Notices
Trang chủ   >  News & Events  >   Notices  >  
Information on Doctoral thesis of Fellows Luong Thanh Nhan

1. Full name: Luong Thanh Nhan                         2. Sex: Female

3. Date of birth: 4th July 1982                            4. Place of birth: Haiphong

5. Admission decision number: 985/QĐ-CTSV Dated 4th December 2014 by the Rector of Vietnam National University, Ha Noi.

6. Changes in academic process:

- Extend the study for another 2 academic years (2017 - 2018, 2018 - 2019) according to the Decision No. 1311/QD-DT of the Rector of VNU - University of Engineering and Technology, dated December 28, 2017.

- Thesis title changes:

. Current thesis title: Approaches to verify access control policies for software systems.

. Time of change: March 26, 2020 by suggestions of the Council.

. Previous thesis title: Approaches to verify security properties of software.

7. Official thesis title: Approachs of verifying access control policies for software systems.

8. Major: Software Engineering                          9. Code: 9480103.01

10. Supervisor: Assoc. Prof. Dr. Truong Ninh Thuan

11. Summary of the new findings of the thesis:

Proposing the method to verify the RBAC policies implemented according to the programming security method. The resource exploitation methods in the web application are extracted into a list of resource access permissions. Then combine with Controller and View components to build resource exploitation graph. The core information of the access control policy contained in the graph will be extracted to a role-based access control matrix. Then, a checking algorithm was introduced to detect access rules implemented incorrectly between web applications and specifications. A verification tool called CheckingRBAC was built according to the proposed method and conducted experiments with the medical record management system.

Proposing the method to verify RBAC policy combined with granting rights implemented according to the declared security method. The access policy of the web application is checked through database queries and analysis of the access policy configuration files in the application. A role-access analysis tree is proposed to represent role-based access rules and authorization constraints. Two proposed algorithms for detecting implemented assignments that do not match the its specification. The proposed approach has been implemented as a VeRA verification tool to support the automatic verification of the web systems.

Proposing the method to verify the policy of access control by attribute. The web application's access rules are analyzed, assembled and represented by Spring Expression Language. The conformance of the attribute-based access control policy is implemented in the web application and its specification is verified by formal definitions and verification algorithms for confidentiality, integrity, and availability of the access policy. Accordingly, the APVer verification tool was developed from the proposed method and conducted experiments with access policy implementation scenarios in the medical records management system.

12. Practical applicability: Detect flaws at the programming stage when implementing RBAC and ABAC policies of web systems.

13. Further research directions:

Verify for software systems that have role inheritance in the RBAC policy model or that the resources of the affiliated organizations are shared across web services in the ABAC model.

Verify other software security features such as accountability, non-repudiation.

14. Thesis-related publications:

Thanh-Nhan Luong, Van-Khanh To, and Ninh-Thuan Truong, Checking Compliance of Program with SecureUML Model, Advanced Topics in Intelligent Information and Database Systems, Springer, pp. 489-498, (2017).

Thanh-Nhan Luong, Dinh-Hieu Vo, Van-Khanh To, and Ninh-Thuan Truong, On the Compliance of Access Control Policies in Web Applications, ICCASA 2018/ICTCC 2018, LNICST 266, pp. 58-69, (2018).

Thanh-Nhan Luong, Dinh-Hieu Vo, and Ninh-Thuan Truong, An approach to analyze software security requirements in ABAC model, 2019 6th NAFOSTED Conference on Information and Computer Science (NICS), IEEE, pp. 184-189, (2019).

Thanh-Nhan Luong, Thi-Dao Vu, Dinh-Hieu Vo, and Ninh-Thuan Truong, A Tool Support for Checking ABAC Policies in Web Applications, VNU Journal of Science: Computer Science and Communication Engineering (accepted).

Thanh-Nhan Luong, and Ninh-Thuan Truong, VeRA: Verifying RBAC and authorization constraints models of web applications, International Journal of Software Engineering and Knowledge Engineering (accepted), ISI index.

This list includes 05 works.

 
 Nguyễn Dịu An - VNU - UET
  In bài viết     Gửi cho bạn bè
  Từ khóa :
Thông tin liên quan
Trang: 1   | 2   | 3   | 4   | 5   | 6   | 7   | 8   | 9   | 10   | 11   | 12   | 13   | 14   | 15   | 16   | 17   | 18   | 19   | 20   | 21   | 22   | 23   | 24   | 25   | 26   | 27   | 28   | 29   | 30   | 31   | 32   | 33   | 34   | 35   | 36   | 37   | 38   | 39   | 40   | 41   | 42   | 43   | 44   | 45   | 46   | 47   | 48   | 49   | 50   | 51   | 52   | 53   | 54   | 55   | 56   | 57   | 58   | 59   | 60   | 61   | 62   | 63   | 64   | 65   | 66   | 67   | 68   | 69   | 70   | 71   | 72   | 73   | 74   | 75   | 76   | 77   | 78   | 79   | 80   | 81   | 82   | 83   | 84   | 85   | 86   | 87   | 88   | 89   | 90   | 91   | 92   | 93   | 94   | 95   | 96   | 97   | 98   | 99   | 100   | 101   | 102   | 103   | 104   | 105   | 106   | 107   | 108   | 109   | 110   | 111   | 112   | 113   | 114   | 115   | 116   | 117   | 118   | 119   | 120   | 121   | 122   | 123   |
Bản quyền thuộc về Đại học Quốc gia Hà Nội
Khu đô thị ĐHQGHN tại Hoà Lạc, Thạch Thất, Hà Nội
Giấy phép số 993/GP-TTĐT ngày 20/3/2020 của Sở Thông tin và Truyền thông Hà Nội.
Webmaster: media@vnu.edu.vn
kiemtra_spam@vnu.edu.vn
Trang chủ | Tìm kiếm | Sơ đồ Website | Văn bản