual fluency and cognitive fluency affect the access rate of web pages. Compared to cognitive fluency, visual fluency play a more important role in user’s accessing of web pages.

Keywords: visual fluency, cognitive fluency, visual complexity, usability

Procedia PDF Downloads 284
33801 Design of an Ensemble Learning Behavior Anomaly Detection Framework

Authors: Abdoulaye Diop, Nahid Emad, Thierry Winter, Mohamed Hilia

Abstract:

Data assets protection is a crucial issue in the cybersecurity field. Companies use logical access control tools to vault their information assets and protect them against external threats, but they lack solutions to counter insider threats. Nowadays, insider threats are the most significant concern of security analysts. They are mainly individuals with legitimate access to companies information systems, which use their rights with malicious intents. In several fields, behavior anomaly detection is the method used by cyber specialists to counter the threats of user malicious activities effectively. In this paper, we present the step toward the construction of a user and entity behavior analysis framework by proposing a behavior anomaly detection model. This model combines machine learning classification techniques and graph-based methods, relying on linear algebra and parallel computing techniques. We show the utility of an ensemble learning approach in this context. We present some detection methods tests results on an representative access control dataset. The use of some explored classifiers gives results up to 99% of accuracy.

Keywords: cybersecurity, data protection, access control, insider threat, user behavior analysis, ensemble learning, high performance computing

Procedia PDF Downloads 44
33800 Enhanced Disk-Based Databases towards Improved Hybrid in-Memory Systems

Authors: Samuel Kaspi, Sitalakshmi Venkatraman

Abstract:

In-memory database systems are becoming popular due to the availability and affordability of sufficiently large RAM and processors in modern high-end servers with the capacity to manage large in-memory database transactions. While fast and reliable in-memory systems are still being developed to overcome cache misses, CPU/IO bottlenecks and distributed transaction costs, disk-based data stores still serve as the primary persistence. In addition, with the recent growth in multi-tenancy cloud applications and associated security concerns, many organisations consider the trade-offs and continue to require fast and reliable transaction processing of disk-based database systems as an available choice. For these organizations, the only way of increasing throughput is by improving the performance of disk-based concurrency control. This warrants a hybrid database system with the ability to selectively apply an enhanced disk-based data management within the context of in-memory systems that would help improve overall throughput. The general view is that in-memory systems substantially outperform disk-based systems. We question this assumption and examine how a modified variation of access invariance that we call enhanced memory access, (EMA) can be used to allow very high levels of concurrency in the pre-fetching of data in disk-based systems. We demonstrate how this prefetching in disk-based systems can yield close to in-memory performance, which paves the way for improved hybrid database systems. This paper proposes a novel EMA technique and presents a comparative study between disk-based EMA systems and in-memory systems running on hardware configurations of equivalent power in terms of the number of processors and their speeds. The results of the experiments conducted clearly substantiate that when used in conjunction with all concurrency control mechanisms, EMA can increase the throughput of disk-based systems to levels quite close to those achieved by in-memory system. The promising results of this work show that enhanced disk-based systems facilitate in improving hybrid data management within the broader context of in-memory systems.

Keywords: in-memory database, disk-based system, hybrid database, concurrency control

Procedia PDF Downloads 335
33799 Design and Application of NFC-Based Identity and Access Management in Cloud Services

Authors: Shin-Jer Yang, Kai-Tai Yang

Abstract:

In response to a changing world and the fast growth of the Internet, more and more enterprises are replacing web-based services with cloud-based ones. Multi-tenancy technology is becoming more important especially with Software as a Service (SaaS). This in turn leads to a greater focus on the application of Identity and Access Management (IAM). Conventional Near-Field Communication (NFC) based verification relies on a computer browser and a card reader to access an NFC tag. This type of verification does not support mobile device login and user-based access management functions. This study designs an NFC-based third-party cloud identity and access management scheme (NFC-IAM) addressing this shortcoming. Data from simulation tests analyzed with Key Performance Indicators (KPIs) suggest that the NFC-IAM not only takes less time in identity identification but also cuts time by 80% in terms of two-factor authentication and improves verification accuracy to 99.9% or better. In functional performance analyses, NFC-IAM performed better in salability and portability. The NFC-IAM App (Application Software) and back-end system to be developed and deployed in mobile device are to support IAM features and also offers users a more user-friendly experience and stronger security protection. In the future, our NFC-IAM can be employed to different environments including identification for mobile payment systems, permission management for remote equipment monitoring, among other applications.

Keywords: cloud service, multi-tenancy, NFC, IAM, mobile device

Procedia PDF Downloads 332