Manachai Toahchoodee

Learn More
We propose a methodology, based on Aspect-Oriented Modeling (AOM), for incorporating security mechanisms in an application. The functionality of the application is described using the primary model and the attacks are specified using aspects. The attack aspect is composed with the primary model to obtain the misuse model. The misuse model describes how much(More)
The traditional access control models, such as Role-Based Access Control (RBAC) and Bell-LaPadula (BLP), are not suitable for pervasive computing applications which typically lack well-defined security perimeters and where all the entities and interactions are not known in advance. We propose an access control model that handles such dynamic applications(More)
Pervasive computing applications have unique characteristics that preclude the use of traditional access control models, such as Role-Based Access Control (RBAC), for their protection. Such models do not take into account contextual information before making access decisions and cannot handle the dynamism inherent in pervasive computing applications.(More)
Designing secure systems is a nontrivial task. Incomplete or faulty designs can cause security mechanisms to be incorrectly incorporated in a system, allowing them to be bypassed and resulting in a security breach. We advocate the use of the Aspect-Oriented Risk-Driven Development (AORDD) methodology for developing secure systems. This methodology begins(More)
With the rapid growth in wireless networks and sensor and mobile devices, we are moving towards an era of pervasive computing. Access control is challenging in these environments. In this work, we propose a trust based approach for access control for pervasive computing systems. Our previously proposed belief based trust model is used to evaluate the(More)
Traditional access control models, such as Role-Based Access Control (RBAC), do not take into account contextual information, such as location and time, for making access decisions. Consequently, they are inadequate for specifying the access control needs of many complex real-world applications, such as the Dengue Decision Support (DDS) that we discuss in(More)
Pervasive computing applications use the knowledge of the environment to provide better services and functionality to the end user. Access control for such applications needs to use contextual information. Towards this end, we proposed an access control model based on RBAC that uses the environmental contexts time and location to determine whether a user(More)
With the growing use of wireless networks and mobile devices, we are moving towards an era of pervasive computing. Such environments will spawn new applications that use contextual information to provide enhanced services. Traditional access control models cannot protect such applications because the access requirements may be contingent upon the location(More)