CONTROLE DE ACESSO A RECURSOS COMPUTACIONAIS DE FORMA FLEXÍVEL E DINÂMICA ATRAVÉS DE CONTEXTO / ACCESS CONTROL TO COMPUTER RESOURCES IN A FLEXIBLE AND DYNAMIC THROUGH CONTEXT
AUTOR(ES)
Junior Marcos Bandeira
DATA DE PUBLICAÇÃO
2010
RESUMO
A model of access control aims to limit the actions that a User can have legitimate in a system. Its purpose is to improve security by ensuring the properties of integrity and confidentiality. The model of access control is considered standard based on profiles or roles. The profiles are functions that the User can exercise and access permissions to objects are associated with a profile according to their function. The model-based profiles can not take into account aspects of the environment where the access occurs, it limits the possibilities of establishing policies for the most comprehensive security accompanying the scenario of technological change. Models that extend the model-based profiles have been proposed, there are settings in them that make possible the mapping of the environment where the access occurs, also called context, however, there is no consensus on the representation of context and security policies demonstrated by definitions of these models are specific to their use cases. This work presents a model based access control in context expressions CABEC. This model has definitions based on models that extend the model based on profiles, however, shows the construction of security policies for different domains. Security policies built with the CABEC take into account dynamic information environment and their combinations. These aspects are important because they increase the wealth of security policies and flexibility in its construction. The dynamic aspects of context refers to information the moment of interaction, are given as time intervals, number of simultaneous access, physical access, location. The aspect of flexibility in policy construction comes from the possibility of the security manager to choose the amount of rules and combinations thereof, can build a policy that takes into account the rule of office hours combined with the role that the subject is exerting at the time, or simply considering a rule that takes into account only its location. With a model of access control that takes into account dynamic information and their combination increases the security and, consequently, the gain in productivity in relation to ownership of availability of services, data and computing resources.
ASSUNTO(S)
security controle de acesso access control contexto context segurança engenharia de producao
ACESSO AO ARTIGO
http://coralx.ufsm.br/tede/tde_busca/arquivo.php?codArquivo=3157Documentos Relacionados
- Técnicas de incorporação de controle de acesso à luz solar em modelos computacionais de edificações
- Dinâmica e controle de movimento de corpo rígido de um manipulador robótico rígido/flexivel
- AUTENTICAÇÃO E CONTROLE DE ACESSO INTERINSTITUCIONAL
- Dynamic and flexible load distribution for web service clusters
- Acesso e conhecimento dos acadêmicos de Enfermagem acerca de recursos computacionais = Acceso y conocimiento de los académicos de enfermería acerca de recursos computacionales = Access and knowledge of nursing undergraduates on computational resources
