The Experts below are selected from a list of 1278 Experts worldwide ranked by ideXlab platform
Gerrit Muller - One of the best experts on this subject based on the ideXlab platform.
-
Light Weight Review Process
2015Co-Authors: Gerrit MullerAbstract:draft authorized concept final review = final Check contents Authorization = Check process consultation & review- wide group of people, with an active concern or an expected contribution;- many iterations- multiple media: + meetings, + on paper + informal et cetera specification specific Change Control Board 4 peoples/roles: 1 producer 1 consumer 1 context 1 independent by "lowest " operational manager: project leader, subsystem PL,... change request the author is responsible for contents and organization of the flow (consults and review) criteria for reviewers: + know how + critical + sufficient tim
-
Light Weight Review Process
2013Co-Authors: Gerrit MullerAbstract:the author is responsible for contents and organization of the flow (consults and review) consultation & review draft final review = final Check contents- wide group of people, with an active concern or an expected contribution;- many iterations- multiple media: + meetings, + on paper + informal et cetera change request concept Authorization = Check process specification specific Change Control Board 4 peoples/roles: 1 producer criteria for reviewers: 1 consumer + know how 1 context + critical 1 independent + sufficient time authorized by "lowest " operational manager: project leader, subsystem PL,..
Bartel Alexandre - One of the best experts on this subject based on the ideXlab platform.
-
ACMiner: Extraction and Analysis of Authorization Checks inAndroid’s Middleware
2019Co-Authors: Gorski Iii, Sigmund Albert, Andow Benjamin, Nadkarni Adwait, Manandhar Sunil, Enck William, Bodden Eric, Bartel AlexandreAbstract:Billions of users rely on the security of the Android platform to protect phones, tablets, and many different types of consumer electronics. While Android’s permission model is well studied, the enforcementof the protection policy has received relatively little attention. Much of this enforcement is spread across system services,taking the form of hard-coded Checks within their implementations.In this paper, we propose Authorization Check Miner (ACMiner),a framework for evaluating the correctness of Android’s access control enforcement through consistency analysis of Authorization Checks. ACMiner combines program and text analysis techniques to generate a rich set of Authorization Checks, mines the corresponding protection policy for each service entry point, and uses association rule mining at a service granularity to identify inconsistencies that may correspond to vulnerabilities. We used ACMiner to study the AOSP version of Android 7.1.1 to identify 28 vulnerabilities relating to missing Authorization Checks. In doing so, we demonstrate ACMiner’s ability to help domain experts process thousands of Authorization Checks scattered across millions of lines of code
-
ACMiner: Extraction and Analysis of Authorization Checks in Android's Middleware
2019Co-Authors: Gorski Iii, Sigmund Albert, Andow Benjamin, Nadkarni Adwait, Manandhar Sunil, Enck William, Bodden Eric, Bartel AlexandreAbstract:Billions of users rely on the security of the Android platform to protect phones, tablets, and many different types of consumer electronics. While Android's permission model is well studied, the enforcement of the protection policy has received relatively little attention. Much of this enforcement is spread across system services, taking the form of hard-coded Checks within their implementations. In this paper, we propose Authorization Check Miner (ACMiner), a framework for evaluating the correctness of Android's access control enforcement through consistency analysis of Authorization Checks. ACMiner combines program and text analysis techniques to generate a rich set of Authorization Checks, mines the corresponding protection policy for each service entry point, and uses association rule mining at a service granularity to identify inconsistencies that may correspond to vulnerabilities. We used ACMiner to study the AOSP version of Android 7.1.1 to identify 28 vulnerabilities relating to missing Authorization Checks. In doing so, we demonstrate ACMiner's ability to help domain experts process thousands of Authorization Checks scattered across millions of lines of code
Gorski Iii, Sigmund Albert - One of the best experts on this subject based on the ideXlab platform.
-
ACMiner: Extraction and Analysis of Authorization Checks inAndroid’s Middleware
2019Co-Authors: Gorski Iii, Sigmund Albert, Andow Benjamin, Nadkarni Adwait, Manandhar Sunil, Enck William, Bodden Eric, Bartel AlexandreAbstract:Billions of users rely on the security of the Android platform to protect phones, tablets, and many different types of consumer electronics. While Android’s permission model is well studied, the enforcementof the protection policy has received relatively little attention. Much of this enforcement is spread across system services,taking the form of hard-coded Checks within their implementations.In this paper, we propose Authorization Check Miner (ACMiner),a framework for evaluating the correctness of Android’s access control enforcement through consistency analysis of Authorization Checks. ACMiner combines program and text analysis techniques to generate a rich set of Authorization Checks, mines the corresponding protection policy for each service entry point, and uses association rule mining at a service granularity to identify inconsistencies that may correspond to vulnerabilities. We used ACMiner to study the AOSP version of Android 7.1.1 to identify 28 vulnerabilities relating to missing Authorization Checks. In doing so, we demonstrate ACMiner’s ability to help domain experts process thousands of Authorization Checks scattered across millions of lines of code
-
ACMiner: Extraction and Analysis of Authorization Checks in Android's Middleware
2019Co-Authors: Gorski Iii, Sigmund Albert, Andow Benjamin, Nadkarni Adwait, Manandhar Sunil, Enck William, Bodden Eric, Bartel AlexandreAbstract:Billions of users rely on the security of the Android platform to protect phones, tablets, and many different types of consumer electronics. While Android's permission model is well studied, the enforcement of the protection policy has received relatively little attention. Much of this enforcement is spread across system services, taking the form of hard-coded Checks within their implementations. In this paper, we propose Authorization Check Miner (ACMiner), a framework for evaluating the correctness of Android's access control enforcement through consistency analysis of Authorization Checks. ACMiner combines program and text analysis techniques to generate a rich set of Authorization Checks, mines the corresponding protection policy for each service entry point, and uses association rule mining at a service granularity to identify inconsistencies that may correspond to vulnerabilities. We used ACMiner to study the AOSP version of Android 7.1.1 to identify 28 vulnerabilities relating to missing Authorization Checks. In doing so, we demonstrate ACMiner's ability to help domain experts process thousands of Authorization Checks scattered across millions of lines of code
Βογιατζόγλου, Ευτέρπη - Γεώργιος - One of the best experts on this subject based on the ideXlab platform.
-
Η Οργάνωση της πρόσβασης και των δικαιωμάτων των χρηστών στο ERP σύστημα SAP - εφαρμογές στην εθνική ασφαλιστική
2014Co-Authors: Βογιατζόγλου, Ευτέρπη - ΓεώργιοςAbstract:Η παρούσα μεταπτυχιακή διπλωματική εργασία διακρίνεται σε δύο μέρη. Στο πρώτο μέρος, το οποίο είναι θεωρητικό, αρχικά γίνεται αναφορά στη μεθοδολογία και τη δομή της εργασίας. Ακολούθως, αναλύεται μια σειρά εννοιών σχετικά με τα ERP συστήματα και ειδικότερα με το διεθνές ERP σύστημα SAP. Αναφερόμαστε στον ορισμό του ERP, στην κεντρική του ιδέα, στον σκοπό, στα πλεονεκτήματα και μειονεκτήματα, στο βασικό μοντέλο, στις σύγχρονες τάσεις , στις κύριες διεθνείς εταιρείες ανάπτυξης πακέτων ERP, στην εταιρεία SAP καθώς και τις θυγατρικές της, στο ηλεκτρονικό εμπόριο σε σχέση με την ανταπόκριση της SAP και στην SAP στην ελληνική αγορά. Συν τοις άλλοις, γίνεται αναφορά στη δομή των εφαρμογών, στις προσφερόμενες λύσεις και τις υπηρεσίες και στη βασική υποστήριξη SAP R/3. Ολοκληρώνουμε θίγοντας το θέμα της τοπολογίας του συστήματος και των βασικών αρχών λειτουργίας των δεδομένων SAP.Το δεύτερο μέρος βασίζεται στη χρήση και εξοικείωση με το ολοκληρωμένο πληροφοριακό σύστημα διαχείρισης επιχειρησιακών πόρων SAP κατά τη διάρκεια της πρακτικής μου άσκησης στην Εθνική Ασφαλιστική. Με άλλα λόγια, αφού προηγήθηκε η μελέτη των μαθημάτων «MichaelManagement» και υλοποιήθηκαν οι διαδικασίες στο περιβάλλον SAP της Εθνικής Ασφαλιστικής, συγκεντρώθηκαν οι απαιτούμενες οθόνες και στη συνέχεια εμπλουτίστηκαν με αναλυτική περιγραφή των διαδικασιών που ακολουθήθηκαν. Η θεματολογία, λοιπόν, του Β΄ Μέρους αφορά τη διαχείριση της ασφάλειας στο SAP (SAP SECURITY ADMINISTRATION). Πιο συγκεκριμένα, γίνεται λόγος για τις βασικές εισαγωγικές έννοιες, τη δημιουργία του Απλού, Σύνθετου και Παράγωγου Ρόλου, για τις εξουσιοδοτήσεις, τα αντικείμενα εξουσιοδότησης, τον χώρο αποθήκευσης εξουσιοδοτήσεων χρηστών (User Authorization Buffer), τη συντήρηση των εξουσιοδοτήσεων, των προφίλ και των προεπιλεγμένων δεδομένων εξουσιοδοτήσεων, καθώς και για την αξιολόγηση του ελέγχου εξουσιοδοτήσεων και την ιχνηλάτηση αυτών. Ολοκληρώνεται το Β΄ Μέρος με την εξαγωγή συμπερασμάτων.ΛΕΞΕΙΣ ΚΛΕΙΔΙΑ: ERP – SAP, Διαχείριση της Ασφάλειας στο SAP – Βασικές Εισαγωγικές Έννοιες, Απλός Ρόλος, Σύνθετος Ρόλος, Παράγωγος Ρόλος, Κριτήρια Σύνθετης Αναζήτησης για Ρόλους, Σύγκριση Ρόλων, Συντήρηση Χρήστη: Μαζικές Αλλαγές, Εξουσιοδοτήσεις, Αντικείμενα Εξουσιοδότησης, Χώρος Αποθήκευσης Εξουσιοδοτήσεων Χρηστών, Συντήρηση Εξουσιοδοτήσεων και Προφίλ, Συντήρηση των Προεπιλεγμένων Δεδομένων Εξουσιοδοτήσεων, Αξιολόγηση του Ελέγχου Εξουσιοδοτήσεων, Ιχνηλάτηση Εξουσιοδότησης.The present dissertation consists of two parts. In the first part, which is theoretical, we can see the methodology and the structure of this dissertation. Moreover, a specific series of meanings is analyzing as far as the ERP Systems and more specifically the ERP SAP System are concerned. First of all, we mention to the definition of the ERP System, its basic idea, the scope, the advantages and the disadvantages, the basic model, the current trends, the major international companies which develop SAP Best Practices packages, the SAP company and the SAP company in the Greek market. Furthermore, we mention to the structure of the application programs, the offered solutions and services as well as to the SAP R/3 basic support. We end up with the topology of the system and the essential principles of the SAP data function.The second part of this study is based on the use and familiarization with the ERP SAP system during the practical training in the “ETHNIKI” Hellenic General Insurance Company S.A. In other words, firstly the SAP Security Administration of “MichaelManagement” courses were studied and the mentioned procedures were implemented in the SAP environment of the “ETHNIKI” Hellenic General Insurance Company S.A. After that, the required printscreens were selected and enriched with detailed description of the followed procedures. The topic of the second part is about the SAP Security Administration. More specifically, we mention to the basic introductory terms, the creation of the Single, Composite and Derived Role, the Authorizations, the Authorization Objects, the User Authorization Buffer, the Authorization and the Profile Maintenance as well as the maintenance of the Authorization Defaults, the evaluation of the Authorization Check and the Authorization Trace. Finally, we end up with conclusions.KEYWORDS: ERP – SAP, SAP Security Administration - Basic Introductory Terms, Single Role, Composite Role, Derived Role, Roles by Complex Selection Criteria, Role Comparisons, User Maintenance: Mass Changes, Authorizations, Authorization Objects, User Authorization Buffer, Authorization and the Profile Maintenance, Maintenance of the Authorization Defaults, Evaluation of the Authorization Check, Authorization Trace
Andow Benjamin - One of the best experts on this subject based on the ideXlab platform.
-
ACMiner: Extraction and Analysis of Authorization Checks inAndroid’s Middleware
2019Co-Authors: Gorski Iii, Sigmund Albert, Andow Benjamin, Nadkarni Adwait, Manandhar Sunil, Enck William, Bodden Eric, Bartel AlexandreAbstract:Billions of users rely on the security of the Android platform to protect phones, tablets, and many different types of consumer electronics. While Android’s permission model is well studied, the enforcementof the protection policy has received relatively little attention. Much of this enforcement is spread across system services,taking the form of hard-coded Checks within their implementations.In this paper, we propose Authorization Check Miner (ACMiner),a framework for evaluating the correctness of Android’s access control enforcement through consistency analysis of Authorization Checks. ACMiner combines program and text analysis techniques to generate a rich set of Authorization Checks, mines the corresponding protection policy for each service entry point, and uses association rule mining at a service granularity to identify inconsistencies that may correspond to vulnerabilities. We used ACMiner to study the AOSP version of Android 7.1.1 to identify 28 vulnerabilities relating to missing Authorization Checks. In doing so, we demonstrate ACMiner’s ability to help domain experts process thousands of Authorization Checks scattered across millions of lines of code
-
ACMiner: Extraction and Analysis of Authorization Checks in Android's Middleware
2019Co-Authors: Gorski Iii, Sigmund Albert, Andow Benjamin, Nadkarni Adwait, Manandhar Sunil, Enck William, Bodden Eric, Bartel AlexandreAbstract:Billions of users rely on the security of the Android platform to protect phones, tablets, and many different types of consumer electronics. While Android's permission model is well studied, the enforcement of the protection policy has received relatively little attention. Much of this enforcement is spread across system services, taking the form of hard-coded Checks within their implementations. In this paper, we propose Authorization Check Miner (ACMiner), a framework for evaluating the correctness of Android's access control enforcement through consistency analysis of Authorization Checks. ACMiner combines program and text analysis techniques to generate a rich set of Authorization Checks, mines the corresponding protection policy for each service entry point, and uses association rule mining at a service granularity to identify inconsistencies that may correspond to vulnerabilities. We used ACMiner to study the AOSP version of Android 7.1.1 to identify 28 vulnerabilities relating to missing Authorization Checks. In doing so, we demonstrate ACMiner's ability to help domain experts process thousands of Authorization Checks scattered across millions of lines of code
