This week we explor the idea of Usage Control Model or UCON another type of security that effects most if not all types of security. The idea of UCON was first introduced (to me) in a paper called The UCONabc Usage Control Model by Jaehong Park George Mason University and Ravi Sandhu NSD Security and George Mason University. The abc stand for Authorizations, oBligations, and Conditions. Yet again it will be related to the social network Facebook and its security protocols along with some that dont currently exist but perhaps should be implemented.
The first and most widely used is the repeat password lock out. Everyone has put in the wrong password every now and then and when you do so it locks you out after so many tries. This is an example of usage control. In that it controls your usage based on the amount of failed attempts. Taken a step further we could say that if the ip that these failed logins is different (say in another country) we can have it notify the user of unauthorized access and make the user create a new password after they follow a link that is sent in the notification.
Another way to think of the UCON model is a basic control issues of consumer usage on a digital object. Along these lines, note Facebooks already built in dissemination protection of pictures, as it stands now Facebook has options to keep User pictures from being viewed by people the User designates. Taken a step further would be to say that the people who view these pictures cannot save them or friends of friends cannot view these pictures. Another way to approach this issue is by putting trackers or watermarks on the pictures once downloaded so that further dissemination is hampered or can be easily tracked.
To avoid writing a 10 page paper thats all for this week tune in next week for more.
Tuesday, February 22, 2011
Thursday, February 17, 2011
How the internet uses us
There are many ways that most people disregard on the internet that the users are used for other to make money, but is this a mutually beneficial connection? This creates a symbiotic connection where the users feed the content creators.
Basically it works though data mining and advertisement. The content creators: bloggers, search engines, and streamers create content then they attach advertisements or general information to profit off of. The general information is collected and used for things like advertisement and product placement. Basically for better targeting of advertisement to individuals so that these individuals go out and buy a product.
So far it sounds like the user is being used and they get nothing in return and many people feel as though this is true, but think about the content creators. The creators weather or no they are a large corporation, such as Facebook, or the normal YouTube video host and by proxy Google who wouldn't be there without these advertisement and wouldn't get any money without them.
This symbiotic information sharing is what drives the internet and to some extent innovation. For example where would the internet be if the content creates were no longer around? Well it wouldn't be anywhere. The internet would still be only a forum for IRC users and academics and perhaps a store since that would be the only source or revenue for content creation.
I dont have much this week so heres this funny image :P specially due to the disappointing grammar of last week
Basically it works though data mining and advertisement. The content creators: bloggers, search engines, and streamers create content then they attach advertisements or general information to profit off of. The general information is collected and used for things like advertisement and product placement. Basically for better targeting of advertisement to individuals so that these individuals go out and buy a product.
So far it sounds like the user is being used and they get nothing in return and many people feel as though this is true, but think about the content creators. The creators weather or no they are a large corporation, such as Facebook, or the normal YouTube video host and by proxy Google who wouldn't be there without these advertisement and wouldn't get any money without them.
This symbiotic information sharing is what drives the internet and to some extent innovation. For example where would the internet be if the content creates were no longer around? Well it wouldn't be anywhere. The internet would still be only a forum for IRC users and academics and perhaps a store since that would be the only source or revenue for content creation.
I dont have much this week so heres this funny image :P specially due to the disappointing grammar of last week
Wednesday, February 9, 2011
Citations Citations
So there are many ways to credit people within documents or at the end of documents and yes its important, but how important is it? When it comes down to it in this day and age; how much citation is relevant?
Take the old citation methods the people relied on for years such as MLA and APA which can be found at the owl at perdue. Did you see what happened there, enough information was given so that you could find the information you are looking for without much hassle. All this is required is that you use any search engine to type in the name of the article and you can find it easily. example: Click me
Now that brought you exactly to the website and the article that was in question. Which brings us back to the previous question that ask how important is it to use full citations that MLA ask for. There for it is proposed that new guidelines be drawn for further citations. These new citations should be minimal meaning that if all you need is the title of the article and the authors name and for the majority of the cases this is all you ever need to find any article online whether its a book thats in print, a video, or web-article (such as a blog).
Though these guidelines are not perfect due to changes that may occur in older printed writings and some web-sources. More specifically it wont help you with any article in question that doesn't have a title or author and thus a direct link my be in-order or at the very least a link to the main website with directions to find the article in question.
All in all the old MLA and APA styles are antiquated, but there aren't great substitutions so the dilemma becomes this: you choose. Yes thats right. You choose how to site it and make educated assumptions on how to site something and make sure some one else can find it easily and with out hassle.
Take the old citation methods the people relied on for years such as MLA and APA which can be found at the owl at perdue. Did you see what happened there, enough information was given so that you could find the information you are looking for without much hassle. All this is required is that you use any search engine to type in the name of the article and you can find it easily. example: Click me
Now that brought you exactly to the website and the article that was in question. Which brings us back to the previous question that ask how important is it to use full citations that MLA ask for. There for it is proposed that new guidelines be drawn for further citations. These new citations should be minimal meaning that if all you need is the title of the article and the authors name and for the majority of the cases this is all you ever need to find any article online whether its a book thats in print, a video, or web-article (such as a blog).
Though these guidelines are not perfect due to changes that may occur in older printed writings and some web-sources. More specifically it wont help you with any article in question that doesn't have a title or author and thus a direct link my be in-order or at the very least a link to the main website with directions to find the article in question.
All in all the old MLA and APA styles are antiquated, but there aren't great substitutions so the dilemma becomes this: you choose. Yes thats right. You choose how to site it and make educated assumptions on how to site something and make sure some one else can find it easily and with out hassle.
Thursday, February 3, 2011
Role-based Access Control
Role-based Access Control or RBAC is a security control model bases on user roles in the system. The roles are usually job function or titles that authorize the user to preform specified actions. In this model users are not assigned particular clearances and functions, but are given a role or many roles that come with these clearances and functions.
This is an older model of security, but is still applicable to day and many systems still use RBAC. For example Facebook is made up of many different roles such as: you the user, people who create groups, and Facebook administrators. Each role has its own permissions and accessibility in the system. The one with the least power are the users though they can create groups and have some rights that allow them to uses the website as they see fit. The users don't have access to change anything that they didn't put in meaning that they cant change other peoples photos or force people to be there friends. Leaders of groups are users but they also have new accessibility over there group to add, delete and modify the group as they wish but still they cant change the fundamentals of Facebook. Last and most importantly in this example are the administrators who moderate Facebook and have the power to remove users and delete peoples photos and information.
RBAC is an easy and sustainable security control model that allows for easy monitoring in system changes. Though, if there are a convoluted number of roles the model starts to deteriorate. For example if Facebook started giving out different types of accounts, gold accounts, silver accounts, exc. the web of security becomes multi-layered and it might be hard to detect users who constantly change access control since thousands of users can change every day. New types of restrictions would have to be placed on those who are administrators or even the creators so that people cannot change there access without prescribed preconditions that the administrators layout and suddenly the security control becomes hard to manage.
In short RBAC is great though it is best when there are a low number of security layers.
This is an older model of security, but is still applicable to day and many systems still use RBAC. For example Facebook is made up of many different roles such as: you the user, people who create groups, and Facebook administrators. Each role has its own permissions and accessibility in the system. The one with the least power are the users though they can create groups and have some rights that allow them to uses the website as they see fit. The users don't have access to change anything that they didn't put in meaning that they cant change other peoples photos or force people to be there friends. Leaders of groups are users but they also have new accessibility over there group to add, delete and modify the group as they wish but still they cant change the fundamentals of Facebook. Last and most importantly in this example are the administrators who moderate Facebook and have the power to remove users and delete peoples photos and information.
RBAC is an easy and sustainable security control model that allows for easy monitoring in system changes. Though, if there are a convoluted number of roles the model starts to deteriorate. For example if Facebook started giving out different types of accounts, gold accounts, silver accounts, exc. the web of security becomes multi-layered and it might be hard to detect users who constantly change access control since thousands of users can change every day. New types of restrictions would have to be placed on those who are administrators or even the creators so that people cannot change there access without prescribed preconditions that the administrators layout and suddenly the security control becomes hard to manage.
In short RBAC is great though it is best when there are a low number of security layers.
Subscribe to:
Posts (Atom)