JSON schema for attribute-based access control for network resource security
- Authors: Linklater, Gregory , Smith, Christian , Connan, James , Herbert, Alan , Irwin, Barry V W
- Date: 2017
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428368 , vital:72506 , https://researchspace.csir.co.za/dspace/bitstream/handle/10204/9820/Linklater_19660_2017.pdf?sequence=1andisAllowed=y
- Description: Attribute-based Access Control (ABAC) is an access control model where authorization for an action on a resource is determined by evalu-ating attributes of the subject, resource (object) and environment. The attributes are evaluated against boolean rules of varying complexity. ABAC rule languages are often based on serializable object modeling and schema languages as in the case of XACML which is based on XML Schema. XACML is a standard by OASIS, and is the current de facto standard for ABAC. While a JSON profile for XACML exists, it is simply a compatibility layer for using JSON in XACML which caters to the XML object model paradigm, as opposed to the JSON object model paradigm. This research proposes JSON Schema as a modeling lan-guage that caters to the JSON object model paradigm on which to base an ABAC rule language. It continues to demonstrate its viability for the task by comparison against the features provided to XACML by XML Schema.
- Full Text:
- Date Issued: 2017
Weems: An extensible HTTP honeypot
- Authors: Pearson, Deon , Irwin, Barry V W , Herbert, Alan
- Date: 2017
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428396 , vital:72508 , https://researchspace.csir.co.za/dspace/bitstream/handle/10204/9691/Pearson_19652_2017.pdf?sequence=1andisAllowed=y
- Description: Malicious entities are constantly trying their luck at exploiting known vulnera-bilities in web services, in an attempt to gain access to resources unauthor-ized access to resources. For this reason security specialists deploy various network defenses with the goal preventing these threats; one such tool used are web based honeypots. Historically a honeypot will be deployed facing the Internet to masquerade as a live system with the intention of attracting at-tackers away from the valuable data. Researchers adapted these honeypots and turned them into a platform to allow for the studying and understanding of web attacks and threats on the Internet. Having the ability to develop a honeypot to replicate a specific service meant researchers can now study the behavior patterns of threats, thus giving a better understanding of how to de-fend against them. This paper discusses a high-level design and implemen-tation of Weems, a low-interaction web based modular HTTP honeypot sys-tem. It also presents results obtained from various deployments over a period of time and what can be interpreted from these results.
- Full Text:
- Date Issued: 2017