Faculty of Engineering & Applied Science

Permanent URI for this communityhttps://hdl.handle.net/10155/390

The Faculty of Engineering & Applied Science (FEAS) offers accredited undergraduate and graduate programs as well as completes research in engineering and applied science. Areas of focus include autonomous vehicle design, electric and hybrid vehicles, robotics and automation, cloud computing, electric and autonomous vehicles, clean energy, artificial intelligence, robotics, automation, and intelligent controls, thermo-fluids, and energy systems.

Browse

Browsing Faculty of Engineering & Applied Science by Subject "Access control"

Filter results by typing the first few letters
Now showing 1 - 2 of 2
  • Thumbnail Image
    Item
    Access control obligation specification and enforcement using behavior pattern language
    (2018-01-01) Sharghigoorabi, Mohammadhassan; Liscano, Ramiro
    Increasing the use of Internet-based devices offers novel opportunities for users to access and share resources anywhere and anytime so that such a collaborative environment complicates the design of an accountable resource access control system. Relying on only predefined access control policies based on an entity's attributes, as in traditional access control solutions, cannot provide enough flexibility to apply continuous adjustments in order to adapt to any kind of operative run time conditions. The limited scope and precision of the existing policy-based access control solutions have put considerable limitations on adequately satisfying the challenging security aspects of the IT enterprises. In this research, we focus on the obligatory behavior that can play an important role in access control to protect resources and services of a typical system. Since traditional access control is performed only once before the resource is accessed by the subject, the access control system is unable to control the fulfillment of obligation while the access is in progress. Practically, such a requirement is implemented in hard-coded and proprietary ways. Consequently, the lack of sophisticated means for specification and enforcement of obligation in access control system decreases its flexibility and may also lead to the security breach in sensitive environments. We provide a descriptive language that is capable of defining a variety of complex behavior patterns based on a sequence of user actions. Such a description can be used to specify different elements of the obligation in order to attach to a policy language, and it is also used to generate queries for behavior matching purposes. Moreover, we propose a behavior pattern matching framework to approve the fulfillment of the obligation by looking into the audit logs. However, this method is extremely inadequate for ongoing obligations. Therefore, we proposed a compliance engine by utilizing complex event processing in order to make a decision to revoke or continue the access in a timely manner. We implemented both frameworks that can be used to approve the obligation fulfillment as well as to evaluate the expressive power and complexity of our proposed language.
  • Thumbnail Image
    Item
    Infrastructure for secure medical image sharing between distributed PACS and DI-r systems.
    (2013-12-01) Kurlakose, Krupa Anna; Sartipi, Kamran
    Recent developments in information and communication technologies and their incor- poration into the medical domain have opened doors for the enhancement of health care services and thereby increasing the work ow at a reasonable rate. However, to implement such services, current medical system needs to be exible enough to support integration with other systems. This integration should be achieved in a secure manner and the resultant service should be made available to all health professionals and patients. This thesis proposes a new infrastructure for secure medical image sharing between legacy PACS and DI-r. The solution employs OpenID standard for user authentication, OAuth service to grant authorization and IHE XDS-I pro les to store and retrieve medical im- ages and associated meta data. In the proposed infrastructure cooperative agents are employed to provide a user action, patient consent and system policy based access con- trol mechanism to securely share medical images. This allows safe integration of PACS and DI-r systems within a standard EHR system. In addition to this, a behavior-pattern based security policy enhancement feature is added to the system to assist the system security administrator. The resulting secure and interoperable medical imaging systems are easy to expand and maintain. Behavior of the entire system is analysed using general- purpose model driven development tool IBM Rational Rhapsody. The code generation and animation capability of the tool makes it powerful for running e ective simulations. We mainly explore the use of state charts and their interactions with MySQL database to learn the behavior of the system.