Role Based Access Control

In the realm of cloud services, Amazon DynamoDB's introduction of resource-based policies signifies a notable advancement in access control and security management for its resources. These policies usher in a new era of granular and flexible permission settings, enabling a more nuanced approach to access management for DynamoDB resources, including tables and streams. This article is designed to guide you through the benefits and implementation of these policies, supplemented with practical examples. UNDERSTANDING RESOURCE-BASED POLICIES FOR DYNAMODB Before delving into implementation details, it's crucial to grasp the core concepts underpinning resource-based policies in Amazon DynamoDB. Unlike traditional IAM (Identity and Access Management) policies that are attached to users or roles, resource-based policies are directly attached to the DynamoDB resources themselves-be it tables or streams. This allows for specifying which IAM principals (users, roles, AWS accounts) can access a resource and the exact actions they are permitted to perform. Resource-based policies streamline permissions management more directly and intuitively. They are particularly advantageous for specifying granular access controls and simplifying cross-account access, making them an essential tool for modern cloud architectures.

To ensure the security of current information systems, role-based access control (RBAC) is a widely used concept. For this purpose, based on an initial assignment of permissions to users, permissions are grouped to roles, which are then assigned to users. The corresponding (NP-complete) optimization problem, the so-called role mining problem (RMP), aims at finding a minimal set of roles and a corresponding assignment of those roles to users. Previously, the RMP has been considered as a static optimization problem. However, the application of RBAC in real business use cases requires the inclusion of dynamically occurring events that reflect changes in the business environment of companies, as well as events that result from direct user interaction with the role mining process. Therefore, in this paper, we provide a comprehensive overview and classification of the most relevant events for role mining and present methods for integrating them into the framework of an evolutionary role m...

Los Alamos National Laboratory has developed a virtual patient record system called TeleMed which is based on a distributed national radiographic and patient record repository located throughout the country. Without leaving their offices, participating doctors can view clinical drug and radiographic data via a sophisticated multimedia interface. For example, a doctor can match a patient`s radiographic information with the data in the repository, review treatment history and success, and then determine the best treatment. Furthermore, the features of TeleMed that make it attractive to clinicians and diagnosticians make it valuable for teaching and presentation as well. Thus, a resident can use TeleMed for self-training in diagnostic techniques and a physician can use it to explain to a patient the course of their illness. In fact, the data can be viewed simultaneously by users at two or more distant locations for consultation with specialists in different fields. This capability is o...

In recent decades, the number of researches on access control and user actions in computer systems has increased. Over time, there have been two models of implementing Mandatory Access Control (MAC) policies for government institutions and Discretionary Access Control (DAC) for the business environment, policies that various access control modeling solutions seek to implement. Among the access control modeling solutions developed are Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC), presented in the U.S.A. by the National Institute of Standard and Technology (NIST). In Romania, in 2010, the access control solution based on trust was presented. This paper presents Mandatory Access Control policy modeling using the trust-based access and actions control modeling solution.

The technology evolution has shown a very impressive performance in the last years by introducing several technologies that are based on the concept of component. As time passes, new versions of Component Based technologies are released in order to improve services prov ided by previous ones. One important issue that regards these technologies is transactional activity. Transactions are important because they consist in sending different small amounts of information collected properly in a single combined unit which makes the process simpler, less expensive and also improves the reliability of the whole system, reducing its chances to go through possible failures. Different Component -Based technologies offer different ways of handling transactions. In this paper, we will r eview and discuss how transactions are handled in three of them: COM, EJB and .NET. It can be expected that .NET offers more efficient mechanisms due to the fact of being released later than the other two technol...

In spite of all security issues in the cloud system, distributed cloud environment requires an access control model which should be context aware to handle all issues intelligently. It must include role activation process based on the user's context information. In role activation process, the knowledge of reason used for data collection and usage is declared; this can allow the administrator to declare the policies which are context based. Therefore, there is dynamic activation of role permission due to the association of role with context. The complications in the role based access control model reduced by classifying the users into classes or groups having their own access control standards. Access to specific resources and granting/ denying is based on requesting the user identity. Cloud environments consist of different entities, number of resources and user where general access control model fails to cover all the aspects. Here, in the proposed access control with percepti...

Research can rarely be performed on large-scale, distributed systems at the level of thousands of workstations. In this paper, we describe the motivating constraints, design principles, and architecture for an extensible, distributed system operating in such an environment. The constraints include continuous operation, dynamic system evolution, and integration with extant systems. The Information Bus , our solution, is a novel synthesis of four design principles: core communication protocols have minimal semantics, objects are self-describing, types can be dynamically defined, and communication is anonymous. The current implementation provides both flexibility and high performance, and has been proven in several commercial environments, including integrated circuit fabrication plants and brokerage/trading floors.

We propose the use of process-based access-control methods in the construction of privacy systems in the present paper. Segregation of duties and least privilege are two key business principles that protect an organization’s valuable data and resources from deliberate or accidental information leak, or data corruption by staff. As a substantial amount of this information is stored on computer systems then control over computer access represents a major security component through its implementation of the key business

The article is devoted for managing and controlling users' permissions, defining users' rights, also developing new profitable role-based access control (RBAC) model in collaborative systems. The basis for the protection of the processed information from unauthorized access is the implementation of a delimitating policy for access to file objects.

This study discusses the main relevant use of Java in keeping the payment gateways' transaction security and integrity stable. Various security measures, authentication and authorization procedures, Java features, frameworks and libraries, transaction management protocols, scalability and performance mechanisms, compliance regulation, integration with external services, system monitoring, and logging, and emerging trends are closely studied, and their influence on the resiliency and reliability of these systems is analyzed. This paper consolidates existing research concerning the technology used in credit card-integrated payment gateways through a systematic literature review, industry practice, and case studies. In order to better understand the techniques applied to ensure transactional integrity and security, it covers several aspects like framework choice, security protocols, scalability, and compliance. As it is clear from the outcomes, Java is an essential aspect of developing a payment gateway as it provides a wide window of opportunity for integration of the most up-todate security features, flawless transaction processing, and scalable design. It also focuses on how Java can be used to satisfy the laws and policies as well as to foresee future trends and accommodate them accordingly. This study contributes to the theoretical understanding of the role Java plays in financial payment gateways by offering fine viewpoints on pragmatic implementations and their effects on policy framing within the financial services industry. The article brings to light the meaning of the role of Java in securing and maintaining the integrity of transactions for the benefit of digital payment industries by helping firms improve the credibility of their services among clients.

PurposeThe purpose of this paper is to create a model of role‐based access control (RBAC) based access control for virtual enterprise (VE).Design/methodology/approachAn access control model for security and management of VE is presented by integrating generic structure of VE and applying the principles of RBAC. In addition, the application of the model to a supply chain‐oriented VE illustrates that a general access control scheme can ensure the running of VE.FindingsA theory base of access control for the realization of the VE is found.Originality/valueThe paper presents a very useful new model of access control for VE. This paper is aimed at researchers and engineers.