Development of a Web Access Control Technique Based User Access Behavior
The development and the wide spread use of the World Wide Web allow for convenient electronic data storage and distribution all over the world. This convenience has forced organizations in both private and public sectors to make their data available on the web with restricted or limited use. Thes...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English |
| Published: |
2004
|
| Subjects: | |
| Online Access: | http://psasir.upm.edu.my/id/eprint/5925/1/FK_2004_44%20IR.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my-upm-ir.5925 |
|---|---|
| record_format |
uketd_dc |
| spelling |
my-upm-ir.59252022-02-07T07:39:24Z Development of a Web Access Control Technique Based User Access Behavior 2004-06 Abdelrahman, Selmaelsheikh The development and the wide spread use of the World Wide Web allow for convenient electronic data storage and distribution all over the world. This convenience has forced organizations in both private and public sectors to make their data available on the web with restricted or limited use. These data includes sensitive data that can be released only to specific requesters. This situation calls for the need of a access control techniques capable of capturing and enforcing the different requirements that the data producer (publisher) may need to control access their data. In fact, there is a need for fine-grained access control techniques which limit access of specific individuals to resources. Previous studies have not yet designed such a system that is reliable enough for such critical applications. This thesis discusses about designs and develops techniques and algorithms for performing web access control. The major objective of the proposed technique referred to as a Secure Web Access Control (SWAC) is to provide mechanisms for control web access based on user access behavior. The SWAC controls access to the web pages depending on user password, date of last request, page visited (URL) and status action. In SWAC technique active user's access transaction pattern is matched with user access transaction pattern discovered from user access history based on mining techniques. A set of algorithms is used for mining user access behavior, preprocessing tasks for data preparation, association rules for defining the rules that describe the correlation between web user access transaction entries patterns, and sequential pattern discovery for finding the sequences of the web user access transaction entries pattern using Prefixspan (Pattern growth via frequent sequence lattice) algorithms. The output is filtered using the query database system (SQL structure query language) to produce the interested web user access transaction entries pattern. Finally the rules induction is applied to the output pattern to make the access control decision (page access is permitted or denied). The necessary steps for the proposed technique are identified, and algorithms of these steps are developed and implemented using Active Server Page (ASP) and then tested on two web pages. The results show that proper preprocessing of the web user access transaction data is required to obtain meaningful user access transaction patterns that could be used to design web access control based on user access behavior. In SWAC the evidence combination technique is developed to provide an access control technique that allows only the authorized users to access to the web data and controls their access authorization. The technique determines which users can access web page resources and ensures that access is restricted to authorized users who have been successlly authenticated. The results of testing the SWAC show good results. The study concludes that limited access to web page resources based on knowledge discovery from a user access behavior gives practical and desirable web access control, and thus is an interesting research direction for future work. Web sites - Authoring programs - Case studies 2004-06 Thesis http://psasir.upm.edu.my/id/eprint/5925/ http://psasir.upm.edu.my/id/eprint/5925/1/FK_2004_44%20IR.pdf text en public doctoral Universiti Putra Malaysia Web sites - Authoring programs - Case studies Engineering Daud, Mohamed |
| institution |
Universiti Putra Malaysia |
| collection |
PSAS Institutional Repository |
| language |
English |
| advisor |
Daud, Mohamed |
| topic |
Web sites - Authoring programs - Case studies |
| spellingShingle |
Web sites - Authoring programs - Case studies Abdelrahman, Selmaelsheikh Development of a Web Access Control Technique Based User Access Behavior |
| description |
The development and the wide spread use of the World Wide Web allow for convenient
electronic data storage and distribution all over the world. This convenience has forced
organizations in both private and public sectors to make their data available on the web
with restricted or limited use. These data includes sensitive data that can be released only
to specific requesters. This situation calls for the need of a access control techniques
capable of capturing and enforcing the different requirements that the data producer
(publisher) may need to control access their data. In fact, there is a need for fine-grained
access control techniques which limit access of specific individuals to resources. Previous
studies have not yet designed such a system that is reliable enough for such critical
applications.
This thesis discusses about designs and develops techniques and algorithms for
performing web access control. The major objective of the proposed technique referred to
as a Secure Web Access Control (SWAC) is to provide mechanisms for control web access based on user access behavior. The SWAC controls access to the web pages
depending on user password, date of last request, page visited (URL) and status action. In
SWAC technique active user's access transaction pattern is matched with user access
transaction pattern discovered from user access history based on mining techniques. A set
of algorithms is used for mining user access behavior, preprocessing tasks for data
preparation, association rules for defining the rules that describe the correlation between
web user access transaction entries patterns, and sequential pattern discovery for finding
the sequences of the web user access transaction entries pattern using Prefixspan (Pattern
growth via frequent sequence lattice) algorithms. The output is filtered using the query
database system (SQL structure query language) to produce the interested web user
access transaction entries pattern. Finally the rules induction is applied to the output
pattern to make the access control decision (page access is permitted or denied).
The necessary steps for the proposed technique are identified, and algorithms of these
steps are developed and implemented using Active Server Page (ASP) and then tested on
two web pages.
The results show that proper preprocessing of the web user access transaction data is
required to obtain meaningful user access transaction patterns that could be used to
design web access control based on user access behavior. In SWAC the evidence
combination technique is developed to provide an access control technique that allows
only the authorized users to access to the web data and controls their access
authorization. The technique determines which users can access web page resources and ensures that access is restricted to authorized users who have been successlly
authenticated. The results of testing the SWAC show good results.
The study concludes that limited access to web page resources based on knowledge
discovery from a user access behavior gives practical and desirable web access control,
and thus is an interesting research direction for future work. |
| format |
Thesis |
| qualification_level |
Doctorate |
| author |
Abdelrahman, Selmaelsheikh |
| author_facet |
Abdelrahman, Selmaelsheikh |
| author_sort |
Abdelrahman, Selmaelsheikh |
| title |
Development of a Web Access Control Technique Based User Access Behavior |
| title_short |
Development of a Web Access Control Technique Based User Access Behavior |
| title_full |
Development of a Web Access Control Technique Based User Access Behavior |
| title_fullStr |
Development of a Web Access Control Technique Based User Access Behavior |
| title_full_unstemmed |
Development of a Web Access Control Technique Based User Access Behavior |
| title_sort |
development of a web access control technique based user access behavior |
| granting_institution |
Universiti Putra Malaysia |
| granting_department |
Engineering |
| publishDate |
2004 |
| url |
http://psasir.upm.edu.my/id/eprint/5925/1/FK_2004_44%20IR.pdf |
| _version_ |
1747810510632386560 |