Conference Paper

A secure and efficient File System Access Control Mechanism ( FlexFS )

September 2018

Conference: International workshop on Information & Operational Technology (IT & OT) security systems (IOSec 2018)
At: Heraklion, Crete, Greece

Authors:

Jihane Najar

Technische Universität Braunschweig

Vassilis Prevelakis

Technische Universität Braunschweig

ResearchGate has not been able to resolve any citations for this publication.

ResearchGate has not been able to resolve any references for this publication.

ERC Starting Grant for research on small bodies in the solar system

February 2021

Jessica Agarwal transferred from Max Planck Institute to TU Braunschweig In summer 2020, physicist Jessica Agarwal moved from the Max Planck Institute for Solar System Research in Göttingen to Technische Universität Braunschweig. Agarwal researches the activity of asteroids and comets in the...

View post

Clever minds are the key – welcome to TU Braunschweig!

December 2020

With the European Research Council (ERC) the European Commission fosters excellent researchers and innovative research aims. The Technische Universität Braunschweig welcomes aspiring ERC grantees in one of Europe’s most active research regions and offers great advisory and mentoring...

View post

Article

Are Password Requirements too Difficult?

December 2011 · Computer

Kim Schaffer

It might be prudent to enhance password mechanisms while training users to take the additional responsibility of managing passwords.

Article

An Initial Security Analysis of the IEEE 802.1X Standard

January 2003

The current IEEE 802.11 standard is known to lack any viable security mechanism. However, the IEEE has proposed a long term security architecture for 802.11 which they call the Ro- bust Security Network (RSN). RSN utilizes the recent IEEE 802.1X standard as a basis for ac- cess control, authentication, and key management. In this paper, we present two security problems (session hijacking, and the ... [Show full abstract] establishment of a man-in-the-middle) we have identified and tested operationally. The existence of these flaws highlight several basic design flaws within 802.1X and its combination with 802.11. As a result, we conclude that the current combina- tion of the IEEE 802.1X and 802.11 standards does not provide a sufficient level of security, nor will it ever without significant changes.

Conference Paper

A scalable security model based on role-control for distributed file system

December 2012

Recently, the secure model defined in OSD standard, Maat secure models and secure model for Lustre are applied to distributed file system. These models are capacity-based models, which use symmetric key and certificate security technology. When the number of files becomes huge, a large number of capacity tickets are required and the performance will decrease. In this paper, we design a new secure ... [Show full abstract] model based on role and secure domain, and finally realize it in Ceph file system. The result shows that it is scalable and high-performance.

Chapter

Authentication and Key Establishment Protocols

January 2021

Sirapat Boonkrong

The first chapter shows that it is possible to achieve data confidentiality through the use of encryption, which could either be symmetric or asymmetric cryptography. We also know from the same chapter that the integrity of data or the loss of it can be detected with the use of cryptographic hash functions. However, higher level of security can be achieved via the use of access control mechanism ... [Show full abstract] in which authentication is a major part.

Article

Interactive exploration of large filesystems

March 2005 · Proceedings of SPIE - The International Society for Optical Engineering

Secure management of file systems of large organizations can present significant challenges to system administrators, in terms of the number of users, shared access to parts of the file system for supporting large software projects, and securing and monitoring critical parts of the file system from intruders. We present interactive visualization tools for monitoring and viewing the complex access ... [Show full abstract] control relationships within large file systems. This tool is targeted as an aid to system administrators to manage users, software applications and shared access. We tested our tool on UNC Charlotte's Andrew File System (AFS), which contains 7043 users, 560 user groups, and about 2.1 million directories. Our system displays summary information about the file system, and two types of visualizations to explore access control relationships among classes of users. In addition, drill-down features are provided to explore the user file system structure and manage access control information of any directory within the system. All of the views are linked to permit easy navigation and features are provided that make the system scalable to larger filesystems.

Conference Paper

Full-text available

Security-Conscious XML Indexing

April 2007

To support secure exchanging and sharing of XML data over the Internet, a myriad of XML access control mechanisms have been proposed. In the setting of node-level fine-grained access control, query evaluation is a process of locating XML nodes that (1) satisfy query constraints, and (2) do not violate security policies. In this regard, we propose and empirically validate a suite of XML indices ... [Show full abstract] for multi-level XML security model.

View full-text

Article

Research on Pervasive Computing Security

October 2010

When the concept of pervasive computing is proposed, from a simple application model to the study of various algorithms, the technology of pervasive computing is developing rapidly. This paper firstly introduced the concept of pervasive computing and its security problems. Then by introducing TePA (Tri-Element Peer Authentication) security mechanisms, an access control mechanism is introduced. It ... [Show full abstract] is similar with TePA security mechanism, and also fits for the features of pervasive computing. It is compatible with the current security mechanisms, and will further meet the pervasive computing specific needs.

Conference Paper

Access Control and Authentication in LANs.

January 1989

Morrie Gasser

This paper explores the uses for security mechanisms confined to OSI layer 2, even in LANs that also employ wide area protocols up through layer 7. These mechanisms must be integrated into the protocol architecture in a way that will not interfere with or be redundant to very similar security mechanism implemented in higher layers operating across the wide area network. A model for such ... [Show full abstract] mechanisms in the context of IEEE 802 LANs is proposed.

Chapter

Access Control, Authentication, and Authorization

January 2007

If we were not to allow users into the system, then we would have no problems of security. However, the system would not be utilized, hence, useless. The system must be used, and there must be security. This means we must find a way to access and authenticate users. This way we improve on the security of the system. In this chapter, we focus on three major security mechanisms from our pool of ... [Show full abstract] security mechanisms. We cover access control, authentication, and authorization. Before we continue, however, let us define the working terms.

Article

Implementation of unified session access model in a closed virtual environment of distributed inform...

January 2015

This study discusses the mechanism of a single access session for a particular user within a closed virtual environment system of distributed information resources as a secured portal network. The implementation of this session access model provides a user single authentication in the portal network, no matter what nodes were called firstly and subsequently. Thus, it defines only one arbitrary ... [Show full abstract] user entry point to the portal network.

Article

Access control mechanism for object-oriented database systems

January 1993

The security problems of object-oriented database system are investigated and security level assignment constraints and an access control mechanism based on the multilevel access control security policy are proposed. The proposed mechanism uses the Trusted Computing Base. A unique feature of the mechanism is that security levels are assigned not only to data items (objects), but also to methods ... [Show full abstract] and methods are not shown to the users whose security level is lower than that of the methods. And we distinguish between the security level of a variable in a class and that in an instance and distinguish between the level of an object when it is taken by itself and it is taken as a variable or an element of another complex object. All of this realizes the policy of multilevel access control.

Conference Paper

Full-text available

A Cryptographic Solution for General Access Control

September 2005

As one of the most popular information safeguarding mecha-nisms, access control is widely deployed in information systems. However, access control approach su ers from a tough problem, i. e. system ad-ministrators must be unconditionally trusted. Cryptographic substitutes have been developed to solve the above problem. In particular, hierarchi-cal encryption, as an alternate solution of access ... [Show full abstract] control in a hierarchy, has been intensively studied. In this paper, we propose a cryptographic solution for general access control based on Chinese Remainder Theo-rem. Our solution has two categories: data based solution and key based solution. In contrast to the most recent hierarchical encryption system: Ray, Ray and Narasimhamurthi's system [1], our solution is more e-cient, secure and flexible. Moreover, we introduce an e cient mechanism for authorization alterations. This paper ends with a set of experimental results that support our research.

View full-text

A secure and efficient File System Access Control Mechanism ( FlexFS )

No full-text available

Recommended publications

ERC Starting Grant for research on small bodies in the solar system

Clever minds are the key – welcome to TU Braunschweig!

Are Password Requirements too Difficult?

An Initial Security Analysis of the IEEE 802.1X Standard

A scalable security model based on role-control for distributed file system

Authentication and Key Establishment Protocols

Interactive exploration of large filesystems

Security-Conscious XML Indexing

Research on Pervasive Computing Security

Access Control and Authentication in LANs.

Access Control, Authentication, and Authorization

Implementation of unified session access model in a closed virtual environment of distributed inform...

Access control mechanism for object-oriented database systems

A Cryptographic Solution for General Access Control