Automatic Context-Based Policy Generation from Usage- and Misusage-Diagrams: Unterschied zwischen den Versionen

Aus IPD-Institutsseminar
Zur Navigation springen Zur Suche springen
(Die Seite wurde neu angelegt: „{{Vortrag |vortragender=Thomas Lieb |email=uywqj@student.kit.edu |vortragstyp=Masterarbeit |betreuer=Maximilian Walter |termin=Institutsseminar/2021-01-29 |kur…“)
 
 
Zeile 5: Zeile 5:
 
|betreuer=Maximilian Walter
 
|betreuer=Maximilian Walter
 
|termin=Institutsseminar/2021-01-29
 
|termin=Institutsseminar/2021-01-29
|kurzfassung=TBD
+
|kurzfassung=In systems with a very dynamic process like Industry 4.0, contexts of all
 +
participating entities often change and a lot of data exchange happens with
 +
external organizations such as suppliers or producers which brings concern
 +
about unauthorized data access. This creates the need for access control
 +
systems to be able to handle such a combination of a highly dynamic system and
 +
the arising concern about the security of data. In many situations the
 +
decision for access control depends on the context information of the
 +
requester. Another problem of dynamic system is that the manual development
 +
of access policies can be time consuming and expensive. Approaches using
 +
automated policy generation have shown to reduce this effort.
 +
In this master thesis we introduce a concept which combines context based
 +
model-driven security with automated policy generation and evaluate if it
 +
is a suitable option for the creation of access control systems and if it
 +
can reduce the effort in policy generation. The approach makes use of usage
 +
and misusage diagrams which are on a high architectural abstraction level
 +
to derive and combine access policies for data elements which are located
 +
on a lower abstraction level.
 
}}
 
}}

Aktuelle Version vom 18. Januar 2021, 12:48 Uhr

Vortragende(r) Thomas Lieb
Vortragstyp Masterarbeit
Betreuer(in) Maximilian Walter
Termin Fr 29. Januar 2021
Vortragsmodus
Kurzfassung In systems with a very dynamic process like Industry 4.0, contexts of all

participating entities often change and a lot of data exchange happens with external organizations such as suppliers or producers which brings concern about unauthorized data access. This creates the need for access control systems to be able to handle such a combination of a highly dynamic system and the arising concern about the security of data. In many situations the decision for access control depends on the context information of the requester. Another problem of dynamic system is that the manual development of access policies can be time consuming and expensive. Approaches using automated policy generation have shown to reduce this effort. In this master thesis we introduce a concept which combines context based model-driven security with automated policy generation and evaluate if it is a suitable option for the creation of access control systems and if it can reduce the effort in policy generation. The approach makes use of usage and misusage diagrams which are on a high architectural abstraction level to derive and combine access policies for data elements which are located on a lower abstraction level.