Report: Security Architectures and System Administration - ICT379
VerifiedAdded on 2022/09/18
|12
|3084
|24
Report
AI Summary
This report delves into the realms of security architectures and system administration, structured into two primary sections. The initial segment explores methods for managing user credentials, detailing authentication and authorization processes. It examines the components involved in verifying user identity within a system, along with the operational mechanics of access control and the underlying mechanisms supporting it. The second part shifts focus to scenarios where an attacker gains system control, including administrator access, leading to an analysis of security architecture failures. It provides a description of the security architecture and discusses its inherent weaknesses, concluding with an overview of potential solutions and alternative architectural designs aimed at maintaining security goals. The report covers topics like discretionary and mandatory access control, client-side and server-side vulnerabilities, and the importance of robust security architecture design.
Running head: SECURITY ARCHITECTURES AND SYSTEM ADMINISTRATION
SECURITY ARCHITECTURES AND SYSTEM ADMINISTRATION
Name of the Student
Name of the University
Author Note
SECURITY ARCHITECTURES AND SYSTEM ADMINISTRATION
Name of the Student
Name of the University
Author Note
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1SECURITY ARCHITECTURES AND SYSTEM ADMINISTRATION
Executive Summary
The report deals with the security architectures and system administration. The report
consists of two parts. The first part of the report deals with the attacker tying to get access to
the document. The report focuses on the ways to handle the credentials of the user. The report
discusses about the components of the system that verifies the identity of the user. The first
part of the report also deals with the access control mechanisms and the low-level security
mechanisms.
The second part of the report deals with attacker gaining access to the document and the
access of the administrator. The report discusses about the failure of the architecture that was
discussed above. The report focuses on the description of the security architecture and the
discussion about the weaknesses of the security architecture.
Executive Summary
The report deals with the security architectures and system administration. The report
consists of two parts. The first part of the report deals with the attacker tying to get access to
the document. The report focuses on the ways to handle the credentials of the user. The report
discusses about the components of the system that verifies the identity of the user. The first
part of the report also deals with the access control mechanisms and the low-level security
mechanisms.
The second part of the report deals with attacker gaining access to the document and the
access of the administrator. The report discusses about the failure of the architecture that was
discussed above. The report focuses on the description of the security architecture and the
discussion about the weaknesses of the security architecture.
2SECURITY ARCHITECTURES AND SYSTEM ADMINISTRATION
Table of Contents
Introduction:...............................................................................................................................3
Discussions.................................................................................................................................3
Part I...........................................................................................................................................3
Ways to handle User Credentials...........................................................................................3
The components involved in verifying user’s identity...........................................................4
Operation of access control mechanism.................................................................................5
The mechanism that underpin access control.........................................................................6
Part II..........................................................................................................................................6
Architecture fail.....................................................................................................................6
Security Architecture.............................................................................................................7
Weakness of the architecture.................................................................................................8
Conclusion..................................................................................................................................9
References................................................................................................................................10
Table of Contents
Introduction:...............................................................................................................................3
Discussions.................................................................................................................................3
Part I...........................................................................................................................................3
Ways to handle User Credentials...........................................................................................3
The components involved in verifying user’s identity...........................................................4
Operation of access control mechanism.................................................................................5
The mechanism that underpin access control.........................................................................6
Part II..........................................................................................................................................6
Architecture fail.....................................................................................................................6
Security Architecture.............................................................................................................7
Weakness of the architecture.................................................................................................8
Conclusion..................................................................................................................................9
References................................................................................................................................10
You're viewing a preview
Unlock full access by subscribing today!
3SECURITY ARCHITECTURES AND SYSTEM ADMINISTRATION
Introduction:
System administration is the area of work where someone manages more than
systems. The system can be a hardware, software, workstations or servers (Jain,2018). The
goal is to make sure that the systems are working effectively and efficiently. The report
consists of two parts. The first part of the report says that an attacker wants to view the
contents of a specific Microsoft Word document file in which the attacker does not have any
access. It can be assumed that the there are no vulnerabilities that can exploited. The attacker
has a non-privileged account on the system. The system access control does not permit the
attacker to access the file. The report deals with the security mechanisms that the windows
execute to prevent the attacker from achieving the aim. The report has a brief discussion of
the low-level mechanisms that protects the operating system.
The second part of the report says that the attacker has gained the control over the
system and has gained the administrator access. The second part of the report discusses about
the security failure of the system and the reasons for the failure. The report also focuses on
the alternative security architecture that will continue to achieve the security goal.
Discussions
Part I
Ways to handle User Credentials
The credentials of the user are the password and the username. The credentials of the
user are the most essential to a user. If the credentials are leaked then the attacker will be able
to login with credentials. There are different ways to handle the user credentials. The ways
are:
Introduction:
System administration is the area of work where someone manages more than
systems. The system can be a hardware, software, workstations or servers (Jain,2018). The
goal is to make sure that the systems are working effectively and efficiently. The report
consists of two parts. The first part of the report says that an attacker wants to view the
contents of a specific Microsoft Word document file in which the attacker does not have any
access. It can be assumed that the there are no vulnerabilities that can exploited. The attacker
has a non-privileged account on the system. The system access control does not permit the
attacker to access the file. The report deals with the security mechanisms that the windows
execute to prevent the attacker from achieving the aim. The report has a brief discussion of
the low-level mechanisms that protects the operating system.
The second part of the report says that the attacker has gained the control over the
system and has gained the administrator access. The second part of the report discusses about
the security failure of the system and the reasons for the failure. The report also focuses on
the alternative security architecture that will continue to achieve the security goal.
Discussions
Part I
Ways to handle User Credentials
The credentials of the user are the password and the username. The credentials of the
user are the most essential to a user. If the credentials are leaked then the attacker will be able
to login with credentials. There are different ways to handle the user credentials. The ways
are:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4SECURITY ARCHITECTURES AND SYSTEM ADMINISTRATION
Authentication: Authentication is the validation of the credentials such as the password
and the username to validate the identity of a user (Seitz et al., 2017). The system then
checks about the user. In a private or public network, the system verifies the identity of
the user through the password and the username.
Authorization: Authorization happens after the identity of the user is authenticated
successfully by the system (Jøsang, 2017). It gives the full access to the resources like the
files, database and funds. The authorization verifies the rights of the user to allow access
only to the resources after checking all the required credentials (Faber, Schwab &
Wroclawski, 2016). The authorization and the authentication are an important aspect of
the security.
The components involved in verifying user’s identity
Identity management is the process that is followed by companies for authenticating,
identifying and authorizing people in order to have entry to the various networks and
applications by rights of the user and restrictions with the identities that are established
(Giessner, Horton & Humborstad, 2016). The identity management includes authentication of
the users and they determine if they are permitted access to a system. The Id management
works with the identity access management systems. The identity management focuses on the
authentication while the access management focuses on the authorization. The goal of the
identity management is to make sure that only the users that are authenticated are given entry
to the applications that are specific. This includes control over the provisioning of the user
and the procedure of new users’ onboarding such as the partners, clients and the employees
(Indu, Anand & Bhaskar, 2018). The identity management also includes command over the
procedure of the system of authorizing or the permissions of the network for the users that are
existing and the users that are no longer authorized to enter the system of an organization.
The IAM services consist of the following service components. The components are:
Authentication: Authentication is the validation of the credentials such as the password
and the username to validate the identity of a user (Seitz et al., 2017). The system then
checks about the user. In a private or public network, the system verifies the identity of
the user through the password and the username.
Authorization: Authorization happens after the identity of the user is authenticated
successfully by the system (Jøsang, 2017). It gives the full access to the resources like the
files, database and funds. The authorization verifies the rights of the user to allow access
only to the resources after checking all the required credentials (Faber, Schwab &
Wroclawski, 2016). The authorization and the authentication are an important aspect of
the security.
The components involved in verifying user’s identity
Identity management is the process that is followed by companies for authenticating,
identifying and authorizing people in order to have entry to the various networks and
applications by rights of the user and restrictions with the identities that are established
(Giessner, Horton & Humborstad, 2016). The identity management includes authentication of
the users and they determine if they are permitted access to a system. The Id management
works with the identity access management systems. The identity management focuses on the
authentication while the access management focuses on the authorization. The goal of the
identity management is to make sure that only the users that are authenticated are given entry
to the applications that are specific. This includes control over the provisioning of the user
and the procedure of new users’ onboarding such as the partners, clients and the employees
(Indu, Anand & Bhaskar, 2018). The identity management also includes command over the
procedure of the system of authorizing or the permissions of the network for the users that are
existing and the users that are no longer authorized to enter the system of an organization.
The IAM services consist of the following service components. The components are:
5SECURITY ARCHITECTURES AND SYSTEM ADMINISTRATION
Authentication services consisting of the single sign-on, session and token management
and multifactor authentication.
The authorization services consist of the roles, rules, attributes and the privileged access.
The user management services consist of the provisioning, deprovisioning, self-service
and the delegation.
Operation of access control mechanism
A mechanism of access control is a way to safeguard the security by preventing and
detecting the entry that is unauthorized (Hu et al., 2015). The access control mechanism
permits the access that is authorized in a system that is automated. There are two various
types of user based, host based and mechanism of access control.
A mechanism that is user based allows the user to give explicit access to a specific
user or a host machine. The client of the uses gives the data of authorization to a server. If the
data matches with the authorization data to that of the server, the user is given the entry.
A host-based mechanism is for the general-purpose. This is type of mechanism that
enables the user to give access to a host that is specific, in which the users on that host can
connect to the server. A host-based mechanism is a weak form of the access control. If the
host has the entry to the server then the users that are on that host are permitted to connect to
the server.
There are also various types of access control methods that are used for the access
control. The basic access control methods that are relevant to the case study of the report are:
Discretionary access control: The access control of the discretionary is a way of
restricting the entry to the objects that are based on the subjects of identity that try to
enter them (Sandhu, 2015). The common example is the permission mechanisms that are
Authentication services consisting of the single sign-on, session and token management
and multifactor authentication.
The authorization services consist of the roles, rules, attributes and the privileged access.
The user management services consist of the provisioning, deprovisioning, self-service
and the delegation.
Operation of access control mechanism
A mechanism of access control is a way to safeguard the security by preventing and
detecting the entry that is unauthorized (Hu et al., 2015). The access control mechanism
permits the access that is authorized in a system that is automated. There are two various
types of user based, host based and mechanism of access control.
A mechanism that is user based allows the user to give explicit access to a specific
user or a host machine. The client of the uses gives the data of authorization to a server. If the
data matches with the authorization data to that of the server, the user is given the entry.
A host-based mechanism is for the general-purpose. This is type of mechanism that
enables the user to give access to a host that is specific, in which the users on that host can
connect to the server. A host-based mechanism is a weak form of the access control. If the
host has the entry to the server then the users that are on that host are permitted to connect to
the server.
There are also various types of access control methods that are used for the access
control. The basic access control methods that are relevant to the case study of the report are:
Discretionary access control: The access control of the discretionary is a way of
restricting the entry to the objects that are based on the subjects of identity that try to
enter them (Sandhu, 2015). The common example is the permission mechanisms that are
You're viewing a preview
Unlock full access by subscribing today!
6SECURITY ARCHITECTURES AND SYSTEM ADMINISTRATION
accepted by the owner. The owner decides which users and the privileges they enter the
objects of the owner. This access mechanism is present in most of the operating system.
Mandatory access control: The access control of the mandatory does not have the
privilege to decide who can access the files. In this method, the operating system makes
the decision by overriding the wishes of the user. In this every object and subject are
assigned and classified with a label of security (Sánchez, Demurjian & Gnirke, 2017).
The labels of the security and the subject and the object along the policy of security
determine whether a person can access the files. The mechanism that underpin access
control
The mechanisms that underpin the access control are the system server of the access
control and the badging server.
The access control system server runs the software (Servos & Osborn, 2018). It can
have many servers in one machine or it can be distributed among many machines. This server
is responsible for the access to and tracking the traffic in the areas that are secure. It has a
database of the holders of the credentials and the level of their access.
The badging server is the server where the personnel data that is authorized is kept.
The server will then process the data and the credentials. The employee gets a badge with lots
of information encoded in them. The badging server is networked with the ACS servers. The
badges then can be updated in the database of the ACS server.
Part II
Architecture fail
The access control architecture that is discussed in part I will fail due to the following
reasons:
accepted by the owner. The owner decides which users and the privileges they enter the
objects of the owner. This access mechanism is present in most of the operating system.
Mandatory access control: The access control of the mandatory does not have the
privilege to decide who can access the files. In this method, the operating system makes
the decision by overriding the wishes of the user. In this every object and subject are
assigned and classified with a label of security (Sánchez, Demurjian & Gnirke, 2017).
The labels of the security and the subject and the object along the policy of security
determine whether a person can access the files. The mechanism that underpin access
control
The mechanisms that underpin the access control are the system server of the access
control and the badging server.
The access control system server runs the software (Servos & Osborn, 2018). It can
have many servers in one machine or it can be distributed among many machines. This server
is responsible for the access to and tracking the traffic in the areas that are secure. It has a
database of the holders of the credentials and the level of their access.
The badging server is the server where the personnel data that is authorized is kept.
The server will then process the data and the credentials. The employee gets a badge with lots
of information encoded in them. The badging server is networked with the ACS servers. The
badges then can be updated in the database of the ACS server.
Part II
Architecture fail
The access control architecture that is discussed in part I will fail due to the following
reasons:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7SECURITY ARCHITECTURES AND SYSTEM ADMINISTRATION
Vertical: It allows the various types of users to enter the various parts of the
applications’ functions. This involves a division between the users that are ordinary and the
administrator.
Horizontal: it allows the users to enter some subset that is of wider range of the
resources that is of the same type.
Context-depended: It is making sure that the access of the user is restricted to the
given state of the current app.
Under these categories, three common attacks will make the architecture to fail.
The first attack is the escalation of the vertical privilege. It occurs when the user can
perform certain functions that the role assigned to him does not permit.
The escalation of the horizontal privilege is the second case. It occurs when an user
modifies or view the resources of the other users with the role that is same to which he is
not titled.
The last attack is the business logic exploitation. The user can exploit the flaws in the
state machine of the application for gaining the access to the resource that is key.
The access control architecture can also fail due to bypass the access control checks to
modify the URL, application of the internal state, or the page of HTML or using a API attack
tool that is custom (Boulares, Adi & Logrippo, 2016).
Another reason can be to allow the primary key to be changed to the record of another
user, viewing permitting or to edit someone else’s account.
Security Architecture
The security architecture is a design of security that addresses the risks and the
necessities that are involved in an environment (Souissi, Sliman & Charroux, 2016). It also
Vertical: It allows the various types of users to enter the various parts of the
applications’ functions. This involves a division between the users that are ordinary and the
administrator.
Horizontal: it allows the users to enter some subset that is of wider range of the
resources that is of the same type.
Context-depended: It is making sure that the access of the user is restricted to the
given state of the current app.
Under these categories, three common attacks will make the architecture to fail.
The first attack is the escalation of the vertical privilege. It occurs when the user can
perform certain functions that the role assigned to him does not permit.
The escalation of the horizontal privilege is the second case. It occurs when an user
modifies or view the resources of the other users with the role that is same to which he is
not titled.
The last attack is the business logic exploitation. The user can exploit the flaws in the
state machine of the application for gaining the access to the resource that is key.
The access control architecture can also fail due to bypass the access control checks to
modify the URL, application of the internal state, or the page of HTML or using a API attack
tool that is custom (Boulares, Adi & Logrippo, 2016).
Another reason can be to allow the primary key to be changed to the record of another
user, viewing permitting or to edit someone else’s account.
Security Architecture
The security architecture is a design of security that addresses the risks and the
necessities that are involved in an environment (Souissi, Sliman & Charroux, 2016). It also
8SECURITY ARCHITECTURES AND SYSTEM ADMINISTRATION
specifies the areas to apply the controls of the security. The process of the design is
reproducible.
In the architecture of security, the principles of design are clearly reported and in-
depth specifications of the depth security and are generally documented in the documents that
are generally independent (Al-Ayyoub et al., 2015). The architecture of the system can be a
design that includes the structure and then addresses the connection between the components
of the structure.
The main functions of the security architecture are:
The dependencies and the relationships: It signifies the relationship between the different
components inside the architecture of information technology.
Benefits: The advantages of the architecture of security are the standardization. It makes
the security architecture affordable.
Form: The security architecture is related with the It architecture. It has different forms
generally the catalog of the controls that are conventional.
Drivers: The controls of the security are based on four various factors risk management,
financial, legal and regulatory and the good practice and benchmarking.
Weakness of the architecture
There is no network architecture that is immune to the intrusion that is unwanted.
Very good security architecture can go a very long way (Yoo, & Shon, 2016). Due to the
sophisticated tools of hacking, the exploitation of the vulnerabilities can lead to unauthorized
access. The weakness of the security architecture is:
Client side weakness: In client server architecture, the client communicates with the
server (Santos, Tarrit & Mirakhorli, 2017). The client side weakness can arise due to
inadequate authorization and authentication on the side of the server. Most of the time,
specifies the areas to apply the controls of the security. The process of the design is
reproducible.
In the architecture of security, the principles of design are clearly reported and in-
depth specifications of the depth security and are generally documented in the documents that
are generally independent (Al-Ayyoub et al., 2015). The architecture of the system can be a
design that includes the structure and then addresses the connection between the components
of the structure.
The main functions of the security architecture are:
The dependencies and the relationships: It signifies the relationship between the different
components inside the architecture of information technology.
Benefits: The advantages of the architecture of security are the standardization. It makes
the security architecture affordable.
Form: The security architecture is related with the It architecture. It has different forms
generally the catalog of the controls that are conventional.
Drivers: The controls of the security are based on four various factors risk management,
financial, legal and regulatory and the good practice and benchmarking.
Weakness of the architecture
There is no network architecture that is immune to the intrusion that is unwanted.
Very good security architecture can go a very long way (Yoo, & Shon, 2016). Due to the
sophisticated tools of hacking, the exploitation of the vulnerabilities can lead to unauthorized
access. The weakness of the security architecture is:
Client side weakness: In client server architecture, the client communicates with the
server (Santos, Tarrit & Mirakhorli, 2017). The client side weakness can arise due to
inadequate authorization and authentication on the side of the server. Most of the time,
You're viewing a preview
Unlock full access by subscribing today!
9SECURITY ARCHITECTURES AND SYSTEM ADMINISTRATION
the client side attacks occur due to the weaknesses that are caused due to the expose of
the services at the side of the client.
Server side weakness: The server side vulnerabilities are more often faced than the client
side weakness. A server that is exploitable is more viable to the target of the hackers as it
is closer to the actual system. The server-based weaknesses are SQL injection, broken
authentication, sensitive data exposure and mane more.
Database level weakness: The weaknesses at the server level are dangerous but the
weaknesses at the database level are more dangerous than the server level. When the
database are exploitable, it can lead to the compromising of the information’s that are
sensitive. The threats of the database level weaknesses are privilege elevation, exposures
of backup data, denial of service, and unauthorized copy of the data that are sensitive.
Conclusion
The security architectures are very important for the security of a network. The report
deals with security architectures and the systems administrations. The report deals with the
user credentials and the ways to handle it. The user credentials are very important, as the
attacker can know about the personal details about the user. There are different mechanisms
that are required for the security of a network such as the access control architecture and the
security architecture. The report concludes with attacker getting access to the document and
the access of the administrator. The report deals with the description of the security
architectures and the weaknesses of the security architecture. Last but not the least the
architecture fails due to the certain vulnerabilities of the system that must be mitigated to stop
the attacker from getting access to the document.
the client side attacks occur due to the weaknesses that are caused due to the expose of
the services at the side of the client.
Server side weakness: The server side vulnerabilities are more often faced than the client
side weakness. A server that is exploitable is more viable to the target of the hackers as it
is closer to the actual system. The server-based weaknesses are SQL injection, broken
authentication, sensitive data exposure and mane more.
Database level weakness: The weaknesses at the server level are dangerous but the
weaknesses at the database level are more dangerous than the server level. When the
database are exploitable, it can lead to the compromising of the information’s that are
sensitive. The threats of the database level weaknesses are privilege elevation, exposures
of backup data, denial of service, and unauthorized copy of the data that are sensitive.
Conclusion
The security architectures are very important for the security of a network. The report
deals with security architectures and the systems administrations. The report deals with the
user credentials and the ways to handle it. The user credentials are very important, as the
attacker can know about the personal details about the user. There are different mechanisms
that are required for the security of a network such as the access control architecture and the
security architecture. The report concludes with attacker getting access to the document and
the access of the administrator. The report deals with the description of the security
architectures and the weaknesses of the security architecture. Last but not the least the
architecture fails due to the certain vulnerabilities of the system that must be mitigated to stop
the attacker from getting access to the document.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10SECURITY ARCHITECTURES AND SYSTEM ADMINISTRATION
References
Al-Ayyoub, M., Jararweh, Y., Benkhelifa, E., Vouk, M., & Rindos, A. (2015, June).
Sdsecurity: A software defined security experimental framework. In 2015 IEEE
International Conference on Communication Workshop (ICCW) (pp. 1871-1876).
IEEE.
Boulares, S., Adi, K., & Logrippo, L. (2016, October). Insider threat likelihood assessment
for access control systems: Quantitative approach. In International Symposium on
Foundations and Practice of Security (pp. 135-142). Springer, Cham.
Faber, T., Schwab, S., & Wroclawski, J. (2016). Authorization and access control: ABAC.
In The GENI Book (pp. 203-234). Springer, Cham.
Giessner, S. R., Horton, K. E., & Humborstad, S. I. W. (2016). Identity management during
organizational mergers: Empirical insights and practical advice. Social Issues and
Policy Review, 10(1), 47-81.
Hu, V. C., Kuhn, D. R., Ferraiolo, D. F., & Voas, J. (2015). Attribute-based access
control. Computer, 48(2), 85-88.
Indu, I., Anand, P. R., & Bhaskar, V. (2018). Identity and access management in cloud
environment: mechanisms and challenges. Engineering science and technology, an
international journal, 21(4), 574-588.
Jain, M. (2018). Basic System Administration. In Beginning Modern Unix (pp. 139-172).
Apress, Berkeley, CA.
Jøsang, A. (2017, September). A consistent definition of authorization. In International
Workshop on Security and Trust Management (pp. 134-144). Springer, Cham.
References
Al-Ayyoub, M., Jararweh, Y., Benkhelifa, E., Vouk, M., & Rindos, A. (2015, June).
Sdsecurity: A software defined security experimental framework. In 2015 IEEE
International Conference on Communication Workshop (ICCW) (pp. 1871-1876).
IEEE.
Boulares, S., Adi, K., & Logrippo, L. (2016, October). Insider threat likelihood assessment
for access control systems: Quantitative approach. In International Symposium on
Foundations and Practice of Security (pp. 135-142). Springer, Cham.
Faber, T., Schwab, S., & Wroclawski, J. (2016). Authorization and access control: ABAC.
In The GENI Book (pp. 203-234). Springer, Cham.
Giessner, S. R., Horton, K. E., & Humborstad, S. I. W. (2016). Identity management during
organizational mergers: Empirical insights and practical advice. Social Issues and
Policy Review, 10(1), 47-81.
Hu, V. C., Kuhn, D. R., Ferraiolo, D. F., & Voas, J. (2015). Attribute-based access
control. Computer, 48(2), 85-88.
Indu, I., Anand, P. R., & Bhaskar, V. (2018). Identity and access management in cloud
environment: mechanisms and challenges. Engineering science and technology, an
international journal, 21(4), 574-588.
Jain, M. (2018). Basic System Administration. In Beginning Modern Unix (pp. 139-172).
Apress, Berkeley, CA.
Jøsang, A. (2017, September). A consistent definition of authorization. In International
Workshop on Security and Trust Management (pp. 134-144). Springer, Cham.
11SECURITY ARCHITECTURES AND SYSTEM ADMINISTRATION
Sánchez, Y. K. R., Demurjian, S. A., & Gnirke, L. (2017, April). Attaining Role-Based,
Mandatory, and Discretionary Access Control for Services by Intercepting API Calls
in Mobile Systems. In International Conference on Web Information Systems and
Technologies (pp. 221-248). Springer, Cham.
Sandhu, R. (2015, April). Attribute-Based Access Control Models and Beyond.
In AsiaCCS (p. 677).
Santos, J. C., Tarrit, K., & Mirakhorli, M. (2017, April). A catalog of security architecture
weaknesses. In 2017 IEEE International Conference on Software Architecture
Workshops (ICSAW) (pp. 220-223). IEEE.
Seitz, L., Selander, G., Wahlstroem, E., Erdtman, S., & Tschofenig, H. (2017).
Authentication and authorization for constrained environments (ace). Internet
Engineering Task Force, Internet-Draft draft-ietf-aceoauth-authz-07.
Servos, D., & Osborn, S. L. (2018, March). Hgaa: An architecture to support hierarchical
group and attribute-based access control. In Proceedings of the Third ACM Workshop
on Attribute-Based Access Control (pp. 1-12). ACM.
Souissi, S., Sliman, L., & Charroux, B. (2016, November). A novel security architecture
based on multi-level rule expression language. In International Conference on Hybrid
Intelligent Systems (pp. 259-269). Springer, Cham.
Yoo, H., & Shon, T. (2016). Challenges and research directions for heterogeneous cyber–
physical system based on IEC 61850: Vulnerabilities, security requirements, and
security architecture. Future generation computer systems, 61, 128-136.
Sánchez, Y. K. R., Demurjian, S. A., & Gnirke, L. (2017, April). Attaining Role-Based,
Mandatory, and Discretionary Access Control for Services by Intercepting API Calls
in Mobile Systems. In International Conference on Web Information Systems and
Technologies (pp. 221-248). Springer, Cham.
Sandhu, R. (2015, April). Attribute-Based Access Control Models and Beyond.
In AsiaCCS (p. 677).
Santos, J. C., Tarrit, K., & Mirakhorli, M. (2017, April). A catalog of security architecture
weaknesses. In 2017 IEEE International Conference on Software Architecture
Workshops (ICSAW) (pp. 220-223). IEEE.
Seitz, L., Selander, G., Wahlstroem, E., Erdtman, S., & Tschofenig, H. (2017).
Authentication and authorization for constrained environments (ace). Internet
Engineering Task Force, Internet-Draft draft-ietf-aceoauth-authz-07.
Servos, D., & Osborn, S. L. (2018, March). Hgaa: An architecture to support hierarchical
group and attribute-based access control. In Proceedings of the Third ACM Workshop
on Attribute-Based Access Control (pp. 1-12). ACM.
Souissi, S., Sliman, L., & Charroux, B. (2016, November). A novel security architecture
based on multi-level rule expression language. In International Conference on Hybrid
Intelligent Systems (pp. 259-269). Springer, Cham.
Yoo, H., & Shon, T. (2016). Challenges and research directions for heterogeneous cyber–
physical system based on IEC 61850: Vulnerabilities, security requirements, and
security architecture. Future generation computer systems, 61, 128-136.
You're viewing a preview
Unlock full access by subscribing today!
1 out of 12
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.