Search results for: authorization

Authors: Haibo Hu, Hong Xiang

Abstract:

Due to its special data structure and manipulative principle, Object-Oriented Database (OODB) has a particular security protection and authorization methods. This paper first introduces the features of security mechanism about OODB, and then talked about authorization checking process of OODB. Implicit authorization mechanism is based on the subject hierarchies, object hierarchies and access hierarchies of the security authorization modes, and simplifies the authorization mode. In addition, to combine with other authorization mechanisms, implicit authorization can make protection on the authorization of OODB expediently and effectively.

Keywords: Object-oriented database(OODB), security protection, authorization mechanism, implicit authorization, authorization check.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1666

Authors: Marilyn Lim Chien Hui, Nabil Elmarzouqi, Chan Huah Yong

Abstract:

This paper describes the authorization system architecture for Pervasive Grid environment. It discusses the characteristics of classical authorization system and requirements of the authorization system in pervasive grid environment as well. Based on our analysis of current systems and taking into account the main requirements of such pervasive environment, we propose new authorization system architecture as an extension of the existing grid authorization mechanisms. This architecture not only supports user attributes but also context attributes which act as a key concept for context-awareness thought. The architecture allows authorization of users dynamically when there are changes in the pervasive grid environment. For this, we opt for hybrid authorization method that integrates push and pull mechanisms to combine the existing grid authorization attributes with dynamic context assertions. We will investigate the proposed architecture using a real testing environment that includes heterogeneous pervasive grid infrastructures mapped over multiple virtual organizations. Various scenarios are described in the last section of the article to strengthen the proposed mechanism with different facilities for the authorization procedure.

Keywords: Pervasive Grid, Authorization System, Contextawareness, Ubiquity.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2114

Authors: Yun Bai

Abstract:

As a security mechanism, authorization is to provide access control to the system resources according to the polices and rules specified by the security strategies. Either by update or in the initial specification, conflicts in authorization is an issue needs to be solved. In this paper, we propose a new approach to solve conflict by using prioritized logic programs and discuss the uniqueness of its answer set. Addressing conflict resolution from logic programming viewpoint and the uniqueness analysis of the answer set provide a novel, efficient approach for authorization conflict resolution.

Keywords: authorization, formal specification, conflict resolution, prioritized logic program.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1477

Authors: Sharil Tumin, Sylvia Encheva

Abstract:

Centrally controlled authentication and authorization services can provide enterprise with an increase in security, more flexible access control solutions and an increased users' trust. By using redirections, users of all Web-based applications within an organization are authenticated at a single well known and secure Web site and using secure communication protocol. Users are first authenticated at the central server using their domain wide credentials before being redirected to a particular Web-based application. The central authentication server will then provide others with pertinence authorization related particulars and credentials of the authenticated user to the specific application. The trust between the clients and the server hosts is established by secure session keys exchange. Case- studies are provided to demonstrate the usefulness and flexibility of the proposed solution.

Keywords: Authentication, Authorization, Security, Protected Web-based Applications

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1501

Authors: Juhan Kim, Soohyung Kim, Kiyoung Moon

Abstract:

In this paper, we design an integration security system that provides authentication service, authorization service, and management service of security data and a unified interface for the management service. The interface is originated from XKMS protocol and is used to manage security data such as XACML policies, SAML assertions and other authentication security data including public keys. The system includes security services such as authentication, authorization and delegation of authentication by employing SAML and XACML based on security data such as authentication data, attributes information, assertions and polices managed with the interface in the system. It also has SAML producer that issues assertions related on the result of the authentication and the authorization services.

Keywords: XML, XML Security, XACML.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1374

Authors: Wei Lifan, Zhang Huaiyu, Yang Yunbin, Li Jia

Abstract:

Through the analysis of the process digital design based on digital mockup, the fact indicates that a distributed cooperative supporting environment is the foundation conditions to adopt design approach based on DMU. Data access authorization is concerned firstly because the value and sensitivity of the data for the enterprise. The access control for administrators is often rather weak other than business user. So authors established an enhanced system to avoid the administrators accessing the engineering data by potential approach and without authorization. Thus the data security is improved.

Keywords: access control, DMU, PLM, virtual prototype.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1425

Authors: João Nóbrega Brites Moita

Abstract:

Can biometrics do what everyone is expecting it will? And more importantly, should it be doing it? Biometrics is the buzzword “on the mouth" of everyone, who are trying to use this technology in a variety of applications. But all this “hype" about biometrics can be dangerous without a careful evaluation of the real needs of each application. In this paper I-ll try to focus on the dangers of using the right technology at the right time in the wrong place.

Keywords: Authentication, Authorization, Biometrics.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1329

Authors: S. Bader, N. Essoukri Ben Amara

Abstract:

With the technological development and rise of virtual worlds, these spaces are becoming more and more attractive for cybercriminals, hidden behind avatars and fictitious identities. Since access to these spaces is not restricted or controlled, some impostors take advantage of gaining unauthorized access and practicing cyber criminality. This paper proposes an identity management approach for securing access to virtual worlds. The major purpose of the suggested solution is to install a strong security mechanism to protect virtual identities represented by avatars. Thus, only legitimate users, through their corresponding avatars, are allowed to access the platform resources. Access is controlled by integrating an authentication process based on biometrics. In the request process for registration, a user fingerprint is enrolled and then encrypted into a watermark utilizing a cancelable and non-invertible algorithm for its protection. After a user personalizes their representative character, the biometric mark is embedded into the avatar through a watermarking procedure. The authenticity of the avatar identity is verified when it requests authorization for access. We have evaluated the proposed approach on a dataset of avatars from various virtual worlds, and we have registered promising performance results in terms of authentication accuracy, acceptation and rejection rates.

Keywords: Identity management, security, biometrics authentication and authorization, avatar, virtual world.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1595

Authors: Yun Bai

Abstract:

This paper is to investigate the impplementation of security mechanism in object oriented database system. Formal methods plays an essential role in computer security due to its powerful expressiveness and concise syntax and semantics. In this paper, both issues of specification and implementation in database security environment will be considered; and the database security is achieved through the development of an efficient implementation of the specification without compromising its originality and expressiveness.

Keywords: database security, authorization policy, logic basedspecification

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1676

Authors: E. Neagoe, V. Balanica

Abstract:

A Smart Building Controller (SBC) is a server software that offers secured access to a pool of building specific resources, executes monitoring tasks and performs automatic administration of a building, thus optimizing the exploitation cost and maximizing comfort. This paper brings to discussion the issues that arise with the secure exploitation of the SBC administered resources and proposes a technical solution to implement a robust secure access system based on roles, individual rights and privileges (special rights).

Keywords: Access authorization, smart building controller, software security, access rights.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1863

Authors: M. Victor Jose, V. Seenivasagam

Abstract:

This paper describes a logical method to enhance security on the grid computing to restrict the misuse of the grid resources. This method is an economic and efficient one to avoid the usage of the special devices. The security issues, techniques and solutions needed to provide a secure grid computing environment are described. A well defined process for security management among the resource accesses and key holding algorithm is also proposed. In this method, the identity management, access control and authorization and authentication are effectively handled.

Keywords: Grid security, Irregular binary series, Key holding mechanism, Resource identity, Secure resource access.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1688

Authors: Rodrigo Chandia, Mauricio Papa

Abstract:

Efforts to secure supervisory control and data acquisition (SCADA) systems must be supported under the guidance of sound security policies and mechanisms to enforce them. Critical elements of the policy must be systematically translated into a format that can be used by policy enforcement components. Ideally, the goal is to ensure that the enforced policy is a close reflection of the specified policy. However, security controls commonly used to enforce policies in the IT environment were not designed to satisfy the specific needs of the SCADA environment. This paper presents a language, based on the well-known XACML framework, for the expression of authorization policies for SCADA systems.

Keywords: Access policy specification, process control systems, network security.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2240

Authors: Jennifer Leopold, Alton Coalter, Leong Lee

Abstract:

An ontology is a data model that represents a set of concepts in a given field and the relationships among those concepts. As the emphasis on achieving a semantic web continues to escalate, ontologies for all types of domains increasingly will be developed. These ontologies may become large and complex, and as their size and complexity grows, so will the need for multi-user interfaces for ontology curation. Herein a functionally comprehensive, generic approach to maintaining an ontology as a relational database is presented. Unlike many other ontology editors that utilize a database, this approach is entirely domain-generic and fully supports Webbased, collaborative editing including the designation of different levels of authorization for users.

Keywords: Ontology Editor, Relational Database, CollaborativeCuration.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1396

Authors: Sevil Yildiz

Abstract:

Audio visual communication is a type of collective expression. Due to inform the masses, give direction to opinions, and establish public opinion, audio visual communication must be subjected to special restrictions. This has been stipulated in both the Constitution and the European Human Rights Agreement. This paper aims to review freedom of expression and its restriction in audio visual media. For this purpose, the authorization of the Radio and Television Supreme Council to impose sanctions as an independent administrative authority empowered to regulate the field of audio visual communication has been reviewed with regard to freedom of expression and its limits.

Keywords: Audio visual media, freedom of expression, its limits, Radio and Television Supreme Council.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1638

Authors: Aytunc Durlanik, Ibrahim Sogukpinar

Abstract:

SIP (Session Initiation Protocol), using HTML based call control messaging which is quite simple and efficient, is being replaced for VoIP networks recently. As for authentication and authorization purposes there are many approaches and considerations for securing SIP to eliminate forgery on the integrity of SIP messages. On the other hand Elliptic Curve Cryptography has significant advantages like smaller key sizes, faster computations on behalf of other Public Key Cryptography (PKC) systems that obtain data transmission more secure and efficient. In this work a new approach is proposed for secure SIP authentication by using a public key exchange mechanism using ECC. Total execution times and memory requirements of proposed scheme have been improved in comparison with non-elliptic approaches by adopting elliptic-based key exchange mechanism.

Keywords: SIP, Elliptic Curve Cryptography, voice over IP.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2466

Authors: Jong-Whoi Shin, Soon-Tai Park, Chong-Sun Hwang

Abstract:

Active network was developed to solve the problem of the current sharing-based network–difficulty in applying new technology, service or standard, and duplicated operation at several protocol layers. Active network can transport the packet loaded with the executable codes, which enables to change the state of the network node. However, if the network node is placed in the sharing-based network, security and safety issues should be resolved. To satisfy this requirement, various security aspects are required such as authentication, authorization, confidentiality and integrity. Among these security components, the core factor is the encryption key. As a result, this study is designed to propose the scheme that manages the encryption key, which is used to provide security of the comprehensive active directory, based on the domain.

Keywords: Active Network, Domain-based Key Management, Security Components.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1628

Authors: Lili Sun, Hua Wang

Abstract:

As privacy becomes a major concern for consumers and enterprises, many research have been focused on the privacy protecting technology in recent years. In this paper, we present a comprehensive approach for usage access control based on the notion purpose. In our model, purpose information associated with a given data element specifies the intended use of the subjects and objects in the usage access control model. A key feature of our model is that it allows when an access is required, the access purpose is checked against the intended purposes for the data item. We propose an approach to represent purpose information to support access control based on purpose information. Our proposed solution relies on usage access control (UAC) models as well as the components which based on the notions of the purpose information used in subjects and objects. Finally, comparisons with related works are analyzed.

Keywords: Purpose, privacy, access control, authorization

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1830

Authors: Do-Woo Kim, Geon Woo Kim, Jun-Ho Lee, Jong-Wook Han

Abstract:

The home in these days has not one computer connected to the Internet but rather a network of many devices within the home, and that network might be connected to the Internet. In such an environment, the potential for attacks is greatly increased. The general security technology can not apply because of the use of various wired and wireless network, middleware and protocol in digital home environment and a restricted system resource of home information appliances. To offer secure home services home network environments have need of access control for various home devices and information when users want to access. Therefore home network access control for user authorization is a very important issue. In this paper we propose access control model using RBAC in home network environments to provide home users with secure home services.

Keywords: Home network, access control, RBAC, security.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1860

Authors: P. Mottaghizadeh, M. Bagheri

Abstract:

In the present paper, the three-dimensional temperature field of tool is determined during the machining and compared with experimental work on C45 workpiece using carbide cutting tool inserts. During the metal cutting operations, high temperature is generated in the tool cutting edge which influence on the rate of tool wear. Temperature is most important characteristic of machining processes; since many parameters such as cutting speed, surface quality and cutting forces depend on the temperature and high temperatures can cause high mechanical stresses which lead to early tool wear and reduce tool life. Therefore, considerable attention is paid to determine tool temperatures. The experiments are carried out for dry and orthogonal machining condition. The results show that the increase of tool temperature depends on depth of cut and especially cutting speed in high range of cutting conditions.

Keywords: Finite element method, Machining, Temperature measurement, Thermal fields

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2034

Authors: Celal Dudak, Aslı Utku, Burak Yağlioğlu

Abstract:

Uninterrupted and continuous satellite communication through the whole orbit time is becoming more indispensable every day. Data relay systems are developed and built for various high/low data rate information exchanges like TDRSS of USA and EDRSS of Europe. In these missions, a couple of task-dedicated communication satellites exist. In this regard, for Turkey a data relay system is attempted to be defined exchanging low data rate information (i.e. TTC) for Earth-observing LEO satellites appointing commercial GEO communication satellites all over the world. First, justification of this attempt is given, demonstrating duration enhancements in the link. Discussion of preference of RF communication is, also, given instead of laser communication. Then, preferred communication GEOs – including TURKSAT4A already belonging to Turkey- are given, together with the coverage enhancements through STK simulations and the corresponding link budget. Also, a block diagram of the communication system is given on the LEO satellite.

Keywords: Communication, satellite, data relay system, coverage.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1372

Authors: Minsoo Lee, Yoon-kyung Lee, Hyejung Yoon, Soo-kyung Song, Sujeong Cheong

Abstract:

Data Warehousing tools have become very popular and currently many of them have moved to Web-based user interfaces to make it easier to access and use the tools. The next step is to enable these tools to be used within a portal framework. The portal framework consists of pages having several small windows that contain individual data warehouse query results. There are several issues that need to be considered when designing the architecture for a portal enabled data warehouse query tool. Some issues need special techniques that can overcome the limitations that are imposed by the nature of data warehouse queries. Issues such as single sign-on, query result caching and sharing, customization, scheduling and authorization need to be considered. This paper discusses such issues and suggests an architecture to support data warehouse queries within Web portal frameworks.

Keywords: Data Warehousing tools, data warehousing queries, web portal frameworks.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2075

Authors: Gang Liu, Huimin Song, Can Wang, Runnan Zhang, Lu Fang

Abstract:

Currently, resource sharing and system security are critical issues. This paper proposes a POL module composed of PRIV ILEGE attribute (PA), obligation and log which improves attribute based access control (ABAC) model in dynamically granting authorizations and revoking authorizations. The following describes the new model termed PABAC in terms of the POL module structure, attribute definitions, policy formulation and authorization architecture, which demonstrate the advantages of it. The POL module addresses the problems which are not predicted before and not described by access control policy. It can be one of the subject attributes or resource attributes according to the practical application, which enhances the flexibility of the model compared with ABAC. A scenario that illustrates how this model is applied to the real world is provided.

Keywords: Access control, attribute based access control, granting authorizations, privilege, revoking authorizations, system security.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1012

Authors: S. Shefali, S. M. Deshpande, S. G. Tamhankar

Abstract:

Now a days, a significant part of commercial and governmental organisations like museums, cultural organizations, libraries, commercial enterprises, etc. invest intensively in new technologies for image digitization, digital libraries, image archiving and retrieval. Hence image authorization, authentication and security has become prime need. In this paper, we present a semi-fragile watermarking scheme for color images. The method converts the host image into YIQ color space followed by application of orthogonal dual domains of DCT and DWT transforms. The DCT helps to separate relevant from irrelevant image content to generate silent image features. DWT has excellent spatial localisation to help aid in spatial tamper characterisation. Thus image adaptive watermark is generated based of image features which allows the sharp detection of microscopic changes to locate modifications in the image. Further, the scheme utilises the multipurpose watermark consisting of soft authenticator watermark and chrominance watermark. Which has been proved fragile to some predefined processing like intentinal fabrication of the image or forgery and robust to other incidental attacks caused in the communication channel.

Keywords: Cryptography, Discrete Cosine Transform (DCT), Discrete Wavelet Transform (DWT), Watermarking.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1983

Authors: Vinay Gautam, Vivek Gautam

Abstract:

With increase in the unauthorized users access, it is required to increase the security in the Near Field Communication (NFC). In the paper we propose a user behavior based enhanced protocol entitled ‘User Behavior based Enhanced Protocol (UBEP)’ to increase the security in NFC enabled devices. The UBEP works on the history of interaction of a user with system.The propose protocol considers four different factors (touch, time and distance & angle) of user behavior to know the authenticity or authorization of the users. These factors can be same for a user during interaction with the system. The UBEP uses two phase user verification system to authenticate a user. Firstly the acquisition phase is used to acquire and store the user interaction with NFC device and the same information is used in future to detect the authenticity of the user. The second phase (recognition) uses analysis of current and previous scenario of user interaction and digital signature verification system to finally authenticate user. The analysis of user based input makes a NFC transaction more advance and secure. This security is very tactical because it is completely depends on usage of the device.

Keywords: Security, Network Field communication, NFC Protocol.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1941

Authors: Tan Soo Fun, Leau Yu Beng, Rozaini Roslan, Habeeb Saleh Habeeb

Abstract:

The increasing development of wireless networks and the widespread popularity of handheld devices such as Personal Digital Assistants (PDAs), mobile phones and wireless tablets represents an incredible opportunity to enable mobile devices as a universal payment method, involving daily financial transactions. Unfortunately, some issues hampering the widespread acceptance of mobile payment such as accountability properties, privacy protection, limitation of wireless network and mobile device. Recently, many public-key cryptography based mobile payment protocol have been proposed. However, limited capabilities of mobile devices and wireless networks make these protocols are unsuitable for mobile network. Moreover, these protocols were designed to preserve traditional flow of payment data, which is vulnerable to attack and increase the user-s risk. In this paper, we propose a private mobile payment protocol which based on client centric model and by employing symmetric key operations. The proposed mobile payment protocol not only minimizes the computational operations and communication passes between the engaging parties, but also achieves a completely privacy protection for the payer. The future work will concentrate on improving the verification solution to support mobile user authentication and authorization for mobile payment transactions.

Keywords: Mobile Network Operator, Mobile payment protocol, Privacy, Symmetric key.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2084

Authors: L. Wang, Y. Chen, T. Wu, S. Hu

Abstract:

In order to enhance the security of critical financial infrastructure, this study carries out a transformation of the architecture of a financial trading terminal to a zero trust architecture (ZTA), constructs an active defense system for the cybersecurity, improves the security level of trading services in the Internet environment, enhances the ability to prevent network attacks and unknown risks, and reduces the industry and security risks brought about by cybersecurity risks. This study introduces Software Defined Perimeter (SDP) technology of ZTA, adapts and applies it to a financial trading terminal to achieve security optimization and fine-grained business grading control. The upgraded architecture of the trading terminal moves security protection forward to the user access layer, replaces VPN to optimize remote access and significantly improves the security protection capability of Internet transactions. The study achieves: 1. deep integration with the access control architecture of the transaction system; 2. no impact on the performance of terminals and gateways, and no perception of application system upgrades; 3. customized checklist and policy configuration; 4. introduction of industry-leading security technology such as single-packet authorization (SPA) and secondary authentication. This study carries out a successful application of ZTA in the field of financial trading, and provides transformation ideas for other similar systems while improving the security level of financial transaction services in the Internet environment.

Keywords: Zero trust, trading terminal, architecture, network security, cybersecurity.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 119