Dipankar Dasgupta,Arunava Roy,Debasis Ghosh

DOI: https://doi.org/10.1016/j.ins.2017.09.039

IF: 8.1

2018-01-01

Information Sciences

Abstract:Exfiltration of sensitive data and intellectual property theft have increased to a significant level affecting both government agencies as well as small to large businesses. One of the major reasons of data breaches is malicious insiders who have the access rights, knowledge of data values and technical know-how of escalating their privileges in launching such insider attacks. Traditional access control policies (to shared data and computing resources) were evolved around the trust on legitimate users’ access rights (read, write and execute) based on their jobs and role hierarchy in an organization. However, such access privileges are increasingly being misused by hostile, oblivious, rouge and pseudo-insiders. This work introduces a multi-user permission strategy and formulates a methodology for shared-trustworthy access (to classified data and services) by considering organizational structure. Accordingly, based on the sensitivity of the information being requested by a user, approvers are selected dynamically to reflect the work environment such as mobility, use of the device, access policy, etc. For this purpose, the proposed methodology first generates an access control graph, based on inter-relationship among employees and their roles in an organization. Next, it generates a set of permission grantees who are allowed to approve the access request of a user at a given time. The proposed multi-user permission strategy is evaluated with two empirical datasets and reported results demonstrated its ability in selecting non-repetitive approvers for a user access under different organizational and environmental constraints.

computer science, information systems

Umakant Mishra

DOI: https://doi.org/10.48550/arXiv.1308.1797

2013-08-08

Other Computer Science

Abstract:A Management Information System (MIS) is a systematic organization and presentation of information that is generally required by the management of an organization for taking better decisions for the organization. The MIS data may be derived from various units of the organization or from other sources. However it is very difficult to say the exact structure of MIS as the structure and goals of different types of organizations are different. Hence both the data and structure of MIS is dependent on the type of organization and often customized to the specific requirement of the management.

黄益民,杨子江,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2004.04.005

2004-01-01

Abstract:The traditional role-based access control (RBAC) model was extended in this work aimed at studying practical ways to implement access control, enforce security administration, and acquire available information from real world to construct an access control model and establish security policies. A three-layered architecture for role-based security administration was proposed. And a practical way was presented to implement role-based access control and role-based security administration ,so that cross-platform role-based access control is implemented automatically and systematically in the security administration system.

CH Fang,W Peng,XZ Ye,SY Zhang

DOI: https://doi.org/10.1109/cscwd.2005.194248

2007-01-01

Journal of Software

Abstract:Access control is one of the key steps to ensuring the availability, confidentiality and integrity of system resources. While it has been fully applied in various network systems, it's still relatively new for collaborative CAD. This paper provides a new framework of multi-level access control for collaborative CAD based on hierarchical product modeling. A layered privilege model (LPM) has been developed to provide multi-granularity access permissions in the part level and feature level. An extended hierarchy role-based access control (EHRBAC) is implemented, integrated with LPM and common Hierarchy RBAC, to provide hierarchical access control of collaborative feature modeling in the component/part level and design feature level. Mesh simplification techniques are used to create variable level-of-detail for individual features.

Elisa Bertino

DOI: https://doi.org/10.1561/1900000014

2010-01-01

Foundations and Trends in Databases

Abstract:<div>As organizations depend on, possibly distributed, information systems for operational, decisional and strategic activities, they are vulnerable to security breaches leading to data theft and unauthorized disclosures even as they gain productivity and efficiency advantages. Though several techniques, such as encryption and digital signatures, are available to protect data when transmitted across sites, a truly comprehensive approach for data protection must include mechanisms for enforcing access control policies based on data contents, subject qualifications and characteristics, and other relevant contextual information, such as time. It is well understood today that the semantics of data must be taken into account in order to specify effective access control policies. To address such requirements, over the years the database security research community has developed a number of access control techniques and mechanisms that are specific to database systems. In this monograph, we present a comprehensive state of the art about models, systems and approaches proposed for specifying and enforcing access control policies in database management systems. In addition to surveying the foundational work in the area of access control for database systems, we present extensive case studies covering advanced features of current database management systems, such as the support for fine-grained and context-based access control, the support for mandatory access control, and approaches for protecting the data from insider threats. The monograph also covers novel approaches, based on cryptographic techniques, to enforce access control and surveys access control models for objectdatabases and XML data. For the reader not familiar with basic notions concerning access control and cryptography, we include a tutorial presentation on these notions. Finally, the monograph concludes with a discussion on current challenges for database access control and security, and preliminary approaches addressing some of these challenges.<h3>Suggested Citation</h3>Elisa Bertino, Gabriel Ghinita and Ashish Kamra (2011), "Access Control for Databases: Concepts and Systems", Foundations and Trends® in Databases: Vol. 3: No. 1–2, pp 1-148. http://dx.doi.org/10.1561/1900000014</div>

Chetanpal Singh,Rahul Thakkar,Jatinder Warraich

DOI: https://doi.org/10.24018/ejeng.2023.8.4.3074

2023-08-31

European Journal of Engineering and Technology Research

Abstract:Identity and Access Management proposes a web service that assists in controlling the entire work through secured ways. This research study has been started to highlight the importance of IAM by discussing its roles, characteristics, advantages and disadvantages. It is a framework comprising processes, policies, and the latest technologies, allowing the organization to monitor digital identities and control exclusive access to follow information based on user data. The IAM component proposes an approach of centralized user management, account management console, authentication approaches, and so on. In this research work, roles and key components of IAM have been discussed with all types of possible challenges. Furthermore, this research will help readers and future researchers easily identify the importance of IAM in maintaining security systems within organizations.

Mario Sicuranza,Angelo Esposito,Mario Ciampi

DOI: https://doi.org/10.1007/s12652-015-0275-x

IF: 3.662

2015-04-01

Journal of Ambient Intelligence and Humanized Computing

Abstract:In healthcare the fast retrieval of clinical information on a patient can be vital, for example in an emergency, and allows anyway, in normal situations, an improvement in the service of care and a consequent significant reduction in costs (for example, eliminating the need to repeat medical examinations). Health information systems, and in particular Electronic Health Record Systems, enable clinical information to be found quickly and in a distributed environment. The information should be available only to authorized users, because much of it is sensitive. For this reason, it is necessary to use a mechanism that realizes access control, the main goal of which is to guarantee the confidentiality and integrity of the data, and to allow the definition of security rules which reflect the need for the privacy of the patients. In this work, we show the designed GUIs, which use the innovative access control system defined. GUIs allow patients to define in a detailed and clear manner the access rules concerning their clinical information, both in document and data form. The main innovation of this work is to provide the ability to protect the resources (documents and clinical data) of the system by presenting only the content of the information needed depending on the type of request made directly by the patients, the content being extrapolated from the resource request. This feature allows the definition of an access control model that increases the patients trust in the EHR system.

computer science, information systems,telecommunications, artificial intelligence

Bingyu Shen

DOI: https://doi.org/10.48550/arXiv.2304.07704

2023-04-16

Cryptography and Security

Abstract:Access control mechanisms have been adopted in many real-world systems to control resource sharing for the principals in the system. An error in the access control policy (misconfiguration) can easily cause severe data leakage and system exploitation. Researchers have developed several methodologies to detect the access control misconfigurations through data mining, testing, and verification for various applications. This survey will study the line of works to detect access control misconfigurations and discuss some future research directions.

Zhu Guiqiang,Huang Hao

DOI: https://doi.org/10.3969/j.issn.1000-386x.2013.04.003

2013-01-01

Abstract:Access control is the necessary means to realise multilevel information security.When defining and describing the information system,in this paper we divide its objects into static object and dynamic object.The static object is stored in the resource server for centralised management.Mails are used as the only carrier to transmit the dynamic object between subjects.The monitoring mechanism is deployed in both the mail client and the resource servers to implement access control.Function test shows that this system can control the subject visiting object and the communication between subjects simultaneously so as to protect the security of sensitive information and prevent the leakage and unauthorised access.

Shu-ning LI,Ken CHEN,Dong-chao YANG

DOI: https://doi.org/10.3969/j.issn.1001-3997.2005.01.055

2005-01-01

Abstract:The management of access control is a primary aspect in produ ct data management (PDM) system. The complexity of PDM system decides that the m anagement of access control is made up of many elements. In the implementation o f PDM, the influences of all the elements should be considered. This paper gives the definition of the management of access control, and puts participants, data , positions, states, and actions forward as the basic elements of the management of access control. In this paper, the effects and relations of the elements are also analyzed, and three principles are summarized based on all the analyses be fore.

I. Pozdnyak,Natalya Kireeva

DOI: https://doi.org/10.1109/PICST54195.2021.9772188

2021-10-05

Abstract:Currently, access management and control systems are used to solve various problems of physical protection of objects, including for automated access to unattended premises. The requirements for such systems are shaped by the need for enterprises to resist external threats. The article discusses one of the options for organizing an access control system with the required level of information security. This will make it possible to effectively organize convenient access to remote premises and resist threats aimed at breaching the security of information objects of industrial systems. The paper considers the need to develop an access control system for unattended premises taking into account information security. The organizational structure of the control system and the stages of the proposed access control method taking into account the use of multi-level authentication are described in detail. The rationale for choosing a platform for developing a multi-level authentication system is given. In addition, the scheme of operation of the proposed system is presented.

Engineering,Computer Science

LIU Zhi,WU Gang

DOI: https://doi.org/10.3969/j.issn.1007-130x.2013.01.012

2013-01-01

Abstract:Access control is an important security technology to protect the information system.In this paper,we review the existing access control models and propose the PDM-RBAC model.This model is designed to solve the problems such as inefficiency and difficult management,which exist in the PDM system and are caused by huge amount of data,fine-grained control of data and too many user levels.We use user group hierarchy instead of role hierarchy to decrease permission configuration data and introduce permission hierarchy to manage data permission.Under the application in an enterprise PDM system,we also propose an access control algorithm based on permission bits to solve the conflict caused by negative permissions.

BAO Zhigang,HU Yanjun,GU Xinjian

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.01.059

2006-01-01

Abstract:Firstly making reference to role based access control(RBAC)model,this paper proposes the basic idea about access control.Then it introduces database design of two realizing methods about access control and two methods’ realization in program,it also presents visual effect.Finally it analyzes and compares one to another in detail from two aspects of applicability and reusability.

Ronyt Gomez,Avshalom Elmalech

DOI: https://doi.org/10.1177/01655515231176649

2023-05-27

Journal of Information Science

Abstract:Journal of Information Science, Ahead of Print. Human–computer interaction (HCI) researchers and practitioners have explored how computers and software can aid users in decision-making. Accurate information is crucial in decision-making; therefore, when designing a management information system (MIS), it is necessary to understand the information needs of the end-users and to incorporate this understanding in a way which allows the users to obtain an accurate and intuitive snapshot of the data. Although most of the day-to-day decisions in various organisations are made by middle management employees (as opposed to executives and senior managers), previous literature has scarcely examined how middle management employees' decision-making process can be improved through the use of MIS. In this study, we examine the impact of different data summarisation and visualisation layouts on different aspects of the decision-making process taking into consideration the decision-makers' personal characteristics, and propose to include the results of this examination in the MIS design. To this end, we recruited participants from a crowdsourcing platform. Participants were required to complete a task which simulates middle management employees' day-to-day operational decision-making scenario. To better understand the effects of participants' personal characteristics and their visual abilities, participants were asked to answer a personality questionnaire and a questionnaire testing for visual abilities. The results indicate that when looking at the population as a single group, the effect of the data summarisation and visualisation layouts on the decision-making process cannot be discerned. However, when taking into consideration additional user characteristics, the results indicate that the data summarisation and visualisation layouts affect the decisions made.

computer science, information systems,information science & library science

Michael Stieghahn,Thomas Engel

DOI: https://doi.org/10.48550/arXiv.1006.4555

2010-06-23

Cryptography and Security

Abstract:Cross-border access to a variety of data such as market information, strategic information, or customer-related information defines the daily business of many global companies, including financial institutions. These companies are obliged by law to keep a data processing legal for all offered services. They need to fulfill different security objectives specified by the legislation. Therefore, they control access to prevent unauthorized users from using data. Those security objectives, for example confidentiality or secrecy, are often defined in the eXtensible Access Control Markup Language that promotes interoperability between different systems. In this paper, we show the necessity of incorporating the requirements of legislation into access control. Based on the work flow in a banking scenario we describe a variety of available contextual information and their interrelations. Different from other access control systems our main focus is on law-compliant cross-border data access. By including legislation directly into access decisions, this lawfulness can be ensured. We also describe our information model to demonstrate how these policies can be implemented into an existing network and how the components and contextual information interrelate. Finally, we outline an event flow for a request made from a remote user exemplifying how such a system decides about access.

Malik Imran-Daud

DOI: https://doi.org/10.48550/arXiv.1612.09527

2016-12-30

Cryptography and Security

Abstract:Thanks to the advent of the Internet, it is now possible to easily share vast amounts of electronic information and computer resources (which include hardware, computer services, etc.) in open distributed environments. These environments serve as a common platform for heterogeneous users (e.g., corporate, individuals etc.) by hosting customized user applications and systems, providing ubiquitous access to the shared resources and requiring less administrative efforts; as a result, they enable users and companies to increase their productivity. Unfortunately, sharing of resources in open environments has significantly increased the privacy threats to the users. Indeed, shared electronic data may be exploited by third parties, such as Data Brokers, which may aggregate, infer and redistribute (sensitive) personal features, thus potentially impairing the privacy of the individuals. A way to palliate this problem consists on controlling the access of users over the potentially sensitive resources. Specifically, access control management regulates the access to the shared resources according to the credentials of the users, the type of resource and the privacy preferences of the resource/data owners. The efficient management of access control is crucial in large and dynamic environments. Moreover, in order to propose a feasible and scalable solution, we need to get rid of manual management of rules/constraints (in which most available solutions rely) that constitutes a serious burden for the users and the administrators. Finally, access control management should be intuitive for the end users, who usually lack technical expertise, and they may find access control mechanism more difficult to understand and rigid to apply due to its complex configuration settings.

ZHANG Jian-jun,ZHANG Qun,ZHANG Li

DOI: https://doi.org/10.3969/j.issn.1003-5060.2006.07.028

2006-01-01

Abstract:How to build an effective access control is very important to the security and reliability of the enterprise information management system(EIMS).In this paper,a kind of flexible object-oriented access control(FOOAC) model is presented based on the analysis of requirements of real access control and access control models of related information management systems,especially the role-based access control model.An access controller based on the FOOAC model is given to demonstrate the application of the model.

Malaya Nayak,

DOI: https://doi.org/10.35940/ijeat.c5629.029320

2020-02-28

International Journal of Engineering and Advanced Technology

Abstract:In this paper we introduce a project risk control strategy that is developed regarding IT organizations, requiring them to operate their projects having further securities along with regular procedures. Successful completion of these projects is essential for their advancements, like process improvement, market adaptation and new regulation, including the integration of information and control systems, etc. Often, project managers are not real strategic planning experts, however, the projects will have to still be driven by limited paperwork with sufficient opportunity to be autonomous. This paper attempts to build a method with a comprehensive investigation throughout a large proportion of IT companies regarding the project risk reduction strategy described herein. This approach is focused on risk evaluation and management of IT projects within the organizations, which, provides easy, suggested steps as well as recommended methods, models and threat check-lists. Results were evaluated by5 successful IT project managers dealing in categories of IT business including software engineering firms from different attributes (creativity, software solutions as well as ICT frameworks).

Amen Faridoon,M. Tahar Kechadi

DOI: https://doi.org/10.48550/arXiv.2307.06779

2023-07-13

Abstract:In today's highly connected society, we are constantly asked to provide personal information to retailers, voter surveys, medical professionals, and other data collection efforts. The collected data is stored in large data warehouses. Organisations and statistical agencies share and use this data to facilitate research in public health, economics, sociology, etc. However, this data contains sensitive information about individuals, which can result in identity theft, financial loss, stress and depression, embarrassment, abuse, etc. Therefore, one must ensure rigorous management of individuals' privacy. We propose, an advanced data privacy management architecture composed of three layers. The data management layer consists of de-identification and anonymisation, the access management layer for re-enforcing data access based on the concepts of Role-Based Access Control and the Chinese Wall Security Policy, and the roles layer for regulating different users. The proposed system architecture is validated on healthcare datasets.

Cryptography and Security

Yingjie Wang,Zhihong Zhou,Jianhua Li

DOI: https://doi.org/10.1007/978-3-642-54924-3_106

2014-01-01

Abstract:Now, organizations are required to comply with existing privacy protection regulations on data collection, use, and disclosure. Privacy preservation in a data-sharing computing environment is becoming a challenging problem. The core part of privacy protection is purposes for and circumstances under which the data can be accessed. It must be ensured that data can only be used for its intended purposes, so the access purpose should be compliant with the intended purposes. In this paper, the role-based access control (RBAC) model is extended to incorporate the notion of purpose. Relationships between purposes are defined. It is investigated that how different components in the RBAC model are related to purpose and how the purpose information can be used to determine whether a subject has access to a given object. The model can suit for applications consisting of static and dynamic objects, where both access purpose and intended purpose are needed for consideration before granting access.