Design and implementation of a hybrid and configurable access control model

Download
2009
Turan, Uğur
A hybrid and configurable access control model is designed to satisfy the requirements of using different access control models in the same schema. The idea is arised to completely combine and configure the two main access control models, discretionary and mandatory which have been widely used in many systems so far with their advantages and disadvantages. The motivation originates from the fact that; in real life usage, discretionary based systems needs some strict policies and mandatory based systems needs some flexibility. The model is designed to combine these two appoaches in a single and configurable model, with some required real life extensions, in a conflictfree fashion and configurable degree of combination. Implementation of the model has been done and main important cases which shows the power and expressiveness of the model are designed and implemented. The authorization process is in the responsibility of the model which can be combined with secured authentication and auditing schemas. The new approaches as Role-Based, Context-Based and Temporal access control can easily be embedded in the model due to its generic and modular design.

Suggestions

An approach for including business requirements to soa design
Ocaktürk, Murat; Doğru, Ali Hikmet; Department of Computer Engineering (2010)
In this thesis, a service oriented decomposition approach: Use case Driven Service Oriented Architecture (UDSOA), is introduced to close the gap between business requirements and SOA (Service Oriented Architecture) design by including business use cases and system use cases into decomposition process. The approach is constructed upon Service Oriented Software Engineering (SOSE) modeling technique and aims to fill the deficits of it at the decomposition phase. Further, it aims to involve both business vision...
Using semantic web services for data integration in banking domain
Okat, Çağlar; Doğru, Ali Hikmet; Department of Computer Engineering (2010)
A semantic model oriented transformation mechanism is developed for the centralization of intra-enterprise data integration. Such a mechanism is especially crucial in the banking domain which is selected in this study. A new domain ontology is constructed to provide basis for annotations. A bottom-up approach is preferred for semantic annotations to utilize existing web service definitions. Transformations between syntactic web service XML responses and semantic model concepts are defined in transformation ...
Design and implementation of a plug-in framework for distributed object technologies
Kadıoğlu, Koray; Doğru, Ali Hikmet; Department of Computer Engineering (2006)
This thesis presents a framework design and implementation that enables run-time selection of different remote call mechanisms. In order to implement an extendable and modular system with run-time upgrading facility, a plug-in framework design is used. Since such a design requires enhanced usage of run-time facilities of the programming language that is used to implement the framework, in this study Java is selected because of its reflection and dynamic class loading facilities. A sample usage of this frame...
A conformance and interoperability test suite for Turkey’s National Health Information System (NHIS) and an interactive test control and monitoring environment
Sınacı, Ali Anıl; Doğaç, Asuman; Department of Computer Engineering (2009)
Conformance to standards and interoperability is a major challenge of today`s applications in all domains. Several standards have been developed and some are still under development to address the various layers in the interoperability stack. Conformance and interoperability testing involves checking whether the applications conform to the standards so that they can interoperate with other conformant systems. Only through testing, correct information exchange among applications can be guaranteed. National H...
Design and implementation of an open security architecture for a software-based security module
Kaynar, Kaan; Özgit, Attila; Department of Computer Engineering (2009)
Main purpose of this thesis work is to design a comprehensive and open security architecture whose desired parts could be realized on a general-purpose embedded computer without any special cryptography hardware. The architecture provides security mechanisms that implement known cryptography techniques, operations of some famous network security protocols and appropriate system security methods. Consequently, a server machine may offload a substantial part of its security processing tasks to an embedded com...
Citation Formats
U. Turan, “Design and implementation of a hybrid and configurable access control model,” M.S. - Master of Science, Middle East Technical University, 2009.