- DSpace Home
- →
- E-Theses
- →
- SEECS
- →
- Information Technology
- →
- MS
- →
- View Item
JavaScript is disabled for your browser. Some features of this site may not work without it.
| dc.contributor.author | Hafeez, Khalid | |
| dc.date.accessioned | 2020-11-04T11:06:02Z | |
| dc.date.available | 2020-11-04T11:06:02Z | |
| dc.date.issued | 2013 | |
| dc.identifier.uri | http://10.250.8.41:8080/xmlui/handle/123456789/9833 | |
| dc.description | Supervisor: Dr. Awais Shibli | en_US |
| dc.description.abstract | In the era of distributed computing and multi-user environment, federated organizations though running in isolation with their own proprietary iden- tity stores, need to collaborate and access each other's resources. Each of them has to authenticate its self to get authorization for the utilization of desired resources. Organizations use their own identity stores with user's credentials and policy enforcement mechanism for authorizing user access to their resources. In order to access resources of di erent organizations, a user must have login for all of them. This requires multiple identities for the same user which is very complex and di cult to manage. These conditions become even worse if collaborating organizations have used heterogeneous access control models for implementing their authorization policies. Existing centralized solutions such as Single Sign On (SSO) su ers with single point of failure and single central server could result in performance bottlenecks if not handled properly. Other distributed solutions for collaborating organizations require major infrastructure change and they also require homogenous access control model to be used between two collaborating organizations. In order to access resources user must be authenticated seamlessly and authorized to perform access request. This research has proposed a plugin based distributed solution by making access control models, existing in di erent organizations, interoperable. The proposed solution has shown how decentralized and distributed yet federated organizations with heterogeneous access control models can share valuable resources/services in a secure, reliable and e cient manner with no or mini- mal changes to their existing infrastructure. The proposed solution converts the existing policies of collaborating organizations into Attribute Based Ac- cess Control Model (ABAC) by a Model Transformation Utility (MTU). When our proposed system is plugged-in to existing Role Based Access Con- trol (RBAC) system, MTU reads RBAC policies form legacy repository and transforms them to ABAC policies using Extensible Access Control Markup Language (XACML) and stores them into ABAC policies repository. These v vi policies are applied to remote request to obtain access over local resources. In order to check the correctness of RBAC model transformation into ABAC model using XACML, a signi cant number of test cases have been designed, and executed on existing as well as transformed systems and the results com- parison shows that model transformation is 100% correct. | en_US |
| dc.publisher | SEECS, National University of Science and Technology, Islamabad. | en_US |
| dc.subject | Information Technology, Access Control Models | en_US |
| dc.title | Interoperability among Access Control Models | en_US |
| dc.type | Thesis | en_US |
Files in this item
This item appears in the following Collection(s)
-
MS [432]