About Me

Monday, 7 January 2019

The lineage of Data Objects with transformations on CIA: C- confidentiality I- Integrity A- Availability.




 The above figure elucidates the basic transformations among the data objects taken from their origin to the current state. Perhaps, the same is in line with security fundamentals CIA. Vi and Vj and Vn represent the versions of data objects up on modifications over time. Ti, Tj and Tn are the corresponding transformations with respect to versions.

The base concept of visual encryption


The above figure elucidates about base concept of visual encryption in a pictorial form. The elements in middle of the diagram are the communication entities. Switch, Hubs and communication links are taken into consideration. 

Dynamic Separation of Duties: Provenance Perspective





The above figure explains the components of the PBACC model. They are as follows.
·         The Subjects, which are active users initiating the process with the system.
·         The Actions representing the executable operations onto the data objects.
·         The Objects representing all the data pieces which are stored and used in the system.
·         The Dependency List possess all system specific data in pair form (Dependency Name, Dependency Path)
·         The Contextual Information captures the state values related to the main components of the request.
·         The Provenance Data hold the base user transactions in a graph structure
The Base Provenance Data represents associations among request components.
The Attribute Provenance data represents more detailed information related to Subjects, Actions, Objects

A Provenance-based Access Control Model for Dynamic Separation of Duties

In the context of operating financial transactions, the Dynamic Separation of Duties (DSOD) plays a key role in assigning jobs to the individuals. DSOD is an important concept as far as cyber security is concerned. As there is lineage existing in cyber transactions, the DSOD needs provenance to be incorporated in the process, for deriving different contexts of data required. For providing the access permissions for the individuals, the Provenance Based Access Control (PBAC) mechanisms were formulated, extending the same a base PBAC was also proposed.

Scholars at Institute for Cyber Security University of Texas at San Antonio proposed an enhanced model, extending the PBAC and base PBAC named PBACC to investigate different DSOD policy classes. One of the widely used and popular concepts for averting unauthorized systems access is Separation of Duties (SOD).  The two important distinctions in SOD are Static SOD (SSOD) and the other one Dynamic SOD (DSOD) with respect to role based access control mechanisms.  The SSOD is limited to role assignments and cannot look after dynamic active sessions, which DSOD can perform. However, DSOD also is limited to role activations. These challenges led to newer approaches in SOD concepts namely Object-based DSOD, Operational-based DSOD and History-based DSOD.

As the role assignments and role activations are concerned, the DSOD concepts depend on lineage of the process events. Though the origin and path of the data are available, the exact requirements in capturing and availing the data are inconsistent. The provenance data provides such kind of information required to carry out the specified process. To explore through the deeper DSOD policies and address issued related, provenance data is utilized. 
The already existing models, PBAC and PBACB are not completely operational towards DSOD. They are not advantageous in handling all the types of data. They are also limited in addressing conventional and enhanced characteristics DSOD features. A new model named PBACC was introduced to resolve afore mentioned issues related to provenance data and DSOD.
One of the good traditional approaches which addresses the DSOD issues, is Transaction Control Expression (TCE). It also covers many DSOD characteristics in all variations. TCE assigns every subtask an integer value called as weight which is later compared with a weight threshold to determine conflicts.

 

The lineage of Data Objects with transformations on CIA: C- confidentiality I- Integrity A- Availability.

 The above figure elucidates the basic transformations among the data objects taken from their origin to the current state. Perha...