Página 1 dos resultados de 100 itens digitais encontrados em 0.110 segundos

Identity management and e-learning standards for promoting the sharing of contents and services in higher education

Alves, Paulo; Uhomoibhi, James
Fonte: Instituto Politécnico de Bragança Publicador: Instituto Politécnico de Bragança
Tipo: Artigo de Revista Científica
ENG
Relevância na Pesquisa
56.25%
In this paper, we present the status of identity management systems and e-learning standards across Europe, in order to promote the mobility and the sharing of contents and services in higher education institutions. With new requirements for authentication, authorization and identity management for Web applications, most higher education institutions implement several solutions to address these issues. At the first level, the adoption of directory Servers like LDAP, Active Directory and others, solve some problems of having multiple logins and passwords for authentication. The growing of Web applications like Learning management Systems, portals, Blogs, Wikis, and others, need a more effective way of identity management, providing security and accessibility. Web Single Sign-On (SSO) resolves some of these issues of identity management, because the authentication is managed centrally and the user can navigate through different Web applications using the same session. One example of a Web SSO system is the Central Authentication Systems (CAS). SSO systems provide an effective way to manage authentication and authorization inside institutions, but are restricted to the administrative domain of each institution. With the implementation of Bologna Process more students...

Um modelo de autorização contextual para o controle de acesso ao prontuário eletrônico do paciente em ambientes abertos e distribuídos.; A contextual authorization model for access control of electronic patient record in open distributed environments.

Motta, Gustavo Henrique Matos Bezerra
Fonte: Biblioteca Digitais de Teses e Dissertações da USP Publicador: Biblioteca Digitais de Teses e Dissertações da USP
Tipo: Tese de Doutorado Formato: application/pdf
Publicado em 05/02/2004 PT
Relevância na Pesquisa
46.08%
Os recentes avanços nas tecnologias de comunicação e computação viabilizaram o pronto acesso às informações do prontuário eletrônico do paciente (PEP). O potencial de difusão de informações clínicas resultante suscita preocupações acerca da priva-cidade do paciente e da confidencialidade de seus dados. As normas presentes na legislação dispõem que o conteúdo do prontuário deve ser sigiloso, não cabendo o acesso a ele sem a prévia autorização do paciente, salvo quando necessário para be-neficiá-lo. Este trabalho propõe o MACA, um modelo de autorização contextual para o controle de acesso baseado em papéis (CABP) que contempla requisitos de limita-ção de acesso ao PEP em ambientes abertos e distribuídos. O CABP regula o acesso dos usuários ao PEP com base nas funções (papéis) que eles exercem numa organi-zação. Uma autorização contextual usa informações ambientais disponíveis durante o acesso para decidir se um usuário tem o direito e a necessidade de acessar um re-curso do PEP. Isso confere ao MACA flexibilidade e poder expressivo para estabele-cer políticas de acesso ao PEP e políticas administrativas para o CABP que se adap-tam à diversidade ambiental e cultural das organizações de saúde. O MACA ainda permite que os componentes do PEP utilizem o CABP de forma transparente para o usuário final...

Proposta de arquitetura e solução de gerenciamento de credenciais para autenticação e autorização em ambientes de computação em nuvem.; Proposal of architecture and solution for credential, management for authentication and authorization in cloud computing environments.

Gonzalez, Nelson Mimura
Fonte: Biblioteca Digitais de Teses e Dissertações da USP Publicador: Biblioteca Digitais de Teses e Dissertações da USP
Tipo: Dissertação de Mestrado Formato: application/pdf
Publicado em 22/01/2014 PT
Relevância na Pesquisa
96.36%
O modelo de computação em nuvem (cloud computing) reúne características como elasticidade, compartilhamento de recursos, obtenção de serviços sob demanda, e escalabilidade. Este modelo aumenta a eficiência de utilização de recursos, reduzindo drasticamente o custo de manutenção de infraestruturas de hardware e software. Contudo, diversos problemas relacionados a aspectos de segurança são observados nos ambientes de nuvem, o que reduz a adoção da tecnologia de maneira significativa. Os principais problemas identificados referem-se à confidencialidade dos dados dos usuário e à proteção dos canais de comunicação. Estes problemas podem ser resolvidos por meio do emprego de mecanismos de autenticação e autorização que controlem efetivamente o acesso aos recursos e aos serviços da nuvem por parte dos usuários e quaisquer outras entidades que consigam acessar estes elementos. Isto sugere a utilização de credenciais, que permitem estabelecer permissões e obrigações das entidades de um ecossistema de computação em nuvem. Esta dissertação apresenta uma proposta de Sistema de Gerenciamento de Credenciais (SGC) para computação em nuvem, que visa implementar uma solução de identificação de entidades e controle de acesso à nuvem. Para isto foi realizada uma pesquisa para levantar as principais referências relativas à computação em nuvem...

Resilient authentication service

Malichevskyy, Oleksandr
Fonte: Universidade de Lisboa Publicador: Universidade de Lisboa
Tipo: Dissertação de Mestrado
Publicado em //2013 ENG
Relevância na Pesquisa
46.32%
Tese de mestrado em Engenharia Informática, apresentada à Universidade de Lisboa, através da Faculdade de Ciências, 2013; A grande maioria dos sistemas online depende dos serviços básicos de autenticação e autorização. Estes são responsáveis por prover os recursos necessários para evitar acessos indevidos ou não autorizados a aplicações, dados ou redes. Para aceder aos recursos por norma os utilizadores usam um nome de utilizador e uma prova, que geralmente é uma senha, ou seja, uma informação teoricamente conhecida unicamente pelo respectivo utilizador. Nos últimos anos o uso de redes sem fios sofreu um grande aumento. A maioria destes serviços necessita de algum tipo de autenticação e mecanismos de autorização para dar ou não o acesso ao serviço e verificar os direitos e permissões dos utilizadores. Para isso o utilizador tem de se autenticar perante o serviço. É comum os utilizadores terem um par de nome de utilizador/palavra chave para cada serviço que usam. Isso traz problemas de gestão tanto para os utilizadores, que têm de memorizar as suas credenciais, como para os administradores, que têm de gerir um grande número de utilizadores. O utilizador não só tem de memorizar as credenciais para os serviços que usa como também passa a ter várias identidades...

Providing Access to Terabytes of Earth Observation Data in an International Organization - Infrastructure and Services

HASENOHR Paul; BURGER Armin
Fonte: OSGeo & GISSA Publicador: OSGeo & GISSA
Tipo: Contributions to Conferences Formato: CD-ROM
ENG
Relevância na Pesquisa
46.3%
The Joint Research Centre (JRC) of the European Commission stores over 60 TB of low, medium, high and very high resolution satellite imagery in an heterogeneous manner. The scientific units within the JRC are the users of these data. Often they are also managing them either by choice or by lack of an alternative solution. An internal project called Community Image Data portal (CID) has been set up to rationalize the situation. One of its core activities was to create a central repository with catalogue, processing and dissemination facilities favouring the use of open source technologies and is now to keep it running and expand it further. The user requirements have been collected by means of a survey last year and have been combined with the requirements from the IT department, from the management and finally from the CID team. We then decided on the approach to take in order to address these requirements and carry on with the implementation. Earth Observation data users mainly require to have a central catalogue referencing all datasets available at the JRC, as well as a central archive which should have a back-up facility, provide fast file based access to data and be reliable. Furthermore, data in this central archive should be available via geographic web services and web mapping while using flexible authentication and authorization schemes. Meanwhile the IT department places a strong emphasis on network security as the data archived are available from outside the JRC via web services and from inside via file protocols. The CID team wishes to favour the use of open source software...

Providing Authentication & Authorization Mechanisms for Active Service Charging

Bagnulo, Marcelo; Alarcos, Bernardo; Calderón, María; Marifeli, Sedano
Fonte: Springer Berlin / Heidelberg Publicador: Springer Berlin / Heidelberg
Tipo: Conferência ou Objeto de Conferência Formato: application/pdf
Publicado em /10/2002 ENG
Relevância na Pesquisa
46.11%
Active network technology enables fast deployment of new network services tailored to the specific needs of end users, among others features. Nevertheless proper charging for these new added value services require suitable authentication and authorization mechanisms. In this article we describe a security architecture for SARA (Simple Active Router-Assistant) architecture, an active network platform deployed in the context of the IST-GCAP project. The proposed solution provides all the required security features, and it also grants proper scalability of the overall system, by using a distributed key-generation algorithm.

Content authentication and access control in pure peer-to-peer networks; Autenticación de contenidos y control de acceso en redes peer-to-peer puras

Palomar González, Esther
Fonte: Universidade Carlos III de Madrid Publicador: Universidade Carlos III de Madrid
Tipo: info:eu-repo/semantics/doctoralThesis; info:eu-repo/semantics/doctoralThesis Formato: application/pdf
ENG
Relevância na Pesquisa
46.22%
Esta tesis doctoral se enmarca dentro del área de investigación de la seguridad en entornos Peer-to-Peer (P2P) totalmente descentralizados (también denominados puros.) En particular, el objetivo principal de esta tesis doctoral es definir, analizar e implementar un esquema para la distribución segura de los contenidos compartidos. En este trabajo de tesis se han realizado importantes avances e innovadoras aportaciones enfocadas a garantizar que el contenido compartido es auténtico; es decir, que no ha sido alterado, incluso tratándose de una réplica del original. Además, se propone un mecanismo de control de acceso orientado a proporcionar servicios de autorización en un entorno que no cuenta con una jerarquía de autoridades de certificación. A continuación, se resume la metodología seguida, las principales aportaciones de esta tesis y, finalmente, se muestran las conclusiones más importantes. __________________________________________; The study and analysis of the state-of-the-art on security in Peer-to-Peer (P2P) networks gives us many important insights regarding the lack of practical security mechanisms in such fully decentralized and highly dynamic networks. The major problems range from the absence of content authentication mechanisms...

An identity aware wimax personalization for pervasive computing services

Sánchez-Guerrero, Rosa; Díaz-Sánchez, Daniel; Almenares, Florina; Marían, Andrés; Arias Cabarcos, Patricia; Proserpio, Davide
Fonte: UCAMI Publicador: UCAMI
Tipo: info:eu-repo/semantics/acceptedVersion; info:eu-repo/semantics/conferenceObject Formato: application/pdf
Publicado em //2011 ENG
Relevância na Pesquisa
45.94%
Mobile Internet access is becoming more and more pervasive in the new 4G scenarios, where WiMAX is to play a crucial role. WiMax has advantages when considering both energy consumption and bandwidth, when compared with HSDPA and LTE. However, we have found some limitations in IEEE 802.16 security support, which may limit authentication and authorization mechanisms for ubiquitous service development. In this article we analyze weaknesses and vulnerabilities we have found in WiMAX security. WiMax, with the adequate identity management support, could be invaluable for developing new pervasive computing services. We propose the introduction of identity management in WiMAX, as a pervious step to the definition of identity aware WiMax personalization of pervasive computing services; Proyecto CCG10-UC3M/TIC-4992 de la Comunidad Autónoma de Madrid y la Universidad Carlos III de Madrid

Zás – Aspect-Oriented Authorization Services (first take)

Zenida, Paulo; Sequeira, Manuel Menezes de; Henriques, Diogo; Serrão, Carlos
Fonte: Instituto Universitário de Lisboa Publicador: Instituto Universitário de Lisboa
Tipo: Relatório
Publicado em //2006 ENG
Relevância na Pesquisa
56.3%
O trabalho descrito neste relatório deu origem a um artigo apresentado na conferência ICSOFT 2006.; This paper proposes Zás, a novel, flexible, and expressive authorization mechanism for Java. Zás has been inspired by Ramnivas Laddad's proposal to modularize Java Authentication and Authorization Services (JAAS) using an Aspect-Oriented Programming (AOP) approach. Zás' aims are to be simultaneously very expressive, reusable, and easy to use and configure. Zás allows authorization services to be non-invasively added to existing code. It also cohabits with a wide range of authentication mechanisms. Zás uses Java 5 annotations to specify permission requirements to access controlled resources. These requirements may be changed directly during execution. They may also be calculated by client supplied permission classes before each access to the corresponding resource. These features, together with several mechanisms for permission propagation, expression of trust relationships, depth of access control, etc., make Zás, we believe, an interesting starting point for further research on the use of AOP for authorization.

Zás – Aspect-Oriented Authorization Services

Zenida, Paulo; Sequeira, Manuel Menezes de; Henriques, Diogo; Serrão, Carlos
Fonte: INSTICC Press Publicador: INSTICC Press
Tipo: Conferência ou Objeto de Conferência
Publicado em 10/10/2006 ENG
Relevância na Pesquisa
56.3%
Há um relatório técnico do Centro de Informática do ISCTE, o CI-2006-01, que descreve o Zás em mais pormenor. O código do Zás pode ser encontrado no repositório do CI, em https://svn.ci.iscte.pt/.; This paper proposes Zás, a novel, flexible, and expressive authorization mechanism for Java. Zás has been inspired by Ramnivas Laddad's proposal to modularize Java Authentication and Authorization Services (JAAS) using an Aspect-Oriented Programming (AOP) approach. Zás' aims are to be simultaneously very expressive, reusable, and easy to use and configure. Zás allows authorization services to be non-invasively added to existing code. It also cohabits with a wide range of authentication mechanisms. Zás uses Java 5 annotations to specify permission requirements to access controlled resources. These requirements may be changed directly during execution. They may also be calculated by client supplied permission classes before each access to the corresponding resource. These features, together with several mechanisms for permission propagation, expression of trust relationships, depth of access control, etc., make Zás, we believe, an interesting starting point for further research on the use of AOP for authorization.

Design and implementation of the feedback systems Web laboratory

Viedma Núñez, Gerardo
Fonte: Massachusetts Institute of Technology Publicador: Massachusetts Institute of Technology
Tipo: Tese de Doutorado Formato: 103 p.; 4869087 bytes; 4873346 bytes; application/pdf; application/pdf
ENG
Relevância na Pesquisa
65.79%
This thesis describes the design and implementation of a remote web-based laboratory (WebLab) for MIT's 6.302 Feedback Systems course. The WebLab system proposed consists of a three-tiered architecture where client and server communicate with each other via web services. On the front end, the user interacts with the system through the Lab Client's graphical user interface implemented as a Java applet. On the back end, the Lab Server processes experiment requests from users and runs them at the laboratory site. Once the experiment has been completed successfully, the Lab Server sends the measured data to the Lab Client for display on the screen and further manipulation by the user. Furthermore, the WebLab is designed to take advantage of the iLab framework for provision of authentication and authorization services, as well as common administrative tasks, such as user management and logging of experimental results.; by Gerardo Viedma Núñez.; Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2005.; Includes bibliographical references (p. 99-103).

User authentication and remote execution across administrative domains

Kaminsky, Michael, 1976-
Fonte: Massachusetts Institute of Technology Publicador: Massachusetts Institute of Technology
Tipo: Tese de Doutorado Formato: 77 p.; 4200828 bytes; 4208861 bytes; application/pdf; application/pdf
EN_US
Relevância na Pesquisa
56.1%
(cont.) selectively delegates authority to processes running on remote machines that need to access other resources. The delegation mechanism lets users incrementally construct trust policies for remote machines. Measurements of the system demonstrate that the modularity of REX's architecture does not come at the cost of performance.; A challenge in today's Internet is providing easy collaboration across administrative boundaries. Using and sharing resources between individuals in different administrative domains should be just as easy and secure as sharing them within a single domain. This thesis presents a new authentication service and a new remote login and execution utility that address this challenge. The authentication service contributes a new design point in the space of user authentication systems. The system provides the flexibility to create cross-domain groups in the context of a global, network file system using a familiar, intuitive interface for sharing files that is similar to local access control mechanisms. The system trades off freshness for availability by pre-fetching and caching remote users and groups defined in other administrative domains, so the file server can make authorization decisions at file-access time using only local information. The system offers limited privacy for group lists and has all-or-nothing delegation to other administrative domains via nested groups. Experiments demonstrate that the authentication server scales to groups with tens of thousands of members. REX contributes a new architecture for remote execution that offers extensibility and security. To achieve extensibility...

ASIA: An Access Control, Session Invocation and Authorization Architecture for Home Energy Appliances in Smart Energy Grid Environments

Falk, Rainer; Fries, Steffen; Hof, Hans-Joachim
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 07/07/2015
Relevância na Pesquisa
55.95%
With the advent of the smart energy grid - an energy transportation and distribution network being combined with an IT network for its monitoring and control - information security has gained tremendous importance for energy distribution and energy automa- tion systems. Integrated security functionality is crucial to ensure a reliable and continuous operation of the smart energy grid. Further security related challenges arise from the integration of millions of smart homes into the smart grid. This paper gives an overview of the smart energy grid environment and its challenges. Many future use cases are centered around the smart home, using an ICT gateway. Approaches to protect the access and data exchange are described, preventing manipulation of ICT gateway operation. The paper presents ASIA - an Authentication, Session Invocation, and Authorization component to be used in the smart energy grid, to protect ICT gateways and to cope with problems like ICT gateway discovery and ICT gateway addressing.

Application of Multi factor authentication in Internet of Things domain

Gupta, Udit
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Relevância na Pesquisa
46.14%
Authentication forms the gateway to any secure system. Together with integrity, confidentiality and authorization it helps in preventing any sort of intrusions into the system. Up until a few years back password based authentication was the most common form of authentication to any secure network. But with the advent of more sophisticated technologies this form of authentication although still widely used has become insecure. Furthermore, with the rise of 'Internet of Things' where the number of devices would grow manifold it would be infeasible for user to remember innumerable passwords. Therefore, it's important to address this concern by devising ways in which multiple forms of authentication would be required to gain access to any smart devices and at the same time its usability would be high. In this paper, a methodology is discussed as to what kind of authentication mechanisms could be deployed in internet of things (IOT).; Comment: 6 pages, 1 table

Using CAS to Manage Role-Based VO Sub-Groups

Tull, Craig E.; Canon, Shane; Chan, Steve; Olson, Doug; Pearlman, Laura; Welch, Von
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Relevância na Pesquisa
46.18%
LHC-era HENP experiments will generate unprecidented volumes of data and require commensurately large compute resources. These resources are larger than can be marshalled at any one site within the community. Production reconstruction, analysis, and simulation will need to take maximum advantage of these distributed computing and storage resources using the new capabilities offered by the Grid computing paradigm. Since large-scale, coordinated Grid computing involves user access across many Regional Centers and national and funding boundaries, one of the most crucial aspects of Grid computing is that of user authentication and authorization. While projects such as the DOE Grids CA have gone a long way to solving the problem of distributed authentication, the authorization problem is still largely open. We have developed and tested a prototype VO-Role management system using the Community Authorization Service (CAS) from the Globus project. CAS allows for a flexible definition of resources. In this protoype we define a role as a resource within the CAS database and assign individuals in the VO access to that resource to indicate their ability to assert the role. The access of an individual to this VO-Role resource is then an annotation of the user's CAS proxy certificate. This annotation is then used by the local resource managers to authorize access to local compute and storage resources at a granularity which is base on neither VOs nor individuals. We report here on the configuration details for the CAS database and the Globus Gatekeeper and on how this general approch could be formalized and extended to meet the clear needs of LHC experiments using the Grid.

Outflanking and securely using the PIN/TAN-System

Wiesmaier, A.; Fischer, M.; Lippert, M.; Buchmann, J.
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Relevância na Pesquisa
55.79%
The PIN/TAN-system is an authentication and authorization scheme used in e-business. Like other similar schemes it is successfully attacked by criminals. After shortly classifying the various kinds of attacks we accomplish malicious code attacks on real World Wide Web transaction systems. In doing so we find that it is really easy to outflank these systems. This is even supported by the users' behavior. We give a few simple behavior rules to improve this situation. But their impact is limited. Also the providers support the attacks by having implementation flaws in their installations. Finally we show that the PIN/TAN-system is not suitable for usage in highly secure applications.; Comment: 7 pages; 2 figures; IEEE style; final version

Authentication and Authorization in Server Systems for Bio-Informatics

Madhuri, K. Lakshmi; Nair, T. R. Gopalakrishnan
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 23/01/2010
Relevância na Pesquisa
76.43%
Authentication and authorization are two tightly coupled and interrelated concepts which are used to keep transactions secure and help in protecting confidential information. This paper proposes to evaluate the current techniques used for authentication and authorization also compares them with the best practices and universally accepted authentication and authorization methods. Authentication verifies user identity and provides reusable credentials while authorization services stores information about user access levels. These mechanisms by which a system checks what level of access a particular authenticated user should have to view secure resources is controlled by the system

A Hybrid Authentication Protocol Using Quantum Entanglement and Symmetric Cryptography

Kuhn, D. R.
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 27/01/2003
Relevância na Pesquisa
46.02%
This paper presents a hybrid cryptographic protocol, using quantum and classical resources, for authentication and authorization in a network. One or more trusted servers distribute streams of entangled photons to individual resources that seek to communicate. It is assumed that each resource shares a previously distributed secret key with the trusted server, and that resources can communicate with the server using both classical and quantum channels. Resources do not share secret keys with each other, so that the key distribution problem for the network is reduced from O(n^2) to O(n). Some advantages of the protocol are that it avoids the requirement for timestamps used in classical protocols, guarantees that the trusted server cannot know the authentication key, can provide resistance to multiple photon splitting attacks and can be used with BB84 or other quantum key distribution protocols.; Comment: 6 pages, 1 figure

Enhanced Security for Cloud Storage using File Encryption

Mukhopadhyay, Debajyoti; Sonawane, Gitesh; Gupta, Parth Sarthi; Bhavsar, Sagar; Mittal, Vibha
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 28/03/2013
Relevância na Pesquisa
45.94%
Cloud computing is a term coined to a network that offers incredible processing power, a wide array of storage space and unbelievable speed of computation. Social media channels, corporate structures and individual consumers are all switching to the magnificent world of cloud computing. The flip side to this coin is that with cloud storage emerges the security issues of confidentiality, data integrity and data availability. Since the cloud is a mere collection of tangible super computers spread across the world, authentication and authorization for data access is more than a necessity. Our work attempts to overcome these security threats. The proposed methodology suggests the encryption of the files to be uploaded on the cloud. The integrity and confidentiality of the data uploaded by the user is ensured doubly by not only encrypting it but also providing access to the data only on successful authentication.; Comment: 6 pages, 4 figures

A PERMIS-based authorization solution between portlets and back-end web services

Barahona, Sofia Brenes; Fox, Geoffrey; Huffman, Kianosh; McMullen, Donald; Pierce, Marlon; Yin, Hao
Fonte: Rochester Instituto de Tecnologia Publicador: Rochester Instituto de Tecnologia
Tipo: Pré-impressão
EN
Relevância na Pesquisa
56.12%
A portal is a Web-based application that acts as an entry point to distributed resources. Individual portlets in a portal can be used to integrate information from a variety of back-end Web services. However, when Web services are deployed, they are available to unintended clients not related to the portal so a general solution for authorizing access to them is needed that is integrated with the portal’s own authentication and authorization mechanisms. This paper investigates the feasibility of an implementation of a general purpose solution for authorization between portlets and their back end Web services based on Privilege and Role Management Infrastructure Standards (PERMIS) which uses Web services security standards such as WSSecurity and SAML. This solution is also appropriate for authorization across organizational boundaries supporting the inclusion of service resources to a portal which are contributed by many different organizations. A motivating example of instrument sharing based on the CIMA remote instrument access protocol is presented.; ACM, IEEE