Filters








728,170 Hits in 6.9 sec

On Access Checking in Capability-Based Systems

R.Y. Kain, C.E. Landwehr
1987 IEEE Transactions on Software Engineering  
Public descriptions of capability-based system designs often do not clarify the necessary details concerning the propagation of access rights within the systems.  ...  The paper shows why this problem arises and provides a taxonomy of capability-based designs.  ...  For example, the access rights in a copied version of a capability might be restricted based on a check of the security level of the segment in which the copy is stored.  ... 
doi:10.1109/tse.1987.232892 fatcat:njuormplfbgbpdodqtydv5jggq

On Access Checking in Capability-Based Systems

Richard Y. Kain, Carl E. Landwehr
1986 1986 IEEE Symposium on Security and Privacy  
Public descriptions of capability-based system designs often do not clarify the necessary details concerning the propagation of access rights within the systems.  ...  A casual reader may assume that it is adequate for capabilities to be passed in accordance with the rules for data copying.  ...  For example, the access rights in a copied version of a capability might be restricted based on a check of the security level of the segment in which the copy is stored.  ... 
doi:10.1109/sp.1986.10001 dblp:conf/sp/KainL86 fatcat:nn2xfdsogjgd7ggkc4kguv5srm

Fine-Grained Access Control for Smart Healthcare Systems in the Internet of Things

Shantanu Pal, Michael Hitchens, Vijay Varadharajan, Tahiry Rabehaja
2018 EAI Endorsed Transactions on Industrial Networks and Intelligent Systems  
Role-Based Access Control (RBAC), Attribute-Based Access Control (ABAC) and Capability-Based Access Control (CapBAC) do not, in isolation, provide a complete solution for securing access to IoT-enabled  ...  The capabilities which are issued may be parameterised based on attributes of the user and are then used to access specific services provided by things.  ...  [30] combines RBAC with activity-based access control in a Kerberos-based ticket granting system to provide access to patient medical records.  ... 
doi:10.4108/eai.20-3-2018.154370 fatcat:wk2ut4fbl5g2ddgz4haazylap4

Protection in Persistent Object Systems [chapter]

Ron Morrison, Fred Brown, Richard Connor, Quintin Cutts, Graham Kirby, Alan Dearle, John Rosenberg, David Stemple
2000 Fully Integrated Data Environments  
In this paper we explore the full range of protection mechanisms in persistent systems from static to dynamic checking and contrast it with the corresponding balance between safety and flexibility in the  ...  system.  ...  Capabilities provide a uniform model for controlling access of data. However, entry to the system itself, by logging on, must in the end be based on some form of password.  ... 
doi:10.1007/978-3-642-59623-0_12 fatcat:b6wdtaecrrb5fc56ej6dplj44u

On security in capability-based systems

Li Gong
1989 ACM SIGOPS Operating Systems Review  
In particular, we think the KeyKOS approach that \it is the connections you need to trust in a capability-based system, not the labels" 11] is not suitable to the open system architecture.  ...  This is re ected in a taxonomy for capability systems 5]. Note to check policy implies to identify the source of a request.  ... 
doi:10.1145/858344.858349 fatcat:hps3yhlyhne2rcvmcr42ki4s4i

Unification of verification and validation methods for software systems: progress report and initial case study formulation

J.C. Browne, C. Lin, K. Kane, Yoonsik Cheon, P. Teller
2006 Proceedings 20th IEEE International Parallel & Distributed Processing Symposium  
This paper presents initial research on unification of methods for verification and validation (V&V)of software systems. The synergism among methods for V&V are described.  ...  and model-checking-based verification of hardware systems.  ...  For example, in an operating system on a single host, a user holds a set of capabilities to files in the file system in a special memory segment, and presents a capability to the kernel in order to execute  ... 
doi:10.1109/ipdps.2006.1639582 dblp:conf/ipps/BrowneLKCT06 fatcat:dhgbuo5xlbdb5dxifdszcmkt74

Meta objects for access control

Thomas Riechmann, Franz J. Hauck
1997 Proceedings of the 1997 workshop on New security paradigms - NSPW '97  
In object-based systems, access control is often based on capabilities, as capability-based security is a well-known paradigm.  ...  First, in object-based systems, programming is based on the frequent exchange of object references (i.e., capabilities).  ...  In object-based systems, access control is often based on capabilities, as capability-based security is a well-known paradigm [DeH66, L&4] .  ... 
doi:10.1145/283699.283735 dblp:conf/nspw/RiechmannH97 fatcat:5xjni4rjezh7do2shqrdluwpwi

IoT-CCAC: a blockchain-based consortium capability access control approach for IoT

Mohammed Amine Bouras, Boming Xia, Adnan Omer Abuassba, Huansheng Ning, Qinghua Lu
2021 PeerJ Computer Science  
However, most access control methods are based on centralized solutions, which may lead to problems like data leakage and single-point failure.  ...  Access control is a critical aspect for improving the privacy and security of IoT systems.  ...  IOT CONSORTIUM CAPABILITY-BASED ACCESS CONTROL MODEL (IOT-CCAC) In this section, we design and overview the essential aspects adopted in this work for an IoT consortium capability-based access control  ... 
doi:10.7717/peerj-cs.455 pmid:33954238 pmcid:PMC8049119 fatcat:r56tas4lj5glzel6sywib3pk6y

Evaluating the capability and performance of access control policy verification tools

Ang Li, Qinghua Li, Vincent C. Hu, Jia Di
2015 MILCOM 2015 - 2015 IEEE Military Communications Conference  
Access control has been used in many systems such as military systems and business information systems. Access control protects sensitive information based on access control policies.  ...  In this paper, we make an initial step towards building standard approaches for evaluating the capability and performance of ACPV tools.  ...  Abstract-Access control has been used in many systems such as military systems and business information systems. Access control protects sensitive information based on access control policies.  ... 
doi:10.1109/milcom.2015.7357470 dblp:conf/milcom/LiLHD15 fatcat:ft2tl3q6tfbefhgvjutsq3z2lm

Authenticating network attached storage

B.C. Reed, E.G. Chron, R.C. Burns, D.D.E. Long
2000 IEEE Micro  
The need to access anything from anywhere has increased the role of distributed file servers in computing. Distributed file systems provide local file system semantics for access to remote storage.  ...  Local file systems have a single kernel that restricts access to file data, but because a distributed file system involves multiple servers and clients, it cannot rely on a single kernel to restrict access  ...  The two approaches used by SCARED to check access are identity and capability based. In identity-based systems, the disk checks access authority based on the requester's identity.  ... 
doi:10.1109/40.820053 fatcat:ut5wmcdjhzhipexk3xxqq352ri

Security Enhancement and Performance Evaluation of an Object-Based Storage System [chapter]

Po-Chun Liu, Sheng-Kai Hong, Yarsun Hsu
2007 Lecture Notes in Computer Science  
Thus the performance of our enhanced object-based storage system is comparable to that of the original one while offering an enhanced security.  ...  In addition, we have compared the performance of OSD systems with that of iSCSI and NFS.  ...  If the command is not tampered with, the storage device server then checks whether the accessed object is allowed and the access right of the command depending on the capability in the CDB.  ... 
doi:10.1007/978-3-540-75444-2_41 fatcat:swyj3cmjtjgczfnlbdrkfjgnqm

Security Authorization Scheme for Web Applications

Takamichi Saito, Daichi Miyata, Takafumi Watanabe, Yuta Nishikura
2015 2015 18th International Conference on Network-Based Information Systems  
In this paper a survey of the authorization techniques for web services based application.  ...  Authorization failure can create much vulnerability for the system security using web services which are distributed in nature.  ...   Role-based access control model(RBAC) In this model of access control it is needed to identify the roles in the system and assign the roles to the users.  ... 
doi:10.1109/nbis.2015.40 dblp:conf/nbis/SaitoMWN15 fatcat:akaefui4crbnha6ebvpni7tlcu

Identity driven capability based access control (ICAC) scheme for the Internet of Things

Parikshit N. Mahalle, Bayu Anggorojati, Neeli Rashmi Prasad, Ramjee Prasad
2012 2012 IEEE International Conference on Advanced Networks and Telecommunciations Systems (ANTS)  
Identity driven capability based access control (ICAC) scheme presented in this paper helps to alleviate issues related to complexity and dynamics of device identities.  ...  In this paper, the concept of capability for access control is introduced where the identities of the involved devices are entrenched in the access capabilities.  ...  In nutshell, unlike the classical capability based system, identity based capability introduces the identity of device or service in its operation.  ... 
doi:10.1109/ants.2012.6524227 dblp:conf/IEEEants/MahalleAPP12 fatcat:4usshizz6vctjjgluqkczznfri

PeX: A Permission Check Analysis Framework for Linux Kernel

Tong Zhang, Wenbo Shen, Dongyoon Lee, Changhee Jung, Ahmed M. Azab, Ruowen Wang
2019 USENIX Security Symposium  
Permission checks play an essential role in operating system security by providing access control to privileged functionalities.  ...  We evaluated PeX on the latest stable Linux kernel v4.18.5 for three types of permission checks: Discretionary Access Controls (DAC), Capabilities, and Linux Security Modules (LSM).  ...  We believe this OR-based weaker check is not a good practice because this in effect makes CAP_SYS_ADMIN too powerful (like root), diminishing the ben- efit of fine-grained capability-based access control  ... 
dblp:conf/uss/ZhangSLJAW19 fatcat:xs3geqe2afcbnln7h63jasqdii

Dynamic management of capabilities in a network aware coordination language

Daniele Gorla, Rosario Pugliese
2009 The Journal of Logic and Algebraic Programming  
In fact, mechanisms based on capabilities supplement the dinamicity inherent in open systems as they support introduction of user-defined rights and let subjects freely join and leave the system.  ...  In practice, when a node address is exchanged in a communication, a capability on that node is passed in order to grant the receiver a set of access rights on that node.  ...  Acknowledgements We thank the anonymous reviewers for fruitful comments that helped in improving the paper.  ... 
doi:10.1016/j.jlap.2008.12.001 fatcat:x3pbzoaevrgp5ct7adef4b2qum
« Previous Showing results 1 — 15 out of 728,170 results