The above figure elucidates the basic
transformations among the data objects taken from their origin to the current
state. Perhaps, the same is in line with security fundamentals CIA. Vi and Vj
and Vn represent the versions of data objects up on modifications over time.
Ti, Tj and Tn are the corresponding transformations with respect to versions.
Provenance and its Allied Fields/ Applications
Monday, 7 January 2019
The base concept of visual encryption
The above figure
elucidates about base concept of visual encryption in a pictorial form.
The elements in middle of the diagram are the communication entities. Switch,
Hubs and communication links are taken into consideration.
Dynamic Separation of Duties: Provenance Perspective
The
above figure explains the components of the PBACC model. They are as follows.
·
The
Subjects, which are active users initiating the process with the system.
·
The
Actions representing the executable operations onto the data objects.
·
The
Objects representing all the data pieces which are stored and used in the
system.
·
The
Dependency List possess all system specific data in pair form (Dependency Name,
Dependency Path)
·
The
Contextual Information captures the state values related to the main components
of the request.
·
The
Provenance Data hold the base user transactions in a graph structure
The
Base Provenance Data represents associations among request components.
The
Attribute Provenance data represents more detailed information related to
Subjects, Actions, Objects
A Provenance-based
Access Control Model for Dynamic Separation of Duties
In
the context of operating financial transactions, the Dynamic Separation of Duties
(DSOD) plays a key role in assigning jobs to the individuals. DSOD is an
important concept as far as cyber security is concerned. As there is lineage
existing in cyber transactions, the DSOD needs provenance to be incorporated in
the process, for deriving different contexts of data required. For providing
the access permissions for the individuals, the Provenance Based Access Control
(PBAC) mechanisms were formulated, extending the same a base PBAC was also
proposed.
Scholars
at Institute for Cyber Security University of Texas at San Antonio proposed an
enhanced model, extending the PBAC and base PBAC named PBACC to investigate
different DSOD policy classes. One of the widely used and popular concepts for
averting unauthorized systems access is Separation of Duties (SOD). The two important distinctions in SOD are
Static SOD (SSOD) and the other one Dynamic SOD (DSOD) with respect to role
based access control mechanisms. The
SSOD is limited to role assignments and cannot look after dynamic active
sessions, which DSOD can perform. However, DSOD also is limited to role
activations. These challenges led to newer approaches in SOD concepts namely
Object-based DSOD, Operational-based DSOD and History-based DSOD.
As
the role assignments and role activations are concerned, the DSOD concepts
depend on lineage of the process events. Though the origin and path of the data
are available, the exact requirements in capturing and availing the data are
inconsistent. The provenance data provides such kind of information required to
carry out the specified process. To explore through the deeper DSOD policies
and address issued related, provenance data is utilized.
The
already existing models, PBAC and PBACB are
not completely operational towards DSOD. They are not advantageous in handling
all the types of data. They are also limited in addressing conventional and
enhanced characteristics DSOD features. A new model named PBACC was introduced to
resolve afore mentioned issues related to provenance data and DSOD.
One
of the good traditional approaches which addresses the DSOD issues, is
Transaction Control Expression (TCE). It also covers many DSOD
characteristics in all variations. TCE assigns every subtask an integer value
called as weight which is later compared with a weight threshold to determine
conflicts.
Subscribe to:
Posts (Atom)
The lineage of Data Objects with transformations on CIA: C- confidentiality I- Integrity A- Availability.
The above figure elucidates the basic transformations among the data objects taken from their origin to the current state. Perha...
-
Estimating and attempting to overcome congestion in high radix topologies that use global adaptive routing decisions will have a great impa...
-
Abstract — The developments in the information technology has led the modern world to rely on the internet for digital information. Peo...
-
It is with the advancement of overwhelming wireless internet access in mobile environments, users and usage data has become huge and volumi...