tailieunhanh - Computer Security: Chapter 7 - Using Trust for Role-Based Access Control (RBAC)

Computer Security: Chapter 7 - Using Trust for Role-Based Access Control (RBAC) includes Access Control in Open Systems, Proposed Access Control Architecture, TERM server (Basic, Evidence Model, Architecture, Prototype TERM server). | 7. Using Trust for Role-Based Access Control (RBAC) Prof. Bharat Bhargava Center for Education and Research in Information Assurance and Security (CERIAS) and Department of Computer Sciences Purdue University bb@ Collaborators in the RAID Lab (): Prof. Leszek Lilien (former Post Doc) Dr. Yuhui Zhong (former . Student) This research is supported by CERIAS and NSF grants from IIS and ANIR. Using Trust for Role-Based Access Control - Outline 1) Access Control in Open Systems 2) Proposed Access Control Architecture ) Basics ) RBAC & TERM server 3) TERM server ) Basic ) Evidence Model ) Architecture Credential Management (CM) Evidence Evaluation (EE) Role Assignment (RA) Trust Information Management (TIM) ) Prototype TERM server 1) Access Control in Open Systems (1) Open environment (like WWW, WiFi networks) User who may not be known in advance Still must determine the permission set for an unknown user Common approach: Grant access based on user’s properties demonstrated by digital credentials Problems with credentials Holding credentials does not assure user trustworthiness Evidence provided by different credential issuers should not be uniformly trusted (apply “degrees of trust”) A solution for problems with credentials: Trust should be used by access control mechanisms To limit granting privileges to potentially harmful users How to establish trust ? In particular with “newcomer” devices What do we need to know about a pervasive device, in order to make a trust decision? Using trust for attribute-based access control Identity-based access control is inadequate in open environments (., vulnerable to masquerading) Multi-dimensional attribute set to determine trust level 1) Access Control in Open Systems (2) ) Proposed Access Control Architecture - Basics Information System Authorized Users Other Users Access Control Mechanism Authorized Users Validated credentials | 7. Using Trust for Role-Based Access Control (RBAC) Prof. Bharat Bhargava Center for Education and Research in Information Assurance and Security (CERIAS) and Department of Computer Sciences Purdue University bb@ Collaborators in the RAID Lab (): Prof. Leszek Lilien (former Post Doc) Dr. Yuhui Zhong (former . Student) This research is supported by CERIAS and NSF grants from IIS and ANIR. Using Trust for Role-Based Access Control - Outline 1) Access Control in Open Systems 2) Proposed Access Control Architecture ) Basics ) RBAC & TERM server 3) TERM server ) Basic ) Evidence Model ) Architecture Credential Management (CM) Evidence Evaluation (EE) Role Assignment (RA) Trust Information Management (TIM) ) Prototype TERM server 1) Access Control in Open Systems (1) Open environment (like WWW, WiFi networks) User who may not be known in advance Still must determine the permission set for an .

• An ninh - Bảo mật
• Computer Security
• Using Trust for Role Based Access Control
• Access Control in Open Systems
• Proposed Access Control Architecture
• TERM server
• Evidence Model
• Introduction to Computer Security
• Security in Practice
• Pillars of Security
• Methods of Defense
• Principles of Computer Security
• network security
• computer protection
• computer tips
• computer skills
• computer engineering
• Converged Network Security for Dummies
• data security
• a virus
• document of Pro drupal 7
• security rules
• security rules and documents on Facebook
• Converged Network Security
• Multicast security
• Group security
• Computer network
• Security measures
• Computer networks
• Lecture notes on Computer and network security
• Internet applications
• Application layer security
• Transport layer security
• virus treatment
• can network security
• Aspects of security
• Lecture Network security
• Computer hacking
• Internet security
• Security through obscurity
• Mobile device security
• Network security model
• Network Security Fundamentals
• Guide to Network Security Fundamentals
• Information security
• Advanced security
• Computer forensics
• Harden security
• programming languages​​
• SSL Security Windows
• web application security
• Filtering out spam
• Email message
• protected computer
• virus processing
• Security principles
• Effective authentication methods
• Control access to computer systems
• Wireless security
• Computer network security
• Guide to computer network security
• An toàn mạng máy tính
• Bảo mật mạng máy tính
• Computer network fundamentals
• Computer network vulnerabilities
• Security Paradigms
• Pervasive Trust Paradigm
• Old security paradigms
• Defining new security paradigms
• Failures of OSPs