Access Control Models

Access control is a part of the security of information technologies. Access control regulates the access requests to system resources. The access control logic is formalized in models. Many access control models exist. They vary in their design, components, policies and areas of application. With the developing of information technologies, more complex access control models have been created. This paper is concerned with overview and analysis for a number of access control models. First, an overview of access control models is presented. Second, they are analyzed and compared by a number of parameters: storing the identity of the user, delegation of trust, fine-grained policies, flexibility, object-versioning, scalability, using time in policies, structure, trustworthiness, workflow control, areas of application etc. Some of these parameters describe the access control models, while other parameters are important characteristics and components of these models. The results of the comparative analysis are presented in tables. Prospects of development of new models are specified.

Study of the Operation Process of the E-Commerce Oriented Ecosystem of 5Ge Base Station, Which Supports the Functioning of Independent Virtual Network Segments

According to specifications, flexible services for traffic management should be implemented within the 5G platform in order to improve its efficiency, which is and will remain an actual task. For the first time, the article presented here proposes a mathematical model for the operation process of an e-commerce-oriented ecosystem of a 5Ge base station, the information environment of which supports the operation of independent virtual network segments that provide terminal–segment information interaction services. In contrast to existing models, the presented model describes the studied process as a multi-pipeline queuing system, the inputs of which are coordinated with the flows of requests for communication with the relevant virtual network segments. The distribution of the total resources between the weighted virtual network segments in the simulated system is dynamically conducted by the appropriate software control mechanism. It considers the address intensities of new incoming requests and the maintenance of received incoming requests, but throughout the scale of the information environment of the 5Ge base station ecosystem. Based on the created mathematical model, a functional algorithm for the forced termination of an active terminal–segment information interaction session in the overloaded virtual network segment and the control mechanism of the distribution of the released system resources between other virtual network segments that takes into account the degree of their overload are formulated. The simulation and computational experiments showed that the implemented forced termination algorithm and system resource management mechanism allow the 5Ge base station to continue receiving incoming requests despite the overload of individual virtual network segments. It is empirically shown that the proposed services are effectively scaled concerning the value that is generally available for the distribution of the number of system resources and the allocation method within the guaranteed amounts of system resources for individual virtual network segments.

PocketCTF: A Fully Featured Approach for Hosting Portable Attack and Defense Cybersecurity Exercises

Capture the flag (CTF) challenges are broadly used for engaging trainees in the technical aspects of cybersecurity, maintaining hands-on lab exercises, and integrating gamification elements. However, deploying the appropriate digital environment for conducting cybersecurity exercises can be challenging and typically requires a lot of effort and system resources by educators. In this paper, we present PocketCTF, an extensible and fully independent CTF platform, open to educators to run realistic virtual labs to host cybersecurity exercises in their classrooms. PocketCTF is based on containerization technologies to minimize the deployment effort and to utilize less system resources. A proof-of-concept implementation demonstrates the feasibility of deploying CTF challenges that allows the trainees to engage not only in offensive security but also in defensive tasks that have to be conducted during cybersecurity incidents. When using PocketCTF, educators can deploy hands-on labs, spending less time on the deployment and without necessarily having the advanced technical background to deploy complex labs and scenarios.

Evaluations of Healthcare Providers’ Perceived Support From Personal, Hospital, and System Resources: Implications for Well-Being and Management in Healthcare in Montreal, Quebec, During COVID-19

Increased stressful experiences are pervasive among healthcare providers (HCPs) during the COVID-19 pandemic. Identifying resources that help mitigate stress is critical to maintaining HCPs’ well-being. However, to our knowledge, no instrument has systematically examined how different levels of resources help HCPs cope with stress during COVID-19. This cross-sectional study involved 119 HCPs (64 nurses and 55 physicians) and evaluated the perceived availability, utilization, and helpfulness of a list of personal, hospital, and healthcare system resources. Participants also reported on their level of burnout, psychological distress, and intentions to quit. Results revealed that HCPs perceived the most useful personal resource to be family support; the most useful hospital resources were a safe environment, personal protective equipment, and support from colleagues; the most useful system resources were job protection, and clear communication and information about COVID. Moreover, HCPs who perceived having more available hospital resources also reported lower levels of psychological distress symptoms, burnout, and intentions to quit. Finally, although training and counseling services were perceived as useful to reduce stress, training was not perceived as widely available, and counseling services, though reported as being available, were underutilized. This instrument helps identify resources that support HCPs, providing implications for healthcare management.

THE VIABILITY AS AN EMERGENT PROPERTY OF SELF-ORGANIZING SYSTEMS

The necessity of a man-machine system considering as a self-organizing one is shown. The most significant difficulty in such a system is the study of its emergent properties. The paper focuses on viability as an emergent property of the system. The concepts of hardiness, human factor, system resources, biosystem were considered. It allowed proposing the viability’s concept of a self-organizing system based on biomimetics principles. The roadmap of convergent research and analysis of the man-machine system’s viability is presented. The convergent approach to the self-organizing system’s viability is realised in the proposed roadmap.

Development of a method for constructing linguistic standards for multi-criteria assessment of honeypot efficiency

One of the pressing areas that is developing in the field of information security is associated with the use of Honeypots (virtual decoys, online traps), and the selection of criteria for determining the most effective Honeypots and their further classification is an urgent task. The main products that implement virtual decoy technologies are presented. They are often used to study the behavior, approaches and methods that an unauthorized party uses to gain unauthorized access to information system resources. Online hooks can simulate any resource, but more often they look like real production servers and workstations. A number of fairly effective developments are known that are used to solve the problems of detecting attacks on information system resources, which are based on the apparatus of fuzzy sets. They showed the effectiveness of the appropriate mathematical apparatus, the use of which, for example, to formalize the approach to the formation of a set of reference values that will improve the process of determining the most effective Honeypots. For this purpose, many characteristics have been formed (installation and configuration process, usage and support process, data collection, logging level, simulation level, interaction level) that determine the properties of online traps. These characteristics became the basis for developing a method for the formation of standards of linguistic variables for further selection of the most effective Honeypots. The method is based on the formation of a Honeypots set, subsets of characteristics and identifier values of linguistic estimates of the Honeypot characteristics, a base and derived frequency matrix, as well as on the construction of fuzzy terms and reference fuzzy numbers with their visualization. This will allow classifying and selecting the most effective virtual baits in the future.

MDTF

The Equal slack (EQS) heuristic is one of the widely used priority assignment heuristics. However, it severely suffers from the problems of intensive data contention, deadlock, and cyclic restart. To overcome some of the above problems, this chapter proposes a Most Dependent Transaction First (MDTF) priority heuristic that injects the size of dependent transactions of all directly competing transactions (that have requested access to the conflicting data item) in their priority computation. The MDTF heuristic efficiently reduces the data contentions among concurrently executing cohorts; and thus, it reduces the wastage of the system resources. This dynamic cohort priority assignment heuristic reduces the data contention considerably by utilizing the information about the dependency size of cohort(s). Doing this will make it easy for a currently executing cohort to better assess the level of data contention with absolutely no extra communication and time overhead. Such detailed dependency information is very useful to efficiently assign priorities to the cohorts.