China
Africa
Explore chapters and articles related to this topic
Linking Factory Floor and the Internet
Published in Richard Zurawski, Industrial Communication Technology Handbook, 2017
LDAP offers a set of data querying and manipulating commands for accessing the directory service. The SEARCH command is very powerful and allows specifying search filters that are applied to each entry. It is possible to request just a subset of the available attributes, and in order to narrow a search even more, the scope can be limited to a certain level of the directory tree (search only the current level, one level deeper, or the whole subtree). With the commands ADD, DELETE, and MODIFY, single entries can be added, deleted, or modified, respectively. The COMPARE command is used for comparison of two entries.
A novel machine learning approach for database exploitation detection and privilege control
Published in Journal of Information and Telecommunication, 2019
All the existing database security monitoring systems only perform post-activity reporting and monitoring, while the IT administrator covers the responsibility of overseeing the user account control and rectify problems whenever they are discovered. This challenge gets harder in proportion to the number of databases that they must oversee (Bertino & Sandhu, 2005). The databases do have their own security features for users and privileges against the schemas and objects, whereas central authentication systems can consolidate the security into a single point of control such as Lightweight Directory Access Protocol (LDAP) or Microsoft’s Active Directory are used (Lampson, 2004). Even when these security features are deployed, there is a tiny chance that they can be compromised as there are unconventional techniques such as security database exploits that have been documented to hack through or bypass them (Pritchett & De Smet, 2013), (Gaetjen, 2015). Databases such as PostgreSQL, Oracle, MySQL or Firebird have their own internal security systems which are difficult to manage individually by the IT administrators in the absence of central authentication or access control mechanisms (Bertino & Sandhu, 2005).
Geographic dependency of identity-associated data
Published in Automatika, 2018
A number of standards in IdM is defined using XML [19], notably SAML [20] and WS-Federation [21]. XML syntax has limitations, but has proven to be of sufficient expressive power for defining protocols of data exchange, and also provides facilities like MTOM [22] and XOP [23] to (relatively) efficiently handle binary data making it acceptable for dealing with identity-associated multimedia data. The provided example modifies the attribute encoded in SAML 2.0 [24] syntax. We choose the attribute streetAddress as defined by X.500 and the SAML’s X.500/LDAP [25] attribute profile. We will expand an attribute’s value into (value, geodomain) pairs that list in which geographic domain which attribute’s value is valid (we call them geodomains here to distinguish from traditional attribute’s domain, i.e. the set of allowed values of the attribute). The example is based on the illustrative example from SAML X.500 LDAP attribute profile standard and uses commonly used XML namespace prefixes xsi: and xsd: for XML Schema Instance and XML Schema (defining types and type definition) namespaces as well the x500: and saml: prefixes to expectedly map SAML assertion definition and SAML’s X.500 attribute profile:
Data access control in data exchanging supporting big data arena
Published in Journal of Management Analytics, 2018
Haoyang Jia, Yimin Sheng, Weili Han, X. Sean Wang
Figure 3 only shows HIVE in storage layer for persistent data, and ignores the underlying Hadoop structure, because the lowest level of data manipulation in BDA occurs in HIVE. Kafka is used to store and supply streaming data. MySQL can provide effective access control itself, and is more suitable for storing relational data with low capacity; on the other hand, HIVE and Kafka support data in terabyte, or even petabyte scale. Therefore, metadata and access control policies are stored in MySQL, while the actual content of the data is stored in HIVE and Kafka (Duan & Xiong, 2015). The LDAP (Lightweight Directory Access Protocol) is responsible for assisting HIVE in managing its authorities (Wikipedia Contributors, 2018), while Kafka has its own authentication mechanism. This will be discussed later in detail in Section 3.4.