the proceedings contain 24 papers. the topics discussed include: safety in discretionary accesscontrol for logic-based publish-subscribe systems;ensuring spatio-temporal accesscontrol for real-world applications;an ...
ISBN:
(纸本)9781605585376
the proceedings contain 24 papers. the topics discussed include: safety in discretionary accesscontrol for logic-based publish-subscribe systems;ensuring spatio-temporal accesscontrol for real-world applications;an efficient framework for user authorization queries in RBAC systems;towards formal security analysis of GTRBAC using timed automata;xDomain: cross-border proofs of access;dynamic mandatory accesscontrol for multiple stakeholders;an algebra for fine-grained integration of XacmL policies;usability meets accesscontrol: challenges and research opportunities;automating role-based provisioning by learning from examples;a formal framework to elicit roles with business meaning in RBAC systems;evaluating role mining algorithms;a decision support system for secure information sharing;foundations for group-centric secure information sharing models;patient-centric authorization framework for sharing electronic health records;and accesscontrol policy combining: theory meets practice.
Currently, there is a convergence of three key factors in the global landscape that creates an opportunity for the research community to make fundamental contributions to improving the quality of life of every single ...
详细信息
ISBN:
(纸本)9781450300490
Currently, there is a convergence of three key factors in the global landscape that creates an opportunity for the research community to make fundamental contributions to improving the quality of life of every single citizen. Conversely, failure to recognize and act on this phenomenon may have disastrous effects on multiple levels. the first factor is the unprecedented focus and willingness to invest in the healthcare industry. the second factor is the fact that the prime directive of the healthcare sector, i.e. nothing interferes withthe delivery of care, has ramifications on every aspect of information technology used in this domain. the final factor is the recognition that patient empowerment and buy-in will be critical for the advance of health information technology. these factors highlight the fact that there are inherent assumptions in the existing accessmodelsthat render them ineffective and not applicable for long term use in the healthcare *** talk will highlight all these issues and challenge the research community to delve more the industry-specific constraints that require further innovation in the space; possibly necessitating a re-examination of the core assumptions in the field.
In the last few years, a number of spatial and spatio-temporal accesscontrolmodels have been developed especially in the framework of pervasive computing and location-aware applications. Yet, how useful and effectiv...
详细信息
ISBN:
(纸本)9781605585376
In the last few years, a number of spatial and spatio-temporal accesscontrolmodels have been developed especially in the framework of pervasive computing and location-aware applications. Yet, how useful and effective those models are in real applications is still to be proved. the goal of this panel is to discuss accesscontrol requirements in mobile applications, trying to link research to real business problematic.
We address some fundamental questions, which were raised by Atluri and Ferraiolo at SacmAT'08, on the prospects for and benefits of a meta-model of accesscontrol. We demonstrate that a meta-model for access contr...
详细信息
ISBN:
(纸本)9781605585376
We address some fundamental questions, which were raised by Atluri and Ferraiolo at SacmAT'08, on the prospects for and benefits of a meta-model of accesscontrol. We demonstrate that a meta-model for accesscontrol can be defined and that multiple accesscontrolmodels can be derived as special cases. An anticipated consequence of the contribution that we describe is to encourage researchers to adopt a meta-model view of accesscontrol rather than them developing the next 700 particular instances of accesscontrolmodels.
this panel discusses specific challenges in the usability of accesscontroltechnologies and new opportunities for research. the questions vary from "Why nobody, even experts, uses accesscontrol lists (ACLs)?&qu...
详细信息
ISBN:
(纸本)9781605585376
this panel discusses specific challenges in the usability of accesscontroltechnologies and new opportunities for research. the questions vary from "Why nobody, even experts, uses accesscontrol lists (ACLs)?" to "Shall accesscontrols (and corresponding languages) be totally embedded and invisible and never, ever seen by the users?" to "What should be the user-study methodology for accesscontrol systems?".
accesscontrolmodels are usually static, i.e., permissions are granted based on a policy that only changes seldom. Especially for scenarios in health care and disaster management, a more flexible support of access co...
详细信息
ISBN:
(纸本)9781605585376
accesscontrolmodels are usually static, i.e., permissions are granted based on a policy that only changes seldom. Especially for scenarios in health care and disaster management, a more flexible support of accesscontrol, L e., the underlying policy, is needed. Break-glass is one approach for such a flexible support of policies which helps to prevent system stagnation that could harm lives or otherwise result in losses. Today, break-glass techniques axe usually added on top of standard accesscontrol solutions in an ad-hoc manner and, therefore, lack an integration into the underlying accesscontrol paradigm and the systems' accesscontrol enforcement architecture. We present an approach for integrating, in a fine-grained manner, break-glass strategies into standard accesscontrolmodels and their accompanying enforcement architecture. this integration provides means for specifying break-glass policies precisely and supporting model-driven development techniques based on such policies.
Role-based provisioning has been adopted as a standard component in leading Identity Management products due to its low administration cost. However, the cost of adjusting existing roles to entitlements from newly dep...
详细信息
ISBN:
(纸本)9781605585376
Role-based provisioning has been adopted as a standard component in leading Identity Management products due to its low administration cost. However, the cost of adjusting existing roles to entitlements from newly deployed applications is usually very high. In this paper, a learning-based approach to automate the provisioning process is proposed and its effectiveness is verified by real provisioning data. Specific learning issues related to provisioning are identified and relevant solutions are presented.
We address the distributed setting for enforcement of a centralized Role-Based accesscontrol (RBAC) protection state. We present a new approach for time- and space-efficient access enforcement. Underlying our approac...
详细信息
ISBN:
(纸本)9781605585376
We address the distributed setting for enforcement of a centralized Role-Based accesscontrol (RBAC) protection state. We present a new approach for time- and space-efficient access enforcement. Underlying our approach is a data structure that we call a cascade Bloom filter. We describe our approach, provide details about the cascade Bloom filter, its associated algorithms, soundness and completeness properties for those algorithms, and provide an empirical validation for distributed access enforcement of RBAC. We demonstrate that even in low-capability devices such as WiFi network access points, we can perform thousands of access checks in a second.
the existence of on-line social networks that include person specific information creates interesting opportunities for various applications ranging from marketing to community organization. On the other hand, securit...
详细信息
ISBN:
(纸本)9781605585376
the existence of on-line social networks that include person specific information creates interesting opportunities for various applications ranging from marketing to community organization. On the other hand, security and privacy concerns need to be addressed for creating such applications. Improving social network accesscontrol systems appears as the first step toward addressing the existing security and privacy concerns related to on-line social networks. To address some of the current limitations, we propose an extensible fine grained accesscontrol model based on semantic web tools. In addition, we propose authorization, admin and filtering policies that depend on trust relationships among various users, and are modeled using OWL and SWRL. Besides describing the model, we present the architecture of the framework in its support.
暂无评论