Access control model to support orchestration of CRUD expressions

Detalhes bibliográficos
Autor(a) principal: Thakur, Ritika
Data de Publicação: 2015
Tipo de documento: Dissertação
Idioma: eng
Título da fonte: Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
Texto Completo: http://hdl.handle.net/10773/18452
Resumo: Access Control is a sensitive and crucial aspect when it comes to securing the data present in the databases. In an application which is driven by Create, Read, Update and Delete (CRUD) expressions, users can execute a single CRUD expression or a sequence of CRUD expressions to achieve the desired results. In such type of applications, the Access Control is not just Iimited to authorizing the subject for accessing the object, but it also aims to authorize and validate the operations that a subject can perform on the data after the authorization. Current Access Control models are generally concerned with restricting the access to the resources. However, once the subject is authorized, there are no restrictions on the actions a subject can perform on the resources. In this work an Access Control Model has been presented which extends current Access Control model's features to provide an environment where a set of predefined policies are implemented as graphs of CRUD expressions. The design of the access control policies is based on the CRUD expressions that a user needs to execute to complete a task. These graphs of CRUD expressions are hence used for controlling and validating the actions that can be performed on authorized information. In order to reuse the policies, presented model allows the inter execution of the policies based on some predefined rules. The aim of the present thesis work is to provide a structure which allows the application users to only execute the authorized sequences of CRUD expressions in a predefined order and allows the security experts to design the policies in a flexible way through the graph data structure. As a proof of concept, Role based Access Control model (RBAC) has been taken as a reference access control model and the base for this work is chosen as Secured, Distributed and Dynamic RBAC (S-DRACA) which allowed the sequence of CRUD expressions to be executed in single direction.
id RCAP_7ffef773911d5b502db0271111c0877d
oai_identifier_str oai:ria.ua.pt:10773/18452
network_acronym_str RCAP
network_name_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository_id_str 7160
spelling Access control model to support orchestration of CRUD expressionsSegurança de computadoresBases de dados - Controlo de acessoAccess Control is a sensitive and crucial aspect when it comes to securing the data present in the databases. In an application which is driven by Create, Read, Update and Delete (CRUD) expressions, users can execute a single CRUD expression or a sequence of CRUD expressions to achieve the desired results. In such type of applications, the Access Control is not just Iimited to authorizing the subject for accessing the object, but it also aims to authorize and validate the operations that a subject can perform on the data after the authorization. Current Access Control models are generally concerned with restricting the access to the resources. However, once the subject is authorized, there are no restrictions on the actions a subject can perform on the resources. In this work an Access Control Model has been presented which extends current Access Control model's features to provide an environment where a set of predefined policies are implemented as graphs of CRUD expressions. The design of the access control policies is based on the CRUD expressions that a user needs to execute to complete a task. These graphs of CRUD expressions are hence used for controlling and validating the actions that can be performed on authorized information. In order to reuse the policies, presented model allows the inter execution of the policies based on some predefined rules. The aim of the present thesis work is to provide a structure which allows the application users to only execute the authorized sequences of CRUD expressions in a predefined order and allows the security experts to design the policies in a flexible way through the graph data structure. As a proof of concept, Role based Access Control model (RBAC) has been taken as a reference access control model and the base for this work is chosen as Secured, Distributed and Dynamic RBAC (S-DRACA) which allowed the sequence of CRUD expressions to be executed in single direction.O controlo de acesso é um aspecto sensível e crucial quando se fala de proteger dados presentes em base de dados. Em aplicações que assentam numa base de dados baseadas em expressões Creafe, Read, Update e Delefe (CRUD) , os utilizadores podem executar uma ou uma sequência de expressões CRUD para obter um dado resultado. Neste tipo de aplicações o controlo de acesso não é limitado apenas a autorizar o acesso a um objecto por um sujeito, mas também a autorizar e validar as operações que o sujeito pode fazer sobre os dados depois de obter autorização. Os modelos atuais de controlo de acesso geralmente focamse em restringir o acesso aos recursos CRUD a CRUD. No entanto, logo que o sujeito é autorizado, não há restrições sob as ações que este pode efetuar sobre esses recursos. Neste trabalho é apresentado um modelo de controlo de acesso que extende as funcionalidades dos modelos de controlo de acesso atuais para fornecer um ambiente onde um conjunto de politicas predefinidas são implementadas como grafos de expressões CRUD. Estes grafos de expressões CRUD são considerados como sequências que atuam como politicas guardadas e preconfiguradas. O design das sequências é baseado nas operações que o utilizador deseja efetuar para obter um dado resultado. Estas sequências de expressões CRUD são assim usadas para controlar e validar as ações que podem ser efetuadas sobre a informação armazenada. De forma a reusar estas políticas, o modelo apresentado define o uso de execuçao externa de políticas configuradas. O objetivo do trabalho nesta tese é fornecer uma estrutura que permite aos utilizadores de aplicações apenas executarem sequências autorizadas de expressões CRUD numa ordem predefinida e permitir aos administradores de sistema de desenharem politicas de uma forma flexível através de estruturas de grafos. Como prova de conceito, o modelo Role Based Access Control (RBAC) foi tido como referência para o modelo de controlo de acesso e para a base deste trabalho foi escolhido o S-DRACA que permite sequências de expressões CRUD de serem executadas por ordem.Universidade de Aveiro2017-10-06T10:33:51Z2015-01-01T00:00:00Z2015info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttp://hdl.handle.net/10773/18452TID:201591413engThakur, Ritikainfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2024-02-22T11:35:00Zoai:ria.ua.pt:10773/18452Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-20T02:53:09.894018Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse
dc.title.none.fl_str_mv Access control model to support orchestration of CRUD expressions
title Access control model to support orchestration of CRUD expressions
spellingShingle Access control model to support orchestration of CRUD expressions
Thakur, Ritika
Segurança de computadores
Bases de dados - Controlo de acesso
title_short Access control model to support orchestration of CRUD expressions
title_full Access control model to support orchestration of CRUD expressions
title_fullStr Access control model to support orchestration of CRUD expressions
title_full_unstemmed Access control model to support orchestration of CRUD expressions
title_sort Access control model to support orchestration of CRUD expressions
author Thakur, Ritika
author_facet Thakur, Ritika
author_role author
dc.contributor.author.fl_str_mv Thakur, Ritika
dc.subject.por.fl_str_mv Segurança de computadores
Bases de dados - Controlo de acesso
topic Segurança de computadores
Bases de dados - Controlo de acesso
description Access Control is a sensitive and crucial aspect when it comes to securing the data present in the databases. In an application which is driven by Create, Read, Update and Delete (CRUD) expressions, users can execute a single CRUD expression or a sequence of CRUD expressions to achieve the desired results. In such type of applications, the Access Control is not just Iimited to authorizing the subject for accessing the object, but it also aims to authorize and validate the operations that a subject can perform on the data after the authorization. Current Access Control models are generally concerned with restricting the access to the resources. However, once the subject is authorized, there are no restrictions on the actions a subject can perform on the resources. In this work an Access Control Model has been presented which extends current Access Control model's features to provide an environment where a set of predefined policies are implemented as graphs of CRUD expressions. The design of the access control policies is based on the CRUD expressions that a user needs to execute to complete a task. These graphs of CRUD expressions are hence used for controlling and validating the actions that can be performed on authorized information. In order to reuse the policies, presented model allows the inter execution of the policies based on some predefined rules. The aim of the present thesis work is to provide a structure which allows the application users to only execute the authorized sequences of CRUD expressions in a predefined order and allows the security experts to design the policies in a flexible way through the graph data structure. As a proof of concept, Role based Access Control model (RBAC) has been taken as a reference access control model and the base for this work is chosen as Secured, Distributed and Dynamic RBAC (S-DRACA) which allowed the sequence of CRUD expressions to be executed in single direction.
publishDate 2015
dc.date.none.fl_str_mv 2015-01-01T00:00:00Z
2015
2017-10-06T10:33:51Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/masterThesis
format masterThesis
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/10773/18452
TID:201591413
url http://hdl.handle.net/10773/18452
identifier_str_mv TID:201591413
dc.language.iso.fl_str_mv eng
language eng
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.publisher.none.fl_str_mv Universidade de Aveiro
publisher.none.fl_str_mv Universidade de Aveiro
dc.source.none.fl_str_mv reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron:RCAAP
instname_str Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron_str RCAAP
institution RCAAP
reponame_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
collection Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository.name.fl_str_mv Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
repository.mail.fl_str_mv
_version_ 1799137582391492608

Registros relacionados