检索结果-内蒙古大学图书馆

13th acm symposium on access control models and technologies

作者： Bauer, Lujo Garriss, Scott Reiter, Michael K. Carnegie Mellon Univ Pittsburgh PA 15213 USA Google Mountain View CA 94043 USA Univ N Carolina Dept Comp Sci Chapel Hill NC 27599 USA

ISBN: (纸本)9781605581293

access-control policy misconfigurations that cause requests to be erroneously denied can result in wasted time, user frustration, and, in the context of particular applications (e. g., health care), very severe consequences. In this article we apply association rule mining to the history of accesses to predict changes to access-control policies that are likely to be consistent with users' intentions, so that these changes can be instituted in advance of misconfigurations interfering with legitimate accesses. Instituting these changes requires the consent of the appropriate administrator, of course, and so a primary contribution of our work is how to automatically determine from whom to seek consent and how to minimize the costs of doing so. We show using data from a deployed access-control system that our methods can reduce the number of accesses that would have incurred costly time-of-access delays by 43%, and can correctly predict 58% of the intended policy. these gains are achieved without impacting the total amount of time users spend interacting with the system.

关键词： Experimentation Human Factors Security access control policy inference machine learning

来源：评论

学校读者我要写书评

暂无评论

Relationship-based access control policies and their policy languages 11

Relationship-based access control policies and their policy ...

引用

Proceedings of the 16th acm symposium on access control models and technologies

作者： Fong, Philip W.L. Siahaan, Ida Department of Computer Science University of Calgary Calgary AL Canada

ISBN: (纸本)9781450307215

the Relationship-Based access control (ReBAC) model was recently proposed as a general-purpose access control model. It supports the natural expression of parameterized roles, the composition of policies, and the delegation of trust. Fong proposed a policy language that is based on Modal Logic for expressing and composing ReBAC policies. A natural question is whether such a language is representationally complete, that is, whether the language is capable of expressing all ReBAC policies that one is interested in expressing. In this work, we argue that the extensive use of what we call Relational Policies is what distinguishes ReBAC from traditional access control models. We show that Fong's policy language is representationally incomplete in that certain previously studied Relational Policies are not expressible in the language. We introduce two extensions to the policy language of Fong, and prove that the extended policy language is representationally complete with respect to a well-defined subclass of Relational Policies. © 2011 acm.

关键词： Computer circuits

来源：评论

学校读者我要写书评

暂无评论

Anomaly discovery and resolution in Web access control policies 11

Anomaly discovery and resolution in Web access control polic...

引用

Proceedings of the 16th acm symposium on access control models and technologies

作者： Hu, Hongxin Ahn, Gail-Joon Kulkarni, Ketan Arizona State University Tempe AZ 85287 United States

ISBN: (纸本)9781450307215

the advent of emerging technologies such asWeb services, serviceoriented architecture, and cloud computing has enabled us to perform business services more efficiently and effectively. However, we still suffer from unintended security leakages by unauthorized actions in business services while providing more convenient services to Internet users through such a cutting-edge technological growth. Furthermore, designing and managing Web access control policies are often error-prone due to the lack of effective analysis mechanisms and tools. In this paper, we represent an innovative policy anomaly analysis approach for Web access control policies. We focus on XacmL (eXtensible access control Markup Language) policy since XacmL has become the de facto standard for specifying and enforcing access control policies for various Webbased applications and services. We introduce a policy-based segmentation technique to accurately identify policy anomalies and derive effective anomaly resolutions. We also discuss a proof-ofconcept implementation of our method called XAnalyzer and demonstrate how efficiently our approach can discover and resolve policy anomalies. © 2011 acm.

关键词： access control

来源：评论

学校读者我要写书评

暂无评论

Program synthesis in administration of higher-order permissions 11

Program synthesis in administration of higher-order permissi...

引用

Proceedings of the 16th acm symposium on access control models and technologies

作者： Bruns, Glenn Huth, Michael Avijit, Kumar Bell Labs Alcatel-Lucent United States Imperial College London United Kingdom Carnegie Mellon University United States

ISBN: (纸本)9781450307215

In "administrative" access control, policy controls permissions not just on application actions, but also on actions to modify permissions, on actions to modify permissions on those actions, and so on. One context of work in administrative policy is "administrative RBAC", in which policy controls the permissions of roles, the membership of roles, and other elements of RBAC access-control state. Here we study and extend the UARBAC model for administrative RBAC from the perspective of usability and expressiveness. Using tools from logic and program verification, we formulate UARBAC logically and develop an algorithm that produces "administrative plans" that achieve specified permissions through permitted actions. this work is closely related to work on the safety problem in administrative access control, but aims to aid legitimate users in understanding how to reach a desired access-control state. We then show how this machinery can be used so that ad- ministrative actions at any desired depth, and so plans as well, can be uniformly simulated in the UARBAC model. © 2011 acm.

关键词： access control

来源：评论

学校读者我要写书评

暂无评论

xDAuth: A scalable and lightweight framework for cross domain access control and delegation 11

xDAuth: A scalable and lightweight framework for cross domai...

引用

Proceedings of the 16th acm symposium on access control models and technologies

作者： Alam, Masoom Zhang, Xinwen Khan, Kamran H Ali, Gohar Security Engineering Research Group IMSciences United States Huawei America Research Center Santa Clara CA United States

ISBN: (纸本)9781450307215

Cross domain resource sharing and collaborations have be- come pervasive in today's service oriented organizations. Existing approaches for the realization of cross domain access control are either focused on the model level only without concrete implementation mechanisms, or not general enough to provide a exible framework for enterprise web applications. In this paper, we present xDAuth, a frame- work for the realization of cross domain access control and delegation with RESTful web service architecture. While focusing on real issues under the context of cross domain access scenarios such as no predened trust relationship between a service provider domain and service requestor domain, xDAuth leverages existing web technologies to realize desired security requirements while supporting exible and scalable security policies and privacy protection with low performance overhead. We have implemented xDAuth in a medical module in OpenERP, an open source ERP system. Our evaluation demonstrates that xDAuth is a feasible framework towards general cross domain access control for service oriented architectures. © 2011 acm.

关键词： Authorization

来源：评论

学校读者我要写书评

暂无评论

An authorization scheme for version control systems 11

An authorization scheme for version control systems

引用

Proceedings of the 16th acm symposium on access control models and technologies

作者： Chamarty, Sitaram Patel, Hiren D. Tripunitara, Mahesh V. Tata Consultancy Services Hyderabad India ECE Department Univ. of Waterloo Canada

ISBN: (纸本)9781450307215

We present gitolite, an authorization scheme for Version control Systems (VCSes). We have implemented it for the Git VCS. A VCS enables versioning, distributed collaboration and several other features, and is an important context for authorization and access control. Our main consideration behind the design of gitolite is the balance between expressive power, correctness and usability in realistic settings. We discuss our design of gitolite, and in particular the four user-classes in its delegation model, and the administrative actions a user at each class performs. We discuss also our ongoing work on expressing gitolite precisely in first-order logic, to thereby give it a precise semantics and establish correctness properties. gitolite has been adopted in open-source software development, university and industry settings. We discuss our experience with these deployments, and present some performance results related to access enforcement from a real deployment. © 2011 acm.

关键词： Authorization

来源：评论

学校读者我要写书评

暂无评论

access controls for Oblivious and Anonymous Systems

Access Controls for Oblivious and Anonymous Systems

引用

13th acm symposium on access control models and technologies

作者： Coull, Scott E. Green, Matthew Hohenberger, Susan RedJack Silver Spring MD 20901 USA Johns Hopkins Univ Baltimore MD 21218 USA

the use of privacy-enhancing cryptographic protocols, such as anonymous credentials and oblivious transfer, could have a detrimental effect on the ability of providers to effectively implement access controls on their content. In this article, we propose a stateful anonymous credential system that allows the provider to implement nontrivial, real-world access controls on oblivious protocols conducted with anonymous users. Our system models the behavior of users as a state machine and embeds that state within an anonymous credential to restrict access to resources based on the state information. the use of state machine models of user behavior allows the provider to restrict the users' actions according to a wide variety of access control models without learning anything about the users' identities or actions. Our system is secure in the standard model under basic assumptions and, after an initial setup phase, each transaction requires only constant time. As a concrete example, we show how to implement the Brewer-Nash (Chinese Wall) and Bell-La Padula (Multilevel Security) access control models within our credential system. Furthermore, we combine our credential system with an adaptive oblivious transfer scheme to create a privacy-friendly oblivious database with strong access controls.

关键词： Security Anonymous credentials oblivious transfer access controls

来源：评论

学校读者我要写书评

暂无评论

Rumpole: A flexible break-glass access control model 11

Rumpole: A flexible break-glass access control model

引用

Proceedings of the 16th acm symposium on access control models and technologies

作者： Marinovic, Srdjan Craven, Robert Ma, Jiefei Dulay, Naranker Department of Computing Imperial College London United Kingdom

ISBN: (纸本)9781450307215

access control operates under the assumption that it is possible to correctly encode and predict all subjects' needs and rights. However, in human-centric pervasive domains, such as health care, it is hard if not impossible to encode all emergencies and exceptions, but also to imagine a priori all the permissible requests. Break-glass is an approach that embodies the idea that under certain conditions it is possible for a subject to break-the-glass and explicitly override the denied request. Current break-glass models make this decision without considering and investigating what the reasons for issuing the denial are, and they have a fixed decision procedure to determine whether the override is permitted. Furthermore, they do not explicitly represent and reason over conflicting and missing information about subjects and the context;which in human-centric pervasive domains is a norm rather than an anomaly. this paper presents a novel break-glass model, Rumpole, that structures a break-glass policy by establishing why the access was denied. It uses Belnap's four-valued logic to represent conflicting and missing (unknown) information, allowing the policy to make a more informed decision when faced with missing or inconsistent knowledge. the model also provides a declarative query language that is used to specify an explicit break-glass decision procedure, rather than having an implicitly hard-coded one. this allows a policy writer to further condition and restrict when and how break-glass access is permitted © 2011 acm.

关键词： access control

来源：评论

学校读者我要写书评

暂无评论

Detecting and Resolving Policy Misconfigurations in access-control Systems

引用

acm TRANSACTIONS ON INFORMATION AND SYSTEM SECURITY 2011年第1期14卷 1–28页

作者： Bauer, Lujo Garriss, Scott Reiter, Michael K. Carnegie Mellon Univ Pittsburgh PA 15213 USA Google Mountain View CA 94043 USA Univ N Carolina Dept Comp Sci Chapel Hill NC 27599 USA

关键词： Experimentation Human Factors Security access control policy inference machine learning

来源：评论

学校读者我要写书评

暂无评论

System for automatic estimation of data sensitivity with applications to access control and other applications 11

System for automatic estimation of data sensitivity with app...

引用

Proceedings of the 16th acm symposium on access control models and technologies

作者： Park, Youngja Gates, Stephen C. Teiken, Wilfried Chari, Suresh N. IBM T. J. Watson Research Center P.O. Box 704 Yorktown Heights NY 10598 United States

ISBN: (纸本)9781450307215

the Enterprise Information Security Management (EISM) system aims to semi-automatically estimate the sensitivity of enterprise data through advanced content analysis and business process mining. We demonstrate a proof-of-concept of EISM that crawls all the files in a personal computer and estimates the sensitivity of individual files and the overall sensitivity level of the computer. the system can identify 11 different personally identifiable information (PII) types and 11 sensitive data categories, and estimate data sensitivity based on the identified sensitive information in the data. Furthermore, the tool produces the evidences of the discovered sensitive information including the surrounding context in the document to help users understand what kinds of sensitive information are stored in their computer. the evidences allow users can easily redact the sensitive information or move it to a more secure location. thus, this system can be used as a privacy enhancing tool as well as a security tool. © 2011 acm.

关键词： Personal computers

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：