We address the problem of providing data subjects with self-selected controls on access to their personal information. Existing approaches for this are not always sufficient in terms of offering the degrees of control...
详细信息
ISBN:
(纸本)9781450300490
We address the problem of providing data subjects with self-selected controls on access to their personal information. Existing approaches for this are not always sufficient in terms of offering the degrees of control and scope for individualization of access policies that are needed for personal data protection (and usage). We introduce a conceptual framework, a syntax, a semantics, and an axiomatization of a generalized form of accesscontrol meta-model, which may be specialized in various ways to enable data subjects to specify flexibly what accesscontrols are to apply on their personal data.
We show the practical feasibility of monitoring complex security properties using a runtime monitoring approach for metric first-order temporal logic. In particular, we show how a wide variety of security policies can...
详细信息
ISBN:
(纸本)9781450300490
We show the practical feasibility of monitoring complex security properties using a runtime monitoring approach for metric first-order temporal logic. In particular, we show how a wide variety of security policies can be naturally formalized in this expressive logic, ranging from traditional policies like Chinese Wall and separation of duty to more specialized usage-control and compliance requirements. We also explain how these formalizations can be directly used for monitoring and experimentally evaluate the performance of the resulting monitors.
access to distributed databases containing tuples collected about mobile physical objects requires information about the objects' trajectories. Existing accesscontrolmodels cannot encode this information efficie...
详细信息
ISBN:
(纸本)9781450300490
access to distributed databases containing tuples collected about mobile physical objects requires information about the objects' trajectories. Existing accesscontrolmodels cannot encode this information efficiently. This poses a policy management problem to administrators in real-world supply chains where companies want to protect their goods tracking data. In this paper we propose a new accesscontrol model as an extension to attribute-based accesscontrol that allows trajectory-based visibility policies. We prove the security properties of our novel authentication protocol for distributed systems that can supply the decision algorithm with the necessary reliable information using only standard passive RFID tags. As a result companies will be able to improve confidentiality protection and governance of their object tracking data and more trustingly engage in data sharing agreements.
We address the problem of privacy-preserving accesscontrol in distributed systems. Users commonly reveal more personal data than strictly necessary to be granted access to online resources, even though existing techn...
详细信息
ISBN:
(纸本)9781450300490
We address the problem of privacy-preserving accesscontrol in distributed systems. Users commonly reveal more personal data than strictly necessary to be granted access to online resources, even though existing technologies, such as anonymous credential systems, offer functionalities that would allow for privacy-friendly authorization. An important reason for this lack of technology adoption is, as we believe, the absence of a suitable authorization language offering adequate expressiveness to address the privacy-friendly functionalities. To overcome this problem, we propose an authorization language that allows for expressing accesscontrol requirements in a privacy-preserving way. Our language is independent from concrete technology, thus it allows for specifying requirements regardless of implementation details while it is also applicable for technologies designed without privacy considerations. We see our proposal as an important step towards making accesscontrol systems privacy-preserving.
Data federations provide seamless access to multiple heterogeneous and autonomous data sources pertaining to a large organization. As each source database defines its own accesscontrol policies for a set of local ide...
详细信息
ISBN:
(纸本)9781450300490
Data federations provide seamless access to multiple heterogeneous and autonomous data sources pertaining to a large organization. As each source database defines its own accesscontrol policies for a set of local identities, enforcing such policies across the federation becomes a challenge. In this paper, we first consider the problem of translating existing accesscontrol policies defined over source databases in a manner that allows the original semantics to be observed, while becoming applicable across the entire data federation. We show that such a translation is always possible, and provide an algorithm for automating the translation. We then show that verifying that a translated policy obeys the semantics of the original accesscontrol policy defined over a source database is intractable, even under restrictive scenarios. Finally, we describe a practical algorithmic framework for translating relational accesscontrol policies into their XML equivalent, expressed in the eXtensible accesscontrol Markup Language.
暂无评论