Filters








688,162 Hits in 7.5 sec

Access Control: Policies, Models, and Mechanisms [chapter]

Pierangela Samarati, Sabrina Capitani de Vimercati
2001 Lecture Notes in Computer Science  
The access control decision is enforced by a mechanism implementing regulations established by a security policy.  ...  We discuss several access control policies, and models formalizing them, that have been proposed in the literature or that are currently under investigation. © Ann  ...  Access Control: Policies, Models, and Mechanisms ℘(C ) denotes the powerset of C .  ... 
doi:10.1007/3-540-45608-2_3 fatcat:dqhkjzhi3zfqho3ucba2jawafa

Function-Based Access Control (FBAC): From Access Control Matrix to Access Control Tensor [article]

Yvo Desmedt, Arash Shaghaghi
2016 arXiv   pre-print
Access control models derived from access control matrix encompass three sets of entities, Subjects, Objects and Operations.  ...  The theoretical foundations of FBAC are presented along with Policy, Enforcement and Implementation (PEI) requirements of it.  ...  However, most access control mechanisms in use are based on models, such as Access Control Lists (ACL) and Capabilities [3, 4] , which are derived from the ACM [25] .  ... 
arXiv:1609.04514v1 fatcat:wc32dnwd45aydavplxxx35q7dm

Access Control

Konstantin Beznosov
2005 Zenodo  
Overview: In this module, the principles behind access control mechanisms and policies employed in todays operating systems, middleware, and virtual machines are studied.  ...  The focus shifts to the main types of access control policies: * owner-based Discretionary Access Control (DAC), * lattice-based Mandatory Access Control (MAC), * Chinese Wall model, * Clark-Wilson model  ...  i by student j == AS i jKey Points About Confidentiality ModelsControl information flow  Bell-LaPadula  Often combine MAC (relationship of security levels) and DAC (the required permission)  Don't  ... 
doi:10.5281/zenodo.3264074 fatcat:hjrkp4wg5vashdjw6mewldqfx4

Access Controls [chapter]

Umesh Hodeghatta Rao, Umesha Nayak
2014 The InfoSec Handbook  
An access control is a security feature that controls access to systems and resources in the network.  ...  For example, users who can access the HR and finance department LAN can be restricted.  ...  Access Control Mechanisms make the decisions whether or not to grant access based on the applicable policies and attributes.  ... 
doi:10.1007/978-1-4302-6383-8_4 fatcat:dcl4tprfvvekzkibfnsl4cggza

Dynamic access control

Prasad Naldurg, Roy H. Campbell
2003 Proceedings of the eighth ACM symposium on Access control models and technologies - SACMAT '03  
We investigate the cost of changing access control policies dynamically as a response action in computer network defense.  ...  We compare and contrast the use of access lists and capability lists in this regard, and develop a quantitative feel for the performance overheads and storage requirements.  ...  ACKNOWLEDGMENTS The authors are grateful to Apu Kapadia, Geetanjali Sampemane, Seung Yi, Christopher Andrews and the anonymous reviewers for useful comments and suggestions.  ... 
doi:10.1145/775412.775442 dblp:conf/sacmat/NaldurgC03 fatcat:l36cejsb2jhuljtmxpvwhp2swm

Dynamic access control

Prasad Naldurg, Roy H. Campbell
2003 Proceedings of the eighth ACM symposium on Access control models and technologies - SACMAT '03  
We investigate the cost of changing access control policies dynamically as a response action in computer network defense.  ...  We compare and contrast the use of access lists and capability lists in this regard, and develop a quantitative feel for the performance overheads and storage requirements.  ...  ACKNOWLEDGMENTS The authors are grateful to Apu Kapadia, Geetanjali Sampemane, Seung Yi, Christopher Andrews and the anonymous reviewers for useful comments and suggestions.  ... 
doi:10.1145/775439.775442 fatcat:5edu6rwh7nhepee6hz47fhi6jy

Contractual Access Control [chapter]

Babak Sadighi Firozabadi, Marek Sergot
2004 Lecture Notes in Computer Science  
We argue that existing access control models, which are based on the concepts of permission and prohibition, need to be extended with the concept of entitlement.  ...  In this position paper we discuss the issue of enforcing access policies in distributed environments where there is no central system designer/administrator, and consequently no guarantee that policies  ...  of their behaviour. 1.1 Why traditional access control models are not sufficient Existing access control models are originally designed for distributed applications operating on client-server architectures  ... 
doi:10.1007/978-3-540-39871-4_9 fatcat:ceylaj45jrb7ths3vj7dinpgh4

Supporting relationships in access control using role based access control

John Barkley, Konstantin Beznosov, Jinny Uppal
1999 Proceedings of the fourth ACM workshop on Role-based access control - RBAC '99  
The Role Based Access Control (RBAC) model and mechanism have proven to be useful and effective. This is clear from the many RBAC implementations in commercial products.  ...  Each access control model is thus able to retain its metaphor.  ...  Introduction The Role Based Access Control model and mechanism have proven to be useful and effective.  ... 
doi:10.1145/319171.319177 dblp:conf/rbac/BarkleyBU99 fatcat:4o33m7vgfradtbxkdm4ujmoksy

Persistent access control

Alapan Arnab, Andrew Hutchison
2007 Proceedings of the 2007 ACM workshop on Digital Rights Management - DRM '07  
A formal notation allows for an uniform and unambiguous interpretation and implementation of the access control policies.  ...  In this paper, we discuss how DRM differs as an access control model to the three well known traditional access control models -DAC, MAC and RBAC, and using these existing approaches motivate a set of  ...  We also discussed the interpretation of LiREL, and the implications for the enforcement of DRM policies expressed in LiREL, including multiple conflicting licenses.  ... 
doi:10.1145/1314276.1314286 dblp:conf/drm/ArnabH07 fatcat:pgwczcasjnfvpb5ojq3xior7jm

Controlling Access to Documents: A Formal Access Control Model [chapter]

Paul E. Sevinç, David Basin, Ernst-Rüdiger Olderog
2006 Lecture Notes in Computer Science  
What has been missing until now is an access-control system that is based on a fine-grained access-control model for documents, such as texts, spreadsheets, and presentations, and whose mechanisms not  ...  Informal Description Policy Language Our access-control model is role-based, where policies express relations between roles and permissions and where subjects are users acting in a role.  ... 
doi:10.1007/11766155_25 fatcat:g45jq3x7zzgujateg2blm4xa6i

Comparing simple role based access control models and access control lists

John Barkley
1997 Proceedings of the second ACM workshop on Role-based access control - RBAC '97  
A very simple RBAC model is shown to be no different from a group ACL mechanism from the point of view of its ability to express access control policy.  ...  The functionality of simple Role Based Access Control (RBAC) models are compared to access control lists (ACL).  ...  express access control policy using the very simple RBAC Model RBACM is no different from ACLG which is supported by many ACL mechanisms, e.g., PASC P1003.le[7] and Windows NT[4].  ... 
doi:10.1145/266741.266769 dblp:conf/rbac/Barkley97 fatcat:mjxo2wiuozantmdhvbbilj2eem

Access Control Models

Maria Penelova
2021 Cybernetics and Information Technologies  
Many access control models exist. They vary in their design, components, policies and areas of application.  ...  With the developing of information technologies, more complex access control models have been created. This paper is concerned with overview and analysis for a number of access control models.  ...  ABAC access control mechanism evaluates the attributes, the environmental conditions and the policies and makes an access decision.  ... 
doi:10.2478/cait-2021-0044 fatcat:jaq65u6lcbdwlae4xlsazje6um

Towards Access Control for Isolated Applications

Kirill Belyaev, Indrakshi Ray
2016 Proceedings of the 13th International Joint Conference on e-Business and Telecommunications  
We propose an access control framework for policy formulation, management, and enforcement that allows access to OS resources and also permits controlled collaboration and coordination for service components  ...  The framework consists of two models and the policy formulation is based on the concept of policy classes for ease of administration and enforcement.  ...  The PM follows the attributebased access control model and can express a wide range of policies that arise in enterprise applications and also provides the mechanism for enforcing such policies.  ... 
doi:10.5220/0005970001710182 dblp:conf/secrypt/BelyaevR16 fatcat:x52coqttibfqtdekiujsmouiqa

Access control enforcement testing

Donia El Kateb, Yehia El Rakaiby, Tejeddine Mouelhi, Yves Le Traon
2013 2013 8th International Workshop on Automation of Software Test (AST)  
A policy-based access control architecture comprises Policy Enforcement Points (PEPs), which are modules that intercept subjects access requests and enforce the access decision reached by a Policy Decision  ...  In this paper, we propose an approach to systematically test and validate the correct enforcement of access control policies in a given target application.  ...  Several access control models such as RBAC, MAC, DAC and OrBAC [11] , [4] , [7] , [8] may be used to specify access control policies.  ... 
doi:10.1109/iwast.2013.6595793 dblp:conf/icse/KatebEMT13 fatcat:ajclpkmcxbgf7hyavwvpk2requ

Constraints-Based Access Control [chapter]

Wee Yeh Tan
2002 Database and Application Security XV  
The ability of this access control mechanism to express the security policy can make or break the system.  ...  This paper introduces constraints-based access control (CBAC) -an access control mechanism that general associations between users and permissions are specified by the rules (or constraints) goveming the  ...  access control mechanism.  ... 
doi:10.1007/978-0-387-35587-0_3 fatcat:3us7xisyrrd4jjqf5odnwtvq7u
« Previous Showing results 1 — 15 out of 688,162 results