Wyniki wyszukiwania - Biblioteka Nauki

1

A Novel Cryptographic Key Assignment Scheme with ID-Based Access Control in a Hierachy

100%

Huang H.-F. , Chang C.-C.

Fundamenta Informaticae

|

2008

|

tom Vol. 84, nr 3-4

353-361

EN

The hierarchical cryptographic key assignment is used to assign cryptographic keys to a set of partially ordered classes so that the user in a higher class can derive the cryptographic key for users in a lower class. However, the existing secure schemes for the cryptographic key assignment in a hierarchy do not consider the situation where a user may be employed for only a period of time. If a user resigned from his position and he premeditatedly eavesdrops on data transmissions, then he can also decrypt some data to obtain useful messages. Thus, all messages are likely to be compromised throughout the system. In this paper, we propose a new cryptographic key assignment scheme in which the cryptographic keys are generated from the identity number of users. Our aim is to minimize the potential damage over a public network. Therefore, as a user who has resigned from his class premeditatedly eavesdrops on later messages, he cannot decrypt the message with his old keys. Moreover, in the proposed method, the key generation and key derivation are quite simple, and the number of the public/secret parameters for each authenticated user is fixed which differs from most previously proposed schemes.

2

Tolerant Key Assignment for Enforcing Complicated Access Control Policies in a Hierarchy

80%

Chang Y.-F. , Chang C.-C.

Fundamenta Informaticae

|

2007

|

tom Vol. 76, nr 1-2

13-23

EN

In 1998, Yeh et al. proposed a flexible key assignment scheme for enforcing complicated access control policies in a user matrix model. Later, Hwang indicated that Yeh et al.' scheme is susceptible to some security flaws. Thus, Lin et al. proposed a key assignment scheme for enforcing complicated access control policies in a hierarchy. However, there exist drawbacks in Lin et al.'s scheme: lack of efficiency and a large variation of the keys. Hence, we propose an efficient key assignment scheme in a hierarchy for enforcing the complicated access control policies. What is more, the secret key of one class is allowed to be changed several times without influencing the derivation key in our proposed scheme.

3

Two Extensions of Trust Management Languages

80%

Felkner A.

Journal of Telecommunications and Information Technology

|

2020

|

tom nr 1

87--94

EN

This article is focused on the family of role-based trust management languages (RT). Trust management languages are a useful method of representing security credentials and policies in large distributed access control mechanisms. They provide sets of credentials that are assigned to individual roles performed by the speciﬁc entities. These credentials provide relevant information about security policies issued by trusted authorities and deﬁne user permissions. RT languages describe the individual entities and the roles that these entities play in a given environment. A set of credentials representing a given security policy deﬁnes which entity has the necessary rights to access a speciﬁc resource and which entity does not have such rights. This study presents the results of research focusing on the potential of the family of RT languages. Its purpose is to show how security policies may be applied more widely by applying an inference system, and then using the extensions of the credentials, by taking into account time-related information or the conditions imposed with regard to the validity of such credentials. Each of these extensions can be used jointly or separately, oﬀering even a wider range of opportunities.

4

Kontrolowany i bezpieczny sposób udostępniana zasobów informacyjnych poprzez usługi Web XML

80%

El Fray I.

Metody Informatyki Stosowanej

|

2008

|

tom nr 3 (Tom 16)

97--105

EN

In this paper, the model of a system enabling access to information resources on the basis of authentication and authorization techniques is proposed. The suggested model, being a separate application, is serving as a trusted proxy capable of the SOAP data conversion between communicating subjects. Presented system is using control tokens stored locally by a trusted proxy. This solution, in its nature, is safe and efficient (it decreases the time needed to authorize the access to resources).

5

Research on a Fine-Grained Overriding Mechanism Based on Delegation

80%

Jiao D. , Liu L. , Ma S.

Przegląd Elektrotechniczny

|

2012

|

tom R. 88, nr 5b

93-96

EN

Discretionary Overriding of Access Control is a flexible solution that gives the subject of the access control policy the ability to override the denied access. However, the definition of emergency situations is difficult to express in the mechanism, which may render it inefficient in such situations. In the present work, a fine-grained overriding mechanism based on delegation in presented. In the proposed mechanism, the permissions of the Overriding Ability Subject are delegated from the Overriding Permission Subject, so that users with high-level roles can determine whether or not there exists an emergency situation and whether or not to allow overriding.

PL

System DOAC umożliwia dostęp zewnętrzny w sytuacjach wyjątkowych. W pracy zaproponowano subtelny system udzielania zgody na dostęp oraz możliwość uznania przez upoważnionego użytkownika, że sytuacja jest wyjątkowa.

6

Detecting Password File Theft using Predeﬁned Time-Delays between Certain Password Characters

80%

Mahmoud K. W. , Mansour K. , Makableh A.

Journal of Telecommunications and Information Technology

|

2017

|

tom nr 4

101--108

EN

This paper presents novel mechanisms that effectively detect password ﬁle thefts and at the same time prevent uncovering passwords. The proposed mechanism uses delay between consecutive keystrokes of the password characters. In presented case, a user should not only enter his password correctly during the sign-up process, but also needs to introduce relatively large time gaps between certain password characters. The proposed novel approaches disguise stored passwords by adding a suffix value that helps in detecting password ﬁle theft at the ﬁrst sign-in attempt by an adversary who steals and cracks the hashed password ﬁle. Any attempt to login using a real password without adding the time delays in the correct positions may considered as an impersonation attack, i.e. the password ﬁle has been stolen and cracked.

7

Database access control

80%

Urbanovich D.

Przegląd Elektrotechniczny

|

2008

|

tom R. 84, nr 3

150-151

EN

In the considered model there is no division of roles on usual and administrative. Each role can be considered as administrative. The important feature is computing complexity of base system operation with what is the analysis of efficiency of access rights of the subject to object.

PL

Rozpatrzono model w którym nie ma podziału ról na zwykłe I administracyjne. Ważną właściwością jest złożoność systemu operacyjnego bazy - przeprowadzono analizę efektywności prawa dostępu z podmiotu do obiektu.

8

Skanery laserowe w kontroli dostępu

80%

Demianiuk S.

Napędy i Sterowanie

|

2006

|

tom R. 8, nr 6

76-77

PL

Występująca różnorodność technicznych środków ochrony dostępu pozwala optymalnie dopasować odpowiednie urządzenia do rangi i ważności chronionych obiektów. W grupie tych najbardziej zaawansowanych technologicznie można zwrócić uwagę na laserowe skanery ochrony dostępu. Zanim jednak w pełni zaczniemy rozumieć, jak bardzo szerokie możliwości otwierają przed projektantami skanery laserowe, nie należy zaczynać od razu od wyszukiwania zastosowań w najbliższym otoczeniu, a najpierw poznać i zrozumieć podstawy działania tych urządzeń. Pozwoli to od początku stworzyć system o najwyższym stopniu bezpieczeństwa i najmniejszej z możliwych liczbie fałszywych alarmów.

9

BSBI - a Simple Protocol for Remote Verification of Identity

80%

Kozakiewicz A. , Pałka P.

Journal of Telecommunications and Information Technology

|

2012

|

tom nr 3

50-57

EN

The paper presents the design and the rationale behind a simple verification protocol for autonomous verification modules, and the architecture enabling use of such modules. The architecture assumes strict separation of all personal metadata and the actual verification data. The paper also describes a prototype implementation of the protocol and its extension enabling the state of the module to be monitored from the main system. The proposed design solves the problem of using advanced verification methods, especially biometric ones, in systems where direct implementation is not possible due to hardware incompatibilities, insufficient resources or other limitations.

10

Generalized access control in hierarchical computer network

80%

Krawczyk H. , Lubomski P.

Zeszyty Naukowe Wydziału ETI Politechniki Gdańskiej. Technologie Informacyjne

|

2010

|

tom T. 18

217-222

EN

The paper presents the design of the security layer for a distributed system located in the multizone hierarchical computer network. Depending on the zone from which a client's request comes to the system and the type of the request, it will be either authorized or rejected. There is one common layer for the access to all the business services and interactions between them. Unlike the commonly used RBAC model, this system enforces a multilayer authentication and authorization. Actor's privileges are the result of the user's and the system's roles conjunction with the network zone. Unlike common systems, the privileges are given to a digital identity, not to particular accounts, so that it does not matter which account was used by the user - he will get the same privileges. Such a combination of many smaller ideas and methods results in a new and modern approach to the security aspects of the distributed service oriented systems.

PL

W artykule opisano architekturę warstwy bezpieczeństwa zaprojektowaną dla rozproszonego systemu zlokalizowanego w wielostrefowej, hierarchicznej sieci komputerowej. Zależnie od lokalizacji użytkownika i systemu klienckiego, jedna wspólna warstwa bezpieczeństwa zaakceptuje żądanie lub nie. Opisane rozwiązanie jest rozwinięciem modelu RBAC. Organizacja systemu zakłada przypisywanie uprawnień nie poszczególnym kontom użytkowników, a cyfrowym tożsamościom, które odpowiadają użytkownikom. Takie połączenie wielu mniejszych pomysłów i metod tworzy z systemu całkiem nowe, nowoczesne podejście do zagadnień bezpieczeństwa rozproszonych systemów zorientowanych na usługi. Przedstawione rozwiązanie zostało gruntownie przetestowane i wdrożone na Politechnice Gdańskiej.

11

How the Role-Based Trust Management Can Be Applied to Wireless Sensor Networks

80%

Felkner A.

Journal of Telecommunications and Information Technology

|

2012

|

tom nr 4

70-77

EN

Trust plays an important role in human life environments. That is why the researchers has been focusing on it for a long time. It allows us to delegate tasks and decisions to an appropriate person. In social sciences trust between humans was studied, but it also was analyzed in economic transactions. A lot of computer scientists from different areas, like security, semantic web, electronic commerce, social networks tried to transfer this concept to their domains. Trust is an essential factor in any kind of network, whether social or computer. Wireless sensor networks (WSN) are characterized by severely constrained resources, they have limited power supplies, low transmission bandwidth, small memory sizes and limited energy, therefore security techniques used in traditional wired networks cannot be adopted directly. Some effort has been expended in this fields, but the concept of trust is defined in slightly different ways by different researchers. In this paper we will show how the family of Role-based Trust management languages (RT) can be used in WSN. RT is used for representing security policies and credentials in decentralized, distributed access control systems. A credential provides information about the privileges of users and the security policies issued by one or more trusted authorities.

12

RTT+ - Time Validity Constraints in RTT Language

70%

Felkner A. , Kozakiewicz A.

Journal of Telecommunications and Information Technology

|

2012

|

tom nr 2

74-82

EN

Most of the traditional access control models, like mandatory, discretionary and role based access control make authorization decisions based on the identity, or the role of the requester, who must be known to the resource owner. Thus, they may be suitable for centralized systems but not for decentralized environments, where the requester and service provider or resource owner are often unknown to each other. To overcome the shortcomings of traditional access control models, trust management models have been presented. The topic of this paper is three different semantics (set-theoretic, operational, and logic- programming) of RTT , language from the family of role-based trust management languages (RT). RT is used for representing security policies and credentials in decentralized, distributed access control systems. A credential provides information about the privileges of users and the security policies issued by one or more trusted authorities. The set-theoretic semantics maps roles to a set of sets of entity names. Members of such a set must cooperate in order to satisfy the role. In the case of logic-programming semantics, the credentials are translated into a logic program. In the operational semantics the credentials can be established using a simple set of inference rules. It turns out to be fundamental mainly in large- scale distributed systems, where users have only partial view of their execution context. The core part of this paper is the introduction of time validity constraints to show how that can make RTT language more realistic. The new language, named RTT+ takes time validity constraints into account. The semantics for RTT+ language will also be shown. Inference system will be introduced not just for specific moment but also for time intervals. It will evaluate maximal time validity, when it is possible to derive the credential from the set of available credentials. The soundness and completeness of the inference systems with the time validity constraints with respect to the set-theoretic semantics of RTT+ will be proven.

13

Two semantics of trust management language with negation

70%

Felkner A.

Journal of Telecommunications and Information Technology

|

2013

|

tom nr 4

102--108

EN

The family of Role-based Trust management languages is used for representing security policies by defining a formalism, which uses credentials to handle trust in decentralized, distributed access control systems. A credential provides information about the privileges of users and the security policies issued by one or more trusted authorities. The main topic of this paper is RT⊖, a language which provides a carefully controlled form of non-monotonicity. The core part of the paper defines two different semantics of RT⊖ language – a relational, set-theoretic semantics for the language, and an inference system, which is a kind of operational semantics. The set-theoretic semantics maps roles to a set of entity names. In the operational semantics credentials can be derived from an initial set of credentials using a set of inference rules. The soundness and the completeness of the inference system with respect to the set-theoretic semantics of RT⊖ will be proven.

14

Access control system for RFID-tagged documents in supply chain management

70%

Nowicki T. , Kiedrowicz M. , Waszkowski R. , Chodowska A. , Lach A.

Research in Logistics & Production

|

2017

|

tom Vol. 7, No. 2

143--157

EN

The paper presents the concept and design models of the access control system for RFID tagged documents in supply chain management. The access control system allows to assign privileges to particular persons or groups of persons for specific documents. When implementing the processes related to the handling of documents, the required privileges are verified. Existence or lack of such privileges affects further development of such processes.

15

Acces control system using face image

70%

Bobulski J.

Control and Cybernetics

|

2012

|

tom Vol. 41, no. 3

691-703

EN

Ensuring safety requires the use of access control systems. Traditional systems typically use proximity cards. Modern systems use biometrics to identify the user. Using biological characteristics for identification ensures a high degree of safety. In addition, biological characteristics cannot be neither lost nor stolen. This paper presents proposals for the access control system Rusing face image. The system operates in real time using camera image.

16

Application of deontic logic in Role-Based Access Control

70%

Kołaczek G.

International Journal of Applied Mathematics and Computer Science

|

2002

|

tom 12

|

nr 2

269-275

EN

The paper presents a short overview of the foundations of the Role-Based Access Control Modal Model and its properties. In particular, the translation of these model formulae to the first-order logic formulae in a form of Horn's clauses is analysed. The automation of processes and mechanisms related to access control on the basis of logical automated reasoning and the PROLOG language are described.

17

Application of deontic logic in role-based access control

60%

Kołaczek G.

International Journal of Applied Mathematics and Computer Science

|

2002

|

tom Vol. 12, no 2

269-275

EN

The paper presents a short overview of the foundations of the Role-Based Access Control Modal Model and its properties. In particular, the translation of these model formulae to the first-order logic formulae in a form of Horn's clauses is analysed. The automation of processes and mechanisms related to access control on the basis of logical automated reasoning and the PROLOG language are described.

18

Kontrola dostępu do informacji w hurtowniach danych

60%

Gorawski M. , Frączek J.

Studia Informatica

|

2003

|

tom Vol. 24, nr 2B

319-339

PL

Praca opisuje charakterystyczne dla hurtowni danych modele kontroli dostępu do informacji oraz mechnizmy ich implementcji . Analizowane są zabezpieczenia dostępu do bazy hurtowni typu ROLAP i do jej poszczególnych obiektów ze szczególnym uwzględnieniem dostępu do danych na poziomie wierszy.

EN

The research describes the access control models typical for data warehouses and mechanisms of their implementation. The means of access authorization to object's data in ROLAP data warehouses are analyzed with particular regard to row level access.

19

Biometria – nowe zastosowania.

60%

Lewandowski R.

Przegląd Bezpieczeństwa Wewnętrznego

|

2017

|

tom 9

|

nr 17

152-166

PL

Artykuł przedstawia analizę nowych zastosowań biometrii w obszarze bezpieczeństwa. Są dwa najważniejsze zastosowania tej metody. Po pierwsze, poza jej wykorzystaniem w dokumentach, takich jak dowody osobiste czy paszporty, biometria może być z powodzeniem stosowana jako narzędzie fizycznej kontroli dostępu w przedsiębiorstwach o znaczeniu strategicznym w systemie bezpieczeństwa publicznego. Po drugie, może znaleźć zastosowanie w bankowości elektronicznej – jako instrument identyfikacji klienta i autoryzacji transakcji. W obu przypadkach wykorzystanie biometrii w sposób znaczący zwiększa poziom zabezpieczeń w porównaniu do alternatywnych, tradycyjnych narzędzi. Jednakże jej powszechne zastosowanie wymaga regulacji prawnych, które z jednej strony pozwoliłyby organizacjom publicznym i prywatnym korzystać z tej metody jako instrumentu zapewniającego bezpieczeństwo, a z drugiej – ustanawiałyby minimalne standardy ochrony danych biometrycznych.

EN

The article presents an analysis of new applications of biometrics in the field of security. There are two such key applications. Firstly, apart from documents such as IDs and passports, biometrics can be efficiently used as a physical access control tool in companies that play strategic functions in the public security system. Secondly, it can be applied in the e-banking industry as a customer identification and transaction authorization instrument. In both cases biometrics significantly increases the security level comparing to traditional alternatives. However, a common application of biometrics requires legal regulations that, on the one hand, will allow public and private organizations to use biometrics as a security instrument and, on the other hand, set minimal standards of biometric data protection.

20

Kontrola dostępu czy wykrywanie włamań?

60%

Enser A.

Napędy i Sterowanie

|

2011

|

tom R. 13, nr 12

98-99

PL

Nowoczesne technologie i coraz silniejsze dążenie do integracji systemów bezpieczeństwa sprawiają, że granica między systemami przeciwwłamaniowymi (inaczej zwanymi SSWiN - Systemy Sygnalizacji Włamania i Napadu) a służącymi do kontroli dostępu jest coraz bardziej rozmyta. Na czym więc polegają zasadnicze różnice i czy dobrym wyjściem jest pojedynczy system, łączący obie te funkcje? Odpowiedź na te pytania zna Alistair Enser z działu Security Products w Siemens Building Technologies Division.