A prototype voice verification system has been installed which provides the required positive identification at the main site access control point. This system compares an individual's file voice print with a sample voice print obtained from the individual when an attempt is made to enter the site. The voice system transmits the individual's identify to a central processor. The system installed at the Barnwell Nuclear Fuel Plant is described
A prototype voice verification system has been installed which provides the required positive identification at the main site access control point. This system compares an individual's file voice print with a sample voice print obtained from the individual when an attempt is made to enter the site. The voice system transmits the individual's identity to a central processor. The central processor associates that individual's authorization file with a card-key obtained at the access point. The system generates a record of personnel movement, provides a personnel inventory on a real-time basis, and it can retrieve a record of all prior events. The system installed at the Barnwell Nuclear Fuel Plant is described
An access system based on the one now in operation at the CERN ISR is recommended. Access doors would presumably be located at the entrances to the utility tunnels connecting the support buildings with the ring. Persons requesting access would insert an identity card into a scanner to activate the system. The request would be autologged, the keybank adjacent to the door would be unlocked and ISABELLE operations would be notified. The operator would then select the door, activating a TV-audio link. The person requesting entry would draw a key from the bank, show it and his film badge to the operator who would enable the door release
Bowers, Dan M
Access Control and Personal Identification Systems provides an education in the field of access control and personal identification systems, which is essential in selecting the appropriate equipment, dealing intelligently with vendors in purchases of the equipment, and integrating the equipment into a total effective system. Access control devices and systems comprise an important part of almost every security system, but are seldom the sole source of security. In order for the goals of the total system to be met, the other portions of the security system must also be well planned and executed
Ferreira, Ana; Chadwick, David W; Antunes, Luis
The widening use of Information Systems, which allow the collection, extraction, storage, management and search of information, is increasing the need for information security. After a user is successfully identified and authenticated to a system, he needs to be authorised to access the resources he/she requested. Access control is part of this last process that checks if a user can access those resources. This is particularly important in the healthcare environment where there is the need to...
Hong, Seng-Phil; Ahn, Gail-Joon; Xu, Wenjuan
The information technology revolution has transformed all aspects of our society including critical infrastructures and led a significant shift from their old and disparate business models based on proprietary and legacy environments to more open and consolidated ones. Supervisory Control and Data Acquisition (SCADA) systems have been widely used not only for industrial processes but also for some experimental facilities. Due to the nature of open environments, managing SCADA systems should meet various security requirements since system administrators need to deal with a large number of entities and functions involved in critical infrastructures. In this paper, we identify necessary access control requirements in SCADA systems and articulate access control policies for the simulated SCADA systems. We also attempt to analyze and realize those requirements and policies in the context of role-based access control that is suitable for simplifying administrative tasks in large scale enterprises.
Bradley, R. G.
Current performance estimates for personnel access control systems use estimates of Type I and Type II verification errors. A system performance equation which addresses normal operation, the insider, and outside adversary attack is developed. Examination of this equation reveals the inadequacy of classical Type I and II error evaluations which require detailed knowledge of the adversary threat scenario for each specific installation. Consequently, new performance measures which are consistent with the performance equation and independent of the threat are developed as an aid in selecting personnel access control systems.
Current performance estimates for personnel access control systems use estimates of Type I and Type II verification errors. A system performance equation which addresses normal operation, the insider, and outside adversary attack is developed. Examination of this equation reveals the inadequacy of classical Type I and II error evaluations which require detailed knowledge of the adversary threat scenario for each specific installation. Consequently, new performance measures which are consistent with the performance equation and independent of the threat are developed as an aid in selecting personnel access control systems
Access control is one of the fundamental services that any Data Management System should provide. Its main goal is to protect data from unauthorized read and write operations. This is particularly crucial in today's open and interconnected world, where each kind of information can be easily made available to a huge user population, and where a damage or misuse of data may have unpredictable consequences that go beyond the boundaries where data reside or have been generated. This book provides an overview of the various developments in access control for data management systems. Discretionary,
The Radiation Security System (RSS) at the Los Alamos Neutron Science Center (LANSCE) provides personnel protection from prompt radiation due to accelerated beam. The Personnel Access Control System (PACS) is a component of the RSS that is designed to prevent personnel access to areas where prompt radiation is a hazard. PACS was designed to replace several older personnel safety systems (PSS) with a single modem unified design. Lessons learned from the operation over the last 20 years were incorporated into a redundant sensor, single-point failure safe, fault tolerant, and tamper-resistant system that prevents access to the beam areas by controlling the access keys and beam stoppers. PACS uses a layered philosophy to the physical and electronic design. The most critical assemblies are battery backed up, relay logic circuits; less critical devices use Programmable Logic Controllers (PLCs) for timing functions and communications. Outside reviewers have reviewed the operational safety of the design. The design philosophy, lessons learned, hardware design, software design, operation, and limitations of the device are described
Modern authorization systems span domains of administration, rely on many different authentication sources, and manage complex attributes as part of the authorization process. This . paper presents Cardea, a distributed system that facilitates dynamic access control, as a valuable piece of an inter-operable authorization framework. First, the authorization model employed in Cardea and its functionality goals are examined. Next, critical features of the system architecture and its handling of the authorization process are then examined. Then the S A M L and XACML standards, as incorporated into the system, are analyzed. Finally, the future directions of this project are outlined and connection points with general components of an authorization system are highlighted.
ZHENG Xiao-lin; LEI Yu; CHEN De-ren
An integrated user access control method was proposed to address the issues of security and management in networked manufacturing systems (NMS).Based on the analysis of the security issues in networked manufacturing system,an integrated user access control method composed of role-based access control (RBAC),task-based access control (TBAC),relationship-driven access control (RDAC)and coalition-based access control (CBAC) was proposed,including the hierarchical user relationship model,the reference model and the process model.The elements and their relationships were defined,and the expressions of constraints authorization were given.The extensible access control markup language (XACML) was used to implement this method.This method was used in the networked manufacturing system in the Shaoxing spinning region of China.The results show that the integrated user access control method can reduce the costs of system security maintenance and management.
Bzorgi, Fariborz M.
An access control apparatus for an access gate. The access gate typically has a rotator that is configured to rotate around a rotator axis at a first variable speed in a forward direction. The access control apparatus may include a transmission that typically has an input element that is operatively connected to the rotator. The input element is generally configured to rotate at an input speed that is proportional to the first variable speed. The transmission typically also has an output element that has an output speed that is higher than the input speed. The input element and the output element may rotate around a common transmission axis. A retardation mechanism may be employed. The retardation mechanism is typically configured to rotate around a retardation mechanism axis. Generally the retardation mechanism is operatively connected to the output element of the transmission and is configured to retard motion of the access gate in the forward direction when the first variable speed is above a control-limit speed. In many embodiments the transmission axis and the retardation mechanism axis are substantially co-axial. Some embodiments include a freewheel/catch mechanism that has an input connection that is operatively connected to the rotator. The input connection may be configured to engage an output connection when the rotator is rotated at the first variable speed in a forward direction and configured for substantially unrestricted rotation when the rotator is rotated in a reverse direction opposite the forward direction. The input element of the transmission is typically operatively connected to the output connection of the freewheel/catch mechanism.
Mr. SANTHOSH S
Full Text Available Radio frequency identification (RFID technology has helped many organizations to reduce cost. Nevertheless, there are challenges and issues associated with RFID adoption. The most common internal challenge for many organizations is justifying the investment and modification of processes. The focus of this project is to show the business value of RFID technology and its applications. The important issue is the security level of the whole campus because it needs to be carefully differentiated. Dormitories and special research laboratories should benefit from higher levels of security than any other campuses. The key to the problem is represented by the new Radio Frequency Identification (RFID which can support contactless cards with memory. The most important feature of the proposed system is the updating of access permission level at any time for the user based on the availability of that user. The data transfer from the reader to the database was done using wireless communication (RF communication. To achieve this here RF transmitter and the RF receiver is used. The data which is read by the reader is sent to the microcontroller. Then from the controller we can transfer the data to the database by using the UART module (serial communication which is inbuilt in the microcontroller through RF transmitter. RF receiver of the same frequency at the receiver end receives and then stores the data in the database. RF transmitter and Receiver – frequency for transmitting and receiving the data depends on the user as per the requirement for the application and it is based on the range of distance. For the data encoding and decoding process HCS-101 protocol is used.
Al-Neyadi, Fahed; Abawajy, Jemal H.
E-Health systems logically demand a sufficiently fine-grained authorization policy for access control. The access to medical information should not be just role-based but should also include the contextual condition of the role to access data. In this paper, we present a mechanism to extend the standard role-based access control to incorporate contextual information for making access control decisions in e-health application. We present an architecture consisting of authorisation and context infrastructure that work cooperatively to grant access rights based on context-aware authorization policies and context information.
Prasanna H Bammigatti
Full Text Available Role -based access control (RBAC has been introduced in the last few years, and offers a powerful means of specifying access control decisions. The model of RBAC usually assumes that, if there is a role hierarchy then access rights are inherited upwards through the hierarchy. In organization workflow the main threat is of access control. The Role based access control is one of the best suitable access control model one can think of. It is not only the role hierarchies but also other control factors that affect the access control in the workflow. The paper discusses the control factors and role hierarchies in workflow and brings a new model of RBAC. This paper also over comes the conflicts and proves that the system is safe by applying the new model to the workflow
Operating systems rely heavily on access control mechanisms to achieve security goals and defend against remote and local attacks. The complexities of modern access control mechanisms and the scale of policy configurations are often overwhelming to system administrators and software developers. Therefore, mis-configurations are common, and the…
The complexity of the ATLAS experiment motivated the deployment of an integrated Access Control System in order to guarantee safe and optimal access for a large number of users to the various software and hardware resources. Such an integrated system was foreseen since the design of the infrastructure and is now central to the operations model. In order to cope with the ever growing needs of restricting access to all resources used within the experiment, the Roles Based Access Control (RBAC) previously developed has been extended and improved. The paper starts with a short presentation of the RBAC design, implementation and the changes made to the system to allow the management and usage of roles to control access to the vast and diverse set of resources. The RBAC implementation uses a directory service based on Lightweight Directory Access Protocol to store the users (∼3000), roles (∼320), groups (∼80) and access policies. The information is kept in sync with various other databases and directory services: human resources, central CERN IT, CERN Active Directory and the Access Control Database used by DCS. The paper concludes with a detailed description of the integration across all areas of the system.
Valsan, M. L.; Dobson, M.; Lehmann Miotto, G.; Scannicchio, D. A.; Schlenker, S.; Filimonov, V.; Khomoutnikov, V.; Dumitru, I.; Zaytsev, A. S.; Korol, A. A.; Bogdantchikov, A.; Avolio, G.; Caramarcu, C.; Ballestrero, S.; Darlea, G. L.; Twomey, M.; Bujor, F.
The complexity of the ATLAS experiment motivated the deployment of an integrated Access Control System in order to guarantee safe and optimal access for a large number of users to the various software and hardware resources. Such an integrated system was foreseen since the design of the infrastructure and is now central to the operations model. In order to cope with the ever growing needs of restricting access to all resources used within the experiment, the Roles Based Access Control (RBAC) previously developed has been extended and improved. The paper starts with a short presentation of the RBAC design, implementation and the changes made to the system to allow the management and usage of roles to control access to the vast and diverse set of resources. The RBAC implementation uses a directory service based on Lightweight Directory Access Protocol to store the users (~3000), roles (~320), groups (~80) and access policies. The information is kept in sync with various other databases and directory services: human resources, central CERN IT, CERN Active Directory and the Access Control Database used by DCS. The paper concludes with a detailed description of the integration across all areas of the system.
Altenbach, T; Brereton, S.; Hermes, G.; Singh, M.
The purpose of this document is to analyze the baseline Access Control System for the National Ignition Facility (NIF), and to assess its effectiveness at controlling access to hazardous locations during full NIF operations. It reviews the various hazards present during a NIF shot sequence, and evaluates the effectiveness of the applicable set of controls at preventing access while the hazards are present. It considers only those hazards that could potentially be lethal. In addition, various types of technologies that might be applicable at NIF are reviewed, as are systems currently in use at other facilities requiring access control for safety reasons. Recommendations on how this system might be modified to reduce risk are made.
Kawamura, Hiroko; Hirata, Yasuki [Kyushu Univ., Fukuoka (Japan). Radioisotope Center; Kondo, Takahiro; Takatsuki, Katsuhiro
We applied a new fingerprint checker for complete access control to the radiation controlled area and to the radioisotope storage room, and prepared softwares for the best use of this checker. This system consists of a personal computer, access controllers, a fingerprint register, fingerprint checkers, a tenkey and mat sensors, permits ten thousand users to register their fingerprints and its hard disk to keep more than a million records of user`s access. Only 1% of users could not register their fingerprints worn-out, registered four numbers for a fingerprint. The softwares automatically provide varieties of reports, caused a large reduction in manual works. (author)
This document describes the project to implement at CERN new trends in industrial control systems and integrate new requirements and functions requested by users. This project will be the testing ground for the specification of procedures in the Access Control and Machine Interlock of LHC. The last modification in the Access Control System to the primary beam areas was made in 1995, and this new project is to improve the fields of personal security, access security and the introduction of modern communication networks used in the industrial control systems. Inside the cycle model of project life, it is at the present time in the test phase in terms of security and exploitation inside the Accelerator Decelerator (AD) project. The presence of Authorization Management System (AMS) to guarantee the automatic information distribution of authorizations to controlled areas is in line with this project.
Valsan, M L; The ATLAS collaboration; Lehmann Miotto, G; Scannicchio, D A; Schlenker, S; Filimonov, V; Khomoutnikov, V; Dumitru, I; Zaytsev, A S; Korol, A A; Bogdantchikov, A; Caramarcu, C; Ballestrero, S; Darlea, G L; Twomey, M; Bujor, F; Avolio, G
The complexity of the ATLAS experiment motivated the deployment of an integrated Access Control System in order to guarantee safe and optimal access for a large number of users to the various software and hardware resources. Such an integrated system was foreseen since the design of the infrastructure and is now central to the operations model. In order to cope with the ever growing needs of restricting access to all resources used within the experiment, the Roles Based Access Control (RBAC) previously developed has been extended and improved. The paper starts with a short presentation of the RBAC design, implementation and the changes made to the system to allow the management and usage of roles to control access to the vast and diverse set of resources. The paper continues with a detailed description of the integration across all areas of the system: local Linux and Windows nodes in the ATLAS Control Network (ATCN), the Linux application gateways offering remote access inside ATCN, the Windows Terminal Serv...
Valsan, M L; The ATLAS collaboration; Lehmann Miotto, G; Scannicchio, D A; Schlenker, S; Filimonov, V; Khomoutnikov, V; Dumitru, I; Zaytsev, A S; Korol, A A; Bogdantchikov, A; Avolio, G; Caramarcu, C; Ballestrero, S; Darlea, G L; Twomey, M; Bujor, F
The complexity of the ATLAS experiment motivated the deployment of an integrated Access Control System in order to guarantee safe and optimal access for a large number of users to the various software and hardware resources. Such an integrated system was foreseen since the design of the infrastructure and is now central to the operations model. In order to cope with the ever growing needs of restricting access to all resources used within the experiment, the Roles Based Access Control (RBAC) previously developed has been extended and improved. The paper starts with a short presentation of the RBAC design, implementation and the changes made to the system to allow the management and usage of roles to control access to the vast and diverse set of resources. The paper continues with a detailed description of the integration across all areas of the system: local Linux and Windows nodes in the ATLAS Control Network (ATCN), the Linux application gateways offering remote access inside ATCN, the Windows Terminal Serv...
This paper proposes an efficient medium access control (MAC) protocol based on multifrequency-time division multiple access (MF-TDMA) for geostationary satellite systems deploying multiple spot-beams and onboard processing,which uses a method of random reservation access with movable boundaries to dynamically request the transmission slots and can transmit different types of traffic. The simulation results have shown that our designed MAC protocol can achieve a high bandwidth utilization, while providing the required quality of service (QoS) for each class of service.
Full Text Available The latest researches on access control model are dramatically different from conventional ones. Nowadays, most attention is paid to accessing across organizational boundaries. So, how to identify the applicant and determine authorization with limited information; how to express and exchange control rules expediently; how to protect confidential information and enhance collaboration simultaneously, are the most concerned problems. However, for large commercial organizations, a fine management of internal functions is of the same importance as external service management. It is very troublesome to control authorizations merely with attributes and composition of policies introduced from attribute-based access control (ABAC. So, we introduce a united access control model for systems in collaborative commerce, combining the advantages of conventional role-based access control (RBAC, task-based authentication control (TBAC and that of recent ABAC and automated trust negotiation (ATN. Innovational ideas in the model are analyzed, and the implement architecture is discussed. The paper concludes with a summary of the united model’s benefits and future work.
Forrestal, J.; Hogrefe, R.; Knott, M.; McDowell, W.; Reigle, D.; Solita, L.; Koldenhoven, R.; Haid, D. [Argonne National Lab., IL (United States). Advanced Photon Source
The Advanced Photon Source (APS) consists of a linac, position accumulator ring (PAR), booster synchrotron, storage ring, and up to 70 experimental beamlines. The Access Control and Interlock System (ACIS) utilizes redundant programmable logic controllers (PLCs) and a third hard-wired chain to protect personnel from prompt radiation generated by the linac, PAR, synchrotron, and storage ring. This paper describes the ACIS`s design philosophy, configuration, hardware, functionality, validation requirements, and operational experience.
Wang Peng; Jiang Lingyun
As the development of computer science and smart health-care technology, there is a trend for patients to enjoy medical care at home. Taking enormous users in the Smart Health-care System into consideration, access control is an important issue. Traditional access control models, discretionary access control, mandatory access control, and role-based access control, do not properly reflect the characteristics of Smart Health-care System. This paper proposes an advanced access control model for...
Caires, Luís; Pérez, Jorge A.; Seco, João Costa; Vieira, Hugo Torres; Ferrão, Lúcio
Data-centric multi-user systems, such as web applications, require flexible yet fine-grained data security mechanisms. Such mechanisms are usually enforced by a specially crafted security layer, which adds extra complexity and often leads to error prone coding, easily causing severe security breaches. In this paper, we introduce a programming language approach for enforcing access control policies to data in data-centric programs by static typing. Our development is based on the general concept of refinement type, but extended so as to address realistic and challenging scenarios of permission-based data security, in which policies dynamically depend on the database state, and flexible combinations of column- and row-level protection of data are necessary. We state and prove soundness and safety of our type system, stating that well-typed programs never break the declared data access control policies.
Enabling the shared care paradigm, centralised or even decentralised electronic health record (EHR) systems increasingly become core applications in hospital information systems and health networks. For realising multipurpose use and reuse as well as inter-operability at knowledge level, EHR have to meet special architectural requirements. The component-oriented and model-based architecture should meet international standards. Especially in extended health networks realising inter-organisational communication and co-operation, authorisation cannot be organised at user level anymore. Therefore, models, methods and tools must be established to allow formal and structured policy definition, policy agreements, role definition, authorisation and access control. Based on the author's international engagement in EHR architecture and security standards referring to the revision of CEN ENV 13606, the GEHR/open EHR approach, HL7 and CORBA, models for health-specific and EHR-related roles, for authorisation management and access control have been developed. The basic concept is the separation of structural roles defining organisational entity-to-entity relationships and enabling specific acts on the one hand, and functional roles bound to specific activities and realising rights and duties on the other hand. Aggregation of organisational, functional, informational and technological components follows specific rules. Using UML and XML, the principles as well as some examples for analysis, design, implementation and maintenance of policy and authorisation management as well as access control have been practically implemented. PMID:15066555
Katt, Basel; Breu, Ruth; Hafner, Micahel; Schabetsberger, Thomas; Mair, Richard; Wozak, Florian
Electronic Health Record (EHR) is the heart element of any e-health system, which aims at improving the quality and efficiency of healthcare through the use of information and communication technologies. The sensitivity of the data contained in the health record poses a great challenge to security. In this paper we propose a security architecture for EHR systems that are conform with IHE profiles. In this architecture we are tackling the problems of access control and privacy. Furthermore, a prototypical implementation of the proposed model is presented.
Lauri I.W. Pesonen
Full Text Available Publish/subscribe has emerged as an attractive communication paradigm for building Internet-wide distributed systems by decoupling message senders from receivers. Large scale publish/subscribe systems are likely to employ components of the event transport network owned by cooperating, but independent organisations. As the number of participants in the network increases, security becomes an increasing concern. So far most of the research on publish/subscribe has focused on efficient event routing, event filtering, and composite event detection. Very little research has been published regarding securing publish/subscribe systems. This paper extends our previous work to present and evaluate a secure multi-domain publish/subscribe infrastructure that supports and enforces fine-grained access control over the individual attributes of event types.
Reed, Robert K; Bell, Jayce C
The National Ignition Facility (NIF) is the world's largest and most energetic laser system. The facility has the potential to generate ionizing radiation due to the interaction between the laser beams and target material, with neutrons and gamma rays being produced during deuterium-tritium fusion reactions. To perform these experiments, several types of hazards must be mitigated and controlled to ensure personnel safety. NIF uses a real-time safety system to monitor and mitigate the hazards presented by the facility. The NIF facility Safety Interlock System (SIS) monitors for oxygen deficiency and controls access to the facility preventing exposure to laser light and radiation from the Radiation Generating Devices. It also interfaces to radiation monitoring and other radiological monitoring and alarm systems. The SIS controls permissives to the hazard-generating equipment and annunciates hazard levels in the facility. To do this reliably and safely, the SIS has been designed as a fail-safe system with a proven performance record now spanning over 10 y. This paper discusses the SIS, its design, implementation, operator interfaces, validation/verification, and the hazard mitigation approaches employed in the NIF. A brief discussion of the Failure Modes and Effect Analysis supporting the SIS will also be presented. The paper ends with a general discussion of SIS do's and don'ts and common design flaws that should be avoided in SIS design. PMID:23629061
Ruo-Fei Han; Hou-Xiang Wang; Qian Xiao; Xiao-Pei Jing; Hui Li
The latest researches on access control model are dramatically different from conventional ones. Nowadays, most attention is paid to accessing across organizational boundaries. So, how to identify the applicant and determine authorization with limited information; how to express and exchange control rules expediently; how to protect confidential information and enhance collaboration simultaneously, are the most concerned problems. However, for large commercial organizations, a fine management...
... Access Control Systems. AGENCY: Federal Aviation Administration (FAA), U.S. Department of Transportation (DOT). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems... Committee 224, Airport Security Access Control Systems DATES: The meeting will be held May 30, 2012, from...
...). ACTION: Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY: The FAA..., Airport Security Access Control Systems. DATES: The meeting will be held February 9, 2012, from 10 a.m.-4..., Airport Security Access Control Systems. The agenda will include the following: February 9, 2012...
Full Text Available Over the years, e-learning and e-examination has become standard in many institutions of higher learning. It has been observed that examination questions and results can be easily intercepted by invalid users, thus the security of resources shared among valid users is not guaranteed. In order to solve these problems as it relates to access control, a Role based Examination System (RBES was designed, developed and evaluated. RBES attempted to solve the security issue by the combination of two authentication techniques: text-based authentication and graphical password authentication. The Text-based authentication utilizes two text-based parameters namely the username and password. The graphical password authentication makes use of a finite set of controls (RBES chooses radio buttons which are identified by numbers. These numbers constitute the password used for graphical authentication. To improve on resource sharing among users in the examination system, RBES proposes role management (role creation, role update, role removal and user management (user creation, user update and user removal. The developed system made use of asp.net, C#, IIS server, WAMP server, Mysql and other tools for its development. RBES was tested by some legitimate and illegitimate users and the performance of the system was found to be satisfactory, hence RBES shows an efficient and reliable scheme that can be deployed in any examination or e-learning system. Finally the potential threats to the system were modeled and the use of weak passwords was found to be the most likely threat the system could be vulnerable to.
... Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), U.S. Department of Transportation (DOT). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control... RTCA Special Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held...
Full Text Available The main objective of this work is to analyze and extend security model of mobile devices running on Android OS. Provided security extension is a Linux kernel security module that allows the system administrator to restrict program's capabilities with per-program profiles. Profiles can allow capabilities like network access, raw socket access, and the permission to read, write, or execute files on matching paths. Module supplements the traditional Android capability access control model by providing mandatory access control (MAC based on path. This extension increases security of access to system objects in a device and allows creating security sandboxes per application.
Korolev I. D.
Full Text Available In this article we consider the usage of HRU access matrix changing system allowing for information security system which makes mandatory access control in case of information security analysis by using an automatic classification of formalized documents in the system of electronic document management
Hue, Pham Thi Bach; Wohlgemuth, Sven; Echizen, Isao; Thuy, Dong Thi Bich; Thuc, Nguyen Dinh
There needs to be a strategy for securing the privacy of patients when exchanging health records between various entities over the Internet. Despite the fact that health care providers such as Google Health and Microsoft Corp.'s Health Vault comply with the U.S Health Insurance Portability and Accountability Act (HIPAA), the privacy of patients is still at risk. Several encryption schemes and access control mechanisms have been suggested to protect the disclosure of a patient's health record especially from unauthorized entities. However, by implementing these approaches, data owners are not capable of controlling and protecting the disclosure of the individual sensitive attributes of their health records. This raises the need to adopt a secure mechanism to protect personal information against unauthorized disclosure. Therefore, we propose a new Fine-grained Access Control (FGAC) mechanism that is based on subkeys, which would allow a data owner to further control the access to his data at the column-level. We also propose a new mechanism to efficiently reduce the number of keys maintained by a data owner in cases when the users have different access privileges to different columns of the data being shared.
Nuclear facilities such as nuclear power plants or fuel processing facilities are required to maintain accurate records of personnel access, exposure and work performed. Most facilities today have some sort of computerized data collection system for radiation dose and access control. The great majority rely on handwritten records, i.e., dose card or sign-in sheet which in turn are transferred to a computerized records management system manually. The ARCPAS terminal provides a method for automating personnel exposure data collection and processing. The terminal is a user interactive device which contains a unit for automatically reading and zeroing pocket dosemeters, a security badge reader for personnel identification, a 16 digit key pad for RWP information entry, a high resolution color CRT for interactive communication and a high speed tape printer providing an entry chit. The chit provides the individual worker with a record of the transaction including an individual identifying number, remaining dose for the quarter or period and RWP under which the worker entered the controlled area. The purpose of automating the access control is to provide fast, accurate, realtime data to the records management system. A secondary purpose is to relieve trained health physics technicians of control point duties so that their training and skills can be utilized more effectively in a facility's health physics program
This paper gives an overview of workflow management systems (WfMSs) and their security requirements with focus on access mechanisms. It is a descriptive paper in which we examine the state of the art of workflow systems, describe what security risks affect WfMSs in particular, and how these can be diminiuished. WfMSs manage, illustrate and support business processes. They contribute to the performance, automation and optimization of processes, which is important in the global economy today. ...
Eun-Ae Cho; Chang-Joo Moon; Dae-Ha Park; Kang-Bin Yim
Database security, privacy, access control, database firewall, data break masking Recently, information leakage incidents have occurred due to database security vulnerabilities. The administrators in the traditional database access control methods grant simple permissions to users for accessing database objects. Even though they tried to apply more strict permissions in recent database systems, it was difficult to properly adopt sophisticated access control policies to commercial databases...
Anton Baláž; Branislav Madoš; Michal Ambróz
The main objective of this work is to analyze and extend security model of mobile devices running on Android OS. Provided security extension is a Linux kernel security module that allows the system administrator to restrict program's capabilities with per-program profiles. Profiles can allow capabilities like network access, raw socket access, and the permission to read, write, or execute files on matching paths. Module supplements the traditional Android capability access control model by pr...
The control system of Shanghai Synchrotron Radiation Facility (SSRF) is a large-scale distributed real-time control system, It involves many types and large amounts of real-time data access during the operating. Database system has wide application prospects in the large-scale accelerator control system. It is the future development direction of the accelerator control system, to replace the differently dedicated data structures with the mature standardized database system. This article discusses the application feasibility of database system in accelerators based on the database interface technology, real-time data access testing, and system optimization research and to establish the foundation of the wide scale application of database system in the SSRF accelerator control system. Based on the database interface technology, real-time data access testing and system optimization research, this article will introduce the application feasibility of database system in accelerators, and lay the foundation of database system application in the SSRF accelerator control system. (authors)
Affine connection control systems are mechanical control systems that model a wide range of real systems such as robotic legs, hovercrafts, planar rigid bodies, rolling pennies, snakeboards and so on. In 1997 the accessibility and a particular notion of controllability was intrinsically described by A. D. Lewis and R. Murray at points of zero velocity. Here, we present a novel generalization of the description of accessibility algebra for those systems at some points with nonzero velocity as long as the affine connection restricts to the distribution given by the symmetric closure. The results are used to describe the accessibility algebra of different mechanical control systems.
...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held December 13, 2012... Federal Aviation Administration Seventeenth Meeting: RTCA Special Committee 224, Airport Security...
...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held on June 20, 2013... Federal Aviation Administration Twenty-Third Meeting: RTCA Special Committee 224, Airport Security...
...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held November 15, 2012... Federal Aviation Administration Sixteenth Meeting: RTCA Special Committee 224, Airport Security...
...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held April 4, 2013 from 9... Federal Aviation Administration Twentieth Meeting: RTCA Special Committee 224, Airport Security...
...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held on June 20, 2013... Federal Aviation Administration Twenty-Second Meeting: RTCA Special Committee 224, Airport Security...
...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held February 21, 2013... Federal Aviation Administration Nineteenth Meeting: RTCA Special Committee 224, Airport Security...
...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems DATES: The meeting will be held September 27-28, 2012... Federal Aviation Administration Fifteenth Meeting: RTCA Special Committee 224, Airport Security...
...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held April 9-10, 2013... Federal Aviation Administration Twenty First Meeting: RTCA Special Committee 224, Airport Security...
... Prohibition on Circumvention of Copyright Protection Systems for Access Control Technologies, 68 FR 62011... Circumvention of Copyright Protection Systems for Access Control Technologies, 71 FR 68472, 68480, published in... Rulemaking Proceeding The Digital Millennium Copyright Act, Public Law 105-304 (1998), amended title 17...
Full Text Available SaaS is a new way to deploy software as a hosted service and accessed over the Internet which means the customers don’t need to maintain the software code and data on their own servers. So it’s more important for SaaS systems to take security issues into account. Access control is a security mechanism that enables an authority to access to certain restricted areas and resources according to the permissions assigned to a user. Several access models have been proposed to realize the access control of single instance systems. However, most of the existing models couldn’t address the following SaaS system problems: (1 role name conflicts (2 cross-level management (3 the isomerism of tenants' access control (4 temporal delegation constraints. This paper describes a hierarchical RBAC model called H-RBAC solves all the four problems of SaaS systems mentioned above. This model addresses the SaaS system access control in both system level and tenant level. It combines the advantages of RBDM and ARBAC97 model and introduces temporal constraints to SaaS access control model. In addition, a practical approach to implement the access control module for SaaS systems based on H-RBAC model is also proposed in this paper.
This paper describes a human engineering effort in the design of a major security system upgrade at Lawrence Livermore National Laboratory. This upgrade was to be accomplished by replacing obsolete and difficult-to-man (i.e., multiple operator task actions required) security equipment and systems with a new, automated, computer-based access control system. The initial task was to assist the electronic and mechanical engineering staff in designing a computerized security access system too functionally and ergonomically accommodate 100% of the Laboratory user population. The new computerized access system was intended to control entry into sensitive exclusion areas by requiring personnel to use an entry booth-based system and/or a remote access control panel system. The primary user interface with the system was through a control panel containing a magnetic card reader, function buttons, LCD display, and push-button keypad
Nagarajan, Anand; Jensen, Christian D.
infrastructure in a software domain in a manufacturer independent manner as well as establishing secure communication and authenticating the other parties in electrical power infrastructures, but they do not address the problem of access control. We therefore propose a generic model for access control in wind...... power systems, which is based on the widely used role-based access control model. The proposed model is tested using a prototype designed in conformance with the standards that are in use in modern wind power infrastructure and the results are presented to determine the overhead in communication caused...... while adhering to the proposed access model....
Wu, Guowei; Xia, Feng; Yao, Lin
Access control is an issue of paramount importance in cyber-physical systems (CPS). In this paper, an access control scheme, namely FEAC, is presented for CPS. FEAC can not only provide the ability to control access to data in normal situations, but also adaptively assign emergency-role and permissions to specific subjects and inform subjects without explicit access requests to handle emergency situations in a proactive manner. In FEAC, emergency-group and emergency-dependency are introduced. Emergencies are processed in sequence within the group and in parallel among groups. A priority and dependency model called PD-AGM is used to select optimal response-action execution path aiming to eliminate all emergencies that occurred within the system. Fault-tolerant access control polices are used to address failure in emergency management. A case study of the hospital medical care application shows the effectiveness of FEAC.
The existence and use of software and networks have generated another possibility for perpetrators to influence systems in nuclear facilities or to prepare malevolent acts. Data security has become an element of physical protection plans, not as an end in itself but as a means to achieve physical protection objectives. Physical protection measures are additional measures, which become necessary when other measures that have to be taken (e.g. in compliance with international standards) are insufficient to prevent a hazard to the protection goals through data manipulation by software and hardware. In planning or assessing data protection measures for the purpose of physical protection, it is necessary to differentiate between applications which can, if manipulated, directly endanger the protection goals. The importance of software protection is growing. In particular, because of ageing of components, the existing instrumentation and control systems with their fixed wiring and discrete elements will have to be updated. Computerized access control systems play an eminent role in the physical protection of a nuclear facility. Therefore, most systems are operated as islands. The paper shows that linking of certain systems with other computer systems is possible without inadmissible drawbacks for the physical protection level. It is shown by means of the example of linking together the computer networks of access control, health physics, the flexitime system, the key administration and the operational management system that such linking of systems in nuclear facilities had hidden advantages for all participants
A Positron Emission Tomography Centre is being established at the Austin Hospital, Melbourne. The cyclotron vault and hotcell laboratories have been categorized according to the National Council on Radiation Protection and Measurements guidelines for access control to radiation areas. An access control system incorporating visual alarm systems, signs, barriers and interlocks has been designed for the safe operation of the Centre. These features are briefly described. 6 refs., 1 fig
The new LHC access control systems will soon be using the latest technology: optical recognition based on iris image data. In order to gain access to the tunnel it will be your eye, not your credentials that you'll be required to show! As of September, the entrance point at Point 8 should be the first to be fitted out with iris recognition equipment. The other access shafts will then gradually be equipped one by one.
Bassil, S.; Reichert, M.U.; Bobrik, R.; Bauer, Th.
Integrated process support is highly desirable in environ- ments where data related to a particular (business) process are scattered over distributed and heterogeneous information systems (IS). A process monitoring component is a much-needed module in order to provide an integrated view on all these
Radio Frequency Identification (RFID) makes great flexibility and high efficiency for data acquisition in industry and daily life. At the other side, it brings the privacy risks and multiple tags collision issue. Current research in RFID system focuses on the security and privacy issue which is based on authentication protocols between a tag and a Reader. There is a need to design a reasonable protocol which takes care of both multi-tag anti-collision and security issue. This thesis presen...
Bian, Kaigui; Gao, Bo
This book gives a comprehensive overview of the medium access control (MAC) principles in cognitive radio networks, with a specific focus on how such MAC principles enable different wireless systems to coexist in the same spectrum band and carry out spectrum sharing. From algorithm design to the latest developments in the standards and spectrum policy, readers will benefit from leading-edge knowledge of how cognitive radio systems coexist and share spectrum resources. Coverage includes cognitive radio rendezvous, spectrum sharing, channel allocation, coexistence in TV white space, and coexistence of heterogeneous wireless systems. • Provides a comprehensive reference on medium access control (MAC)-related problems in the design of cognitive radio systems and networks; • Includes detailed analysis of various coexistence problems related to medium access control in cognitive radio networks; • Reveals novel techniques for addressing the challenges of coexistence protocol design at a higher level ...
This paper describes a limited access control system for nuclear facilities which makes use of the eye retinal identity verifier to control the passage of personnel into and out of one or a group of security controlled working areas. This access control system requires no keys, cards or credentials. The user simply enters his Personal Identification Number (PIN) and takes an eye reading to request passage. The PIN does not have to be kept secret. The system then relies on biometric identity verification of the user, along with other system information, to make the decision of whether or not to unlock the door. It also enforces multiple zones control with personnel tracking and the two-man-rule
A database is used to implement the interface between the control system and the accelerator and to provide flexibility in configuring the I/O. This flexibility is necessary to allow the control system to keep pace with the changing requirements that are inherent in an experimental environmental environment. This is not achieved without cost. Problems often associated with using databases are painful data entry, poor performance, and embedded knowledge of the database structure in code throughout the control system. This report describes how the database configuration, access, conversion, and execution in the Ground Test Accelerator (GTA) Control System overcome these problems. 2 figs
Pruksasri, P.; Berg, J. van den; Hofman, W.; Daskapan, S.
The Seamless Integrated Data Pipeline system was proposed to the European Union in order to overcome the information quality shortcomings of the current international supply chain information exchange systems. Next to identification and authorization of stakeholders, secure access control needs to b
Indira Gandhi Centre for Atomic Research houses many laboratories which handle radioactive materials and classified materials. Protection and accounting of men and material and critical facilities are important aspect of nuclear security. Access Control System (ACS) is used to enhance the protective measures against elevated threat environment. Access control system hardware consists of hand geometry readers, RFID readers, Controllers, Electromagnetic door locks, Turnstiles, fiber cable laying and termination etc. Access Control System controls and monitors the people accessing the secured facilities. Access Control System generates events on: 1. Showing of RFID card, 2. Rotation of turnstile, 3. Download of valid card numbers, 4. Generation of alarms etc. Access control system turnstiles are located in main entrance of a facility, entrance of inside laboratory and door locks are fixed on secured facilities. Events are stored in SQL server database. From the events stored in database a novel technique is developed to extract events and list the persons in a particular facility, list all entry/exit events on one day, list the first in and last out entries. This paper discusses the complex multi level group by queries and software developed to extract events from database, locate persons and generate reports. Software is developed as a web application in ASP.Net and query is written in SQL. User can select the doors, type of events and generate reports. Reports are generated using the master data stored about employees RFID cards and events data stored in tables. Four types of reports are generated 1. Plant Emergency Report, 2. Locate User Report, 3. Entry - Exit Report, 4. First in Last out Report. To generate plant emergency report for whole plant only events generated in outer gates have to be considered. To generate plant emergency report for inside laboratory, events generated in entrance gates have to be ignored. (author)
Probst, Christian W.; Hansen, René Rydhof
common tool to answer this question, analysis of log files, faces the problem that the amount of logged data may be overwhelming. This problems gets even worse in the case of insider attacks, where the attacker’s actions usually will be logged as permissible, standard actions—if they are logged at all....... Recent events have revealed intimate knowledge of surveillance and control systems on the side of the attacker, making it often impossible to deduce the identity of an inside attacker from logged data. In this work we present an approach that analyses the access control configuration to identify the set...
Full Text Available Access control systems using the latest biometric technologies can offer a higher level of security than conventional password-based systems. Their widespread deployments, however, can severely undermine individuals' rights of privacy. Biometric signals are immutable and can be exploited to associate individuals' identities to sensitive personal records across disparate databases. In this paper, we propose the Anonymous Biometric Access Control (ABAC system to protect user anonymity. The ABAC system uses novel Homomorphic Encryption (HE based protocols to verify membership of a user without knowing his/her true identity. To make HE-based protocols scalable to large biometric databases, we propose the k-Anonymous Quantization (kAQ framework that provides an effective and secure tradeoff of privacy and complexity. kAQ limits server's knowledge of the user to k maximally dissimilar candidates in the database, where k controls the amount of complexity-privacy tradeoff. kAQ is realized by a constant-time table lookup to identity the k candidates followed by a HE-based matching protocol applied only on these candidates. The maximal dissimilarity protects privacy by destroying any similarity patterns among the returned candidates. Experimental results on iris biometrics demonstrate the validity of our framework and illustrate a practical implementation of an anonymous biometric system.
Ahmadi, Mohammad Reza
Virtualization is a new technology that creates virtual environments based on the existing physical resources. This article evaluates effect of virtualization techniques on control servers and access method in storage systems [1, 2]. In control server virtualization, we have presented a tile based evaluation based on heterogeneous workloads to compare several key parameters and demonstrate effectiveness of virtualization techniques. Moreover, we have evaluated the virtualized model using VMotion techniques and maximum consolidation. In access method, we have prepared three different scenarios using direct, semi-virtual, and virtual attachment models. We have evaluated the proposed models with several workloads including OLTP database, data streaming, file server, web server, etc. Results of evaluation for different criteria confirm that server virtualization technique has high throughput and CPU usage as well as good performance with noticeable agility. Also virtual technique is a successful alternative for accessing to the storage systems especially in large capacity systems. This technique can therefore be an effective solution for expansion of storage area and reduction of access time. Results of different evaluation and measurements demonstrate that the virtualization in control server and full virtual access provide better performance and more agility as well as more utilization in the systems and improve business continuity plan.
The U.S. Department of Energy's (DOE's) ongoing efforts to improve its physical and personnel security systems while reducing its costs, provide a model for federal government visitor processing. Through the careful use of standardized badges, computer databases, and networks of automated access control systems, the DOE is increasing the security associated with travel throughout the DOE complex, and at the same time, eliminating paperwork, special badging, and visitor delays. The DOE is also improving badge accountability, personnel identification assurance, and access authorization timeliness and accuracy. Like the federal government, the DOE has dozens of geographically dispersed locations run by many different contractors operating a wide range of security systems. The DOE has overcome these obstacles by providing data format standards, a complex-wide virtual network for security, the adoption of a standard high security system, and an open-systems-compatible link for any automated access control system. If the location's level of security requires it, positive visitor identification is accomplished by personal identification number (PIN) and/or by biometrics. At sites with automated access control systems, this positive identification is integrated into the portals
A method and a system of controlling access of data items to a shared resource, wherein the data items each is assigned to one of a plurality of priorities, and wherein, when a predetermined number of data items of a priority have been transmitted to the shared resource, that priority will be...
Full Text Available Aiming at three kinds of Internet-based system quality problems, which is performance, liability and security, the paper proposes a kind of test template during multi-user login and resource access control, which includes test requirement, login script, role-resource correlating and mutation test technique. Some Internet-based systems are tested and diagnosed by automation test technique of test template. At last, system quality can be verified and improved through the realization mechanism of test template.
C Narendra, Nanjangud
With increasing numbers of organizations automating their business processes by using workflow systems, security aspects of workflow systems has become a heavily researched area. Also, most workflow processes nowadays need to be adaptive, i.e., constantly changing, to meet changing business conditions. However, little attention has been paid to integrating Security and Adaptive Workflow. In this paper, we investigate this important research topic, with emphasis on Role Based Access Control (R...
Wen-Jye Shyr; Te-Jen Su; Chia-Ming Lin
This study develops a novel method for learning mechatronics using remote monitoring and control, based on a programmable logic controller (PLC) and WebAccess. A mechatronics module, a Web‐CAM and a PLC were integrated with WebAccess software to organize a remote laboratory. The proposed system enables users to access the Internet for remote monitoring and control of the mechatronics module via a web browser, thereby enhancing work flexibility by enabling personnel to control mechatronics equ...
As long as nuclear fission has been used for energy production, substantial efforts have been made to protect the critical process and nuclear materials from unauthorized access. Electronic systems have been designed to assist security staff in access control and have become increasingly sophisticated as technology has advanced. With the latest access control systems being fully computerized, new questions of computer security have arisen. The paper outlines the latest trends in computer based access control systems, demonstrates where these systems are vulnerable to hacking attacks, and provides guidance on what can be done to avoid the introduction of new computer technologies creating back doors to bypass physical plant and material protection. (author)
YU Yi-fan; YIN Chang-chuan; YUE Guang-xin
Recently, hosts of Medium Access Control (MAC) protocols for Ad hoc radio networks have been proposed to solve the hidden terminal problem and exposed terminal problem. However most of them take into no account the interactions between physical (PHY) system and MAC protocol. Therefore, the current MAC protocols are either inefficient in the networks with mobile nodes and fading channel or difficult in hardware implementation. In this paper, we present a novel media access control for Ad hoc networks that integrates a media access control protocol termed as Dual Busy Tone Multiple Access (DBTMA) into Orthogonal Frequency Division Multiplexing (OFDM) system proposed in IEEE 802.11a standard. The analysis presented in the paper indicates that the proposed MAC scheme achieves performance improvement over IEEE 802.11 protocol about 25%～80% especially in the environment with high mobility and deep fading. The complexity of the proposed scheme is also lower than other implementation of similar busy tone solution. Furthermore, it is compatible with IEEE 802.11a networks.
Olusegun Folorunso; Olusegun Afeez Mustapha
Crowdsourcing has been widely accepted across a broad range of application areas. In crowdsourcing environments, the possibility of performing human computation is characterized with risks due to the openness of their web-based platforms where each crowd worker joins and participates in the process at any time, causing serious effect on the quality of its computation. In this paper, a combination of Trust-Based Access Control (TBAC) strategy and fuzzy-expert systems was used to enhance the qu...
Full Text Available Secure buildings are currently protected from unauthorized access by a variety of devices. Even though there are many kinds of devices to guarantee the system safety such as PIN pads, keys both conventional and electronic, identity cards, cryptographic and dual control procedures, the people voice can also be used. The ability to verify the identity of a speaker by analyzing speech, or speaker verification, is an attractive and relatively unobtrusive means of providing security for admission into an important or secured place. An individuals voice cannot be stolen, lost, forgotten, guessed, or impersonated with accuracy. Due to these advantages, this paper describes design and prototyping a voice-based door access control system for building security. In the proposed system, the access may be authorized simply by means of an enrolled user speaking into a microphone attached to the system. The proposed system then will decide whether to accept or reject the users identity claim or possibly to report insufficient confidence and request additional input before making the decision. Furthermore, intelligent system approach is used to develop authorized person models based on theirs voice. Particularly Adaptive-Network-based Fuzzy Inference Systems is used in the proposed system to identify the authorized and unauthorized people. Experimental result confirms the effectiveness of the proposed intelligent voice-based door access control system based on the false acceptance rate and false rejection rate.
KEKB (KEK B-factory) accelerators are under construction and the control computer system for them is also in the last phase of installation. KEKB accelerators are composed of two storage rings, namely, HER (High Energy Ring for electrons of 8 GeV) and LER (Low Energy Ring for positrons of 3.5 GeV). These rings are placed in the underground tunnel in which former TRISTAN electron-positron colliding accelerator was. We have been constructing control system for KEKB from the scratch based on EPICS (Experimental Physics and Industrial Control Systems). But, for the injector linac, its control computer system was rejuvenated just a few years ago and it is not an EPICS based system but an original one. To operate KEKB accelerators, tuning of the linac as the injector for the KEKB rings is thought to be very essential. Ideally, KEKB control system can control both KEKB rings and linac. And both operators at linac control room and at KEKB control room should be able to monitor and adjust equipment of the other accelerators. For that purpose, we have to develop suitable method in between two systems to communicate with each other. In the EPICS collaborations, there is a Portable CA (Channel Access) Server for EPICS developed at Los Alamos National Laboratory for SUN workstations. We decided to modify it for our purposes and have been implementing it to KEKB control system step by step. And now, we can monitor and set magnetic field of Q-magnets in the linac, control beam transport magnets in the linac beam line, control klystrons, and measure beam positions by strip-line monitors through EPICS. In the near future, other equipment of the linac will be added to the CA server before the commissioning of the KEKB rings. (author)
Ookubo, S.; Nakai, Y.; Oohira, N.; Kishishita, S. [Tokyo Electric power Co., Tokyo (Japan); Kobayashi, H.; Sano, F. [Fuji Electric Co., Tokyo (Japan); Masuda, M.; Tajima, T.; Oohira, K. [Toshiba Corporation, Tokyo (Japan)
A new radiation work control system has been developed for controlling the entrance and exit of workers from the radiation controlled area in a nuclear power station and has been run in the Fukushima No. 2 Nuclear Power Station of Tokyo Electric Power Co., Inc. since October, 1999. The system is designed to reduce workers burden by simplifying the operation of each equipment that controls access to radiation controlled areas, and to minimize radiation exposure by automatically acquiring dose data during each access and each task. The new system adopted electronic personal dosimeters (gamma radiation EPD) which permit data collection by radio communication, thus improving the conventional alarm-equipped personal dosimeter (EPD) and increasing reliability as primary dosimeters. Furthermore, additional electronic personal dosimeters capable of measuring beta radiation (gamma and beta radiations EPD) were also utilized in specific tasks in October 2001. After a six-month test run of these EPDs, the film badges were discontinued in April 2002 and replaced solely with the EPDs. EPDs are now used as the primary dosimetry for radiation workers.
In this paper an electronic personal dosimeter(EPD) adopt in a PIN type silicon semiconductor as a radiation detector has been developed, designed and a prototype dosimeter has been manufactured. A series of performance test of this EPD on reference radiation field has been carried out. A dosimeter reader which reads the radiation dose from EPD and make a real time access control in connection with the entrance door to radiation controlled area has been developed, designed and manufactured. S/W program supporting hangul (Korean language) has been developed to operate the EPD and reader system with a personal computer. (author)
Chang, Si Young; Lee, B. J.; Kim, B. H.; Kim, J. S.; Lee, K. C.; Kang, B. H.; Kim, C. K.; Ham, C. S.; Kwon, K. C.; Park, W. M.; Kim, C. H.; Kim, J. T.; Koo, C. H.; Park, S. J.; Kim, T. W
In this paper an electronic personal dosimeter(EPD) adopt in a PIN type silicon semiconductor as a radiation detector has been developed, designed and a prototype dosimeter has been manufactured. A series of performance test of this EPD on reference radiation field has been carried out. A dosimeter reader which reads the radiation dose from EPD and make a real time access control in connection with the entrance door to radiation controlled area has been developed, designed and manufactured. S/W program supporting hangul (Korean language) has been developed to operate the EPD and reader system with a personal computer. (author)
Full Text Available Crowdsourcing has been widely accepted across a broad range of application areas. In crowdsourcing environments, the possibility of performing human computation is characterized with risks due to the openness of their web-based platforms where each crowd worker joins and participates in the process at any time, causing serious effect on the quality of its computation. In this paper, a combination of Trust-Based Access Control (TBAC strategy and fuzzy-expert systems was used to enhance the quality of human computation in crowdsourcing environment. A TBAC-fuzzy algorithm was developed and implemented using MATLAB 7.6.0 to compute trust value (Tvalue, priority value as evaluated by fuzzy inference system (FIS and finally generate access decision to each crowd-worker. In conclusion, the use of TBAC is feasible in improving quality of human computation in crowdsourcing environments.
With self-shielded irradiators like Gamma chambers, and Blood irradiators are being sold by BRIT to customers both within and outside the country, it has become necessary to improve the quality of service without increasing the overheads. The recent advances in the field of communications and information technology can be exploited for improving the quality of service to the customers. A state of the art control system with remote accessibility has been designed for these irradiators enhancing their performance. This will provide an easy access to these units wherever they might be located, through the Internet. With this technology it will now be possible to attend to the needs of the customers, as regards fault rectification, error debugging, system software update, performance testing, data acquisition etc. This will not only reduce the downtime of these irradiators but also reduce the overheads. (author)
This paper presents a generic equipment access software package for a distributed control system using computers with UNIX or UNIX-like operating systems. The package consists of three main components, an application Equipment Access Library, Message Handler and Equipment Data Base. An application task, which may run in any computer in the network, sends requests to access equipment through Equipment Library calls. The basic request is in the form Equipment-Action-Data and is routed via a remote procedure call to the computer to which the given equipment is connected. In this computer the request is received by the Message Handler. According to the type of the equipment connection, the Message Handler either passes the request to the specific process software in the same computer or forwards it to a lower level network of equipment controllers using MIL1553B, GPIB, RS232 or BITBUS communication. The answer is then returned to the calling application. Descriptive information required for request routing and processing is stored in the real-time Equipment Data Base. The package has been written to be portable and is currently available on DEC Ultrix, LynxOS, HPUX, XENIX, OS-9 and Apollo domain. ((orig.))
Anass El haddadi
Full Text Available Information fusion is a cornerstone of competitive intelligence activity that aims at supporting decisionmaking by collecting, analyzing and disseminating information. This information comes fromheterogeneous data sources. In this paper we present an approach of access control. This approach isfocused both on the information that must be bring to decision-makers and the privacy of individuals whosedata is used to extract this information. This model is based on the standard “Role Based Access Control”(RBAC and is implemented within the entire life cycle of Xplor Every Where (Web service of Tetralogie,it follows methodologies tailored to design privacy-aware systems to be compliant with data protectionregulations.
Chiang, Ken; Nguyen, Thuy D.; Irvine, Cynthia E.
Control of access to information based upon temporal attributes can add another dimension to access control. To demonstrate the feasibility of operating system level support for temporal access controls, the Time Interval File Protection System (TIFPS), a prototype of the Time Interval Access Control (TIAC) model, has been implemented by modifying Linux extended attributes to include temporal metadata associated both with files and users. The Linux Security Module was used to provide hooks fo...
Office of Personnel Management — Application and Assessment system for Presidential Management Fellows (PMF) and PMF Science, Technology, Engineering, and Math (STEM) programs. This sytem is access...
Rajappan, Gowri; Wang, Xiaofei; Grant, Robert; Paulini, Matthew
Service Oriented Architecture (SOA) has enabled open-architecture integration of applications within an enterprise. For net-centric Command and Control (C2), this elucidates information sharing between applications and users, a critical requirement for mission success. The Information Technology (IT) access control schemes, which arbitrate who gets access to what information, do not yet have the contextual knowledge to dynamically allow this information sharing to happen dynamically. The access control might prevent legitimate users from accessing information relevant to the current mission context, since this context may be very different from the context for which the access privileges were configured. We evaluate a pair of data relevance measures - proximity and risk - and use these as the basis of dynamic access control. Proximity is a measure of the strength of connection between the user and the resource. However, proximity is not sufficient, since some data might have a negative impact, if leaked, which far outweighs importance to the subject's mission. For this, we use a risk measure to quantify the downside of data compromise. Given these contextual measures of proximity and risk, we investigate extending Attribute-Based Access Control (ABAC), which is used by the Department of Defense, and Role-Based Access Control (RBAC), which is widely used in the civilian market, so that these standards-based access control models are given contextual knowledge to enable dynamic information sharing. Furthermore, we consider the use of such a contextual access control scheme in a SOA-based environment, in particular for net-centric C2.
This paper proposes a security policy model for mandatory access control in class B1 database management system whose level of labeling is tuple. The relation-hierarchical data model is extended to multilevel relation-hierarchical data model. Based on the multilevel relation-hierarchical data model, the concept of upper-lower layer relational integrity is presented after we analyze and eliminate the covert channels caused by the database integrity. Two SQL statements are extended to process polyinstantiation in the multilevel secure environment. The system is based on the multilevel relation-hierarchical data model and is capable of integratively storing and manipulating multilevel complicated objects (e. g., multilevel spatial data) and multilevel conventional data ( e. g., integer. real number and character string).
A new radiation work control system has been developed for controlling the entrance and exit of workers from the radiation controlled area in a nuclear power station and has been run in the Fukushima No.2 Nuclear Power Station of Tokyo Electric Power Co. Inc., since October, 1999. The newly developed system uses an access control device (ACD) for automatically lending an alarm-equipped personal dosimeter (APD) to each worker, and also radio communication for gathering dose data while contamination is measured by a body surface monitor upon exit, to reduce the workload for workers. The APD accurately measures both x-rays and γ-rays and sounds an alarm if the set dose level is reached. The ACD incorporates a charging function for 150 dosimeters in addition to the identification (ID) card reading and entrance/exit qualification judgment functions that are available with conventional entrance/exit control devices. Also, at the time of entrance, the ID number and alarm setpoint are written into an APD, which is then lent automatically, thereby making entry quicker and easier for workers. After returning the APD, it can be recharged rapidly and trend data during work can be automatically collected. The body surface monitor system is designed as follows. While contamination of the body surface is being measured at the time of exit, the data of the APD and ID card is read to perform an exit check. After completion of contamination measurement, the results of the exit check and dose data are printed out and collected by the tested person. Radio communication is used to transmit and receive the APD data, and to ensure precise radio communication during body surface monitoring two antennas are used, one for transmission and one for reception, so data can be read during contamination measurement. The developed system reduces workers' burden and improves functionality and reliability. (Suetake, M.)
A method has been proposed for using the tools of kernel of an operating system to control access to the entities of application servers. The possibility of using an information protection system incorporated into the operating system to store and implement security policy has been demonstrated for a database management system
Gang Huang; Lian-Shan Sun
Reflective middleware opens up the implementation details of middleware platform and applications at runtime for improving the adaptability of middleware-based systems. However, such openness brings new challenges to access control of the middleware-based systems.Some users can access the system via reflective entities, which sometimes cannot be protected by access control mechanisms of traditional middleware. To deliver high adaptability securely, reflective middleware should be equipped with proper access control mechanisms for potential access control holes induced by reflection. One reason of integrating these mechanisms in reflective middleware is that one goal of reflective middleware is to equip applications with reflection capabilities as transparent as possible. This paper studies how to design a reflective J2EE middlewarePKUAS with access control in mind. At first, a computation model of reflective system is built to identify all possible access control points induced by reflection. Then a set of access control mechanisms, including the wrapper of MBeans and a hierarchy of Java class loaders, are equipped for controlling the identified access control points. These mechanisms together with J2EE access control mechanism form the access control framework for PKUAS. The paper evaluates the security and the performance overheads of the framework in quality and quantity.
The use of an electronic olfactory device, termed an electronic 'nose', was investigated for the detection of unique human odour characteristics. The detection of these unique odours was applied to the field of biometrics for access control, where a human's unique characteristics were used to authenticate a user of an access control system. An electronic odour sensing device was designed and constructed using an array of conducting polymer gas sensors in order to facilitate the regular screen...
Anderson, Molly; Westheimer, David
All space vehicles or habitats require thermal management to maintain a safe and operational environment for both crew and hardware. Active Thermal Control Systems (ATCS) perform the functions of acquiring heat from both crew and hardware within a vehicle, transporting that heat throughout the vehicle, and finally rejecting that energy into space. Almost all of the energy used in a space vehicle eventually turns into heat, which must be rejected in order to maintain an energy balance and temperature control of the vehicle. For crewed vehicles, Active Thermal Control Systems are pumped fluid loops that are made up of components designed to perform these functions. NASA has recently evaluated all of the agency s technology development work and identified key areas that must be addressed to aid in the successful development of a Crew Exploration Vehicle (CEV) and a Lunar Surface Access Module (LSAM). The technologies that have been selected and are currently under development include: fluids that enable single loop ATCS architectures, a gravity insensitive vapor compression cycle heat pump, a sublimator with reduced sensitivity to feedwater contamination, an evaporative heat sink that can operate in multiple ambient pressure environments, a compact spray evaporator, and lightweight radiators that take advantage of carbon composites and advanced optical coatings.
As per norms of the Atomic energy regulatory board (AERB) to operate a facility in round the clock which has a potential of radiation exposure, radiation safety rules are to be followed. Indus -1 and Indus-2 are synchrotron radiation sources which are open for various users round the clock. To monitor the persons inside the defined zone at any given time, a system is setup consisting of RF ID cards and their readers along with dedicated software. Software is developed in Visual Basic and uses UDP network protocol for receiving data from readers installed at various locations and connected to local area network. The paper describes the access control scheme followed in Indus Accelerator Complex. (author)
WANG Lun-wei; LIAO Xiang-ke; WANG Huai-min
Weighted factor is given to access control policies to express the importance of policy and its effect on access control decision. According to this weighted access control framework, a trustworthiness model for access request is also given. In this model, we give the measure of trustworthiness factor to access request, by using some idea of uncertainty reasoning of expert system, present and prove the parallel propagation formula of request trustworthiness factor among multiple policies, and get the final trustworthiness factor to decide whether authorizing. In this model, authorization decision is given according to the calculation of request trustworthiness factor, which is more understandable, more suitable for real requirement and more powerful for security enhancement than traditional methods. Meanwhile the finer access control granularity is another advantage.
Casas, Antonia; Garcia, Maria Jesus; Nikouline, Andrei
Since 1994 the Data Centre of the Spanish Oceanographic Institute develops system for archiving and quality control of oceanographic data. The work started in the frame of the European Marine Science & Technology Programme (MAST) when a consortium of several Mediterranean Data Centres began to work on the MEDATLAS project. Along the years, old software modules for MS DOS were rewritten, improved and migrated to Windows environment. Oceanographic data quality control includes now not only vertical profiles (mainly CTD and bottles observations) but also time series of currents and sea level observations. New powerful routines for analysis and for graphic visualization were added. Data presented originally in ASCII format were organized recently in an open source MySQL database. Nowadays, the IEO, as part of SeaDataNet Infrastructure, has designed and developed a new information system, consistent with the ISO 19115 and SeaDataNet standards, in order to manage the large and diverse marine data and information originated in Spain by different sources, and to interoperate with SeaDataNet. The system works with data stored in ASCII files (MEDATLAS, ODV) as well as data stored within the relational database. The components of the system are: 1.MEDATLAS Format and Quality Control - QCDAMAR: Quality Control of Marine Data. Main set of tools for working with data presented as text files. Includes extended quality control (searching for duplicated cruises and profiles, checking date, position, ship velocity, constant profiles, spikes, density inversion, sounding, acceptable data, impossible regional values,...) and input/output filters. - QCMareas: A set of procedures for the quality control of tide gauge data according to standard international Sea Level Observing System. These procedures include checking for unexpected anomalies in the time series, interpolation, filtering, computation of basic statistics and residuals. 2. DAMAR: A relational data base (MySql) designed to
National Archives and Records Administration — The OGIS Access System (OAS) provides case management, stakeholder collaboration, and public communications activities including a web presence via a web portal.
Full Text Available Mobile authentication can be used to verify a mobile user’s identity. Normally this is accomplished through the use of logon passwords, but this can raise the secret-key agreement problem between entities. This issue can be resolved by using a public-key cryptosystem, but mobile devices have limited computation ability and battery capacity and a PKI is needed. In this paper, we propose an efficient, non-PKI, authenticated, and blind issued symmetric key protocol for mobile access control systems. An easy-to-deploy authentication and authenticated key agreement system is designed such that empowered mobile devices can directly authorize other mobile devices to exchange keys with the server upon authentication using a non-PKI system without trusted parties. Empowered mobile users do not know the key value of the other mobile devices, preventing users from impersonating other individuals. Also, for security considerations, this system can revoke specific keys or keys issued by a specific user. The scheme is secure, efficient, and feasible and can be implemented in existing environments.
Department of Transportation — This data set contains the personnel access card data (photo, name, activation/expiration dates, card number, and access level) as well as data about turnstiles and...
J.Nafeesa Begum, K.Kumar, Dr.V.Sumathy
Full Text Available The trend of the Civilian society has moved from the industrial age focus onautomation and scale towards information based on computing andcommunication. Today’s Warfare is also moving towards an information ageparadigm based on information sharing, situational awareness, and distributedpoints of intelligence, command and control. A widely-networked fighting force isbetter able to share information about tactical situations that may begeographically widespread, asymmetric, and rapidly changing. Commandersmust be able to better assess situations across broad theaters, with extensivedata, voice, and especially video feeds as strategic inputs. Thus, network-centricwarfare improves effectiveness at both the tactical "point of the spear" and in theachievement of broader strategic goals. Broadly disseminated knowledge assetsenable fighting forces that must self-synchronize, even as they physicallydisperse to address dynamic battlefield conditions. The speed of decision hasincreased and command decisions must be rapidly relayed and implemented, toimprove battlefield outcomes. Multilevel access control in a MANET for aDefense messaging system is used to have the command decisions relayed toall people who are active in the group and also to all people who have beenidentified as higher in the hierarchy instead of sending one to one messages toeach individual.. The system developed is secure, multi site and allows for globalcommunication using the inherent properties of Elliptic Curve cryptography .Elliptic Curve cryptography provides a greater security with less bit size and it isfast when compared to other schemes. The implementation suggests that it is asecure system which occupies fewer bits and can be used for low power devices.
Full Text Available This study develops a novel method for learning mechatronics using remote monitoring and control, based on a programmable logic controller (PLC and WebAccess. A mechatronics module, a Web‐CAM and a PLC were integrated with WebAccess software to organize a remote laboratory. The proposed system enables users to access the Internet for remote monitoring and control of the mechatronics module via a web browser, thereby enhancing work flexibility by enabling personnel to control mechatronics equipment from a remote location. Mechatronics control and long‐distance monitoring were realized by establishing communication between the PLC and WebAccess. Analytical results indicate that the proposed system is feasible. The suitability of this system is demonstrated in the department of industrial education and technology at National Changhua University of Education, Taiwan. Preliminary evaluation of the system was encouraging and has shown that it has achieved success in helping students understand concepts and master remote monitoring and control techniques.
Madar, Fatima Ali
This thesis discusses two implementations of file access controls: the UNIX Permissions (UP) and the Access Control List (ACL). We will evaluate advantages and weaknesses in these two implementations. The criteria of evaluation are usefulness, security and manageability. The level of usefulness of systems was measured by evaluating user-surveys. The level of security was measured by comparing the implementations against well-established file access control models concerning privacy, inte...
Chen, Lijun; Low, Steven H.; Doyle, John C.
Motivated partially by a control-theoretic viewpoint, we propose a game-theoretic model, called random access game, for contention control. We characterize Nash equilibria of random access games, study their dynamics, and propose distributed algorithms (strategy evolutions) to achieve Nash equilibria. This provides a general analytical framework that is capable of modeling a large class of system-wide quality-of-service (QoS) models via the specification of per-node util...
Deji, Shizuhiko [Graduate School of Environmental Studies, Nagoya University, Furo-cho, Chikusa-ku, Nagoya 464-8602 (Japan); Nishizawa, Kunihide [Radioisotope Research Center, Nagoya University, Furo-cho, Chlkusa-ku, Nagoya 464-8602 (Japan)]. E-mail: email@example.com
High-frequency electromagnetic fields in the 120 kHz band emitted from card readers for access control systems caused abnormally high doses on electronic pocket dosimeters (EPDs). All EPDs recovered their normal performance by resetting after the exposure ceased. The electric and magnetic immunity levels of the EPDs were estimated by using the distances needed to prevent electromagnetic interference.
The goal of the thesis was to learn about the procedure of developing applications based on microcontrollers using the Arduino development platform and the IDE environment. Through practical development in the Arduino environment we realized a logic which is capable to authorize access to specific locations and areas based on 125 kHz RFID tags. Although many solutions exist, most of them require a lot of hardware and software because of their modular design and communication types, the so...
Mobile authentication can be used to verify a mobile user’s identity. Normally this is accomplished through the use of logon passwords, but this can raise the secret-key agreement problem between entities. This issue can be resolved by using a public-key cryptosystem, but mobile devices have limited computation ability and battery capacity and a PKI is needed. In this paper, we propose an efficient, non-PKI, authenticated, and blind issued symmetric key protocol for mobile access control syst...
Collins, Earl R., Jr. (Inventor)
A security code system for controlling access to computer and computer-controlled entry situations comprises a plurality of subsets of alpha-numeric characters disposed in random order in matrices of at least two dimensions forming theoretical rectangles, cubes, etc., such that when access is desired, at least one pair of previously unused character subsets not found in the same row or column of the matrix is chosen at random and transmitted by the computer. The proper response to gain access is transmittal of subsets which complete the rectangle, and/or a parallelepiped whose opposite corners were defined by first groups of code. Once used, subsets are not used again to absolutely defeat unauthorized access by eavesdropping, and the like.
Ferguson, M. J.
This paper explores some of the boundaries in performance of slotted ALOHA systems by analyzing a simple and almost optimal centrally supervised control. The control results in a very simple Markov chain model and allows an examination of stability, conditional waiting time distribution of transmitting terminals, and many other system measures. The key to the simplicity is to have a probability of successful packet transmission that is independent of the number of transmitting terminals. In considering waiting time, we calculate the mean and other moments of the waiting time of a terminal when it enters the system to find (n - 1) other terminals already there competing for the channel. Under this control, the average time is proportional to n. The control requires exact knowledge of the number of terminals contending for the channel, and hence is not implementable, except as an approximation.
The energy supply in the countries, which have abundant energy resources, may not be affected by accepting the assertion of anti-nuclear and environment groups. Anti-nuclear movements in the countries which have little energy resources may cause serious problem in securing energy supply. Especially, it is distinct in Korea because she heavily depends on nuclear energy in electricity supply(nuclear share in total electricity supply is about 40%).The cause of social trouble surrounding nuclear energy is being involved with various circumstances. However, it is very important that we are not aware of the importance of information access and prepared for such a situation from the early stage of nuclear energy's development. In those matter, this paper analyzes the contents of nuclear information access system in France and Japan which have dynamic nuclear development program and presents the direction of the nuclear access regime through comparing Korean status and referring to progresses of the regime
Quan Jing; Kuo Wan; Xiao-jun Wang; Lin Ma
Objective To evaluate the effectiveness and safety of a computer-controlled periodontal ligament (PDL) injection system to the local soft tissues as the primary technique in endodontic access to mandibular posterior teeth in patients with irreversible pulpitis. Methods A total of 162 Chinese patients who had been diagnosed with irreversible pulpitis in their mandibular posterior teeth without acute infection or inflammation in the periodontal tissues were enrolled in this clinical study. The patients were divided into 3 groups according to the position of the involved tooth:the premolar group (PM, n=38), first molar group (FM, n=66), and second molar group (SM, n=58). All the patients received computer-controlled PDL injection with 4%articaine and 1∶100 000 epinephrine. Immediately after the injection, endodontic access was performed, and the degree of pain during the treatment was evaluated by the patients using Visual Analogue Scale for pain. The success rates were compared among the 3 groups. The responses of local soft tissues were evaluated 3-8 days and 3 weeks after the procedure. Results The overall success rate was 76.5%. There was a significant difference in success rates among the PM, FM, and SM groups (92.1%, 53.0%, 93.1%, respectively;χ2=34.3, P Conclusion The computer-controlled PDL injection system demonstrates both satisfactory anesthetic effects and safety in local soft tissues as primary anesthetic technique in endodontic access to the mandibular posterior teeth in patients with irreversible pulpitis.
Wakayama, Koji; Okuno, Michitaka; Matsuoka, Yasunobu; Hosomi, Kazuhiko; Sagawa, Misuzu; Sugawara, Toshiki
We propose an optical switch control procedure for high-performance and cost-effective 10 Gbps Active Optical Access System (AOAS) in which optical switches are used instead of optical splitters in PON (Passive Optical Network). We demonstrate the implemented optical switch control module on Optical Switching Unit (OSW) with logic circuits works effectively. We also propose a compact optical 3D-CSP (Chip Scale Package) to achieve the high performance of AOAS without losing cost advantage of PON. We demonstrate the implemented 3D-CSP works effectively.
Tokamak diagnostic settings are repeatedly modified to meet the changing needs of each experiment. Enabling the remote diagnostic control has significant challenges due to security and efficiency requirements. The Operation Request Gatekeeper (ORG) is a software system that addresses the challenges of remotely but securely submitting modification requests. The ORG provides a framework for screening all the requests before they enter the secure machine zone and are executed by performing user authentication and authorization, grammar validation, and validity checks. A prototype ORG was developed for the ITER CODAC that satisfies their initial requirements for remote request submission and has been tested with remote control of the KSTAR Plasma Control System. This paper describes the software design principles and implementation of ORG as well as worldwide test results.
Odelu, Vanga; Das, Ashok Kumar; Goswami, Adrijit
Recently several hierarchical access control schemes are proposed in the literature to provide security of e-medicine systems. However, most of them are either insecure against 'man-in-the-middle attack' or they require high storage and computational overheads. Wu and Chen proposed a key management method to solve dynamic access control problems in a user hierarchy based on hybrid cryptosystem. Though their scheme improves computational efficiency over Nikooghadam et al.'s approach, it suffers from large storage space for public parameters in public domain and computational inefficiency due to costly elliptic curve point multiplication. Recently, Nikooghadam and Zakerolhosseini showed that Wu-Chen's scheme is vulnerable to man-in-the-middle attack. In order to remedy this security weakness in Wu-Chen's scheme, they proposed a secure scheme which is again based on ECC (elliptic curve cryptography) and efficient one-way hash function. However, their scheme incurs huge computational cost for providing verification of public information in the public domain as their scheme uses ECC digital signature which is costly when compared to symmetric-key cryptosystem. In this paper, we propose an effective access control scheme in user hierarchy which is only based on symmetric-key cryptosystem and efficient one-way hash function. We show that our scheme reduces significantly the storage space for both public and private domains, and computational complexity when compared to Wu-Chen's scheme, Nikooghadam-Zakerolhosseini's scheme, and other related schemes. Through the informal and formal security analysis, we further show that our scheme is secure against different attacks and also man-in-the-middle attack. Moreover, dynamic access control problems in our scheme are also solved efficiently compared to other related schemes, making our scheme is much suitable for practical applications of e-medicine systems. PMID:23392626
在数字技术网络技术飞速发展的今天门禁技术得到了迅猛的发展。门禁系统早已超越了单纯的门道及钥匙管理，它已经逐渐发展成为一套完整的出入管理系统。它在工作环境安全、人事考勤管理等行政管理工作中发挥着巨大的作用。本文就门禁系统在博物馆的应用进行分析研究。%got rapid development in the rapid development of digital technology, network technology today access technology. Access control systems have already gone beyond the simple road and key management, it has gradual y developed into a complete access control system. It plays a great role in administrative work environment safety, personnel at endance management etc. In this paper, the museum entrance guard system in the research on the application of.
Carreras Coch, Anna; Rodríguez Luna, Eva; Delgado Mercè, Jaime; Maroñas Borras, Xavier
Social Networks, as the main axis of Web 2.0, are creating a number of interesting challenges to the research and standardisation communities. In this paper, we analyse the current and future use of access control policies in Social Networks. Subsequently, two main issues are addressed: the interoperability amongst systems using different policy languages and the lack of elements in the existing policy languages when trying to express Social Networks’ access control. In part...
Whether for an entire district, a single campus, or one classroom, allowing authorized access to a computer network can be fraught with challenges. The login process should be fairly seamless to approved users, giving them speedy access to approved Web sites, databases, and other sources of information. It also should be tough on unauthorized…
Snook, Bryan E.
The Automated Computer Access Request (AutoCAR) system is a Web-based account provisioning application that replaces the time-consuming paper-based computer-access request process at Johnson Space Center (JSC). Auto- CAR combines rules-based and role-based functionality in one application to provide a centralized system that is easily and widely accessible. The system features a work-flow engine that facilitates request routing, a user registration directory containing contact information and user metadata, an access request submission and tracking process, and a system administrator account management component. This provides full, end-to-end disposition approval chain accountability from the moment a request is submitted. By blending both rules-based and rolebased functionality, AutoCAR has the flexibility to route requests based on a user s nationality, JSC affiliation status, and other export-control requirements, while ensuring a user s request is addressed by either a primary or backup approver. All user accounts that are tracked in AutoCAR are recorded and mapped to the native operating system schema on the target platform where user accounts reside. This allows for future extensibility for supporting creation, deletion, and account management directly on the target platforms by way of AutoCAR. The system s directory-based lookup and day-today change analysis of directory information determines personnel moves, deletions, and additions, and automatically notifies a user via e-mail to revalidate his/her account access as a result of such changes. AutoCAR is a Microsoft classic active server page (ASP) application hosted on a Microsoft Internet Information Server (IIS).
He, Wenqi; Lai, Hongji; Wang, Meng; Liu, Zeyi; Yin, Yongkai; Peng, Xiang
We present a fingerprint authentication scheme based on the optical joint transform correlator (JTC) and further describe its application to the remote access control of a Network-based Remote Laboratory (NRL). It is built to share a 3D microscopy system of our realistic laboratory in Shenzhen University with the remote co-researchers in Stuttgart University. In this article, we would like to focus on the involved security issues, mainly on the verification of various remote visitors to our NRL. By making use of the JTC-based optical pattern recognition technique as well as the Personal Identification Number (PIN), we are able to achieve the aim of authentication and access control for any remote visitors. Note that only the authorized remote visitors could be guided to the Virtual Network Computer (VNC), a cross-platform software, which allows the remote visitor to access the desktop applications and visually manipulate the instruments of our NRL through the internet. Specifically to say, when a remote visitor attempts to access to our NRL, a PIN is mandatory required in advance, which is followed by fingerprint capturing and verification. Only if both the PIN and the fingerprint are correct, can one be regarded as an authorized visitor, and then he/she would get the authority to visit our NRL by the VNC. It is also worth noting that the aforementioned "two-step verification" strategy could be further applied to verify the identity levels of various remote visitors, and therefore realize the purpose of diversified visitor management.
刘琼波; 施军; 尤晋元
The security requirements of distributed systems are changing. In this paper an approach to represent the access control policies and evaluate the access requests is proposed. Extended logic programs without functions are introduced to represent the diverse access control policies, and the propagation depth and direction of privileges along the entity hierarchy can be constrained. After privilege conflicts are resolved according to the rules based on priority between different grantors and entities, semantics as answer sets of extended logic programs is attained. Based on certainty and possibility reasoning, an algorithm to determine whether an access request is authorized is proposed. The three issues of distributed authorization, private privileges and conflict resolution are resolved.%为适应分布式环境下的安全需求，提出了一种描述访问控制策略和判定访问请求的方法.采用类似于无函数的扩展逻辑程序的表示方法对安全访问策略进行描述，限定权限传播的深度，利用不同的优先次序定义了多种消解冲突的规则，并给出了类似扩展逻辑程序的回答集语义解释.结合确定性推理和可能性推理，描述了如何判定访问请求的算法.解决了3个问题：分布式授权、私有权限和冲突消解方法.
... disability would thus be required to have an iPhone, iPad, or other Apple device in order to access the book... sale through its ``App Store,'' the only authorized source of iPhone and iPad applications. EFF further...--i.e., used (or perhaps unused) phones previously purchased or otherwise acquired by a...
GU Xue-lin; YAN Wei; TIAN Hui; ZHANG Ping
This article presents a dynamic random access scheme for orthogonal frequency division multiple access (OFDMA) systems. The key features of the proposed scheme are:it is a combination of both the distributed and the centralized schemes, it can accommodate several delay sensitivity classes,and it can adjust the number of random access channels in a media access control (MAC) frame and the access probability according to the outcome of Mobile Terminals access attempts in previous MAC frames. For floating populated packet-based networks, the proposed scheme possibly leads to high average user satisfaction.
A recent trend is observed in the context of the radio-controlled aircrafts and automobiles within the hobby grade category and Unmanned Aerial Vehicles (UAV) applications moving to the well-known Industrial, Scientific and Medical (ISM) band. Based on this technological fact, the present thesis evaluates an individual user performance by featuring a multiple-user scenario where several point-to-point co-located real-time Remote Control (RC) applications operate using Frequency Hopping Spread Spectrum (FHSS) as a medium access technique in order to handle interference efficiently. Commercial-off-the-shelf wireless transceivers ready to operate in the ISM band are considered as the operational platform supporting the above-mentioned applications. The impact of channel impairments and of different critical system engineering issues, such as working with real clock oscillators and variable packet duty cycle, are considered. Based on the previous, simulation results allowed us to evaluate the range of variation for those parameters for an acceptable system performance under Multiple Access (MA) environments.
Mustapha Ben Saidi.
Full Text Available Security of information systems is a problem chronic, the arrival of cloud computing as a new computing model, feeds the difficulty of implementing effective solutions. Thus more research is currently focused on data security in the cloud, and especially the issue of confidentiality. In this paper we propose a new protocol access control for complex, heterogeneous, interoperable, and distributed systems in the context of Cloud Computing : « Multi-TrustOrBAC » (Multi-Organization - Trust Based Access Control. This protocol allows a TTP «Trust Tierd Party  » to force users belonging to several organizations to cooperate to meet the security policies defined independently by them. The aim is to offer to organizations working together and having decided to migrate to the cloud, a means of real-time monitoring of their safety. Our solution is based on both the concept of trust assigned to users and to the definition of an order on the set of security policies. The logical formalism is used to specify and describe the rules of the security policies of different organizations.
Legislation to create electronic healthcare records and provide electronic healthcare services requires the same level of privacy and disclosure regulations as are applicable to the current practices for paper based patient health records. Most of work in this area has been organization-oriented that deals with exchange of information among healthcare organizations (such as referrals). However, the requirements for ensuring security and privacy of information for online access and sharing of ...
Chow, Edward T.; Woo, Simon S.; James, Mark; Paloulian, George K.
As communication and networking technologies advance, networks will become highly complex and heterogeneous, interconnecting different network domains. There is a need to provide user authentication and data protection in order to further facilitate critical mission operations, especially in the tactical and mission-critical net-centric networking environment. The Autonomous Information Unit (AIU) technology was designed to provide the fine-grain data access and user control in a net-centric system-testing environment to meet these objectives. The AIU is a fundamental capability designed to enable fine-grain data access and user control in the cross-domain networking environments, where an AIU is composed of the mission data, metadata, and policy. An AIU provides a mechanism to establish trust among deployed AIUs based on recombining shared secrets, authentication and verify users with a username, X.509 certificate, enclave information, and classification level. AIU achieves data protection through (1) splitting data into multiple information pieces using the Shamir's secret sharing algorithm, (2) encrypting each individual information piece using military-grade AES-256 encryption, and (3) randomizing the position of the encrypted data based on the unbiased and memory efficient in-place Fisher-Yates shuffle method. Therefore, it becomes virtually impossible for attackers to compromise data since attackers need to obtain all distributed information as well as the encryption key and the random seeds to properly arrange the data. In addition, since policy can be associated with data in the AIU, different user access and data control strategies can be included. The AIU technology can greatly enhance information assurance and security management in the bandwidth-limited and ad hoc net-centric environments. In addition, AIU technology can be applicable to general complex network domains and applications where distributed user authentication and data protection are
Bente, Ingo; von Helden, Josef
Network Access Control (NAC) solutions promise to significantly increase the security level of modern networks. In short, they allow to measure the integrity state of an endpoint that tries to get access to the network. Based upon the measurement results, which are compared to a defined NAC policy, access to the network can be allowed or denied. One problem of all currently available NAC solutions is referred to as the “lying endpoint” problem. Normally, special software components are responsible for gathering the relevant integrity information on the endpoint. If an attacker modifies those software components, an endpoint can lie about its current integrity state. Therefore, endpoints which are not compliant to the defined NAC policy can get access to the network. Those endpoints must be considered as potential threat. This paper summarizes a possible solution for the lying endpoint problem based upon the specifications of the Trusted Computing Group (TCG) and the results of the two research projects TNC@ FHH and Turaya. The goal is to develop an open source, TNC compatible NAC solution with full TPM support within a new research project: tNAC.
Full Text Available Background: Restricting access to common means of suicide, such as firearms, toxic gas, pesticides and other, has been shown to be effective in reducing rates of death in suicide. In the present review we aimed to summarize the empirical and clinical literature on controlling the access to means of suicide. Methods: This review made use of both MEDLINE, ISI Web of Science and the Cochrane library databases, identifying all English articles with the keywords “suicide means”, “suicide method”, “suicide prediction” or “suicide prevention” and other relevant keywords. Results: A number of factors may influence an individual’s decision regarding method in a suicide act, but there is substantial support that easy access influences the choice of method. In many countries, restrictions of access to common means of suicide has lead to lower overall suicide rates, particularly regarding suicide by firearms in USA, detoxification of domestic and motor vehicle gas in England and other countries, toxic pesticides in rural areas, barriers at jumping sites and hanging, by introducing “safe rooms” in prisons and hospitals. Moreover, decline in prescription of barbiturates and tricyclic antidepressants (TCAs, as well as limitation of drugs pack size for paracetamol and salicylate has reduced suicides by overdose, while increased prescription of SSRIs seems to have lowered suicidal rates. Conclusions: Restriction to means of suicide may be particularly effective in contexts where the method is popular, highly lethal, widely available, and/or not easily substituted by other similar methods. However, since there is some risk of means substitution, restriction of access should be implemented in conjunction with other suicide prevention strategies.
Jonathan A. ENOKELA
Full Text Available The security challenges being encountered in many places require electronic means of controlling access to communities, recreational centres, offices, and homes. The electronically controlled automated security access gate being proposed in this work helps to prevent an unwanted access to controlled environments. This is achieved mainly through the use of a Radio Frequency (RF transmitter-receiver pair. In the design a microcontroller is programmed to decode a given sequence of keys that is entered on a keypad and commands a transmitter module to send out this code as signal at a given radio frequency. Upon reception of this RF signal by the receiver module, another microcontroller activates a driver circuitry to operate the gate automatically. The codes for the microcontrollers were written in C language and were debugged and compiled using the KEIL Micro vision 4 integrated development environment. The resultant Hex files were programmed into the memories of the microcontrollers with the aid of a universal programmer. Software simulation was carried out using the Proteus Virtual System Modeling (VSM version 7.7. A scaled-down prototype of the system was built and tested. The electronically controlled automated security access gate can be useful in providing security for homes, organizations, and automobile terminals. The four-character password required to operate the gate gives the system an increased level of security. Due to its standalone nature of operation the system is cheaper to maintain in comparison with a manually operated type.
高斌; 翟江涛; 薛朋骏
An access control system based on file layer of VxWorks is designed and implemented to solve the problem of lack of protection in file layer of VxWorks.This system is composed of three parts which are access monitor, access decider and authority library.Firstly, access monitor which is used to intercept the access of tasks to files in the block device and to acquire the access information of tasks is embedded into the dosFs file system layer, and the access information is also made up of three parts which are access subject, access object and access mode.Secondly, a decision scheme is given by access decider when the acquired access information of tasks is compared by the rules in authority library.Finally, the corresponding access control is carried out by access monitor according to the decision above.The performance of VxWorks embedded with the designed access control system is evaluated by experiments, and it turns out that the security of VxWorks is improved by the con-trol method whose effect on the instantaneity of VxWorks is acceptable.%针对VxWorks系统缺少文件层保护的问题,设计并实现了一种基于VxWorks文件层的访问控制系统.该系统包括访问监控器、访问决策器和权限库3部分.首先,在dosFs文件系统层嵌入访问监控器,拦截任务对块设备中文件的访问,同时获取由访问主体、客体以及访问方式所构成的三元组访问任务信息;其次,访问决策器将获取的访问任务信息与权限库的规则作匹配,给出决策方案;最后,访问监控器根据决策方案进行相应的访问控制.文中实验部分对使用文中方法设计的VxWorks系统进行了性能评估,结果表明该控制方法不仅有效提高了VxWorks系统的安全性,而且对VxWorks系统的实时性影响较小.
U.S. Department of Health & Human Services — 1995-2016. Centers for Disease Control and Prevention (CDC). State Tobacco Activities Tracking and Evaluation (STATE) System. LegislationâYouth Access. The STATE...
Helmut Petritsch describes the first holistic approach to Break-Glass which covers the whole life-cycle: from access control modeling (pre-access), to logging the security-relevant system state during Break-Glass accesses (at-access), and the automated analysis of Break-Glass accesses (post-access). Break-Glass allows users to override security restrictions in exceptional situations. While several Break-Glass models specific to given access control models have already been discussed in research (e.g., extending RBAC with Break-Glass), the author introduces a generic Break-Glass model. The pres
Krukow, Karl Kristian; Nielsen, Mogens; Sassone, Vladimiro
In a reputation-based trust-management system, agents maintain information about the past behaviour of other agents. This information is used to guide future trust-based decisions about interaction. However, while trust management is a component in security decision-making, many existing reputati...
Access control is the main strategy of security and protection in Web system, the traditional access control can not meet the needs of the growing security. With using the role based access control (RBAC) model and introducing the concept of the role in the web system, the user is mapped to a role in an organization, access to the corresponding role authorization, access authorization and control according to the user's role in an organization, so as to improve the web system flexibility and security permissions and access control.%访问控制是Web系统中安全防范和保护的主要策略，传统的访问控制已不能满足日益增长的安全性需求。本文在web应用系统中，使用基于角色的访问控制（RBAC）模型，通过引入角色的概念，将用户映射为在一个组织中的某种角色，将访问权限授权给相应的角色，根据用户在组织内所处的角色进行访问授权与控制，从而提高了在web系统中权限分配和访问控制的灵活性与安全性。
Pulsed Tokamak experiments give rise to significant direct radiation even in the pre-tritium phase. A fundamental safety requirement is the provision of high integrity personnel access control systems to protect site, operational staff and the public from the risk of exposure to high radiation. The paper discusses the radiation hazards during the early hydrogen/deuterium operation and the different levels of installed safeguards which included diverse safety systems in the form of conventional hard wired interlocking and programable logic controllers. The form of a detailed reliability analysis assessing the risk of individual exposure to high radiation (for both the public off-site and staff on-site) is discussed together with the lessons learnt and some of the design changes implemented. An interesting feature is the impact of human reliability in the analysis and how a recently developed technique (HEART) provided an estimation of error rates. The confidence gained in addressing the reliability of personnel and public protection against radiation hazards under normal operating conditions provides an important foundation for the safety analysis of fusion plant with significant tritium inventory. (author). 4 refs, 2 figs, 1 tab
TOUNSI, Wiem; Cuppens-Boulahia, Nora; Cuppens, Frédéric; Pujolle, Guy
International audience Radio Frequency IDentification (RFID) technology offers a new way of automating the identification and storing of information in RFID tags. The emerging opportunities for the use of RFID technology in human centric applications like monitoring and indoor guidance systems indicate how important this topic is in term of privacy. Holding privacy issues from the early stages of RFID data collection helps to master the data view before translating it into business events ...
Common characteristic of all mobile operating systems for smart devices is an extensive middleware that provides a feature-rich API for the onboard sensors and user’s data (e.g., contacts). To effectively protect the device’s integrity, the user’s privacy, and to ensure non-interference between mutually distrusting apps, it is imperative that the middleware enforces rigid security and privacy policies. This thesis presents a line of work that integrates mandatory access control (MAC) mecha...
Yang, Fan; Hankin, Chris; Nielson, Flemming;
We show how to use aspect-oriented programming to separate security and trust issues from the logical design of mobile, distributed systems. The main challenge is how to enforce various types of security policies, in particular predictive access control policies — policies based on the future...... behavior of a program. A novel feature of our approach is that we can define policies concerning secondary use of data....
RFID-based access control system can achieve remote monitoring and intelligent management for computer rooms, laboratories and other specific places. The system chooses Mifare one card, ATmega8, FM1702SL to perform intelligent access control, which adopts the combination of centralized and distributed authorized mechanism to provide users with reliable access control management. The system can provide re- liable historical record for system security by logging the specific behavior of the user. The experiment shows that the system is stable, easy to manage, so it can effectively improve access control system' s securi- ty and monitoring capabilities.%基于RFID的门禁系统可对机房、实验室等特定场所进行远程监控和智能化管理．系统选用Mifare one、ATmega8、FMl702SL实现了智能门禁控制，采用集中授权与分布授权结合的方式，为用户提供可靠的门禁管理．通过对用户的特定行为登记日志，为系统安全提供了可靠的历史记录．实验表明，系统运行稳定、管理方便，可有效提高门禁系统的安全性和监控能力．
Jonathan A. Enokela; Michael N. TYOWUAH
The security challenges being encountered in many places require electronic means of controlling access to communities, recreational centres, offices, and homes. The electronically controlled automated security access gate being proposed in this work helps to prevent an unwanted access to controlled environments. This is achieved mainly through the use of a Radio Frequency (RF) transmitter-receiver pair. In the design a microcontroller is programmed to decode a given sequence of keys that is ...
Sorniotti, Alessandro; Molva, Refik; GOMEZ, Laurent; Trefois, Christophe; Laube, Annett; Scaglioso, Piervito
Abstract Although very developed in many sectors (databases, filesystems), access control schemes are still somewhat elusive when it comes to wireless sensor net- works. However, it is clear that many WSN systems—such as healthcare and automotive ones—need a controlled access to data that sensor nodes produce, given its high sensitivity. Enforcing access control in wireless sensor networks is a particularly difficult task due to the limited computational capacity of wireless sensor nodes. In ...
ALICE Controls data produced by commercial SCADA system WINCCOA is stored in ORACLE database on the private experiment network. The SCADA system allows for basic access and processing of the historical data. More advanced analysis requires tools like ROOT and needs therefore a separate access method to the archives. The present scenario expects that detector experts create simple WINCCOA scripts, which retrieves and stores data in a form usable for further studies. This relatively simple procedure generates a lot of administrative overhead – users have to request the data, experts needed to run the script, the results have to be exported outside of the experiment network. The new mechanism profits from database replica, which is running on the CERN campus network. Access to this database is not restricted and there is no risk of generating a heavy load affecting the operation of the experiment. The developed tools presented in this paper allow for access to this data. The users can use web-based tools to generate the requests, consisting of the data identifiers and period of time of interest. The administrators maintain full control over the data – an authorization and authentication mechanism helps to assign privileges to selected users and restrict access to certain groups of data. Advanced caching mechanism allows the user to profit from the presence of already processed data sets. This feature significantly reduces the time required for debugging as the retrieval of raw data can last tens of minutes. A highly configurable client allows for information retrieval bypassing the interactive interface. This method is for example used by ALICE Offline to extract operational conditions after a run is completed. Last but not least, the software can be easily adopted to any underlying database structure and is therefore not limited to WINCCOA.
Jadlovský, J.; Jadlovská, A.; Sarnovský, J.; Jajčišin, Š.; Čopík, M.; Jadlovská, S.; Papcun, P.; Bielek, R.; Čerkala, J.; Kopčík, M.; Chochula, P.; Augustinus, A.
ALICE Controls data produced by commercial SCADA system WINCCOA is stored in ORACLE database on the private experiment network. The SCADA system allows for basic access and processing of the historical data. More advanced analysis requires tools like ROOT and needs therefore a separate access method to the archives. The present scenario expects that detector experts create simple WINCCOA scripts, which retrieves and stores data in a form usable for further studies. This relatively simple procedure generates a lot of administrative overhead - users have to request the data, experts needed to run the script, the results have to be exported outside of the experiment network. The new mechanism profits from database replica, which is running on the CERN campus network. Access to this database is not restricted and there is no risk of generating a heavy load affecting the operation of the experiment. The developed tools presented in this paper allow for access to this data. The users can use web-based tools to generate the requests, consisting of the data identifiers and period of time of interest. The administrators maintain full control over the data - an authorization and authentication mechanism helps to assign privileges to selected users and restrict access to certain groups of data. Advanced caching mechanism allows the user to profit from the presence of already processed data sets. This feature significantly reduces the time required for debugging as the retrieval of raw data can last tens of minutes. A highly configurable client allows for information retrieval bypassing the interactive interface. This method is for example used by ALICE Offline to extract operational conditions after a run is completed. Last but not least, the software can be easily adopted to any underlying database structure and is therefore not limited to WINCCOA.
杨毯毯; 姜琴; 扈健玮
With the development of science and technology , people have stepped into the era of Internet.Wireless Communication Technology has developed a lot recent years.Wireless Communication Technology has penetrated into all walk of life. Meanwhile,the security of lock has become world topic gradually, This article introduces a set of access controller system based on Bluetooth, It overcomes weakness of traditional clocks’complexity and low-security .It will set foundation for locks’safety and it has broad market prospect.%随着科学技术的迅速发展，人们已经进入了以互联网为核心的信息时代，近几年来无线通信技术也得到了快速的发展，无线通信技术几乎渗透到人们生活的方方面面，智能家居越来越受到青睐，与此同时，门锁的防盗功能和安全性也日益成为全球关注的话题，本论文将介绍一种基于蓝牙的门禁系统，克服了传统门锁开门繁琐，安全性低等缺点；为解决门锁的安全安全隐患奠定基础，具有广阔的市场前景。
Cross-border access to a variety of data such as market information, strategic information, or customer-related information defines the daily business of many global companies, including financial institutions. These companies are obliged by law to keep a data processing legal for all offered services. They need to fulfill different security objectives specified by the legislation. Therefore, they control access to prevent unauthorized users from using data. Those security objectives, for example confidentiality or secrecy, are often defined in the eXtensible Access Control Markup Language that promotes interoperability between different systems. In this paper, we show the necessity of incorporating the requirements of legislation into access control. Based on the work flow in a banking scenario we describe a variety of available contextual information and their interrelations. Different from other access control systems our main focus is on law-compliant cross-border data access. By including legislation dir...
... 47 Telecommunication 5 2010-10-01 2010-10-01 false Control accessibility. 95.645 Section 95.645 Telecommunication FEDERAL COMMUNICATIONS COMMISSION (CONTINUED) SAFETY AND SPECIAL RADIO SERVICES PERSONAL RADIO SERVICES Technical Regulations Certification Requirements § 95.645 Control accessibility. (a) No...
Access Control and Service-Oriented Architectures" investigates in which way logical access control can be achieved effectively, in particular in highly dynamic environments such as service-oriented architectures (SOA's). The author combines state-of-the-art best-practice and projects these onto the
Managing access to shared digital information, such as photographs and documents. is difficult for end users who are accumulating an increasingly large and diverse collection of data that they want to share with others. Current policy-management solutions require a user to proactively seek out and open a separate policy-management interface when…
Veljanovska, Kostandina; M. Bombol, Kristi; Maher, Tomaž
An appropriately designed motorway access control can decrease the total travel time spent in the system up to 30% and consequently increase the merging operations safety. To date, implemented traffic responsive motorway access control systems have been of local or regulatory type and not truly adaptive in the real sense of the meaning. Hence, traffic flow can be influenced positively by numerous intelligent transportation system (ITS) techniques. In this paper a contemporary approach is pres...
After having presented the initial characteristics and weaknesses of the software provided for the control of a memory disk coupled with a Multi 8 computer, the author reports the development and improvement of this controller software. He presents the different constitutive parts of the computer and the operation of the disk coupling and of the direct access to memory. He reports the development of the disk access controller: software organisation, loader, subprograms and statements
Access Control, Security, Trust, and Logic Deconstructing Access Control Decisions A Logical Approach to Access Control PRELIMINARIES A Language for Access ControlSets and Relations Syntax SemanticsReasoning about Access Control Logical RulesFormal Proofs and Theorems Soundness of Logical RulesBasic Concepts Reference Monitors Access Control Mechanisms: Tickets and Lists Authentication Security PoliciesConfidentiality, Integrity, and Availability Discretionary Security Policies Mandatory Security Policies Military Security Policies Commercial PoliciesDISTRIBUTED ACCESS CONTROL Digital Authenti
韩进; 秦宏超; 杨颖超; 刘文武
Smart Home Security System based on security requirements to Samsung S3C6410 embedded core chip as a platform to OpenCV technology as the core, designed and implemented with face recognition features intelligent security access control system. The intelligent access control system will first donor's human face Gray, dimensionality reduction and eigenvalue calculations and other processing, and then prepare training to be authorized in the relevant information. Then the camera to capture the information processing of the human face. The donor's human face to face with the collected information for comparison to determine whether the open access system. After testing, the intelligent access control system completed a face recognition function better, to achieve the access control system design requirements. The design has been successfully applied to smart home security system.%基于智能家居安防系统中安全性的需求，以三星S3C6410嵌入式核心芯片为平台，以OpenCV技术为核心，设计实现了具有人脸识别功能的智能安防门禁系统。本智能门禁系统首先将授权人的人脸信息进行灰度化、降维及计算特征值等处理，再进行准备训练，得到授权人的相关信息。然后对摄像头采集到的人脸信息进行处理。将授权人的人脸信息与采集到的人脸信息进行比对，判定门禁系统是否开放。经过测试，该智能门禁系统较好的完成了人脸识别功能，实现了门禁系统的设计要求。本设计已成功应用于智能家居安防系统中。
Dr. Vladimir Katsman
Our goal in this program is to develop Fast Access Data Acquisition System (FADAS) by combining the flexibility of Multilink's GaAs and InP electronics and electro-optics with an extremely high data rate for the efficient handling and transfer of collider experimental data. This novel solution is based on Multilink's and Los Alamos National Laboratory's (LANL) unique components and technologies for extremely fast data transfer, storage, and processing.
MENG Xiao-feng; LUO Dao-feng; OU Jian-bo
As XML has been increasingly important as the Data-change format of Internet and Intranet, access-control-on-XML-properties rises as a new issue.Role-based access control (RBAC) is an access control method that has been widely used in Internet, Operation System and Relation Data Base these 10 years.Though RBAC is already relatively mature in the above fields, new problems occur when it is used in XML properties.This paper proposes an integrated model to resolve these problems, after the fully analysis on the features of XML and RBAC.
Jorgušeski, L.; Litjens, R.; Zhiyi, C.; Nikookar, H.
Future wireless access systems will be characterized by their heterogeneity from technological point of view. It is envisaged that in certain areas end-users will have a choice between various radio accesses (RAs) such as e.g. classical cellular networks (GSM, UMTS, WiMAX, etc), WLAN hot-spots, or o
中大路 道彦; 一宮 正和; 向坊 隆一; 前田 清彦; 永田 敬
PNC made design studies on loop type FBR plants:a 600 MWe class in '91, and a 1300 MWe class in '93 both with the "head access" primary piping system. This paper focuses on the features of the smaller plant at first and afterwards on the extension to the larger one. The contents of the paper consist of R/V wall protection mechanism, primary piping circuit, secondary piping circuit, plant layout and then, discusses the extension of the applicability of the wall protection mechanism, primary pi...
Context. With the development of computer software, hardware, and communication technologies, a new type of human-centered computing model, called Cloud Computing (CC) has been established as a commercial computer network service. However, the openness of CC brings huge security challenge to the identity-based access control system, as it not able to effectively prevent malicious users accessing; information security problems, system stability problems, and also the trust issues between cloud...
In this work we suggest a meta access control model emulating established access control models by configuration and offering enhanced features like the delegation of rights, ego-centered roles, and decentralized administration. The suggested meta access control model is named \\'\\'Access Definition and Query Language\\'\\' (ADQL). ADQL is represented by a formal, context-free grammar allowing to express the targeted access control model, policies, facts, and access queries as a formal language.
Wang, Liyuan; Guo, Ge
This paper investigates networked control systems whose actuators communicate with the controller via a limited number of unreliable channels. The access to the channels is decided by a so-called group random access protocol, which is modelled as a binary Markov sequence. Data packet dropouts in the channels are modelled as independent Bernoulli processes. For such systems, a systematic characterisation for controller synthesis is established and stated in terms of the transition probabilities of the Markov protocol and the packet dropout probabilities. The results are illustrated via a numerical example.
学生宿舍门禁系统对于一个学校来说具有非常重要的作用。然而现状是好多学校还停留人工管理的最初阶段，这对于规模较小的学校来说还可以接受，但对于学生数量非常多，信息量也较庞大，并且需要记录存档的数据比较多的学校来说，人工管理是相当麻烦的。学生宿舍门禁系统采用的是计算机化管理，系统做的尽量人性化，使用者会感到操作非常方便。%Student dormitory access control system for a school with a very important role.However,the status quo is a lot of schools still remain the initial stages of the artificial management for smaller schools can also accept,but for the very large number of students,the amount of information than large,and the need to record the archived data more schools to labor management is rather cumbersome.Student dormitory access control system uses a computerized management system as humane,the user will feel very convenient to operate.
Network security is a large and complex problem being addressed by multiple communities. Nevertheless, current theories in networking security appear to overestimate network administrators' ability to understand network access control lists (NACLs), providing few context specific user analyses. Consequently, the current research generally seems to…
FU Jing-tuan; JI Hong; MAO Xu
Opportunistic spectrum access （OSA） is considered as a promising approach to mitigate spectrum scarcity by allowing unlicensed users to exploit spectrum opportunities in licensed frequency bands. Derived from the existing channel-hopping multiple access （CHMA） protocol,we introduce a hopping control channel medium access control （MAC） protocol in the context of OSA networks. In our proposed protocol,all nodes in the network follow a common channel-hopping sequence; every frequency channel can be used as control channel and data channel. Considering primary users＇ occupancy of the channel,we use a primary user （PU） detection model to calculate the channel availability for unlicensed users＇ access. Then,a discrete Markov chain analytical model is applied to describe the channel states and deduce the system throughput. Through simulation,we present numerical results to demonstrate the throughput performance of our protocol and thus validate our work.
YAO Hanbing; HU Heping; LU Zhengding; LI Ruixuan
Grid computing is concerned with the sharing and coordinated use of diverse resources in distributed "virtual organizations". The heterogeneous, dynamic and multi-domain nature of these environments makes challenging security issues that demand new technical approaches. Despite the recent advances in access control approaches applicable to Grid computing, there remain issues that impede the development of effective access control models for Grid applications. Among them there are the lack of context-based models for access control, and reliance on identity or capability-based access control schemes. An access control scheme that resolve these issues is presented, and a dynamically authorized role-based access control (D-RBAC) model extending the RBAC with context constraints is proposed. The D-RABC mechanisms dynamically grant permissions to users based on a set of contextual information collected from the system and user's environments, while retaining the advantages of RBAC model. The implementation architecture of D-RBAC for the Grid application is also described.
The Lawrence Livermore National Laboratory (LLNL) operates an automated access control system consisting of more than 100 portals. We have gained considerable practical experience in the issues involved in operating this large system, and have identified the central issues to include system reliability, the large user population, the need for central control, constant change, high visibility and the budget. This paper outlines these issues and draws from our experience to discuss some fruitful ways of addressing them
This paper studies two fundamentally distinct approaches to opening a technology platform and their different impacts on innovation. One approach is to grant access to a platform and thereby open up markets for complementary components around the platform. Another approach is to give up control over the platform itself. Using data on 21 handheld computing systems (1990-2004), I find that granting greater levels of access to independent hardware developer firms produces up to a fivefold accele...
Full Text Available In this paper, an implementation of IEEE 1149.7 standard is used for designing Test Access Port (TAP Controller and testing of interconnects is done using boundary scan. By c-JTAG the pin count gets reduced which increases the performance and simplifies the connection between devices. TAP Controller is a synchronous Moore type finite state machine that is changed when the TMS and TCK signals of the test access port gets change. This controls the sequence operation of the circuitry conveyed by JTAG and c-JTAG. JTAGmainly used four pins with TAP and fifth pin is for optional use in Boundary scan. But c-JTAG uses only two pins with TAP. In this approach TDI and TDO gets multiplexed by using class T4 and T5 of c-JTAG. Various instructions are used for testing interconnects using IEEE 1149.7 standard (std.
Mohammed, Alalelddin Fuad Yousif
This thesis project’s goal is to enable undergraduate students to gain insight into media access and control protocols based upon carrying out laboratory experiments. The educational goal is to de-mystifying radio and other link and physical layer communication technologies as the students can follow packets from the higher layers down through the physical layer and back up again. The thesis fills the gap between the existing documentation for the Universal Software Radio Peripheral (USRP) re...
Kaiser, Mary Elizabeth; Morris, Matthew J.; Aldoroty, Lauren Nicole; Godon, David; Pelton, Russell; McCandliss, Stephan R.; Kurucz, Robert L.; Kruk, Jeffrey W.; Rauscher, Bernard J.; Kimble, Randy A.; Wright, Edward L.; Benford, Dominic J.; Gardner, Jonathan P.; Feldman, Paul D.; Moos, H. Warren; Riess, Adam G.; Bohlin, Ralph; Deustua, Susana E.; Dixon, William Van Dyke; Sahnow, David J.; Lampton, Michael; Perlmutter, Saul
ACCESS: Absolute Color Calibration Experiment for Standard Stars is a series of rocket-borne sub-orbital missions and ground-based experiments designed to leverage significant technological advances in detectors, instruments, and the precision of the fundamental laboratory standards used to calibrate these instruments to enable improvements in the precision of the astrophysical flux scale through the transfer of laboratory absolute detector standards from the National Institute of Standards and Technology (NIST) to a network of stellar standards with a calibration accuracy of 1% and a spectral resolving power of 500 across the 0.35 to 1.7 micron bandpass.A cross wavelength calibration of the astrophysical flux scale to this level of precision over this broad a bandpass is relevant for the data used to probe fundamental astrophysical problems such as the SNeIa photometry based measurements used to constrain dark energy theories.We will describe the strategy for achieving this level of precision, the payload and calibration configuration, present sub-system test data, and the status and preliminary performance of the integration and test of the spectrograph and telescope. NASA APRA sounding rocket grant NNX14AH48G supports this work.
Mohammad S. Ab-Rahman
Full Text Available Problem statement: Cables that are installed outdoors are subjected to harsh environmental conditions which make break down inevitable. When this happen it will disrupt the services and cause trouble to the users. To overcome this is to provide a means of restoring the network in case of failure. We introduced the Access Control System (ACS and Customer Access Protection Unit (CAPU to provide FTTH-PON monitoring, fault detection and protection. Approach: To design the C programs for ACS and CAPU, we will come up with the algorithms which describe the switching configuration in general. The switching configurations are tabulated in truth tables and flow charts are constructed. Based on the flow charts, the respective C programs for ACS and CAPU will be written. The C programs will then be tested through simulation. After successful simulations, the programs will be downloaded into the respective PIC microcontrollers in the ACS and CAPU for lab testing. Results: When several faults occur at various lines, each Multi Access Detection System (MADS informs ACS and all CAPUs of the current line conditions. As programmed, ACS and CAPU will configure their switches to restore the network. When one of the working lines fail, the optical signal will be routed to its dedicated protection line. But when both its working and protection line fail, the optical signal will be routed to its neighboring protection line. Conclusion: We have successfully simulated the restoration of the optical signal when fault occur at its working line by restoring it to its dedicated protection line
This brief investigates distributed medium access control (MAC) with QoS provisioning for both single- and multi-hop wireless networks including wireless local area networks (WLANs), wireless ad hoc networks, and wireless mesh networks. For WLANs, an efficient MAC scheme and a call admission control algorithm are presented to provide guaranteed QoS for voice traffic and, at the same time, increase the voice capacity significantly compared with the current WLAN standard. In addition, a novel token-based scheduling scheme is proposed to provide great flexibility and facility to the network servi
In today's electronic learning environment, access to appropriate systems and data is of the utmost importance to students, faculty, and staff. Without proper access to the school's internal systems, teachers could be prevented from logging on to an online learning system and students might be unable to submit course work to an online…
Martínez, Salvador; Garcia-Alfaro, Joaquin; Cuppens, Frédéric; Cuppens-Boulahia, Nora; Cabot, Jordi
Security is a critical concern for any information system. Security properties such as confidentiality, integrity and availability need to be enforced in order to make systems safe. In complex environments, where information systems are composed of a number of heterogeneous subsystems, each must participate in their achievement. Therefore, security integration mechanisms are needed in order to 1) achieve the global security goal and 2) facilitate the analysis of the security status of the who...
姬东耀; 张福泰; 王育民
研究了利用密码技术实现多级安全系统中的访问控制的方法.提出了一个新的基于密钥分配的动态访问控制方案.其中的密钥分配方法是基于Rabin公钥体制和中国剩余定理的.在该方案中，系统中每一用户被赋于一个安全权限，具有较高安全权限的用户可以利用自己私有的秘密信息和公共信息导出具有较低安全权限的用户的密钥，而低权限用户则不能导出高权限用户的密钥，这样高权限用户可以读取和存储属于低权限用户的保密信息，而低权限用户则不能读取和存储属于高权限用户的保密信息.从而实现了利用密钥分配进行授权的访问控制.而且从系统中添加/删除一用户以及改变用户权限和改变用户密钥都无需变更整个系统.%Several multilevel access control schemes have been proposed. However, they all have one or all of the following drawbacks: 1) the users must store large amount of common information when the number of classes of users is large; 2) the system must be rebuilt when there is a need to add/delete a user class or to change the clearance of some user classes; and 3) it is difficult to change keys for the users. With the aim of overcoming these drawbacks, the problem of efficiently implementing authorized access control in multilevel security systems using cryptographic techniques is studied in this paper. A new dynamic access control scheme based on key distribution is proposed. In the scheme, each user is assigned a security clearance. The user in a higher security class can read and store information items that belong to users in a lower security class, but the opposite direction of this operation is infeasible. Hence, authorized access control through the use of this type of key distribution schemes can be implemented. The key distribution scheme is based on Rabin public key system and Chinese remainder theorem. It has the following advantages over the
Qianmu, Li; Jie, Yin; Jun, Hou; Jian, Xu; Hong, Zhang; Yong, Qi
A service access control model in cyberspace is proposed, which provides a generalized and effective mechanism of security management with some items constraint specifications. These constraint specifications are organized to form a construction, and an enact process is proposed to make it scalable and flexible to meet the need of diversified service application systems in cyberspace. The model of this paper erases the downward information flow by extended rules of read/write, which is the breakthrough of the limitations when applying the standard role-based access control in cyberspace.
Mahmood Rajpoot, Qasim; Jensen, Christian D.; Krishnan, Ram
Role-based access control (RBAC) and attribute-based access control (ABAC) are currently the most prominent access control models. However, they both suffer from limitations and have features complimentary to each other. Due to this fact, integration of RBAC and ABAC has become a hot area of...... research recently. We propose an access control model that combines the two models in a novel way in order to unify their benefits. Our approach provides a fine-grained access control mechanism that takes into account the current contextual information while making the access control decisions....
Liu, Yiliang; Deng, Jinxia
In recent years, the access control technology has been researched widely in workflow system, two typical technologies of that are RBAC (Role-Based Access Control) and TBAC (Task-Based Access Control) model, which has been successfully used in the role authorizing and assigning in a certain extent. However, during the process of complicating a system's structure, these two types of technology can not be used in minimizing privileges and separating duties, and they are inapplicable when users have a request of frequently changing on the workflow's process. In order to avoid having these weakness during the applying, a variable flow dynamic role_task_view (briefly as DRTVBAC) of fine-grained access control model is constructed on the basis existed model. During the process of this model applying, an algorithm is constructed to solve users' requirements of application and security needs on fine-grained principle of privileges minimum and principle of dynamic separation of duties. The DRTVBAC model is implemented in the actual system, the figure shows that the task associated with the dynamic management of role and the role assignment is more flexible on authority and recovery, it can be met the principle of least privilege on the role implement of a specific task permission activated; separated the authority from the process of the duties completing in the workflow; prevented sensitive information discovering from concise and dynamic view interface; satisfied with the requirement of the variable task-flow frequently.
Peters, Carol; Sheridan, Paraic
With the rapid growth of the global information society, the concept of library has evolved to embrace all kinds of information collections, on all kinds of storage media, and using many different access methods. The users of today's information networks and digital libraries, no longer restricted by geographic or spatial boundaries, want to be…
Javaid, N.; Ahmad, A.; A. Rahim; Z.A. Khan; M. Ishfaq; Qasim, U.
Wireless Body Area Networks (WBANs) are widely used for applications such as modern health-care systems, where wireless sensors (nodes) monitor the parameter(s) of interest. Nodes are provided with limited battery power and battery power is dependent on radio activity. MAC protocols play a key role in controlling the radio activity. Therefore, we present Adaptive Medium Access Control (A-MAC) protocol for WBANs supported by linear programming models for the minimization of energy consumption ...
李寒; 郭禾; 王宇新; 陆国际; 杨元生
访问控制是软件系统的重要安全机制,其目的在于确保系统资源的安全访问.针对多数遗产系统的访问控制不是基于角色的且其实现形式多样,提出了一种基于RBAC的访问控制策略集成方法.该方法将遗产系统中的权限映射为集成系统中的任务,能够在任务树和策略转换规则的基础上使用统一的形式重组访问控制策略.此外,该方法给出了一组用于实现后续授权操作的管理规则.案例分析表明,提出的方法是可行的,能够有效地集成遗产系统的访问控制策略,并将RBAC引入遗产系统的访问控制.%Access control whose objective is to ensure the security of accessing to resources in software systems is an essential part for software systems. As access control policies in legacy systems seldom based on roles are represented in various forms,an RBAC-based approach was proposed to integrate these access control policies. The approach maps permission of legacy systems to tasks of integrated system. Based on task trees and transformation rules of access control policy, various access control policies were reorganized in a unified form. Moreover, management rules were provided to achieve further authorization. A case study is demonstrated to depict the proposed approach is a feasible solution to integrate legacy access control policies and introduce RBAC into legacy systems.
Muhammad Aqib; Riaz Ahmed Shaikh
Validation and verification of security policies is a critical and important task to ensure that access control policies are error free. The two most common problems present in access control policies are: inconsistencies and incompleteness. In order to detect such problems, various access control policy validation mechanisms are proposed by the researchers. However, comprehensive analysis and evaluation of the existing access control policy validation techniques is missing in the literature....
Tso, Kam S.; Pajevski, Michael J.; Johnson, Bryan
Cyber security has gained national and international attention as a result of near continuous headlines from financial institutions, retail stores, government offices and universities reporting compromised systems and stolen data. Concerns continue to rise as threats of service interruption, and spreading of viruses become ever more prevalent and serious. Controlling access to application layer resources is a critical component in a layered security solution that includes encryption, firewalls, virtual private networks, antivirus, and intrusion detection. In this paper we discuss the development of an application-level access control solution, based on an open-source access manager augmented with custom software components, to provide protection to both Web-based and Java-based client and server applications.
In this paper a model, called the device server model, has been presented for solving the problem of device access and control faced by all control systems. Object Oriented Programming techniques were used to achieve a powerful yet flexible solution. The model provides a solution to the problem which hides device dependancies. It defines a software framework which has to be respected by implementors of device classes - this is very useful for developing groupware. The decision to implement remote access in the root class means that device servers can be easily integrated in a distributed control system. A lot of the advantages and features of the device server model are due to the adoption of OOP techniques. The main conclusion that can be drawn from this paper is that 1. the device access and control problem is adapted to being solved with OOP techniques, 2. OOP techniques offer a distinct advantage over traditional programming techniques for solving the device access problem. (J.P.N.)
Çelik, Sönmez; Gürdal, Gültekin; Keten, Burcu; Türkfidanı, Ata; Kutlutürk, Levent
The Open Access movement is a social movement in academia, dedicated to the principle of open access - to information - sharing for the common good and is being supported by many scientists, publishers, and researchers in the world, today. The software that is used to operate the institutional archive systems which are the basis of the Open Access, are divided into two forms of some free open source software and paid package programs which were developed by some corporates. DSpace, whose firs...
Novacki, Stanley M., III
In order to accommodate the increasing number of computerized subsystems aboard today's more fuel efficient aircraft, the Boeing Co. has developed the DATAC (Digital Autonomous Terminal Access Control) bus to minimize the need for point-to-point wiring to interconnect these various systems, thereby reducing total aircraft weight and maintaining an economical flight configuration. The DATAC bus is essentially a local area network providing interconnections for any of the flight management and control systems aboard the aircraft. The task of developing a Bus Monitor Unit was broken down into four subtasks: (1) providing a hardware interface between the DATAC bus and the Z8000-based microcomputer system to be used as the bus monitor; (2) establishing a communication link between the Z8000 system and a CP/M-based computer system; (3) generation of data reduction and display software to output data to the console device; and (4) development of a DATAC Terminal Simulator to facilitate testing of the hardware and software which transfer data between the DATAC's bus and the operator's console in a near real time environment. These tasks are briefly discussed.
The populations of the developed countries have easy access to contraception, but adequate family planning services are lacking in 80 of 93 recently studied Third World countries. 58% of the population of the developing world lives in these 80 countries. 43% or 372 million of the world's reproductive aged couples use modern and safe contraception. Of these, 102 million live in industrialized countries, about 146 million in the People's Republic of China, and 124 million in other developing countries. Only 27% of couples in developing countries apart from China use modern contraception. Abortion continues to be the most used method of fertility control. About 33 million legal abortions and 27 million illegal abortions are performed annually. Some 250 million women in developing countries who do not desire pregnancy are without family planning information or services. 1 year of protection costs about US $20 per couple in a developing country. Governments of developed countries spend about US $1.5 billion on family planning programs, of which about $500 million is slated for external aid to population programs. An additional investment of $5 billion is needed to provide family planning services to the 250 million women needing them. The 15 most populated industrialized countries which account for 91% of the population of the developed world mostly have good or excellent access to family planning services and information, although some comparatively minor problems may persist. Access to contraception in the countries of Eastern Europe is considered only good because of governmental restrictions on sterilization. Access is hampered in Japan by unavailability of some types of IUDs and pills and severe restrictions on sterilization. Family planning services are only average in the USSR because of poor quality and irregular supplies of modern contraceptives, especially in rural areas. Abortion, although not always easy to arrange because of bureaucratic delays, remains the
Chen, Tzer-Shyong; Liu, Chia-Hui; Chen, Tzer-Long; Chen, Chin-Sheng; Bau, Jian-Guo; Lin, Tzu-Ching
With the development of information technology and medical technology, medical information has been developed from traditional paper records into electronic medical records, which have now been widely applied. The new-style medical information exchange system "personal health records (PHR)" is gradually developed. PHR is a kind of health records maintained and recorded by individuals. An ideal personal health record could integrate personal medical information from different sources and provide complete and correct personal health and medical summary through the Internet or portable media under the requirements of security and privacy. A lot of personal health records are being utilized. The patient-centered PHR information exchange system allows the public autonomously maintain and manage personal health records. Such management is convenient for storing, accessing, and sharing personal medical records. With the emergence of Cloud computing, PHR service has been transferred to storing data into Cloud servers that the resources could be flexibly utilized and the operation cost can be reduced. Nevertheless, patients would face privacy problem when storing PHR data into Cloud. Besides, it requires a secure protection scheme to encrypt the medical records of each patient for storing PHR into Cloud server. In the encryption process, it would be a challenge to achieve accurately accessing to medical records and corresponding to flexibility and efficiency. A new PHR access control scheme under Cloud computing environments is proposed in this study. With Lagrange interpolation polynomial to establish a secure and effective PHR information access scheme, it allows to accurately access to PHR with security and is suitable for enormous multi-users. Moreover, this scheme also dynamically supports multi-users in Cloud computing environments with personal privacy and offers legal authorities to access to PHR. From security and effectiveness analyses, the proposed PHR access
CEBAF has recently upgraded its accelerator control system to use EPICS, a control system toolkit being developed by a collaboration among laboratories in the US and Europe. The migration to EPICS has taken place during a year of intense commissioning activity, with new and old control systems operating concurrently. Existing CAMAC hardware was preserved by adding a CAMAC serial highway link to VME; newer hardware developments are now primarily in VME. Software is distributed among three tiers of computers: first, workstations and X terminals for operator interfaces and high level applications; second, VME single board computers for distributed access to hardware and for local control processing; third, embedded processors where needed for faster closed loop operation. This system has demonstrated the ability to scale EPICS to controlling thousands of devices, including hundreds of embedded processors, with control distributed among dozens of VME processors executing more than 125,000 EPICS database records. To deal with the large size of the control system, CEBAF has integrated an object oriented database, providing data management capabilities for both low level I/O and high level machine modeling. A new callable interface which is control system independent permits access to live EPICS data, data in other Unix processes, and data contained in the object oriented database
Full Text Available How should an individual contribute to the public good? Conversely, how does the public help the individual? We should analyze and alleviate conflicts in community clouds. Covert channels in the access matrix are caused by conflicts between public values and a private sense of values. We cannot control the information leaks from the covert channels by using only access control. We believe that the community cloud system should emphasize harmony between public values and a private sense of values. We interpret the access matrix as follows: The acts of the individual are generalized and symbolized by an access matrix that describes the access operations of the subject. We propose a multiagent system embodying the concept of swarm intelligence to analyze the covert channels that arise. Each agent has a group target and an individual target. The group target and an individual target include targets for generation of access and restriction of access. The system does not have any principle of universal control. Instead, an agent’s interactions are guided by metaheuristics for achieving targets. The social order of the whole society is made from the agents’ interactions related to the group value target, group game target, an individual value target, and an individual game target. The conceptual framework and multiagent system presented here are intended to support people. If the covert channel problem can be solved, it will become possible for people to use community clouds safely.
A computer control system of Accelerator Test Facility(ATF) is described in detail. The ATF presently consists of 60MeV electron injector linac and two klystron Lest stands, and is controlled by a workstation computer with CAMAC interfaces. For its nature of R and D accelerator aimed to realize TeV region linear collider, the control system also should have a flexibility in both hardware and software. Programmable sequence controllers are introduced in the electron gun system and klystron modulator systems and their performances are tested. The control software which is coded using FORTRAN consists in many independent programs. Each program can access to full functions of a specified device or can control the function which is common to many devices
Mahmood Rajpoot, Qasim; Jensen, Christian D.; Krishnan, Ram
Attribute-based access control (ABAC) and role-based access control (RBAC) are currently the two most popular access control models. Yet, they both have known limitations and offer features com- plimentary to each other. Due to this fact, integration of RBAC and ABAC has recently emerged as an...... important area of research. In this paper, we propose an access control model that combines the two models in a novel way in order to unify their benefits. Our approach provides a fine-grained access control mechanism that not only takes contextual information into account while making the access control...... decisions but is also suitable for applications where access to resources is controlled by exploiting contents of the resources in the policy....
Jensen, Steffen Elstrøm Holst; Jacobsen, Rune Hylsberg
, to the Internet is suggested. The solution uses virtual representations of objects by using low-cost, passive RFID tags to give objects identities on the Internet. A prototype that maps an RFID identity into an IPv6 address is constructed. It is illustrated how this approach can be used in access control systems......Future Internet research is needed to bring the Internet and the Things closer to each other to form the Internet of Things. As objects in our daily life gradually become smarter, there is an increasing benefit of networking these objects. In this article, a method to couple objects, the Things...... based on open network protocols and packet filtering. The solution includes a novel RFID reader architecture that supports the internetworking of components of a future access control system based on network layer technology....
The Control Systems Security Program and other programs within the Idaho National Laboratory have discovered a vulnerability common to control systems in all sectors that allows an attacker to penetrate most control systems, spoof the operator, and gain full control of targeted system elements. This vulnerability has been identified on several systems that have been evaluated at INL, and in each case a 100% success rate of completing the attack paths that lead to full system compromise was observed. Since these systems are employed in multiple critical infrastructure sectors, this vulnerability is deemed common to control systems in all sectors. Modern control systems architectures can be considered analogous to today's information networks, and as such are usually approached by attackers using a common attack methodology to penetrate deeper and deeper into the network. This approach often is composed of several phases, including gaining access to the control network, reconnaissance, profiling of vulnerabilities, launching attacks, escalating privilege, maintaining access, and obscuring or removing information that indicates that an intruder was on the system. With irrefutable proof that an external attack can lead to a compromise of a computing resource on the organization's business local area network (LAN), access to the control network is usually considered the first phase in the attack plan. Once the attacker gains access to the control network through direct connections and/or the business LAN, the second phase of reconnaissance begins with traffic analysis within the control domain. Thus, the communications between the workstations and the field device controllers can be monitored and evaluated, allowing an attacker to capture, analyze, and evaluate the commands sent among the control equipment. Through manipulation of the communication protocols of control systems (a process generally referred to as ''reverse engineering''), an
ZHANG Hong; HE YePing; SHI ZhiGuo
There is an emerging recognition of the importance of utilizing contextual information in authorization decisions. Controlling access to resources in the field of wireless and mobile networking require the definition of a formal model for access control with supporting spatial context. However, traditional RBAC model does not specify these spatial requirements. In this paper, we extend the existing RBAC model and propose the SC-RBAC model that utilizes spatial and location-based information in security policy definitions. The concept of spatial role is presented,and the role is assigned a logical location domain to specify the spatial boundary.Roles are activated based on the current physical position of the user which obtained from a specific mobile terminal. We then extend SC-RBAC to deal with hierarchies, modeling permission, user and activation inheritance, and prove that the hierarchical spatial roles are capable of constructing a lattice which is a means for articulate multi-level security policy and more suitable to control the information flow security for safety-critical location-aware information systems. Next, constrained SC-RBAC allows express various spatial separations of duty constraints,location-based cardinality and temporal constraints for specify fine-grained spatial semantics that are typical in location-aware systems. Finally, we introduce 9 invariants for the constrained SC-RBAC and its basic security theorem is proven. The constrained SC-RBAC provides the foundation for applications in need of the constrained spatial context aware access control.
Deloose, I.; Pace, A.
The two CERN isotope separators named ISOLDE have been running on the new Personal Computer (PC) based control system since April 1992. The new architecture that makes heavy use of the commercial software and hardware of the PC market has been implemented on the 1700 geographically distributed control channels of the two separators and their experimental area. Eleven MSDOS Intel-based PCs with approximately 80 acquisition and control boards are used to access the equipment and are controlled from three PCs running Microsoft Windows used as consoles through a Novell Local Area Network. This paper describes the interesting solutions found and discusses the reduced programming workload and costs that have been obtained.
Besson, Frédéric; Dufay, Guillaume; Jensen, Thomas; Pichardie, David
A model of resource access control is presented in which the access control to resources can employ user interaction to obtain the necessary permissions. This model is inspired by and improves on the Java security architecture used in Java-enabled mobile telephones. We extend the Java model to include access control permissions with multiplicities in order to allow to use a permission a certain number of times. We define a program model based on control flow graphs together with its operation...
The 'Material Control and Surveillance for High Frequency Access Vaults' project sponsored by United States Department of Energy's Office of Security Policy, Policy Integration and Technical Support Program (SO-20.3) focuses on enhancing nuclear materials control and surveillance in vaults that are frequently accessed. The focus of this effort is to improve materials control and accountability (MC and A) while decreasing the operational impact of these activities. Los Alamos and Y-12 have developed a testbed at the Los Alamos National Laboratory for evaluating and demonstrating integrated technologies for use in enhancing materials control and accountability in active nuclear material storage vaults. An update will be provided on the new systems demonstrated in the test-bed including a 'confirmatory cart' for expediting the performance of inventory and radio-frequency actuated video that demonstrates the concept of automated data entry for materials moving between MBA's. The United States Department of Energy's Office of Security Policy, Policy Integration and Technical Support Program (SO-20.3) has sponsored a project where nuclear material inventory, control and surveillance systems are evaluated, developed, and demonstrated in an effort to provide technologies that reduce risk, increase material assurance, and provide cost-efficient alternatives to manpower-intensive physical inventory and surveillance approaches for working (high-frequency-access) vaults. This Fiscal Year has been largely focused on evaluating and developing components of two sub-systems that could be used either separately in nuclear material vaults or as part of a larger integrated system for nuclear materials accountability, control and surveillance.
针对访问控制策略难以适应办公自动化系统中对访问权限控制的问题，提出了办公自动化系统中基于任务的访问控制模型，对其进行了形式化的描述，就一个典型的办公流程进行了模型化.%A new paradigm for access control and authorization management called task-based access controls(TBAC) is described to aim at the secure demand of documents processing in OA. The formalization expression of the paradigm as well as some samples application is given.
王俊; 贾连兴; 姚海潮; 何建平
访问控制技术能够有效避免对数据的非法访问,增强对用户行为的管理.依托分布式并行文件系统GlusterFS,结合RBAC思想,设计了一个文件级分布式安全访问控制系统—Distributed Secure Access Control System(DSAS).重点研究了存储系统中RBAC机制的实现方法,提出了基于角色证书的用户身份验证及角色授权机制.测试结果表明,DSAS系统在满足数据安全性需求的同时,同样能够较好地满足存储系统性能需求.%Access control technology can effectively avoid the unauthorized access for data and strengthen the management to the customer behavior. Depended on the distributed parallel file system GlusterFS and combined with the principles of RBAC, this paper designed a file level Distributed Secure Access Control System(DSAS), mainly studied the carrying out of RBAC mechanism method in the storage system, put forward customer identity verification and role authorization mechanism based on the role credential. Test results illustrated that DSAS system can be well fulfill the need for data reliability and security and the need for storage system performance.
Efficient and friendly access to the large amount of data distributed over the wide area network is a challenge for the near future LCG experiments. The problem can be solved using current standard open technologies and tools. A JDBC standard soution has been chosen as a base for a comprehensive system for the relational data access and management. Widely available open tools have been reused and extended to satisfy HEP needs.
LONG Tao; HONG Fan; WU Chi; SUN Ling-li
Access control in a grid environment is a challenging issue because the heterogeneous nature and independent administration of geographically dispersed resources in grid require access control to use fine-grained policies. We established a task-and-role-based access-control model for computational grid (CG-TRBAC model), integrating the concepts of role-based access control (RBAC) and task-based access control (TBAC). In this model, condition restrictions are defined and concepts specifically tailored to Workflow Management System are simplified or omitted so that role assignment and security administration fit computational grid better than traditional models; permissions are mutable with the task status and system variables, and can be dynamically controlled. The CG-TRBAC model is proved flexible and extendible. It can implement different control policies. It embodies the security principle of least privilege and executes active dynamic authorization. A task attribute can be extended to satisfy different requirements in a real grid system.
Ladzinski, T; di Luca, S; Hakulinen, T; Hammouti, L; Riesco, T; Nunes, R; Ninin, P; Juget, J-F; Havart, F; Valentini, F; Sanchez-Corral Mena, E
The LHC Access Safety System has introduced a number of new concepts into the domain of personnel protection at CERN. These can be grouped into several categories: organisational, architectural and concerning the end-user experience. By anchoring the project on the solid foundations of the IEC 61508/61511 methodology, the CERN team and its contractors managed to design, develop, test and commission on time a SIL3 safety system. The system uses a successful combination of the latest Siemens redundant safety programmable logic controllers with a traditional relay logic hardwired loop. The external envelope barriers used in the LHC include personnel and material access devices, which are interlocked door-booths introducing increased automation of individual access control, thus removing the strain from the operators. These devices ensure the inviolability of the controlled zones by users not holding the required credentials. To this end they are equipped with personnel presence detectors and th...
The enormous growth of the Internet during the last decade offers new means to share and distribute both information and data. In Industry, this results in a rapprochement of the production facilities, i.e. their Process Control and Automation Systems, and the data warehouses. At CERN, the Internet opens the possibility to monitor and even control (parts of) the LHC and its four experiments remotely from anywhere in the world. However, the adoption of standard IT technologies to Distributed Process Control and Automation Systems exposes inherent vulnerabilities to the world. The Teststand On Control System Security at CERN (TOCSSiC) is dedicated to explore the vulnerabilities of arbitrary Commercial-Of-The-Shelf hardware devices connected to standard Ethernet. As such, TOCSSiC should discover their vulnerabilities, point out areas of lack of security, and address areas of improvement which can then be confidentially communicated to manufacturers. This paper points out risks of accessing the Control and Automa...
Jiangfeng Li; Zhenyu Liao; Chenxi Zhang; Yang Shi
Since more and more applications and services have been transferred from servers in the B/S architecture to cloud, user access control has become a significant part in a multitenancy cloud platform. Role based access control model makes users participate in an enterprise system as particular identities. However, in a multitenancy cloud environment, it has a high probability that the information of tenants has been leaked by using existing role based access control (RBAC) model. Moreover, mana...
Besson, Frédéric; Dufay, Guillaume; Jensen, Thomas
This paper presents an access control model for programming applications in which the access control to resources can employ user interaction to obtain the necessary permissions. This model is inspired by and improves on the Java security architecture used in Javaenabled mobile telephones. We consider access control permissions with multiplicities in order to allow to use a permission a certain number of times. An operational semantics of the model and a formal definition of what it means for...
Pereira, Óscar Narciso Mortágua; Rui L. Aguiar; Santos, Maribel Yasmina
Programmers of relational database applications use software solutions (Hibernate, JDBC, LINQ, ADO.NET) to ease the development process of business tiers. These software solutions were not devised to address access control policies, much less for evolving access control policies, in spite of their unavoidable relevance. Currently, access control policies, whenever implemented, are enforced by independent components leading to a separation between policies and their enf...
Jacobs, Barry E.
The Distributed Access View Integrated Database (DAVID) System, which was adopted by the Astrophysics Division for their Astrophysics Data System, is a solution to the system heterogeneity problem. The heterogeneous components of the Astrophysics problem is outlined. The Library and Library Consortium levels of the DAVID approach are described. The 'books' and 'kits' level is discussed. The Universal Object Typer Management System level is described. The relation of the DAVID project with the Small Business Innovative Research (SBIR) program is explained.
Full Text Available Cloud Computing is a new technology which is directly connected with the internet which provide on demand self service internet infrastructure where a customer can pay and use only what is needed. Cloud Computing all services are managed by third party cloud service provider. Nowadays majority using static password to login into the system or access the online accounts in cloud but never change the password which is not secure . Since Cloud computing is a quite new subject, most of the cloud providers have not yet tighten up their security and still use insecure or complicated login method. Static password thoroughly investigated and found out that it is not completing the cloud computing security requirement. Proposed solution is One Time Password and One Day Password, OTP will get expire after two minutes, if user again login will request and receive new password via email and ODP will get expire after 24 hours and on request receive new password via email for new login session. OTP/ODP used with AES encryption. This paper focuses the authentication and transmission encryption in cloud computing services.
Pawelczak, P.; Pollin, S.; So, H.-S.W.; Bahai, A.R.S.; Prasad, R.V.; Hekmat, R.
In this paper, different control channel (CC) implementations for multichannel medium access control (MAC) algorithms are compared and analyzed in the context of opportunistic spectrum access (OSA) as a function of spectrum-sensing performance and licensed user activity. The analysis is based on a d
Full Text Available -In Pervasive Computing, access control is a critical issue which gives many opportunities for users to access and share the resources anytime and anywhere in a more easiest way. Pervasive Computing Environments are heterogeneous and dynamic sensor-rich environments characterized by frequent and unpredictable changes on users, resources, and environment situations. These environments call the access control solutions that allow dynamic adjustments of access permissions based on information describing the conditions of these entities (context, such as location and time. Some existing models attempt to identify context information which is used as an optional attribute for limiting the scope of access control permissions. However, these approaches normally exploit identities and roles dynamically assigned to the users in order to grant access permissions, which is an inappropriate solution for open and dynamic environments. Those environments cannot assume the existence of predefined roles and user-role associations. Hence the access permissions are claimed and assigned to the users only based on context information, which characterizing the three most important entities of any access control framework: owners, requestors, and resources. Thus, this paper proposes a generalized context-based access control model for making access control decisions completely based on context information, offering seven types of context-based access control policies. The proposed model also takes into account the privacy requirements when enforcing access control policies, such as the support to purposes and obligations. In addition this paper proposes the integration of mechanism to detect / resolve dynamic and static conflict on context-based access control policies.
熊雄; 王福喜; 左海洋
To solve the access control problem about multi-level & multi-domain information system, a method based on security level access control model is proposed after analyzing complex information system. The experimental result has proved that the access control model has achieved the predetermined goal that it can set the security level according to kinds of factors of multi-level & multi-domain information system and then control the access by the comparison of security level. And it is easier to deploy on multi-level & multi-domain information system, reacts more rapidly for change of authority, and limits the flow of unsafe information for access control model based on security level comparing with other ordinary ones.%针对常用的访问控制模型不能很好地解决多级多域信息系统的访问控制问题,分析了多级多域信息系统的结构特征,提出并实现了一种基于安全级别的访问控制模型.实验结果表明,该访问控制模型达到了预定的目标,可以针对多级多域信息系统的各要素分别进行安全级别设定,通过对安全级别的比较进行访问控制.基于安全级别的访问控制模型相对常用的访问控制模型,具有在多级多域信息系统上更容易部署、对权限的变更反应更为迅速,并且能够限制不安全的信息流动等特点.
OCG employs stringent human subjects’ protection and data access policies to protect the privacy and confidentiality of the research participants. Depending on the risk of patient identification, OCG programs data are available to the scientific community in two tiers: open or controlled access. Both types of data can be accessed through its corresponding OCG program-specific data matrix or portal. Open-access Data
A computerized supervisory control system is being developed for the Mirror Fusion Test Facility. The system includes nine Perkin-Elmer 7/32 and 8/32 computers connected by a block of common core memory (128 kilobytes). The network is a disk designed for reliability and redundancy. If one computer goes down, the local-control micro-processors that it controls are switched to another computer in a matter of seconds. The control consoles permit operators to open and close valves, start or stop pumps, and adjust operating levels. The experiment is controlled by two superconsoles and five satellite consoles. The software, written in PASCAL, contains such subsystems as organizing the computers into a network, operating the consoles and accessing the data base
Valentini, F; Ninin, P; Scibile, S
In the domain of Safety Real-Time Systems the problem of testing represents always a big effort in terms of time, costs and efficiency to guarantee an adequate coverage degree. Exhaustive tests may, in fact, not be practicable for large and distributed systems. This paper describes the testing process followed during the validation of the CERN's LHC Access System , responsible for monitoring and preventing physical risks for the personnel accessing the underground areas. In the paper we also present a novel strategy for the testing problem, intended to drastically reduce the time for the test patterns generation and execution. In particular, we propose a methodology for blackbox testing that relies on the application of Model Checking techniques. Model Checking is a formal method from computer science, commonly adopted to prove correctness of systemâs models through an automatic systemâs state space exploration against some property formulas.
HONG Fan; ZHU Xian; XING Guanglin
Access control in multi-domain environments is one of the important questions of building coalition between domains.On the basis of RBAC access control model, the concepts of role delegation and role mapping are proposed, which support the third-party authorization.Then, a distributed RBAC model is presented.Finally the implementation issues are discussed.
Saffarian, Mohsen; Tang, Qiang; Jonker, Willem; Hartel, Pieter
The Role-Based Access Control (RBAC) model has been widely applied to a single domain in which users are known to the administrative unit of that domain, beforehand. However, the application of the conventional RBAC model for remote access control scenarios is not straightforward. In such scenarios,
Spring Security ACL is an access control security framework, it can control all kinds of resource authority. This article introduces the concept and mechanism of Spring Security ACL, at the same time describes the implementation and process of Spring Security ACL security framework by example.%Spring Security ACL是一个权限访问控制框架,主要用采控制各种资源的访问权限.本文讲述Spring Security ACL的机制原理和理论研究,同时也通过一个简单的权限控制实现的例子演示Spring Security ACL的安全框架的实现方法和过程.
Kleiner, Eldar; Newcomb, Tom
An access control system regulates the rights of users to gain access to resources in accordance with a specified policy. The rules in this policy may interact in a way that is not obvious via human inspection; there is, therefore, a need for automated verification techniques that can check whether a policy does indeed implement some desired security requirement. Thirty years ago, a formalisation of access control presented a model and a safety specification for which satisfaction is undecida...
Full Text Available the emergence of “Internet of Things” breaks previous traditional thinking, which integrates physical infrastructure and network infrastructure into unified infrastructure. There will be a lot of resources or information in IoT, so computing and processing of information is the core supporting of IoT. In this paper, we introduce “Service-Oriented Computing” to solve the problem where each device can offer its functionality as standard services. Here we mainly discuss the access control issue of service-oriented computing in Internet of Things. This paper puts forward a model of Workflow-oriented Attributed Based Access Control (WABAC, and design an access control framework based on WABAC model. The model grants permissions to subjects according to subject atttribute, resource attribute, environment attribute and current task, meeting access control request of SOC. Using the approach presented can effectively enhance the access control security for SOC applications, and prevent the abuse of subject permissions.
Full Text Available Validation and verification of security policies is a critical and important task to ensure that access control policies are error free. The two most common problems present in access control policies are: inconsistencies and incompleteness. In order to detect such problems, various access control policy validation mechanisms are proposed by the researchers. However, comprehensive analysis and evaluation of the existing access control policy validation techniques is missing in the literature. In this paper, we have provided a first detailed survey of this domain and presented the taxonomy of the access control policy validation mechanisms. Furthermore, we have provided a qualitative comparison and trend analysis of the existing schemes. From this survey, we found that only few validation mechanisms exist that can handle both inconsistency and incompleteness problem. Also, most of the policy validation techniques are inefficient in handling continuous values and Boolean expressions.
Nabi, Muaz Un
In a wireless network, the medium is a shared resource. The nodes in the network negotiate access of the shared resource using the Medium Access Control (MAC) protocol. The design of a MAC protocol for a sensor node is not the same as that for a wireless transceiver. Due to the transceiver characteristics, the MAC protocol design is limited in terms of medium access methods. However, in most cases, the protocols rely on simple access methods i.e. Time Division Multiple Access (TDMA) or Carrie...
Baldini, Gianmarco; NAI-FOVINO Igor; Trombetta, Alberto; Braghin, Stefano
Cognitive Radio (CR) is a novel wireless communication technology that allows for adaptive configuration of the reception parameters of a terminal, based on the information collected from the environment. Cognitive radio (CR) technology can be used in innovative spectrum management approaches like spectrum sharing, where radio frequency spectral bands can be shared among various users through a dynamic exclusive-use spectrum access model. Spectrum sharing can be applied to various...
Zhou, Liang; Zheng, Baoyu; Geller, Benoit; Wei, Anne; Xu, Shan; Li, Yajun
In this paper, we address the rate control, the Medium Access Control (MAC) and the routing problem for cooperative Vehicular Ad-Hoc Network (VANET) in the framework of cross-layer design. At first, we introduce the cooperative communication conception to VANET, and propose an opportunistic cooperation strategy to improve the system performance. And then, we develop a cross-layer solution which consists of the link capacity detection with adjusting persistence probability at the MAC Layer, th...
Gentle, P. H.; Herlihy, P. J.; Roxburgh, I. O.
A randomized controlled trial of outpatient open-access physiotherapy was carried out at West Cornwall Hospital during 1979/80. The referral rate to consultant outpatient clinics for those patients offered open-access physiotherapy was considerably lower than for the control group (17 per cent and 56 per cent respectively). Patients using the service received physiotherapy promptly although this did not result in shorter treatments. Those of the control group who eventually received physiothe...
Li, F; Rahulamathavan, Y.; Conti, M.; Rajarajan, M.
Unified communications has enabled seamless data sharing between multiple devices running on various platforms. Traditionally, organizations use local servers to store data and employees access the data using desktops with predefined security policies. In the era of unified communications, employees exploit the advantages of smart devices and 4G wireless technology to access the data from anywhere and anytime. Security protocols such as access control designed for traditional setup are not su...
Qin, H.; Aburizaiza, A. O.; Rice, R. M.; Paez, F.; Rice, M. T.
Transitory obstacles - random, short-lived and unpredictable objects - are difficult to capture in any traditional mapping system, yet they have significant negative impacts on the accessibility of mobility- and visually-impaired individuals. These transitory obstacles include sidewalk obstructions, construction detours, and poor surface conditions. To identify these obstacles and assist the navigation of mobility- and visually- impaired individuals, crowdsourced mapping applications have been developed to harvest and analyze the volunteered obstacles reports from local students, faculty, staff, and residents. In this paper, we introduce a training program designed and implemented for recruiting and motivating contributors to participate in our geocrowdsourced accessibility system, and explore the quality of geocrowdsourced data with a comparative analysis methodology.
Our goal in this program is to develop Fast Access Data Acquisition System (FADAS) by combining the flexibility of Multilink's GaAs and InP electronics and electro-optics with an extremely high data rate for the efficient handling and transfer of collider experimental data. This novel solution is based on Multilink's and Los Alamos National Laboratory's (LANL) unique components and technologies for extremely fast data transfer, storage, and processing
熊海涛; 蒋承睿; 任宇峰; 贾攀
For safety authorization to proper security knowledge in mine security knowledge management system and reliable changing of authorization according to users′ history access,the reputation-based access control (ReBAC) is proposed,which extends role-based access control (RBAC) with reputation.ReBAC builds 6-tuple permissions firstly.Then,the trust network is constructed by the operational relation between users for calculating direct-reputation and indirect-reputation.After that,ReBAC uses reputation to check if the user can access this security knowledge and give permissions to reliable users.The result shows that ReBAC can provide safety and reliable access control in mine security knowledge management system.%为保证矿山安全知识管理系统中安全知识的安全授权,同时保证授权能够根据用户历史行为进行变更,在基于角色的访问控制模型基础上引入了信誉,提出了基于信誉的访问控制模型.该模型构造了权限六元组,通过用户间的操作关系建立信任网络,然后计算直接信誉和间接信誉,从而来判断用户是否可对知识进行操作进行授权.结果表明,基于信誉的访问控制模型能够对矿山安全知识管理系统中的安全知识实现安全和可靠的访问控制.
Mahmood Rajpoot, Qasim
Use of video surveillance has significantly increased in the last few decades. Modern video surveillance systems are equipped with techniques that automatically extract information about the objects and events from the video streams and allow traversal of data in an effective and efficient manner...... that is suitable for video surveillance systems as well as other domains sharing similar requirements. As the currently dominant access control models – the role-based access control (RBAC) and the attribute-based access control (ABAC) – suffer from limitations while offering features complementary to each other......, their integration has become an important area of research. Our access control model combines the two models in a novel way in order to unify their benefits while avoiding their limitations. Our approach provides a mechanism that not only takes information about the current circumstances into account during access...
访问控制是信息安全的一个重要保障。在介绍RBAC模型的基础上，根据考务管理系统中用户职责，规定用户访问权限，定义考务管理系统中的角色及其对应的权限，阐述RBAC在考务管理系统中的应用，为考务管理系统的访问控制安全提供一种思路。%Access control is an important guarantee of information security. Based on the analysis of RBAC model, according to the user's responsi-bility in the examination management system, stipulates the user's access right, defines the role of examination management system, as-signs the role of authority. Illustrates the application of RBAC in the examination management system, for the examination management system of access control security provides a train of thought.
TIAN Jie; ZHANG Xin-fang; WANG Tong-yang; XIANG Wei; Cheng Ming
This paper introduces a solution to the secure requirement for digital rights management (DRM) by the way of geospacial access control named geospacial access control (GeoAC) in geospacial field. The issues of authorization for geospacial DRM are concentrated on. To geospacial DRM, one aspect is the declaration and enforcement of access rights, based on geographic aspects. To the approbation of digital geographic content, it is important to adopt online access to geodata through a spacial data infrastructure (SDI). This results in the interoperability requirements on three different levels: data model level, service level and access control level. The interaction between the data model and service level can be obtained by criterions of the open geospacial consortium (OGC), and the interaction of the access control level may be reached by declaring and enforcing access restrictions in GeoAC. Then an archetype enforcement based on GeoAC is elucidated. As one aspect of performing usage rights, the execution of access restrictions as an extension to a regular SDI is illuminated.
Full Text Available Social networks bring together users in a virtual platform and offer them the ability to share -within the Community- personal and professional information’s, photos, etc. which are sometimes sensitive. Although, the majority of these networks provide access control mechanisms to their users (to manage who accesses to which information, privacy settings are limited and do not respond to all users' needs. Hence, the published information remain all vulnerable to illegal access. In this paper, the access control policy of the social network "Facebook" is analyzed in a profound way by starting with its modeling with "Organization Role Based Access Control" model, and moving to the simulation of the policy with an appropriate simulator to test the coherence aspect, and ending with a discussion of analysis results which shows the gap between access control management options offered by Facebook and the real requirements of users in the same context. Extracted conclusions prove the need of developing a new access control model that meets most of these requirements, which will be the subject of a forthcoming work.
Tso, Kam S.; Pajevski, Michael J.
Cybersecurity has become a great concern as threats of service interruption, unauthorized access, stealing and altering of information, and spreading of viruses have become more prevalent and serious. Application layer access control of applications is a critical component in the overall security solution that also includes encryption, firewalls, virtual private networks, antivirus, and intrusion detection. An access control solution, based on an open-source access manager augmented with custom software components, was developed to provide protection to both Web-based and Javabased client and server applications. The DISA Security Service (DISA-SS) provides common access control capabilities for AMMOS software applications through a set of application programming interfaces (APIs) and network- accessible security services for authentication, single sign-on, authorization checking, and authorization policy management. The OpenAM access management technology designed for Web applications can be extended to meet the needs of Java thick clients and stand alone servers that are commonly used in the JPL AMMOS environment. The DISA-SS reusable components have greatly reduced the effort for each AMMOS subsystem to develop its own access control strategy. The novelty of this work is that it leverages an open-source access management product that was designed for Webbased applications to provide access control for Java thick clients and Java standalone servers. Thick clients and standalone servers are still commonly used in businesses and government, especially for applications that require rich graphical user interfaces and high-performance visualization that cannot be met by thin clients running on Web browsers
Raimundas Matulevičius; Henri Lakk
Nowadays security has become an important aspect in information systems engineering. A mainstream method for information system security is Role-based Access Control (RBAC), which restricts system access to authorised users. While the benefits of RBAC are widely acknowledged, the implementation and administration of RBAC policies remains a human intensive activity, typically postponed until the implementation and maintenance phases of system development. This deferred security engineering app...
Xu, Zhongyuan; Stoller, Scott,
Attribute-based access control (ABAC) provides a high level of flexibility that promotes security and information sharing. ABAC policy mining algorithms have potential to significantly reduce the cost of migration to ABAC, by partially automating the development of an ABAC policy from information about the existing access-control policy and attribute data. This paper presents an algorithm for mining ABAC policies from operation logs and attribute data. To the best of our knowledge, it is the ...
Full Text Available Biometrics is the science of measuring and analyzing biological data. It is used to uniquely identify individuals by their physical characteristics or personal behavior traits.The results from scrutiny of various themes including unimodal, multimodal, physiological, behavioural bio-metrics. Bio-metrics, Physiological and behavioural are compared in the review. The article addresses a particular aspect of utilizing biometrics for authentication, identification and access control. The use of systems like fingerprint, face recognition, hand geometry, Palm print, DNA analysis, iris recognition, retina and odour/scent will be dealt with herewith. This study deals with various applications of this technology, like surveillance, employee identification, device access etc with mentions respective of hardware used. The influence of such features is yet to be documented properly, but it is safe to say that it has been a huge step towards better information security and identification control.Over the course of this text, we will try to bring to light our analysis of the subject and provide an in-depth examination of contemporary and futuristic technologies pertaining to this field.
Campbell, William J.
The objective of this research is to develop technology for the automated characterization and interactive retrieval and visualization of very large, complex scientific data sets. Technologies will be developed for the following specific areas: (1) rapidly archiving data sets; (2) automatically characterizing and labeling data in near real-time; (3) providing users with the ability to browse contents of databases efficiently and effectively; (4) providing users with the ability to access and retrieve system independent data sets electronically; and (5) automatically alerting scientists to anomalies detected in data.
Mur Escartín, Olga
The thesis consist in the study and evaluation of different methods for face recognition. The final objective is to select the most suitable techniques for face detection and recognition. Some of these techniques will be intergrated in a real time demontrator which will be a preliminary prototype that will have to work in controlled conditions (for ilumination and pose) and with reduced databases. The demonstrator will be done in Matlab and the main image acquisition rotines and face detectio...
Alstone, Peter; Gershenson, Dimitry; Kammen, Daniel M.
Innovative approaches are needed to address the needs of the 1.3 billion people lacking electricity, while simultaneously transitioning to a decarbonized energy system. With particular focus on the energy needs of the underserved, we present an analytic and conceptual framework that clarifies the heterogeneous continuum of centralized on-grid electricity, autonomous mini- or community grids, and distributed, individual energy services. A historical analysis shows that the present day is a unique moment in the history of electrification where decentralized energy networks are rapidly spreading, based on super-efficient end-use appliances and low-cost photovoltaics. We document how this evolution is supported by critical and widely available information technologies, particularly mobile phones and virtual financial services. These disruptive technology systems can rapidly increase access to basic electricity services and directly inform the emerging Sustainable Development Goals for quality of life, while simultaneously driving action towards low-carbon, Earth-sustaining, inclusive energy systems.
P. L. Wessels
Full Text Available One of the critical issues in managing information within an organization is to ensure that proper controls exist and are applied in allowing people access to information. Passwords are used extensively as the main control mechanism to identify users wanting access to systems, applications, data files, network servers or personal information. In this article, the issues involved in selecting and using passwords are discussed and the current practices employed by users in creating and storing passwords to gain access to sensitive information are assessed. The results of this survey conclude that information managers cannot rely only on users to employ proper password control in order to protect sensitive information.
Eles, Petru; Doboli, Alex; Pop, Paul;
of control. Our goal is to derive a worst case delay by which the system completes execution, such that this delay is as small as possible; to generate a logically and temporally deterministic schedule; and to optimize parameters of the communication protocol such that this delay is guaranteed. We......, generates an efficient bus access scheme as well as the schedule tables for activation of processes and communications....
Htoo Aung Maw
Full Text Available Wireless sensor networks (WSNs have attracted considerable interest in the research community, because of their wide range of applications. However, due to the distributed nature of WSNs and their deployment in remote areas, these networks are vulnerable to numerous security threats that can adversely affect their proper functioning. Resource constraints in sensor nodes mean that security mechanisms with a large overhead of computation and communication are impractical to use in WSNs; security in sensor networks is, therefore, a challenge. Access control is a critical security service that offers the appropriate access privileges to legitimate users and prevents illegitimate users from unauthorized access. However, access control has not received much attention in the context of WSNs. This paper provides an overview of security threats and attacks, outlines the security requirements and presents a state-of-the-art survey on access control models, including a comparison and evaluation based on their characteristics in WSNs. Potential challenging issues for access control schemes in WSNs are also discussed.
With enlargement of the enterprise's size and improvement of the informatzation level, more and more enterprises adopt information system to enhance their competing ability. To solve the problem of dynamic control on the user's authorization, an access control mechanism based on trust is proposed. Based on the evaluation of the user's trust degree the user in its access to the enterprise information system is dynamically authorized and controlled, thus the security of the enterprise information system improved.%随着企业规模的不断扩大及信息化水平的不断提高，越来越多的企业采用信息系统提升其竞争力。针对企业信息系统不能对访问用户进行动态授权的问题，文中提出了一种基于信任的企业信息系统访问控制机制，根据用户行为对用户信任度进行评估，参照用户信任度对用户进行动态授权，对访问企业信息系统的用户权限进行动态控制，提高了企业信息系统的安全性。
Carmem Lúcia Batista
Recently, in November 2011, it was published the law on access to public information, legal and historic mark in the struggle for human rights in Brazil. This achievement is the result of a process marked by denial of access to public archives, as it was the case of the Araguaia Guerrilla, valuing the culture of secrecy, abuse of power and relations between public and private in Brazil. Thus, the aim of this paper is to present a brief history about the control of access to public information...
刘武; 段海新; 张洪; 任萍; 吴建平
访问控制是根据网络用户的身份或属性,对该用户执行某些操作或访问某些网络资源进行控制的过程.对现有访问控制模型进行分析,并针对其不足对RBAC模型进行了扩展,提出了基于信任的访问控制模型TRBAC(trust based access control model).该模型可以提供更加安全、灵活以及细粒度的动态访问授权机制,从而提高授权机制的安全性与可靠性.%Access control is a process which controls users to execute some operations or access some network resources according to the users' identity or attribution. The discretionary access control and mandatory access control are two main access control modes which are broadly used in secure operating systems. Discretionary access control is based on user identity and/or groups and mandatory access control is usually based on sensitivity labels. Neither of these two modes can completely satisfy the requirements of all access control. Discretionary access control is too loose to restrict the propagation of privileges while mandatory access control is too rigid to use flexibly. This paper analyzes current access control models, and extends the RBAC (role based access control) model aiming at its deficiency, and based on which we propose a trust based access control model (TRBAC). The TRBAC model can provide more security, flexible and fine-grained dynamic access control mechanism, and therefore improve both the security and the reliability of authorization mechanism.
As the number of power exchanges among utilities grows and transmission lines are loaded more heavily, it becomes increasingly difficult to manage power-system access. A study sponsored by the Electric Power Research Institute (EPRI) identifies two analysis techniques that can provide more detailed line-use information to help utilities ensure continued reliability. After meeting internal needs, a utility agrees on usage price and terms with other power suppliers and users that want to transfer power across its lines. This is known as wheeling. However, such transactions affect the loading of lines belonging to other utilities. As a result, no utility can actually control who uses its transmission system. Many utilities would like a way to monitor power flows on their systems to improve the economy and reliability of operation. The EPRI-sponsored study, conducted by Casazza, Schultz, Associates (CSA), Arlington, VA, identifies ways that computer methods can help utilities cope with increased line access.