Filters








6,863 Hits in 4.6 sec

Constraining Credential Usage in Logic-Based Access Control

Lujo Bauer, Limin Jia, Divya Sharma
2010 2010 23rd IEEE Computer Security Foundations Symposium  
Authorization logics allow concise specification of flexible access-control policies, and are the basis for logic-based access-control systems.  ...  Proofs in authorization logics can serve as capabilities for gaining access to resources.  ...  The enforcement of credential revocation in logic-based access-control systems is often implemented in one of the following ways.  ... 
doi:10.1109/csf.2010.18 dblp:conf/csfw/BauerJS10 fatcat:4bmrgxgdsrg5nmeuacyedertsq

Secure and Authorized Client-to-Client Communication for LwM2M [article]

Leandro Lanzieri, Peter Kietzmann, Thomas C. Schmidt, Matthias Wählisch
2022 arXiv   pre-print
access to resources.  ...  Constrained devices on the Internet of Things (IoT) continuously produce and consume data.  ...  logic of connection handling and client credential management.  ... 
arXiv:2203.03450v1 fatcat:wwwrnvyzbrgzrbygceoeqf2x6i

Enhancing grid security by fine-grained behavioral control and negotiation-based authorization

Hristo Koshutanski, Aliaksandr Lazouski, Fabio Martinelli, Paolo Mori
2009 International Journal of Information Security  
Nowadays Grid has become a leading technology in distributed computing.  ...  Most existing authorization models for Grid have granularity to manage access to service invocations while behavioral monitoring of applications executed by these services remains a responsibility of a  ...  There are available tools supporting system administrators in writing security policies, such as the graphical policy editor UMU-XACML-Editor 6 .  ... 
doi:10.1007/s10207-009-0083-4 fatcat:6ixtorjdpbfirdwfpzyzlb3rby

Toward a Lightweight Authentication and Authorization Framework for Smart Objects

Jose L. Hernandez-Ramos, Marcin Piotr Pawlowski, Antonio J. Jara, Antonio F. Skarmeta, Latif Ladid
2015 IEEE Journal on Selected Areas in Communications  
The resulting architecture is intended to provide a holistic security approach to be leveraged in the design of novel and lightweight security protocols for IoT constrained environments.  ...  In this emerging ecosystem, the application of standard security technologies has to cope with the inherent nature of constrained physical devices, which are seamlessly integrated into the Internet infrastructure  ...  In addition, it has been supported by the Swiss national government through the Sciex-NMSch (Scientific Exchange Programme between Switzerland and the New Member States of the EU) with the project code  ... 
doi:10.1109/jsac.2015.2393436 fatcat:zjjuso7gvjdblkawalxd44ku5q

New paradigms for access control in constrained environments

A. Cherkaoui, L. Bossuet, L. Seitz, G. Selander, R. Borgaonkar
2014 2014 9th International Symposium on Reconfigurable and Communication-Centric Systems-on-Chip (ReCoSoC)  
This paper adresses authentication and access control in the frame of the IoT.  ...  To be successfully used in the IoT context, this technology needs to be embedded in a standardized identity and access management framework.  ...  ACKNOWLEDGMENT This research work is in the frame of the EIT (European Institute of innovation and Technology) ICT activity 14056.  ... 
doi:10.1109/recosoc.2014.6861362 dblp:conf/recosoc/CherkaouiBSSB14 fatcat:t4pq7rz2djbbphu7v7lhacz3qi

Credentials Management for High-Value Transactions [chapter]

Glenn Benson, Shiu-Kai Chin, Sean Croston, Karthick Jayaraman, Susan Older
2010 Lecture Notes in Computer Science  
As assurance is crucial for high-value transactions, we use an access-control logic to: (1) describe the protocol, (2) assure the logical consistency of the operations, and (3) to make the trust assumptions  ...  PKM reinterprets traditional public key infrastructure (PKI) for use in high-value commercial transactions, which require additional controls on the use of credentials for authentication and authorization  ...  The access-control logic we use is based on Abadi and Plotkin's work [9] , with modifications described in [10] .  ... 
doi:10.1007/978-3-642-14706-7_13 fatcat:ynd5lbdxgnapjhwuvonomnsb3e

A Novel Privacy Preserving Authentication and Access Control Scheme for Pervasive Computing Environments

K. Ren, W. Lou, K. Kim, R. Deng
2006 IEEE Transactions on Vehicular Technology  
In this paper, a novel privacy preserving authentication and access control scheme to secure the interactions between mobile users and services in PCEs is proposed.  ...  Differentiated service access control is also enabled in the proposed scheme by classifying mobile users into different service groups.  ...  We verified the correctness of the proposed scheme in the above section based on the well-known BAN logic.  ... 
doi:10.1109/tvt.2006.877704 fatcat:as5sz6ckubhfdgbdm42s7ekgtu

Security Enforcement Model for Distributed Usage Control

Xinwen Zhang, Jean-Pierre Seifert, Ravi Sandhu
2008 2008 IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (sutc 2008)  
Recently proposed usage control concept and models extend traditional access control models with features for contemporary distributed computing systems, including continuous access control in dynamic  ...  In this paper we identify the general requirements of a trusted usage control enforcement in heterogeneous computing environments, and then propose a general platform architecture and enforcement mechanism  ...  the user based on the presented credentials.  ... 
doi:10.1109/sutc.2008.79 dblp:conf/sutc/ZhangSS08 fatcat:xwq4nz5bundjnlgolbvlph7t2i

Using SAML and XACML for Complex Authorisation Scenarios in Dynamic Resource Provisioning

Yuri Demchenko, Leon Gommans, Cees de Laat
2007 The Second International Conference on Availability, Reliability and Security (ARES'07)  
This paper presents ongoing research and current results on the development of flexible access control infrastructures for complex resource provisioning in Grid-based collaborative applications and on-demand  ...  The paper is based on experiences gained from major Grid based and Grid oriented projects such as EGEE, NextGrid, Phosphorus and GigaPort Research on Network.  ...  The authors believe that the proposed access control architecture for CRP and related technical solutions will also be useful to the wider community that has similar problems with managing access control  ... 
doi:10.1109/ares.2007.157 dblp:conf/IEEEares/DemchenkoGL07 fatcat:yhuywigecfg6bbr235jjv4tcpu

TruWalletM: Secure Web Authentication on Mobile Platforms [chapter]

Sven Bugiel, Alexandra Dmitrienko, Kari Kostiainen, Ahmad-Reza Sadeghi, Marcel Winandy
2011 Lecture Notes in Computer Science  
In particular, the protection of login credentials when accessing web services becomes crucial under phishing and malware attacks.  ...  In this paper, we show how to use these mechanisms, in particular trusted execution environments, to protect the user's login credentials.  ...  Conclusion and Future Work In this paper, we present a secure wallet-based system and protocols for protecting user credentials on mobile devices used to access Internet services.  ... 
doi:10.1007/978-3-642-25283-9_15 fatcat:ot2gkcvtofdvbisocljxlnbcue

Web API Management Meets the Internet of Things [chapter]

Paul Fremantle, Jacek Kopecký, Benjamin Aziz
2015 Lecture Notes in Computer Science  
as well as usage control and throttling.  ...  Web API management is a key aspect of service-oriented systems that includes the following elements: metadata publishing, access control and key management, monitoring and monetization of interactions,  ...  -Monitoring the usage of specific clients in order to be able to limit access or charge for API usage.  ... 
doi:10.1007/978-3-319-25639-9_49 fatcat:wovbhzieyjgb3h3q2qijwq2zei

Tracking and Constraining Authorization Provenance [chapter]

Jinwei Hu, Khaled M. Khan, Yun Bai, Yan Zhang
2012 Lecture Notes in Computer Science  
In this paper, we study a notion of authorization provenance, based on a recently proposed logic in the literature.  ...  It appears important to define authorization provenance to (1) analyze policy bases, (2) defend against a class of attacks, and (3) audit authorizations.  ...  In this paper, we attempt to track and constrain authorization provenance with respect to logic-based policy bases.  ... 
doi:10.1007/978-3-642-31087-4_68 fatcat:6n4fpemxx5c35mwrktiusza5le

Preserving Smart Objects Privacy through Anonymous and Accountable Access Control for a M2M-Enabled Internet of Things

José Hernández-Ramos, Jorge Bernabe, M. Moreno, Antonio Skarmeta
2015 Sensors  
The resulting alternatives are intended to enable an anonymous and accountable access control approach to be deployed on large-scale scenarios, such as Smart Cities.  ...  Furthermore, the proposed mechanisms have been deployed on constrained devices, in order to assess their suitability for a secure and privacy-preserving M2M-enabled Internet of Things.  ...  Skarmeta were in charge of reviewing the structure and content of the manuscript.  ... 
doi:10.3390/s150715611 pmid:26140349 pmcid:PMC4541847 fatcat:lj6fxvebhbeq3eracqxlv7ijfq

Logical attestation

Emin Gün Sirer, Willem de Bruijn, Patrick Reynolds, Alan Shieh, Kevin Walsh, Dan Williams, Fred B. Schneider
2011 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles - SOSP '11  
Logical attestation is based on attributable, unforgeable statements about program properties, expressed in a logic.  ...  These statements are suitable for mechanical processing, proof construction, and verification; they can serve as credentials, support authorization based on expressive authorization policies, and enable  ...  This work was supported in part by ONR grant N00014-09-1-0652, AFOSR grant F9550-06-0019, NSF grants 0430161, 0964409, CNS-1111698 and CCF-0424422 (TRUST), and a gift from Microsoft Corporation.  ... 
doi:10.1145/2043556.2043580 dblp:conf/sosp/SirerBRSWWS11 fatcat:kudazvqssvdknbygjazbqxdduy

Certificate Linking and Caching for Logical Trust [article]

Qiang Cao, Vamsi Thummala, Jeffrey S. Chase, Yuanjun Yao, Bing Xie
2017 arXiv   pre-print
access control, and a federated infrastructure-as-a-service system.  ...  Linking allows granular control over dynamic logic content based on dependency relationships, enabling a logic server to make secure inferences at high throughput.  ...  Listing 1: Policy rule for capability-based access control. The meaning of capability-based access control is easily captured in a recursive logic policy rule (Listing 1).  ... 
arXiv:1701.06562v1 fatcat:tb6gpk6nfnamha2qsl4ncohyv4
« Previous Showing results 1 — 15 out of 6,863 results