'n Gerekenariseerde bestuurshulpmiddel vir 'n hoofraamtoegangsbeheerstelsel
- Authors: Pottas, Dalenca
- Date: 2014-02-18
- Subjects: Computer security , Computers - Access control
- Type: Thesis
- Identifier: uj:4095 , http://hdl.handle.net/10210/9442
- Description: M.Sc. (Computer Science) , Please refer to full text to view abstract
- Full Text:
- Authors: Pottas, Dalenca
- Date: 2014-02-18
- Subjects: Computer security , Computers - Access control
- Type: Thesis
- Identifier: uj:4095 , http://hdl.handle.net/10210/9442
- Description: M.Sc. (Computer Science) , Please refer to full text to view abstract
- Full Text:
'n Metodologie vir die implementering van rekenaarsekerheid in 'n groot organisasie
- Authors: Badenhorst, Karin Petra
- Date: 2014-05-08
- Subjects: Computers - Access control
- Type: Thesis
- Identifier: uj:10939 , http://hdl.handle.net/10210/10512
- Description: M.Sc. (Computer Science) , Please refer to full text to view abstract
- Full Text:
- Authors: Badenhorst, Karin Petra
- Date: 2014-05-08
- Subjects: Computers - Access control
- Type: Thesis
- Identifier: uj:10939 , http://hdl.handle.net/10210/10512
- Description: M.Sc. (Computer Science) , Please refer to full text to view abstract
- Full Text:
A control model for the evaluation and analysis of control facilities in a simple path context model in a MVS/XA environment
- Authors: Damianides, Marios
- Date: 2014-07-28
- Subjects: Computer security , Computers - Access control , Auditing - Data processing
- Type: Thesis
- Identifier: uj:11839 , http://hdl.handle.net/10210/11571
- Description: M.Com. (Computer Auditing) , The need to evaluate today's complex computer environments from an audit perspective has increased, particularly in viewof the disappearance of a paper audit trail and the inefficiencies of auditing "around" the computer in these environments. By making use of the Access Path and the Path Context Models, it was possible to carry out an evaluation of the MVS/XA environment. This evaluation was carried out using the methodology developed in this research essay. This methodology may have universal applicability in the evaluation of computer security. The concept of each layer in the access path being a "net", which only allows authorised users to drop to the next layer, was applied. It was found that each systems software component had sufficient facilities to meet the control objectives. The operating system itself, however, was found to present the installation with more risk factors than controls. It was therefore concluded that an external access control software package needs to be implemented to supplement the controls in this environment, if the control objectives are to be met. It was also concluded that the implementation of this package would not, in itself, solve all the security issues, and that the matrices developed should be used in the implementation of this package. This is a further indication of the usefulness of the model and the methodology. The applicability of the Access Path and the Path Context Models in the evaluation of the predefined environment has therefore been established.
- Full Text:
- Authors: Damianides, Marios
- Date: 2014-07-28
- Subjects: Computer security , Computers - Access control , Auditing - Data processing
- Type: Thesis
- Identifier: uj:11839 , http://hdl.handle.net/10210/11571
- Description: M.Com. (Computer Auditing) , The need to evaluate today's complex computer environments from an audit perspective has increased, particularly in viewof the disappearance of a paper audit trail and the inefficiencies of auditing "around" the computer in these environments. By making use of the Access Path and the Path Context Models, it was possible to carry out an evaluation of the MVS/XA environment. This evaluation was carried out using the methodology developed in this research essay. This methodology may have universal applicability in the evaluation of computer security. The concept of each layer in the access path being a "net", which only allows authorised users to drop to the next layer, was applied. It was found that each systems software component had sufficient facilities to meet the control objectives. The operating system itself, however, was found to present the installation with more risk factors than controls. It was therefore concluded that an external access control software package needs to be implemented to supplement the controls in this environment, if the control objectives are to be met. It was also concluded that the implementation of this package would not, in itself, solve all the security issues, and that the matrices developed should be used in the implementation of this package. This is a further indication of the usefulness of the model and the methodology. The applicability of the Access Path and the Path Context Models in the evaluation of the predefined environment has therefore been established.
- Full Text:
A secure, anonymous, real-time cyber-security information sharing system with respect to critical information infrastructure protection
- Authors: Mohideen, Feroze
- Date: 2015
- Subjects: Computer security , Data protection , Computers - Access control , Cyber intelligence (Computer security) , Supervisory control systems
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/84671 , uj:19250
- Description: Abstract: Please refer to full text to view abstract , M.Sc.
- Full Text:
- Authors: Mohideen, Feroze
- Date: 2015
- Subjects: Computer security , Data protection , Computers - Access control , Cyber intelligence (Computer security) , Supervisory control systems
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/84671 , uj:19250
- Description: Abstract: Please refer to full text to view abstract , M.Sc.
- Full Text:
Access control by means of speech recognition and its impact on the auditor
- Van Graan, Johan Hendrik Otto
- Authors: Van Graan, Johan Hendrik Otto
- Date: 2012-08-22
- Subjects: Computers - Access control , Automatic speech recognition , Auditing - Data processing
- Type: Mini-Dissertation
- Identifier: uj:3016 , http://hdl.handle.net/10210/6438
- Description: M.Comm. , In recent times access control has become more and more important, largely as a result of changes in society and an increase in the quantity and sensitivity of information being stored on computers. Speech recognition is nothing but communication which occurs when two persons have a conversation and one understands what the other says and means. This process consists of sound waves (analogue signals) that are carried through the air. The sound is converted (digitized) by the ear to impulses. The brain matches these impulses to a meaning (template) to which the person responds by an action. Speaker independent recognition involves converting the spoken word into an electronic signal. The signal is then compared to the computer's vocabulary, which consists of a set of templates which have been chosen to represent the average speaker. Speaker dependent recognition consists of training the computer to recognize a specific word spoken by an individual. This is done by having the speaker say the word several times. The computer then creates an average template for that word for that speaker which is then used for reference. For any speech recognition system that an auditor needs to audit, the following have to be established: What does the system reside on? A mainframe, Mini, PC or LAN. Is the system speaker independent, speaker dependent or both? Is the system used for control of physical access, logical access or both? Is the system used for control of access to high security area/data, low security area/data or both? The answers to the above will place the system in one of the categories of the following risk matrix. At the moment the auditor need not be excessively concerned about speech recognition, as it is mainly confined to access control. Both physical and logical access control can easily be audited using normal audit techniques, with a basic knowledge of speech recognition. The future promises exciting applications for speech recognition, which may even include the ability to communicate with the computer in the same way as one speaks to another human being. The auditor will have to grow with technology and keep up to date with developments.
- Full Text:
- Authors: Van Graan, Johan Hendrik Otto
- Date: 2012-08-22
- Subjects: Computers - Access control , Automatic speech recognition , Auditing - Data processing
- Type: Mini-Dissertation
- Identifier: uj:3016 , http://hdl.handle.net/10210/6438
- Description: M.Comm. , In recent times access control has become more and more important, largely as a result of changes in society and an increase in the quantity and sensitivity of information being stored on computers. Speech recognition is nothing but communication which occurs when two persons have a conversation and one understands what the other says and means. This process consists of sound waves (analogue signals) that are carried through the air. The sound is converted (digitized) by the ear to impulses. The brain matches these impulses to a meaning (template) to which the person responds by an action. Speaker independent recognition involves converting the spoken word into an electronic signal. The signal is then compared to the computer's vocabulary, which consists of a set of templates which have been chosen to represent the average speaker. Speaker dependent recognition consists of training the computer to recognize a specific word spoken by an individual. This is done by having the speaker say the word several times. The computer then creates an average template for that word for that speaker which is then used for reference. For any speech recognition system that an auditor needs to audit, the following have to be established: What does the system reside on? A mainframe, Mini, PC or LAN. Is the system speaker independent, speaker dependent or both? Is the system used for control of physical access, logical access or both? Is the system used for control of access to high security area/data, low security area/data or both? The answers to the above will place the system in one of the categories of the following risk matrix. At the moment the auditor need not be excessively concerned about speech recognition, as it is mainly confined to access control. Both physical and logical access control can easily be audited using normal audit techniques, with a basic knowledge of speech recognition. The future promises exciting applications for speech recognition, which may even include the ability to communicate with the computer in the same way as one speaks to another human being. The auditor will have to grow with technology and keep up to date with developments.
- Full Text:
Application of the access path model with specific reference to the SAP R/3 environment
- Authors: Pretorius, Maria Rebecca
- Date: 2014-10-07
- Subjects: Computer security , Data protection , Computers - Access control
- Type: Thesis
- Identifier: uj:12534 , http://hdl.handle.net/10210/12328
- Description: M.Com. (Computer Auditing) , The management and control of modern day computer systems are becoming more and more trying due to the complexity of systems. This renders the traditional approach to evaluating controls in complex computer systems, inadequate and heightens the need for an alternative audit approach. The complex SAP R/3 environment will be evaluated in terms of security and validity of users and processes. This will be achieved through the use of an alternative audit approach namely, the application of the Access Path and Path Context Models (Boshoff 1985, 1990). The research methodology used during this research may indicate universal application implications for similar complex environments, although this has not yet been proved. The research showed that there are many control features available in the different software c.omponents of the SAP R/3 environment, that can be applied to control access and validity of users and processes. The duplication of control features provided by the software components, requires a global approach to security inthe defined environment. Only when evaluating the environment as a whole, will it be able to make the most effective security decisions. The use of the control matrices developed during this research will ease the global evaluation of the SAP R/3 environment. Although further research is required, the above has proven the usefulness of both the research methodology and the resultant model and matrices.
- Full Text:
- Authors: Pretorius, Maria Rebecca
- Date: 2014-10-07
- Subjects: Computer security , Data protection , Computers - Access control
- Type: Thesis
- Identifier: uj:12534 , http://hdl.handle.net/10210/12328
- Description: M.Com. (Computer Auditing) , The management and control of modern day computer systems are becoming more and more trying due to the complexity of systems. This renders the traditional approach to evaluating controls in complex computer systems, inadequate and heightens the need for an alternative audit approach. The complex SAP R/3 environment will be evaluated in terms of security and validity of users and processes. This will be achieved through the use of an alternative audit approach namely, the application of the Access Path and Path Context Models (Boshoff 1985, 1990). The research methodology used during this research may indicate universal application implications for similar complex environments, although this has not yet been proved. The research showed that there are many control features available in the different software c.omponents of the SAP R/3 environment, that can be applied to control access and validity of users and processes. The duplication of control features provided by the software components, requires a global approach to security inthe defined environment. Only when evaluating the environment as a whole, will it be able to make the most effective security decisions. The use of the control matrices developed during this research will ease the global evaluation of the SAP R/3 environment. Although further research is required, the above has proven the usefulness of both the research methodology and the resultant model and matrices.
- Full Text:
Automated secure systems development methodology
- Booysen, Hester Aletta Susanna
- Authors: Booysen, Hester Aletta Susanna
- Date: 2014-11-20
- Subjects: Computers - Access control , Computer security , Data protection
- Type: Thesis
- Identifier: uj:13093 , http://hdl.handle.net/10210/12971
- Description: D.Com. (Informatics) , The complexity of modern computer-based information systems is such that, for all but the simplest of examples, they cannot be produced without a considerable amount of prior planning and preparation. The actual difficulties of trying to design, develop and implement complex computer-based systems have been recognised as early as the seventies. In a bid to deal with what was then referred to as the "software crisis", a number of so- called "methodologies" were advocated. Those methodologies were, in turn, based on a collection of guidelines or methods thanks to which their designers could eventually make the claim that computer systems, and in particular information systems, could be designed and developed with a greater degree of success. By using a clear set of rules, or at least reasonably detailed principles, they could ensure that the various design and development tasks be performed in a methodical, organ ised fashion. Irrespective of the methodologies or guidelines that were adopted or laid down, the developers principal aim was to ensure that all relevant detail about the proposed information systems would be taken into account during the long and often drawn-out design and development process. Unfortunately, many of those methodologies and guidelines date from the early 1970s and, as a result, no longer meet the security requirements and guidelines of today's information systems. It was never attempted under any of those methodolog ies, however, to unriddle the difficulties they had come up against in information security in the domain of system development . Security concerns should however, form an integral part of the planning, development and maintenance of a computer application. Each application system should for example, take the necessary security measures in any given situation.
- Full Text:
- Authors: Booysen, Hester Aletta Susanna
- Date: 2014-11-20
- Subjects: Computers - Access control , Computer security , Data protection
- Type: Thesis
- Identifier: uj:13093 , http://hdl.handle.net/10210/12971
- Description: D.Com. (Informatics) , The complexity of modern computer-based information systems is such that, for all but the simplest of examples, they cannot be produced without a considerable amount of prior planning and preparation. The actual difficulties of trying to design, develop and implement complex computer-based systems have been recognised as early as the seventies. In a bid to deal with what was then referred to as the "software crisis", a number of so- called "methodologies" were advocated. Those methodologies were, in turn, based on a collection of guidelines or methods thanks to which their designers could eventually make the claim that computer systems, and in particular information systems, could be designed and developed with a greater degree of success. By using a clear set of rules, or at least reasonably detailed principles, they could ensure that the various design and development tasks be performed in a methodical, organ ised fashion. Irrespective of the methodologies or guidelines that were adopted or laid down, the developers principal aim was to ensure that all relevant detail about the proposed information systems would be taken into account during the long and often drawn-out design and development process. Unfortunately, many of those methodologies and guidelines date from the early 1970s and, as a result, no longer meet the security requirements and guidelines of today's information systems. It was never attempted under any of those methodolog ies, however, to unriddle the difficulties they had come up against in information security in the domain of system development . Security concerns should however, form an integral part of the planning, development and maintenance of a computer application. Each application system should for example, take the necessary security measures in any given situation.
- Full Text:
Collective human biological signal-based identification and authentication in access control environments
- Van der Haar, Dustin Terence
- Authors: Van der Haar, Dustin Terence
- Date: 2014-10-13
- Subjects: Computers - Access control , Biometric identification , Biosensors
- Type: Thesis
- Identifier: http://ujcontent.uj.ac.za8080/10210/364585 , uj:12604 , http://hdl.handle.net/10210/12392
- Description: Ph.D. (Computer Science) , The introduction of new portable sensors that monitor physiological systems in the human body has allowed quality of life and medical diagnostic applications to be taken directly to the user, without the constraints of physical space or inconvenience. The potential of these sensors in the domain of authentication and identi cation is becoming more feasible each day and current research in these biometric systems show a great deal of promise. Novel biometric systems are being introduced that use biological signals (also known as biosignals) in the human body captured by these sensors (such as brain waves or heart rate) as the core unique attribute. The study builds on the proliferation of these sensors and proposes an interoperable model called CoBI, which allows individual or multi-factor authentication and identi cation to take place. The model provides a platform for any viable biosignal that can be used for the purposes of identi cation and authentication, by providing pluggable sensor and signal processing components. These components can then convert biosignals into a common format, a feature vector consisting of estimated autoregressive (AR) coe cients. Once they are in a common format they can then be merged together to form a consolidated feature vector using feature fusion. This consolidated feature vector can then be persisted during enrolment or passed further for matching using classi cation techniques, such as K-Nearest Neighbour. The results, from the comprehensive benchmark performed (called BAMBI) on an implemented version of the model (called CaNViS), have shown that biological signals that contain cardiac and neurological components (ie. from an electrocardiogram (ECG) and electroencephalogram (EEG), respectively) can be captured, processed, consolidated and classi ed using the CoBI model successfully. By utilising the correct AR model order during feature estimation for the cardiac and neurological components, along with the appropriate classi er for matching, the biometric system yields nominal results for authentication and identi cation in access control environments.
- Full Text:
- Authors: Van der Haar, Dustin Terence
- Date: 2014-10-13
- Subjects: Computers - Access control , Biometric identification , Biosensors
- Type: Thesis
- Identifier: http://ujcontent.uj.ac.za8080/10210/364585 , uj:12604 , http://hdl.handle.net/10210/12392
- Description: Ph.D. (Computer Science) , The introduction of new portable sensors that monitor physiological systems in the human body has allowed quality of life and medical diagnostic applications to be taken directly to the user, without the constraints of physical space or inconvenience. The potential of these sensors in the domain of authentication and identi cation is becoming more feasible each day and current research in these biometric systems show a great deal of promise. Novel biometric systems are being introduced that use biological signals (also known as biosignals) in the human body captured by these sensors (such as brain waves or heart rate) as the core unique attribute. The study builds on the proliferation of these sensors and proposes an interoperable model called CoBI, which allows individual or multi-factor authentication and identi cation to take place. The model provides a platform for any viable biosignal that can be used for the purposes of identi cation and authentication, by providing pluggable sensor and signal processing components. These components can then convert biosignals into a common format, a feature vector consisting of estimated autoregressive (AR) coe cients. Once they are in a common format they can then be merged together to form a consolidated feature vector using feature fusion. This consolidated feature vector can then be persisted during enrolment or passed further for matching using classi cation techniques, such as K-Nearest Neighbour. The results, from the comprehensive benchmark performed (called BAMBI) on an implemented version of the model (called CaNViS), have shown that biological signals that contain cardiac and neurological components (ie. from an electrocardiogram (ECG) and electroencephalogram (EEG), respectively) can be captured, processed, consolidated and classi ed using the CoBI model successfully. By utilising the correct AR model order during feature estimation for the cardiac and neurological components, along with the appropriate classi er for matching, the biometric system yields nominal results for authentication and identi cation in access control environments.
- Full Text:
Die ontwikkeling en implementering van 'n formele model vir logiese toegangsbeheer in rekenaarstelsels
- Authors: Edwards, Norman Godfrey
- Date: 2014-03-25
- Subjects: Computers - Access control , Data protection
- Type: Thesis
- Identifier: http://ujcontent.uj.ac.za8080/10210/383727 , uj:4470 , http://hdl.handle.net/10210/9810
- Description: M.Com. (Computer Science) , The area covered in this study is that of logical security models. A logical security model refers to the formal representation of a security policy which allows the subsequent movement of rights between subjects and objects in a system. The best way to illustrate the goal of this study, is with the following abstract from the submitted article, which originated from this study. 'The original protection graph rewriting grammar used to simulate the different operations of the Take/Grant model is reviewed. The productions of the PGR-grammar is then expanded, by adding a new context which is based on the different security classes found in the Bell Grid LaPadula model [14].' The first goal of this study was to take the Take/Grant security -model and expand it. This expansion included the concept of assigning a different security class to each subject and object in the model. This concept was derived from the Bell and LaPadula model as discussed in chapter 2 of this study. The next goal that was defined, was to expand the PGR-grammar of [28], so that it would also be able to simulate .the operations of this expanded Take/Grant model. The .PGR-grammar consisted of different permitting and forbidding node and edge contexts. This PGR-grammar was expanded by adding an additional context to the formal representation. This expansion is explained in detail in chapter 5 of this study. The third goal was to take the expansions, mentioned above, and implement them in a computer system. This computer system had to make use of an expert. system in order to reach certain conclusions. Each of the operations of the Take/Grant model must be evaluated, to determine whether that rule can be applied or not. The use of the expert system is explained in chapters 6 and 7 of this study. This study consists out of eight chapters in the following order. Chapter 2 starts of with an introduction of some of the most important logical security models. This chapter gives the reader background knowledge of the different models available, which is essential for the rest of the study. This chapter, however, does not discuss the Take/Grant model in detail. This is done in chapter 3 of the study. In this chapter the Take Grant model is discussed as a major input to this study. The Send Receive model is also discussed as a variation of the Take/Grant model. In the last section of the chapter a comparison is drawn between these two models. Chapter 4 formalizes the Take/Grant model. The protection graph rewriting grammar (PGR-grammar), which is used to simulate the different operations of the Take/Grant model, is introduced...
- Full Text:
- Authors: Edwards, Norman Godfrey
- Date: 2014-03-25
- Subjects: Computers - Access control , Data protection
- Type: Thesis
- Identifier: http://ujcontent.uj.ac.za8080/10210/383727 , uj:4470 , http://hdl.handle.net/10210/9810
- Description: M.Com. (Computer Science) , The area covered in this study is that of logical security models. A logical security model refers to the formal representation of a security policy which allows the subsequent movement of rights between subjects and objects in a system. The best way to illustrate the goal of this study, is with the following abstract from the submitted article, which originated from this study. 'The original protection graph rewriting grammar used to simulate the different operations of the Take/Grant model is reviewed. The productions of the PGR-grammar is then expanded, by adding a new context which is based on the different security classes found in the Bell Grid LaPadula model [14].' The first goal of this study was to take the Take/Grant security -model and expand it. This expansion included the concept of assigning a different security class to each subject and object in the model. This concept was derived from the Bell and LaPadula model as discussed in chapter 2 of this study. The next goal that was defined, was to expand the PGR-grammar of [28], so that it would also be able to simulate .the operations of this expanded Take/Grant model. The .PGR-grammar consisted of different permitting and forbidding node and edge contexts. This PGR-grammar was expanded by adding an additional context to the formal representation. This expansion is explained in detail in chapter 5 of this study. The third goal was to take the expansions, mentioned above, and implement them in a computer system. This computer system had to make use of an expert. system in order to reach certain conclusions. Each of the operations of the Take/Grant model must be evaluated, to determine whether that rule can be applied or not. The use of the expert system is explained in chapters 6 and 7 of this study. This study consists out of eight chapters in the following order. Chapter 2 starts of with an introduction of some of the most important logical security models. This chapter gives the reader background knowledge of the different models available, which is essential for the rest of the study. This chapter, however, does not discuss the Take/Grant model in detail. This is done in chapter 3 of the study. In this chapter the Take Grant model is discussed as a major input to this study. The Send Receive model is also discussed as a variation of the Take/Grant model. In the last section of the chapter a comparison is drawn between these two models. Chapter 4 formalizes the Take/Grant model. The protection graph rewriting grammar (PGR-grammar), which is used to simulate the different operations of the Take/Grant model, is introduced...
- Full Text:
Evaluation of access control within the Millennium software package
- Authors: Van Rooyen, J.
- Date: 2014-09-23
- Subjects: Auditing - Data processing , Auditing - Access control , Computers - Access control
- Type: Thesis
- Identifier: http://ujcontent.uj.ac.za8080/10210/375415 , uj:12372 , http://hdl.handle.net/10210/12156
- Description: M.Com. (Accounting) , Please refer to full text to view abstract
- Full Text:
- Authors: Van Rooyen, J.
- Date: 2014-09-23
- Subjects: Auditing - Data processing , Auditing - Access control , Computers - Access control
- Type: Thesis
- Identifier: http://ujcontent.uj.ac.za8080/10210/375415 , uj:12372 , http://hdl.handle.net/10210/12156
- Description: M.Com. (Accounting) , Please refer to full text to view abstract
- Full Text:
Information security in the client/server environment
- Authors: Botha, Reinhardt A
- Date: 2012-08-23
- Subjects: Client/server computing , Data protection , Computers - Access control
- Type: Thesis
- Identifier: uj:3117 , http://hdl.handle.net/10210/6538
- Description: M.Sc. (Computer Science) , Client/Server computing is currently one of the buzzwords in the computer industry. The client/server environment can be defined as an open systems environment. This openness of the client/server environment makes it a very popular environment to operate in. As information are exceedingly accessed in a client/server manner certain security issues arise. In order to address this definite need for a secure client/server environment it is necessary to firstly define the client/server environment. This is accomplished through defining three possible ways to partition programs within the client/server environment. Security, or secure systems, have a different meaning for different people. This dissertation defines six attributes of information that should be maintained in order to have secure information. For certain environments some of these attributes may be unnecessary or of lesser importance. Different security techniques and measures are discussed and classified in terms of the client/server partitions and the security attributes that are maintained by them. This is presented in the form of a matrix and provides an easy reference to decide on security measures in the client/server environment in order to protect a specific aspect of the information. The importance of a security policy and more specifically the influence of the client/server environment on such a policy are discussed and it is demonstrated that the framework can assist in drawing up a security policy for a client/server environment. This dissertation furthermore defines an electronic document .management system as a case study. It is shown that the client/server environment is a suitable environment for such a system. The security needs and problems are identified and classified in terms of the security attributes. Solutions to the problems are discussed in order to provide a reasonably secure electronic document management system environment.
- Full Text:
- Authors: Botha, Reinhardt A
- Date: 2012-08-23
- Subjects: Client/server computing , Data protection , Computers - Access control
- Type: Thesis
- Identifier: uj:3117 , http://hdl.handle.net/10210/6538
- Description: M.Sc. (Computer Science) , Client/Server computing is currently one of the buzzwords in the computer industry. The client/server environment can be defined as an open systems environment. This openness of the client/server environment makes it a very popular environment to operate in. As information are exceedingly accessed in a client/server manner certain security issues arise. In order to address this definite need for a secure client/server environment it is necessary to firstly define the client/server environment. This is accomplished through defining three possible ways to partition programs within the client/server environment. Security, or secure systems, have a different meaning for different people. This dissertation defines six attributes of information that should be maintained in order to have secure information. For certain environments some of these attributes may be unnecessary or of lesser importance. Different security techniques and measures are discussed and classified in terms of the client/server partitions and the security attributes that are maintained by them. This is presented in the form of a matrix and provides an easy reference to decide on security measures in the client/server environment in order to protect a specific aspect of the information. The importance of a security policy and more specifically the influence of the client/server environment on such a policy are discussed and it is demonstrated that the framework can assist in drawing up a security policy for a client/server environment. This dissertation furthermore defines an electronic document .management system as a case study. It is shown that the client/server environment is a suitable environment for such a system. The security needs and problems are identified and classified in terms of the security attributes. Solutions to the problems are discussed in order to provide a reasonably secure electronic document management system environment.
- Full Text:
Maxima a model for constructing an online identity model of a user using identity fragments
- Authors: Blauw, Frans Frederik
- Date: 2020
- Subjects: Computers - Access control , Computer security , Cryptography
- Language: English
- Type: Doctoral (Thesis)
- Identifier: http://hdl.handle.net/10210/458379 , uj:40712
- Description: Abstract: Please refer to full text to view abstract. , Ph.D. (Computer Science)
- Full Text:
- Authors: Blauw, Frans Frederik
- Date: 2020
- Subjects: Computers - Access control , Computer security , Cryptography
- Language: English
- Type: Doctoral (Thesis)
- Identifier: http://hdl.handle.net/10210/458379 , uj:40712
- Description: Abstract: Please refer to full text to view abstract. , Ph.D. (Computer Science)
- Full Text:
MOFAC : model for fine grained access control
- Authors: Von Solms, Johan Sebastiaan
- Date: 2014-09-11
- Subjects: Computers - Access control , Computer security
- Type: Thesis
- Identifier: uj:12272 , http://hdl.handle.net/10210/12035
- Description: M.Sc. (Computer Science) , Computer security is a key component in any computer system. Traditionally computers were not connected to one another. This centralized configuration made the implementation of computer security a relatively easy task. The closed nature of the system limited the number of unknown factors that could cause security breaches. The users and their access rights were generally well defined and the system was protected from outside threats through simple, yet effective control measures. The evolution of network environments changed the computer environment and in effect also computer security. It became more difficult to implement protection measures because the nature of the environment changed from closed to open. New defenses had to be developed for security issues like unknown parameters, increased points of attack, unknown paths of information etc. Businesses and the general public today depend on network systems and no person can ignore these and other related security problems. The widespread publicity of attacks, and better customer awareness on security issues, created a need for new solutions for computer security. Security organisations, businesses and universities are addressing these problems through the development of security standards and security solutions.Today computer systems are becoming more "safe" through new products such as encryption and decryption algorithms, single-sign on password facilities, biometrics systems, smart cards, firewalls etc. Another important security consideration is Access Control. Access Control is responsible for controlling the actions of users to resources.
- Full Text:
- Authors: Von Solms, Johan Sebastiaan
- Date: 2014-09-11
- Subjects: Computers - Access control , Computer security
- Type: Thesis
- Identifier: uj:12272 , http://hdl.handle.net/10210/12035
- Description: M.Sc. (Computer Science) , Computer security is a key component in any computer system. Traditionally computers were not connected to one another. This centralized configuration made the implementation of computer security a relatively easy task. The closed nature of the system limited the number of unknown factors that could cause security breaches. The users and their access rights were generally well defined and the system was protected from outside threats through simple, yet effective control measures. The evolution of network environments changed the computer environment and in effect also computer security. It became more difficult to implement protection measures because the nature of the environment changed from closed to open. New defenses had to be developed for security issues like unknown parameters, increased points of attack, unknown paths of information etc. Businesses and the general public today depend on network systems and no person can ignore these and other related security problems. The widespread publicity of attacks, and better customer awareness on security issues, created a need for new solutions for computer security. Security organisations, businesses and universities are addressing these problems through the development of security standards and security solutions.Today computer systems are becoming more "safe" through new products such as encryption and decryption algorithms, single-sign on password facilities, biometrics systems, smart cards, firewalls etc. Another important security consideration is Access Control. Access Control is responsible for controlling the actions of users to resources.
- Full Text:
MOSS : a model for open system security
- Van Zyl, Pieter Willem Jordaan
- Authors: Van Zyl, Pieter Willem Jordaan
- Date: 2012-09-12
- Subjects: Computer security - South Africa , Computer networks - Security measures , Security systems - Models. , Computers - Access control
- Type: Thesis
- Identifier: uj:10276 , http://hdl.handle.net/10210/7645
- Description: Ph.D , This thesis looks at current security problems within open system environments, that is security problems within heterogeneous computer system environments that are interconnected via computer networks. Thereafter two security models, Kerberos and the Path Context Model, are considered together with their respective ability to address these security problems. Using concepts of the Path Context Model, a new security model, called MOSS (Model for Open System Security), is developed and it is shown how MOSS can address all the security problems identified. Two possible implementations of MOSS are then considered: the one is based on the concept of Static Security Agents (SSAs) for contemporary open system environments, and the other is based on the concept of Roaming Security Agents (RSAs) for object orientated open system environments. The research is concluded with a summary of possible future research considerations
- Full Text:
- Authors: Van Zyl, Pieter Willem Jordaan
- Date: 2012-09-12
- Subjects: Computer security - South Africa , Computer networks - Security measures , Security systems - Models. , Computers - Access control
- Type: Thesis
- Identifier: uj:10276 , http://hdl.handle.net/10210/7645
- Description: Ph.D , This thesis looks at current security problems within open system environments, that is security problems within heterogeneous computer system environments that are interconnected via computer networks. Thereafter two security models, Kerberos and the Path Context Model, are considered together with their respective ability to address these security problems. Using concepts of the Path Context Model, a new security model, called MOSS (Model for Open System Security), is developed and it is shown how MOSS can address all the security problems identified. Two possible implementations of MOSS are then considered: the one is based on the concept of Static Security Agents (SSAs) for contemporary open system environments, and the other is based on the concept of Roaming Security Agents (RSAs) for object orientated open system environments. The research is concluded with a summary of possible future research considerations
- Full Text:
Objek-georiënteerde en rolgebaseerde verspreide inligtingsekerheid in 'n oop transaksieverwerking omgewing
- Authors: Van der Merwe, Jacobus
- Date: 2014-10-07
- Subjects: Computers - Access control , Data protection , Computer security , Object-oriented databases - Security measures
- Type: Thesis
- Identifier: uj:12539 , http://hdl.handle.net/10210/12332
- Description: M.Sc. (Computer Science) , Information is a valuable resource in any organisation and more and more organisations are realising this and want efficient means to protect it against disclosure, modification or destruction. Although relatively efficient security methods have been available almost as long as information databases, they all provide additional cost. This cost does not only involve money but also cost in terms of system performance and management of information security. Any new information security model must also provide better management of information security. In this dissertation we present a model that provides information security and aims to lower the technical skills required to manage information security using this approach. In any business organisation we can describe each employee's duties. Put in other words, we can say that each employee has a specific business role in the organisation. In organisations with many employees there are typically many employees that have more or less the same duties in the organisation. This means that employees can be grouped according to their business roles. We use an employee's role as a description of his/her duties in a business organisation. ' Each role needs resources to perform its duties in the organisation. In terms of computer systems, each role needs computer resources such as printers. Most roles need access to data files in the organisation's database but it is not desirable to give all roles access to all data files. It is obvious that roles have specific privileges and restrictions in terms of information resources. Information security can be achieved by identifying the business roles in an organisation and giving these roles only the privileges needed to fulfill their business function and then assigning these roles to people (users of the organisation's computer system). This is called role-based security. People's business functions are related, for example clerks and clerk-managers are related in the sense that a clerk-manager is a manager of clerks. Business roles are related in the same way. For an information security manager to assign roles to users it is important to see this relationship between roles. In this dissertation we present this relationship using a lattice graph which we call a role lattice. The main advantage of this is that it is eases information security management...
- Full Text:
- Authors: Van der Merwe, Jacobus
- Date: 2014-10-07
- Subjects: Computers - Access control , Data protection , Computer security , Object-oriented databases - Security measures
- Type: Thesis
- Identifier: uj:12539 , http://hdl.handle.net/10210/12332
- Description: M.Sc. (Computer Science) , Information is a valuable resource in any organisation and more and more organisations are realising this and want efficient means to protect it against disclosure, modification or destruction. Although relatively efficient security methods have been available almost as long as information databases, they all provide additional cost. This cost does not only involve money but also cost in terms of system performance and management of information security. Any new information security model must also provide better management of information security. In this dissertation we present a model that provides information security and aims to lower the technical skills required to manage information security using this approach. In any business organisation we can describe each employee's duties. Put in other words, we can say that each employee has a specific business role in the organisation. In organisations with many employees there are typically many employees that have more or less the same duties in the organisation. This means that employees can be grouped according to their business roles. We use an employee's role as a description of his/her duties in a business organisation. ' Each role needs resources to perform its duties in the organisation. In terms of computer systems, each role needs computer resources such as printers. Most roles need access to data files in the organisation's database but it is not desirable to give all roles access to all data files. It is obvious that roles have specific privileges and restrictions in terms of information resources. Information security can be achieved by identifying the business roles in an organisation and giving these roles only the privileges needed to fulfill their business function and then assigning these roles to people (users of the organisation's computer system). This is called role-based security. People's business functions are related, for example clerks and clerk-managers are related in the sense that a clerk-manager is a manager of clerks. Business roles are related in the same way. For an information security manager to assign roles to users it is important to see this relationship between roles. In this dissertation we present this relationship using a lattice graph which we call a role lattice. The main advantage of this is that it is eases information security management...
- Full Text:
Secure object-oriented databases
- Authors: Olivier, Martin Stephanus
- Date: 2014-10-07
- Subjects: Object-oriented databases - Security measures , Computers - Access control
- Type: Thesis
- Identifier: uj:12538 , http://hdl.handle.net/10210/12331
- Description: D.Phil. (Computer Science) , The need for security in a database is obvious. Object-orientation enables databases to be used in applications where other database models are not adequate. It is thus clear that security of object-oriented databases must be investigated...
- Full Text:
- Authors: Olivier, Martin Stephanus
- Date: 2014-10-07
- Subjects: Object-oriented databases - Security measures , Computers - Access control
- Type: Thesis
- Identifier: uj:12538 , http://hdl.handle.net/10210/12331
- Description: D.Phil. (Computer Science) , The need for security in a database is obvious. Object-orientation enables databases to be used in applications where other database models are not adequate. It is thus clear that security of object-oriented databases must be investigated...
- Full Text:
The automatic generation of information security profiles
- Authors: Pottas, Dalenca
- Date: 2014-10-07
- Subjects: Computers - Access control , Data protection , Computer security
- Type: Thesis
- Identifier: uj:12540 , http://hdl.handle.net/10210/12333
- Description: D.Phil. (Computer Science) , Security needs have changed considerably in the past decade as the economics of computer usage necessitates increased business reliance on computers. As more individuals need computers to perform their jobs, more detailed security controls are needed to offset the risk inherent in granting more people access to computer systems. Traditionally, computer security administrators have been tasked with configuring' , security systems by setting controls on the actions of users. This basically entails the compilation of access rules (contained in security profiles), which state who can access what resources in what way. The task of building these rules is of considerable magnitude and is in general not well understood. Adhoc approaches, characterized by exhaustive interviewing and endless printouts of organizational data repositories, are usually followed. In the end, too much is left to the discretion of the security administrators...
- Full Text:
- Authors: Pottas, Dalenca
- Date: 2014-10-07
- Subjects: Computers - Access control , Data protection , Computer security
- Type: Thesis
- Identifier: uj:12540 , http://hdl.handle.net/10210/12333
- Description: D.Phil. (Computer Science) , Security needs have changed considerably in the past decade as the economics of computer usage necessitates increased business reliance on computers. As more individuals need computers to perform their jobs, more detailed security controls are needed to offset the risk inherent in granting more people access to computer systems. Traditionally, computer security administrators have been tasked with configuring' , security systems by setting controls on the actions of users. This basically entails the compilation of access rules (contained in security profiles), which state who can access what resources in what way. The task of building these rules is of considerable magnitude and is in general not well understood. Adhoc approaches, characterized by exhaustive interviewing and endless printouts of organizational data repositories, are usually followed. In the end, too much is left to the discretion of the security administrators...
- Full Text:
- «
- ‹
- 1
- ›
- »