14 Hits in 5.1 sec

A Rigorous Framework for Specification, Analysis and Enforcement of Access Control Policies

Andrea Margheri, Massimiliano Masi, Rosario Pugliese, Francesco Tiezzi
2017 IEEE Transactions on Software Engineering  
Policies can use operators that combine, according to different strategies, not-app and indet decisions with the others.  ...  To improve code readability, we use the infix notation for operators, a textual notation for permissions and an additional check on the subject role.  ...  with formal methods.  ... 
doi:10.1109/tse.2017.2765640 fatcat:d7lsslgxfbcwzd2ami6e37vxom

A Rigorous Framework for Specification, Analysis and Enforcement of Access Control Policies [article]

Andrea Margheri, Massimiliano Masi, Rosario Pugliese, Francesco Tiezzi
2016 arXiv   pre-print
Access control systems are widely used means for the protection of computing systems. They are defined in terms of access control policies regulating the accesses to system resources.  ...  Effectiveness and performance of the analysis rely on a semantic-preserving representation of FACPL policies in terms of SMT formulae and on the use of efficient SMT solvers.  ...  The tools allow access control system developers to use formally-defined functionalities without requiring them to be familiar with formal methods.  ... 
arXiv:1612.09339v1 fatcat:usyt5oh2bnbt3m4ie7o67r65ou

Semantic security: specification and enforcement of semantic policies for security-driven collaborations

R O Sinnott, T Doherty, N Gray, J Lusted
2009 Studies in Health Technology and Informatics  
However it is the case that existing security authorization solutions are fragile, inflexible and difficult to establish and maintain.  ...  to security policy specification and enforcement can address many of the limitations with existing security solutions.  ...  The technology that allows us to articulate this relationship, and state formally that a 'nurse' IsA 'healthcare worker' is an ontology, and is key to semantic web technology.  ... 
pmid:19593058 fatcat:ol7qblybyjdepphdlmvo5rtasm

Access control for local personal smart spaces

Brian Greaves, Marijke Coetzee
2015 2015 Information Security for South Africa (ISSA)  
Section 7.3 formally defines the access control model used in the LPSS framework and validates it through the use of scenario-based examples. The chapter is then concluded.  ...  and policy sets as well as the rule combining algorithms (RCAs) used in XACML.  ... 
doi:10.1109/issa.2015.7335056 dblp:conf/issa/GreavesC15 fatcat:hdyghge7djhnxp2wr4ukcqi2ri

HYPERRIDE ICT platform specification

M. Mammina, A. Rossi, H. Humer, P. Smith, F. Bellesini, E Mancinelli, A. Dognini, C. Joglekar, Z. Pan
2021 Zenodo  
A central logic allows to coordinate the needs and capacities of all generators, network operators, end users and stakeholders in the electricity market in order to: optimise the use and operation of resources  ...  Measurement sensors, actuators, automation devices, information technology and communication equipment permit to exchange information and to send command, control, and automation signals from the digital  ...  Policies are created automatically when defining a role in the IdM (formally written in XACML by the system); however, users are allowed to write custom rules using the Extensible Markup Language (XML)  ... 
doi:10.5281/zenodo.5537586 fatcat:avm6wndutbfz7cnq7sdpks3uvq

A review of attacks and security approaches in open multi-agent systems

Shahriar Bijani, David Robertson
2012 Artificial Intelligence Review  
A limitation of both conceptual modeling and language-based frameworks is difficulty of formalising realistic policies using annotations. iv Finally, the proposed security-typed LCC is applied to a cloud  ...  One way to build large-scale autonomous systems is to develop an open multi-agent system using peer-to-peer architectures in which agents are not pre-engineered to work together and in which agents themselves  ...  They have introduced a formal model of distributed monitoring and a formal method and an algorithm to detect maximal malicious group of attackers using a coordination graph (nodes are states and arcs are  ... 
doi:10.1007/s10462-012-9343-1 fatcat:ppins5fil5hztjftmzbgzknzli

Analysis of ontologies and policy languages to represent information flows in GDPR

Beatriz Esteves, Víctor Rodríguez-Doncel, Michel Dumontier, Sabrina Kirrane, Oshani Seneviratne
2022 Semantic Web Journal  
This article surveys existing vocabularies, ontologies and policy languages that can be used to represent informational items referenced in GDPR rights and obligations, such as the 'notification of a data  ...  . 13 privacy-related policy languages and 9 data protection vocabularies and ontologies are studied in relation to this list of informational items.  ...  Acknowledgements This research has been supported by European Union's Horizon 2020 research and innovation programme under the Marie Skłodowska-Curie grant agreement No 813497 (PROTECT).  ... 
doi:10.3233/sw-223009 fatcat:k6ne3yxrobbp3msouvh5ufadda

Extended Policy-Based Management Framework to Provide Always Best Connected Services in Heterogeneous Mobile Environments [article]

Mayank Keshariya, University Of Canterbury
We present performance analysis to validate our architectural approach.  ...  Sometimes referred to as 4th generation (4G) networks, the overall objective of this research is to provide a managed Always Best Connected (ABC) service over underlying heterogeneous wireless and mobile  ...  [143] proposed a method to detect a modality conflict in the RBAC model by using a decision table.  ... 
doi:10.26021/2135 fatcat:pmkd5tojxzb6hcutkwarf5co5i

Identity Management in Business Process Modelling: A Model-Driven Approach

Heiko Klarl, Christian Wolff, Christian Emig
The modelling of business processes is widely used in enterprises.  ...  Due to the business-driven background of access control, this kind of requirement should be collected at the business site's business process model.  ...  Access permissions can be specified for methods and method categories at a technical level. A Java-based tool allows the generation of XACML policies.  ... 
doi:10.5445/ir/1000009885 fatcat:g5runmdgbvdvhgh72igt3ftt3u

A Security Gateway for Web Service Protocols

Dong Huang
We use Description Logics (DL) to provide a formalisation of XACML. At the root of all XACML policies is a Policy or a PolicySet.  ...  XACML enables the use of arbitrary attributes in policies, allows for the expression of "deny" policies and enables the use of hierarchical RBAC.  ...  This makes it easy to use the Prefuse graphs and trees in our management tools. The following code helps with the integration of Prefuse graphs into our approach.  ... 
doi:10.5445/ir/1000007201 fatcat:krgy5grbq5ad3fgrm2jtuf34s4

On harnessing information models and ontologies for policy conflict analysis

Steven Davy, Brendan Jennings, John Strassner
2009 2009 IFIP/IEEE International Symposium on Integrated Network Management  
Policy renement and policy verication/validation have been integrated into the policy authoring process in this thesis, but more research is required to realise these processes for use with the formalised  ...  There is a very well dened method of searching and transforming the elements of this set using the formal approach taken. Maps are used to describe relationships between sets of entities.  ... 
doi:10.1109/inm.2009.5188889 dblp:conf/im/DavyJS09 fatcat:ga4r3yt6inasbjt4qgabwls7tm

Security Mechanisms for Workflows in Service-Oriented Architectures

Jens Mueller
In addition, XACML defines a format for decision requests and results. An RBAC profile [And05, Ris14b] 7 describes how to encode role-based authorisation policies using XACML.  ...  By now, RBAC has become a formal standard in the United States [ANSI04] . The RBAC reference model includes users, roles, permissions and sessions.  ...  ID created by the PEP-HT, • the information that the task has not yet been performed and no user has claimed it, and • the callback URL that will be used to inform the workflow when the task has been  ... 
doi:10.5445/ir/1000050957 fatcat:azkda2l6vngojeivnxrot5omgi

Policy and Security Configuration Management in Distributed Systems New Technologies and Mathematical Methods XXVII Cycle

Simone Mutti, Stefano Paraboschi
2015 Mechatronics, Information Technology   unpublished
[40] use OWL [80] to formalise Role Based Access Control (RBAC) [101] .  ...  The idea of having explicit role authorizations was presented in the original proposals for RBAC models. The XACML profile for RBAC uses the same approach, with two suggested kinds of XACML rules.  ...  In order to manage, in a flexible way, the refinement process we have decided to adopt the same approach of policy enrichment, thus we have implemented the refinement process with the use of an extension  ... 

ICCGI 2015 The Tenth International Multi-Conference on Computing in the Global Information Technology

St Julians, Malta, Dan Tamir, Mirela Danubianu, " Stefan, Dominic Girardi, Bernhard Freudenthaler, Mirela Danubianu, " Stefan, Dominic Girardi, Bernhard Freudenthaler, Pablo Adasme (+134 others)
We also kindly thank all the authors that dedicated much of their time and effort to contribute to ICCGI 2015.  ...  We hope ICCGI 2015 was a successful international forum for the exchange of ideas and results between academia and industry and to promote further progress in the field of computing in the global information  ...  The authors want to thank Lars Ackermann and Stefan Schönig, both with University of Bayreuth. ACKNOWLEDGMENT This work was supported by KAKENHI 15H02686.  ...