43,955 Hits in 6.9 sec

Policy Administration in Tag-Based Authorization [chapter]

Sandro Etalle, Timothy L. Hinrichs, Adam J. Lee, Daniel Trivellato, Nicola Zannone
2013 Lecture Notes in Computer Science  
Tag-Based Authorization (TBA) is a hybrid access control model that combines the ease of use of extensional access control models with the expressivity of logic-based formalisms.  ...  In this paper we introduce TBA 2 (Tag-Based Authorization & Administration), an extension of TBA that enables policy administration in distributed systems.  ...  Lee was supported in part by the US National Science Foundation under awards CNS-0964295 and CNS-1228697.  ... 
doi:10.1007/978-3-642-37119-6_11 fatcat:7pkimeqzjrexfpmrrs376ucye4

Managing security policies in a distributed environment using eXtensible markup language (XML)

Nathan N. Vuong, Geoffrey S. Smith, Yi Deng
2001 Proceedings of the 2001 ACM symposium on Applied computing - SAC '01  
An example is given using our proposed concepts with Java 1 and Role-Based Access Control (RBAC) policies.  ...  Another area of research that is just as important, but has received little attention, is the management of security policies in a distributed environment.  ...  It is useful to separate authorization into two subcategories, policy and mechanism [4] as depicted in Figure 1 .  ... 
doi:10.1145/372202.372386 dblp:conf/sac/VuongSD01 fatcat:plss43fxanalxaee2fppqonbwi

Enforcing Network-Wide Policies in the Presence of Dynamic Middlebox Actions using FlowTags

Seyed Kaveh Fayazbakhsh, Luis Chiang, Vyas Sekar, Minlan Yu, Jeffrey C. Mogul
2014 Symposium on Networked Systems Design and Implementation  
SDN controllers can configure the tag generation and tag consumption operations using new FlowTags APIs.  ...  We develop new controller mechanisms that leverage FlowTags. We show the feasibility of minimally extending middleboxes to support FlowTags.  ...  This work was supported in part by grant number N00014-13-1-0048 from the Office of Naval Research and by Intel Labs' University Research Office.  ... 
dblp:conf/nsdi/FayazbakhshCSYM14 fatcat:l3oesvli3fbrreuoqhllk5vhme

Information Flow Control for Intrusion Detection Derived from MAC Policy

Stephane Geller, Christophe Hauser, Frederic Tronel, Valerie Viet Triem Tong
2011 2011 IEEE International Conference on Communications (ICC)  
MAC implementations such as SELinux and AppArmor come with a default policy including real life and practical rules ready to be used as is or as a basis for a custom policy.  ...  In this paper, we first propose an extension of an IDS based on information flow control. We address issues concerning programs execution and improve its expressiveness in terms of security policy.  ...  The policy is centrally controlled by a security policy administrator, and users cannot modify it.  ... 
doi:10.1109/icc.2011.5962660 dblp:conf/icc/GellerHTT11 fatcat:egofgev3l5erjigy5v47gj2nxm

Secure data access control with perception reasoning

2018 Advances in Distributed Computing and Artificial Intelligence Journal  
In role activation process, the knowledge of reason used for data collection and usage is declared; this can allow the administrator to declare the policies which are context based.  ...  However, such a mechanism lacks the location constraints and has difficulty in  ...  In addition, it encompasses the enforcement and implementation of the access control policies by means of policy syntax that is introduced in its mechanism.  ... 
doi:10.14201/adcaij2018711328 fatcat:ihooy4h4trdarpa6e4h2r3by6e

Content-Based Access Control: Use data content to assist access control for large-scale content-centric databases

Wenrong Zeng, Yuhao Yang, Bo Luo
2014 2014 IEEE International Conference on Big Data (Big Data)  
In conventional database access control models, access control policies are explicitly specified for each role against each data object.  ...  In CBAC, each user is allowed by an MLS or RBAC rule to access a large set of data objects, while the CBAC rule imposes an additional layer of restrictions that the user could only access "a subset" of  ...  ACKNOWLEDGMENT The work has been in part supported by NSF CNS-1422206, NSF OIA-1028098, and the University of Kansas General Research Fund GRF-230142.  ... 
doi:10.1109/bigdata.2014.7004294 dblp:conf/bigdataconf/ZengYL14 fatcat:ycm5rrzlk5auzl377pemi3llja

X-GTRBAC: an XML-based policy specification framework and architecture for enterprise-wide access control

Rafae Bhatti, Arif Ghafoor, Elisa Bertino, James B. D. Joshi
2005 ACM Transactions on Privacy and Security  
An application level interface for implementing the policy in the X-GTRBAC system is also provided to consolidate the ideas presented in the paper.  ...  In this paper, we investigate these challenges, and present X-GTRBAC, an XML-based GTRBAC policy specification language and its implementation for enforcing enterprise-wide access control.  ...  XML documents are used in the process of policy administration.  ... 
doi:10.1145/1065545.1065547 fatcat:krptzlclxfbkxmtyedpzcfseeu

Efficient model and Mechanism for Multiparty Access Control on Social Networks

2014 International Journal of Research and Applications  
We formulate an access control model to capture the essence of multiparty authorization requirements, along with a multiparty policy specification scheme and a policy enforcement mechanism.  ...  Besides, we present a logical representation of our access control model which allows us to leverage the features of existing logic solvers to perform various analysis tasks on our model.  ...  Each tag is a Although OSNs presently implement simple access regulation mechanisms grant users to control access to information consist of in their own spaces, users, unfortunately, have no control over  ... 
doi:10.17812/ijra.1.4(40)2014 fatcat:mosukmzfozcidby6hps5fn6une

Utilizing Semantic Tags for Policy Based Networking

Sethuram Balaji Kodeswaran, Olga Ratsimor, Anupam Joshi, Filip Perich
2007 IEEE GLOBECOM 2007-2007 IEEE Global Telecommunications Conference  
Using this model, a policy decision point can reason over these tags and infer the correct set of operations to invoke.  ...  Commonly used policy specification mechanisms are, however, limited in their expressibility and rely mostly on packet headers that convey limited information about the semantics of the content.  ...  A key differentiator between our approach and the traditional AN approaches is that while we rely on tags in the packet stream, it is the router (using its specified policies) that controls how the packet  ... 
doi:10.1109/glocom.2007.375 dblp:conf/globecom/KodeswaranRJP07 fatcat:naac5tne4jf4jarclawu5wys44

Design Patterns for Multiple Stakeholders in Social Computing [chapter]

Pooya Mehregan, Philip W. L. Fong
2014 Lecture Notes in Computer Science  
In social computing, multiple users may have privacy stakes in a content (e.g., a tagged photo). They may all want to have a say on the choice of access control policy for protecting that content.  ...  A challenge of existing multiple-stakeholder schemes is that they can be very complex. In this work, we consider the possibility of simplification in special cases.  ...  This work is supported in part by an NSERC Discovery Grant and a Canada Research Chair.  ... 
doi:10.1007/978-3-662-43936-4_11 fatcat:i5b72prpjzgmpdzf3gkrrl4qoa

CooPeD: Co-owned Personal Data management

Lorena González-Manzano, Ana I. González-Tablas, José M. de Fuentes, Arturo Ribagorda
2014 Computers & security  
Firstly, a feasibility analysis for dierent architectures of CooPeD's model and mechanism, as well as of CooPeD's mechanism in Facebook is performed.  ...  In this regard, CooPeD (Co-owned Personal Data management), a system that deals with co-ownership management of decomposable objects, is proposed. CooPeD is formed by a model and a mechanism.  ...  Appendix A. Survey structure This Section depicts the survey which was sent to users worldwide, see Figure A .11 and A.12. Although the one presented herein is in English, it was translated  ... 
doi:10.1016/j.cose.2014.06.003 fatcat:a4k3exijbrad3nybfvcfvpgxn4


Zhi Yang, Lihua Yin, Miyi Duan, Shuyuan Jin
2011 Proceedings of the 18th ACM conference on Computer and communications security - CCS '11  
Decentralized information flow control (DIFC) is a recent important innovation with flexible mechanisms to improve the availability of traditional information flow models.  ...  However, the flexibility of DIFC models also makes specifying and managing DIFC policies a challenging problem.  ...  These mechanisms often make administrators lack confidence in whether the resulting policy configurations indeed enforce the desired objectives.  ... 
doi:10.1145/2046707.2093515 fatcat:x66nwtduuzgclb6ubs6repgpaq

SPIDERNet: the Security Policy Derivation for Networks Tool

François Barrère, Abdelmalek Benzekri, Frédéric Grasset, Romain Laborde, Bassem Nasser
2003 Latin American Network Operations and Management Symposium  
After shedding light on the weaknesses of the access control models, we show the strong tie between the policy defined by the system administrator and that defined by the network administrator.  ...  The design of such models must allow to approach the security concerns in a pragmatic way rather than relying exclusively on the expertise of the network administrator.  ...  Traditionally the Access Control Models (ACMs) were used to define and put in place a security policy [14] . The system is modelled in term of objects and subjects.  ... 
dblp:conf/lanoms/BarrereBGLN03 fatcat:ifdeegtcrray3plyppdvbqkg54

Policy-Based Access Control Framework for Grid Computing

Jin Wu, C.B. Leangsuksun, V. Rampure, Hong Ong
2006 Sixth IEEE International Symposium on Cluster Computing and the Grid (CCGRID'06)  
Thus, it is important to provide a uniform access and management mechanism couple with finegrain usage policies for enforcing authorization.  ...  In this paper, we describe our work on enabling finegrain access control for resource usage and management.  ...  The simple access control mechanism in existing tools is not sufficient to meet this requirement. In this paper, we address this particular issue.  ... 
doi:10.1109/ccgrid.2006.80 dblp:conf/ccgrid/WuLRO06 fatcat:rm45kixhe5blxpvorjwkvz3wxq

Semantic web-based social network access control

Barbara Carminati, Elena Ferrari, Raymond Heatherly, Murat Kantarcioglu, Bhavani Thuraisingham
2011 Computers & security  
To address some of the current limitations, we have created an experimental social network using synthetic data which we then use to test the efficacy of the semantic reasoning based approaches we have  ...  Improving social network access control systems appears as the first step toward addressing the existing security and privacy concerns related to online social networks.  ...  Raymond Heatherly is a Ph.D. student of computer Science at the University of Texas at Dallas, working in the Data Security and Privacy research lab at the institution.  ... 
doi:10.1016/j.cose.2010.08.003 fatcat:6eby536nt5bfdhm35r2qkyf374
« Previous Showing results 1 — 15 out of 43,955 results