Matching Items (3)
Filtering by

Clear all filters

152590-Thumbnail Image.png
Description
Access control is necessary for information assurance in many of today's applications such as banking and electronic health record. Access control breaches are critical security problems that can result from unintended and improper implementation of security policies. Security testing can help identify security vulnerabilities early and avoid unexpected expensive cost

Access control is necessary for information assurance in many of today's applications such as banking and electronic health record. Access control breaches are critical security problems that can result from unintended and improper implementation of security policies. Security testing can help identify security vulnerabilities early and avoid unexpected expensive cost in handling breaches for security architects and security engineers. The process of security testing which involves creating tests that effectively examine vulnerabilities is a challenging task. Role-Based Access Control (RBAC) has been widely adopted to support fine-grained access control. However, in practice, due to its complexity including role management, role hierarchy with hundreds of roles, and their associated privileges and users, systematically testing RBAC systems is crucial to ensure the security in various domains ranging from cyber-infrastructure to mission-critical applications. In this thesis, we introduce i) a security testing technique for RBAC systems considering the principle of maximum privileges, the structure of the role hierarchy, and a new security test coverage criterion; ii) a MTBDD (Multi-Terminal Binary Decision Diagram) based representation of RBAC security policy including RHMTBDD (Role Hierarchy MTBDD) to efficiently generate effective positive and negative security test cases; and iii) a security testing framework which takes an XACML-based RBAC security policy as an input, parses it into a RHMTBDD representation and then generates positive and negative test cases. We also demonstrate the efficacy of our approach through case studies.
ContributorsGupta, Poonam (Author) / Ahn, Gail-Joon (Thesis advisor) / Collofello, James (Committee member) / Huang, Dijiang (Committee member) / Arizona State University (Publisher)
Created2014
150987-Thumbnail Image.png
Description
In this dissertation, two interrelated problems of service-based systems (SBS) are addressed: protecting users' data confidentiality from service providers, and managing performance of multiple workflows in SBS. Current SBSs pose serious limitations to protecting users' data confidentiality. Since users' sensitive data is sent in unencrypted forms to remote machines owned

In this dissertation, two interrelated problems of service-based systems (SBS) are addressed: protecting users' data confidentiality from service providers, and managing performance of multiple workflows in SBS. Current SBSs pose serious limitations to protecting users' data confidentiality. Since users' sensitive data is sent in unencrypted forms to remote machines owned and operated by third-party service providers, there are risks of unauthorized use of the users' sensitive data by service providers. Although there are many techniques for protecting users' data from outside attackers, currently there is no effective way to protect users' sensitive data from service providers. In this dissertation, an approach is presented to protecting the confidentiality of users' data from service providers, and ensuring that service providers cannot collect users' confidential data while the data is processed or stored in cloud computing systems. The approach has four major features: (1) separation of software service providers and infrastructure service providers, (2) hiding the information of the owners of data, (3) data obfuscation, and (4) software module decomposition and distributed execution. Since the approach to protecting users' data confidentiality includes software module decomposition and distributed execution, it is very important to effectively allocate the resource of servers in SBS to each of the software module to manage the overall performance of workflows in SBS. An approach is presented to resource allocation for SBS to adaptively allocating the system resources of servers to their software modules in runtime in order to satisfy the performance requirements of multiple workflows in SBS. Experimental results show that the dynamic resource allocation approach can substantially increase the throughput of a SBS and the optimal resource allocation can be found in polynomial time
ContributorsAn, Ho Geun (Author) / Yau, Sik-Sang (Thesis advisor) / Huang, Dijiang (Committee member) / Ahn, Gail-Joon (Committee member) / Santanam, Raghu (Committee member) / Arizona State University (Publisher)
Created2012
161726-Thumbnail Image.png
Description
The concept of multi-scale, heterogeneous modeling is well-known to be central in the complexities of natural and built systems. Therefore, whole models that have parts with different spatiotemporal scales are preferred to those specified using a monolithic modeling approach and tightly integrated. To build simulation frameworks that are expressive and

The concept of multi-scale, heterogeneous modeling is well-known to be central in the complexities of natural and built systems. Therefore, whole models that have parts with different spatiotemporal scales are preferred to those specified using a monolithic modeling approach and tightly integrated. To build simulation frameworks that are expressive and flexible, model composability is crucial where a whole model's structure and behavior traits must be concisely specified according to those of its parts and their interactions. To undertake the spatiotemporal model composability, a breast cancer cells chemotaxis exemplar is used. In breast cancer biology, the receptors CXCR4+ and CXCR7+ and the secreting CXCL12+ cells are implicated in spreading normal and malignant cells. As discrete entities, these can be modeled using Agent-Based Modeling (ABM). The receptors and ligand bindings with chemokine diffusion regulate the cells' movement gradient. These continuous processes can be modeled as Ordinary Differential Equations (ODE) and Partial Differential Equations (PDE). A customized, text-based BrSimulator exists to model and simulate this kind of breast cancer phenomenon. To build a multi-scale, spatiotemporal simulation framework supporting model composability, this research proposes using composable cellular automata (CCA) modeling. Toward this goal, the Cellular Automata DEVS (CA-DEVS) model is used, and the novel Composable Cellular Automata DEVS (CCA-DEVS) modeling is proposed. The DEVS-Suite simulator is extended to support CA and CCA Parallel DEVS models. This simulator introduces new capabilities for controlled and modular run-time animation and superdense time trajectory visualization. Furthermore, this research proposes using the Knowledge Interchange Broker (KIB) approach to model and simulate the interactions between separate geo-referenced CCA models developed using the DEVS and Modelica modeling languages. To demonstrate the proposed model composability approach and its use in the extended DEVS-Suite simulator, the breast cancer cells chemotaxis and others have been studied. The BrSimulator is used as a proxy for evaluating the proposed model composability approach using an integrated DEVS-Suite and OpenModelica simulator. Simulation experiments are developed that show the composition of spatiotemporal ABM, ODE, and PDE models reproduce the behaviors of the same model developed in the BrSimulator.
ContributorsZhang, Chao (Author) / Sarjoughian, Hessam S (Thesis advisor) / Crook, Sharon (Committee member) / Collofello, James (Committee member) / Pavlic, Theodore (Committee member) / Arizona State University (Publisher)
Created2021