In both the commercial and defense sectors a compelling need is emerging for highly dynamic, yet risk optimized, sharing of information across traditional organizational boundaries. Risk optimal decisions to dissemina...
详细信息
ISBN:
(纸本)9781605585376
In both the commercial and defense sectors a compelling need is emerging for highly dynamic, yet risk optimized, sharing of information across traditional organizational boundaries. Risk optimal decisions to disseminate mission critical tactical intelligence information to the pertinent actors in a timely manner is critical for a mission's success. In this paper(1), we argue that traditionally decision support mechanisms for information sharing (such as Multi-Level Security (MLS)) besides being rigid and situation agnostic, do not offer explanations and diagnostics for non-shareability. This paper exploits rich security metadata and semantic knowledge-base that captures domain specific concepts and relationships to build a logic for risk optimized information sharing. We show that the proposed approach is: (i) flexible: e.g., sensitivity of tactical information decays with space, time and external events, (ii) situation-aware: e.g., encodes need-to-know based accesscontrol policies, and more importantly (iii) supports explanations for non-shareability;these explanations in conjunction with rich security metadata and domain ontology allows a sender to intelligently transform information (e.g., downgrade information, say, by deleting participant list in a meeting) with the goal of making transformed information shareable with the recipient. In this paper, we will describe an architecture for secure information sharing using a publicly available hybrid semantic reasoner and present several illustrative examples that highlight the benefits of our proposal over traditional approaches.
Security is a critical requirement for the e-health system because the patient's sensitive information can be accessed remotely and this makes the entire system vulnerable to malicious attacks. In this paper, we p...
详细信息
ISBN:
(纸本)9781424445851
Security is a critical requirement for the e-health system because the patient's sensitive information can be accessed remotely and this makes the entire system vulnerable to malicious attacks. In this paper, we present a novel role-interaction-organization security model and apply it to the e-health system which is modeled as a multi-agent system. The roles in our proposed model do not only determine access rights passively, but also initiate requests to interact dynamically with the agents who meet the security requirements. The interaction and the organization models help to identify the actions and responsibilities that a role can assume in the system within the organization and any dynamic interactions it can partake. A simple case from the e-health system is given to illustrate the application of the model.
The proceedings contain 20 papers. The topics discussed include: fast exact and heuristic methods for role minimization problems;migrating to optimal RBAC with minimal perturbation;mining roles with semantic meanings;...
ISBN:
(纸本)9781605581293
The proceedings contain 20 papers. The topics discussed include: fast exact and heuristic methods for role minimization problems;migrating to optimal RBAC with minimal perturbation;mining roles with semantic meanings;delegation and satisfiability in workflow systems;enforcing security properties in task-based systems;task-based entailment constraints for basic workflow patterns;role on role engineering;RBAC administration in distributed systems;policy decomposition for collaborative accesscontrol;context-aware role-based accesscontrol in pervasive computing systems;a general obligation model and continuity-enhanced policy enforcement engine for usage control;an obligation model bridging accesscontrol policies and privacy policies;measuring integrity on mobile phone systems;and detecting and resolving policy misconfigurations in access-control systems.
In the last few years, a number of spatial and spatio-temporal accesscontrolmodels have been developed especially in the framework of pervasive computing and location-aware applications. Yet, how useful and effectiv...
详细信息
ISBN:
(纸本)9781605585376
In the last few years, a number of spatial and spatio-temporal accesscontrolmodels have been developed especially in the framework of pervasive computing and location-aware applications. Yet, how useful and effective those models are in real applications is still to be proved. The goal of this panel is to discuss accesscontrol requirements in mobile applications, trying to link research to real business problematic.
In this paper, we present a novel obligation model for the Core Privacy-aware Role Based accesscontrol (P-RBAC), and discuss some design issues in detail. Pre-obligations, post-obligations, conditional obligations, a...
详细信息
ISBN:
(纸本)9781605581293
In this paper, we present a novel obligation model for the Core Privacy-aware Role Based accesscontrol (P-RBAC), and discuss some design issues in detail. Pre-obligations, post-obligations, conditional obligations, and repeating obligations are supported by the obligation model. Interaction between permissions and obligations is discussed, and efficient algorithms are provided to detect undesired effects.
With the advances in web service techniques, new collaborative applications have emerged like supply chain arrangements and coalition in government agencies. In such applications, the collaborating parties are respons...
详细信息
ISBN:
(纸本)9781605581293
With the advances in web service techniques, new collaborative applications have emerged like supply chain arrangements and coalition in government agencies. In such applications, the collaborating parties are responsible for managing and protecting resources entrusted to them. accesscontrol decisions, thus become a collaborative activity in which a global policy must be enforced by a set of collaborating parties without compromising the autonomy or confidentiality requirements of these parties. Unfortunately, none of the conventional accesscontrol systems meets these new requirements. To support collaborative accesscontrol, in this paper, we propose a novel policy-based accesscontrol model. Our main idea is based oil the notion of policy decomposition and we propose an extension to the reference architecture for XacmL. We present algorithms for decomposing a global policy and efficiently evaluating requests.
暂无评论