58,994 Hits in 7.8 sec

Policy decomposition for collaborative access control

Dan Lin, Prathima Rao, Elisa Bertino, Ninghui Li, Jorge Lobo
2008 Proceedings of the 13th ACM symposium on Access control models and technologies - SACMAT '08  
To support collaborative access control, in this paper, we propose a novel policy-based access control model.  ...  Access control decisions thus become a collaborative activity in which a global policy must be enforced by a set of collaborating parties without compromising the autonomy or confidentiality requirements  ...  One key requirement in access control approaches for collaborative applications is the notion of collaborative access control by which we mean that several parties participate to make access control decisions  ... 
doi:10.1145/1377836.1377853 dblp:conf/sacmat/LinRBLL08 fatcat:lueg5egbz5bvjgvpwdxbppqk4e

Enabling Advanced and Context-Dependent Access Control in RDF Stores [chapter]

Fabian Abel, Juri Luca De Coi, Nicola Henze, Arne Wolf Koesling, Daniel Krause, Daniel Olmedilla
2007 Lecture Notes in Computer Science  
This paper fills this gap and presents a mechanism by which complex and expressive policies can be specified in order to protect access to metadata in multi-service environments.  ...  Semantic Web databases allow efficient storage and access to RDF statements. Applications are able to use expressive query languages in order to retrieve relevant metadata to perform different tasks.  ...  The set of all boolean expressions applicable to different from clauses are connected by AND.  ... 
doi:10.1007/978-3-540-76298-0_1 fatcat:2ixpuqownjegdden7ci3zbwxhm

EXAM: a comprehensive environment for the analysis of access control policies

Dan Lin, Prathima Rao, Elisa Bertino, Ninghui Li, Jorge Lobo
2010 International Journal of Information Security  
Existing approaches to the problem of analyzing and comparing access control policies are very limited, in that they only deal with some special cases.  ...  Policy integration and inter-operation is often a crucial requirement when parties with different access control policies need to participate in collaborative applications and coalitions.  ...  The restrictions specified by the target and condition elements correspond to the notion of attribute-based access control, under which access control policies are expressed as conditions against the properties  ... 
doi:10.1007/s10207-010-0106-1 fatcat:xijqca26nbahnoth6myfps24ye

Supporting location-based conditions in access control policies

Claudio A. Ardagna, Marco Cremonini, Ernesto Damiani, Sabrina De Capitani di Vimercati, Pierangela Samarati
2006 Proceedings of the 2006 ACM Symposium on Information, computer and communications security - ASIACCS '06  
In this paper, we present an approach to LBAC aimed at integrating location-based conditions along with a generic access control model, so that a requestor can be granted or denied access by checking her  ...  Location-based Access Control (LBAC) techniques allow taking users' physical location into account when determining their access privileges.  ...  and expressive access control policies.  ... 
doi:10.1145/1128817.1128850 dblp:conf/ccs/ArdagnaCDVS06 fatcat:75s3aeimcra7tkkwy73psvdtdq

An algebra for fine-grained integration of XACML policies

Prathima Rao, Dan Lin, Elisa Bertino, Ninghui Li, Jorge Lobo
2009 Proceedings of the 14th ACM symposium on Access control models and technologies - SACMAT '09  
Collaborative and distributed applications, such as dynamic coalitions and virtualized grid computing, often require integrating access control policies of collaborating parties.  ...  We then propose a framework that uses the algebra for the fine-grained integration of policies expressed in XACML.  ...  ACKNOWLEDGEMENTS The work reported in this paper has been partially supported by the NSF grant 0712846 "IPS: Security Services for Healthcare Applications", and MURI award FA9550-08-1-0265 from the Air  ... 
doi:10.1145/1542207.1542218 dblp:conf/sacmat/RaoLBLL09 fatcat:ctzfhkecpffq5jse7ztahbg3du

Ontology-based Policy Anomaly Management for Autonomic Computing

Hongxin Hu, Gail-Joon Ahn, Ketan Kulkarni
2011 Proceedings of the 7th International Conference on Collaborative Computing: Networking, Applications and Worksharing  
Our generic approach captures the common semantics and structure of different types of access control policies with the notion of policy ontology.  ...  However, we still suffer from unintended security leakages by unauthorized actions in business services.  ...  ACKNOWLEDGMENTS This work was partially supported by the grants from National Science Foundation (NSF-IIS-0900970 and NSF-CNS-0831360) and Department of Energy (DE-SC0004308).  ... 
doi:10.4108/icst.collaboratecom.2011.247119 dblp:conf/colcom/HuAK11 fatcat:ekmq6ughdnhozhgbo4c2tsbkje

Internet Security: A Novel Role/Object-Based Access Control for Digital Libraries

Su-Shing Chen, Chee-Yoong Choo, Randy Y. Chow
2006 Journal of Organizational Computing and Electronic Commerce  
Among them, we will consider a novel role/object-based access control mechanism for both subjects and objects in workflow processes of information domains.  ...  Internet-based, real-world applications require appropriate security mechanisms, because potentially millions of users and their agents (or subjects) will access billions of objects of information content  ...  The research is partially supported by the NSF NSDL Program.  ... 
doi:10.1207/s15327744joce1602_1 fatcat:lujh7cmnbbci7l7xpfpe7z3x4u

Access Control in Location-Based Services [chapter]

Claudio A. Ardagna, Marco Cremonini, Sabrina De Capitani di Vimercati, Pierangela Samarati
2009 Lecture Notes in Computer Science  
Such applications introduces new aspects of access control which should be addressed.  ...  On the one side, precise location information may play an important role and can be used to develop Location-based Access Control (LBAC) systems that integrate traditional access control mechanisms with  ...  Acknowledgments This work was supported in part by the EU, within the 7th Framework Programme (FP7/2007-2013) under grant agreement no. 216483 "PrimeLife".  ... 
doi:10.1007/978-3-642-03511-1_5 fatcat:fnfc35xbhfdwvgpmhgxgqkmtly

Formal Engineering of XACML Access Control Policies in VDM++ [chapter]

Jeremy W. Bryans, John S. Fitzgerald
2007 Lecture Notes in Computer Science  
We present a formal, tool-supported approach to the design and maintenance of access control policies expressed in the eXtensible Access Control Markup Language (XACML).  ...  An executable formal model of XACML access control is presented in VDM++.  ...  Expressions may be negated using the Unary type. Infix expressions may be conjunctions or disjunctions of Boolean expressions, and integer expressions may be combined using less-than.  ... 
doi:10.1007/978-3-540-76650-6_4 fatcat:hmkndcktgbeydjip7teeb54ih4

Challenges of Composing XACML Policies

Bernard Stepien, Amy Felty, Stan Matwin
2014 2014 Ninth International Conference on Availability, Reliability and Security  
XACML (eXtensible Access Control Markup Language) is a declarative access control policy language that has unique language constructs for factoring out access control logic.  ...  In this paper we first explore the causes of potential inefficiencies of XACML policies, and then propose a procedure to re-structure policy sets vertically by modifying the distribution of access control  ...  Expressing Access Control Requirements As Decision Trees Decision trees [12] are well-known for expressing access control logic [14] [16] .  ... 
doi:10.1109/ares.2014.38 dblp:conf/IEEEares/StepienFM14 fatcat:t2lljbrnhramhhlqok4uv56x6a

Anomaly discovery and resolution in web access control policies

Hongxin Hu, Gail-Joon Ahn, Ketan Kulkarni
2011 Proceedings of the 16th ACM symposium on Access control models and technologies - SACMAT '11  
We focus on XACML (eXtensible Access Control Markup Language) policy since XACML has become the de facto standard for specifying and enforcing access control policies for various Webbased applications  ...  In this paper, we represent an innovative policy anomaly analysis approach for Web access control policies.  ...  Acknowledgments This work was partially supported by the grants from National Science Foundation (NSF-IIS-0900970 and NSF-CNS-0831360) and Department of Energy (DE-SC0004308 and DE-FG02-03ER25565).  ... 
doi:10.1145/1998441.1998472 dblp:conf/sacmat/HuAK11 fatcat:qz3lssrr3veenpynw5ltpqe5xa

Supporting secure programming in web applications through interactive static analysis

Jun Zhu, Jing Xie, Heather Richter Lipford, Bill Chu
2014 Journal of Advanced Research  
Our evaluations also suggest that false positives may be limited to a very small class of use cases. ª 2013 Production and hosting by Elsevier B.V. on behalf of Cairo University.  ...  Our technical evaluation of our prototype detected multiple zero-day vulnerabilities in a large open source project.  ...  Acknowledgment This work is supported in part by Grants from the National Science Foundation 1044745 and 0830624.  ... 
doi:10.1016/j.jare.2013.11.006 pmid:25685513 pmcid:PMC4294755 fatcat:f42i7dgx7ng6jk3dc54juytmc4

Towards Privacy-Enhanced Authorization Policies and Languages [chapter]

C. A. Ardagna, E. Damiani, S. De Capitani di Vimercati, P. Samarati
2005 Lecture Notes in Computer Science  
In particular, the content of this paper is a result of our ongoing activity in the framework of the PRIME project (Privacy and Identity Management for Europe), funded by the European Commission, whose  ...  Acknowledgments This work was supported in part by the European Union within the PRIME Project in the FP6/IST Programme under contract IST-2002-507591 and by the Italian MIUR within the KIWI and MAPS projects  ...  The access request is processed by the Access Control module (AC module).  ... 
doi:10.1007/11535706_2 fatcat:4qjsi4arfjcphkf6juwa5bf7mi

Page 79 of Journal of Research and Practice in Information Technology Vol. 27, Issue 3 [page]

1995 Journal of Research and Practice in Information Technology  
Tuples are not accessed by name or address, but by content, using the IN or RD commands: (IN (exp)) (exp>) +9 {EXPm) ?  ...  The (remainder) task has alower priority which will be increased if (boolean) evaluates NIL or be set to zero for termination if (boolean) evaluates to not NIL.  ... 

Formal Policy based Authorization Model for Ubiquitous Enterprise Computing Environment

Supreet Kaur, Kawaljeet Singh
2013 International Journal of Computer Applications  
Ubiquitous computing environment demands a dynamic access control mechanism that can adapt to the changing security requirement of the computing environment.  ...  The access request by the subject for object will be evaluated under relevant access control policy rule   U a  .  ...  in which an object resource is being accessed by the subject.  Basic Attribute: Attributes represents the policy base where i ap is a policy rule expressed as Boolean expression which is a function of  ... 
doi:10.5120/12746-9668 fatcat:4jb4jewyuveihg6pqm4hq7byuu
« Previous Showing results 1 — 15 out of 58,994 results