Matching Items (3)
Filtering by

Clear all filters

149803-Thumbnail Image.png

Systematic policy analysis and management

Description
With the advent of technologies such as web services, service oriented architecture and cloud computing, modern organizations have to deal with policies such as Firewall policies to secure the networks, XACML (eXtensible Access Control Markup Language) policies for controlling the access to critical information as well as resources. Management of

With the advent of technologies such as web services, service oriented architecture and cloud computing, modern organizations have to deal with policies such as Firewall policies to secure the networks, XACML (eXtensible Access Control Markup Language) policies for controlling the access to critical information as well as resources. Management of these policies is an extremely important task in order to avoid unintended security leakages via illegal accesses, while maintaining proper access to services for legitimate users. Managing and maintaining access control policies manually over long period of time is an error prone task due to their inherent complex nature. Existing tools and mechanisms for policy management use different approaches for different types of policies. This research thesis represents a generic framework to provide an unified approach for policy analysis and management of different types of policies. Generic approach captures the common semantics and structure of different access control policies with the notion of policy ontology. Policy ontology representation is then utilized for effectively analyzing and managing the policies. This thesis also discusses a proof-of-concept implementation of the proposed generic framework and demonstrates how efficiently this unified approach can be used for analysis and management of different types of access control policies.
ContributorsKulkarni, Ketan (Author) / Ahn, Gail-Joon (Thesis advisor) / Yau, Stephen S. (Committee member) / Huang, Dijiang (Committee member) / Arizona State University (Publisher)
Created2011
150861-Thumbnail Image.png

Decision factors for E-waste in northen Mexico: to waste or trade

Description
Electronic waste (E-waste) is a concern, because of the increasing volume of materials being disposed of. There are economical, social and environmental implications derived from these materials. For example, the international trade of used computers creates jobs, but the recovery from valuable materials is technically challenging and currently there are

Electronic waste (E-waste) is a concern, because of the increasing volume of materials being disposed of. There are economical, social and environmental implications derived from these materials. For example, the international trade of used computers creates jobs, but the recovery from valuable materials is technically challenging and currently there are environmental and health problems derived from inappropriate recycling practices. Forecasting the flows of used computers and e-waste materials supports the prevention of environmental impacts. However, the nature of these material flows is complex. There are technological geographical and cultural factors that affect how users purchase, store or dispose of their equipment. The result of these dynamics is a change in the composition and volume of these flows. Collectors are affected by these factors and the presence of markets, labor and transportation costs. In northern Mexico, there is an international flow of new and used computers between Mexico and the United States and an internal flow of materials and products among Mexican cities. In order to understand the behavior of these flows a field study was carried out in 8 different Mexican cities. Stake holders were interviewed and through a structured analysis the system and the relevant stakeholders were expressed as Data Flow Diagrams in order; to understand the critical parts from the system. The results show that Mexican cities have important qualitative differences. For example, location and size define the availability of resources to manage e-waste. Decisions to dispose a computer depend on international factors such as the price of new computers, but also on regional factors such as the cost to repair them. Decisions to store a computer depend on external factors such as markets, but also internal factors such as how users perceive the value of old equipment. E-waste collection depends on the value of e-waste, but also on costs to collect and extract value from them. The main implication is that a general policy base on how E-waste is managed at a big city might not be the most efficient for a small one. More over combining strengths from different cities might overcome respective weaknesses and create new opportunities; this integration can be stimulated by designing policies that consider diversity
ContributorsEstrada Ayub, Jesus Angel (Author) / Allenby, Braden R. (Thesis advisor) / Ramzy, Kahhat A (Thesis advisor) / Kahhat, Ramzy A (Committee member) / Williams, Eric (Committee member) / Arizona State University (Publisher)
Created2012
151152-Thumbnail Image.png

Assurance management framework for access control systems

Description
Access control is one of the most fundamental security mechanisms used in the design and management of modern information systems. However, there still exists an open question on how formal access control models can be automatically analyzed and fully realized in secure system development. Furthermore, specifying and managing access control

Access control is one of the most fundamental security mechanisms used in the design and management of modern information systems. However, there still exists an open question on how formal access control models can be automatically analyzed and fully realized in secure system development. Furthermore, specifying and managing access control policies are often error-prone due to the lack of effective analysis mechanisms and tools. In this dissertation, I present an Assurance Management Framework (AMF) that is designed to cope with various assurance management requirements from both access control system development and policy-based computing. On one hand, the AMF framework facilitates comprehensive analysis and thorough realization of formal access control models in secure system development. I demonstrate how this method can be applied to build role-based access control systems by adopting the NIST/ANSI RBAC standard as an underlying security model. On the other hand, the AMF framework ensures the correctness of access control policies in policy-based computing through automated reasoning techniques and anomaly management mechanisms. A systematic method is presented to formulate XACML in Answer Set Programming (ASP) that allows users to leverage off-the-shelf ASP solvers for a variety of analysis services. In addition, I introduce a novel anomaly management mechanism, along with a grid-based visualization approach, which enables systematic and effective detection and resolution of policy anomalies. I further evaluate the AMF framework through modeling and analyzing multiparty access control in Online Social Networks (OSNs). A MultiParty Access Control (MPAC) model is formulated to capture the essence of multiparty authorization requirements in OSNs. In particular, I show how AMF can be applied to OSNs for identifying and resolving privacy conflicts, and representing and reasoning about MPAC model and policy. To demonstrate the feasibility of the proposed methodology, a suite of proof-of-concept prototype systems is implemented as well.
ContributorsHu, Hongxin (Author) / Ahn, Gail-Joon (Thesis advisor) / Yau, Stephen S. (Committee member) / Dasgupta, Partha (Committee member) / Ye, Nong (Committee member) / Arizona State University (Publisher)
Created2012