the proceedings contain 19 papers. the topics discussed include: integrity constraints in trust management;declaration and enforcement of fine-grained access restrictions for a service-based geospatial data infrastruc...
详细信息
the proceedings contain 19 papers. the topics discussed include: integrity constraints in trust management;declaration and enforcement of fine-grained access restrictions for a service-based geospatial data infrastructure;future direction of accesscontrolmodels, architectures, and technologies;supporting conditional delegation in secure workflow management systems;a fine-grained, controllable, user-to-user delegation method in RBAC;relevancy based accesscontrol of versioned XML documents;provable bounds for portable and flexible privacy-preserving access rights;verifiable composition of accesscontrol and application features;adaptive trust negotiation and accesscontrol;and role mining with ORCA.
the proceedings contain 19 papers. the topics discussed include: a model of triangulating environments for policy authoring;towards analyzing complex operating system accesscontrol configurations;monitoring security ...
ISBN:
(纸本)9781450300490
the proceedings contain 19 papers. the topics discussed include: a model of triangulating environments for policy authoring;towards analyzing complex operating system accesscontrol configurations;monitoring security policies with metric first-order temporal logic;on the definition of role mining;mining roles with noisy data;StateMiner: an efficient similarity-based approach for optimal mining of role hierarchy;role mining based on weights;accesscontrol in practice: pain points;automated management of network accesscontrol from design to enforcement;role-based accesscontrol (RBAC) in Java via proxy objects using annotations;role updating for assignments;enforcing spatial constraints for mobile RBAC systems;capability-based delegation model in RBAC;and a card requirements language enabling privacy-preserving accesscontrol.
We describe a model, independent of any underlying accesscontrol paradigm, for specifying authorization constraints such as separation of duty and cardinality constraints in workflow systems. We present a number of r...
详细信息
ISBN:
(纸本)9781595930453
We describe a model, independent of any underlying accesscontrol paradigm, for specifying authorization constraints such as separation of duty and cardinality constraints in workflow systems. We present a number of results enabling us to simplify the set of authorization constraints. these results form the theoretical foundation for an algorithm that can be used to determine whether a given constrained work-flow can be satisfied: that is. does there exist an assignment of authorized users to workflow tasks that satisfies the authorization constraints? We show that this algorithm can be incorporated into a workflow reference monitor that guarantees that every workflow instance can complete. We derive the computational complexity of our algorithm and compare its performance to comparable work in the literature. Copyright 2005acm.
Electronic transactions regularly occur between business partners in separate security domains. Trust negotiation is an approach that provides an open authentication and access-control environment for such transaction...
详细信息
ISBN:
(纸本)9781595930453
Electronic transactions regularly occur between business partners in separate security domains. Trust negotiation is an approach that provides an open authentication and access-control environment for such transactions, but it is vulnerable to malicious attacks leading to denial of service or leakage of sensitive information. this paper introduces an Adaptive Trust Negotiation and accesscontrol (ATNAC) framework to solve these problems. the framework combines two existing systems, TrustBuilder and GAA-AP1, to create a system with more flexibility and responsiveness to attack than either system currently provides. Copyright 2005acm.
this paper addresses the issues surrounding user-to-user delegation in RBAC. We show how delegations can be incorporated into the RBAC model in a simple and straightforward manner. A special feature of the model is th...
详细信息
ISBN:
(纸本)9781595930453
this paper addresses the issues surrounding user-to-user delegation in RBAC. We show how delegations can be incorporated into the RBAC model in a simple and straightforward manner. A special feature of the model is that it allows fine-grained control over what rights a user wishes to delegate as opposed to delegation at the role level where all the rights of a role must be delegated. In addition, the model provides a rich set of controls regarding further delegations of a right, generic constraints that further control delegations, and an innovative model for revocations. Properties of both delegation and revocation are discussed, and our work is compared with other related research. Copyright 2005acm.
As privacy becomes a major concern for both consumers and enterprises, many research efforts have been devoted to the development, of privacy protecting technology. We recently proposed a privacy preserving access con...
详细信息
ISBN:
(纸本)9781595930453
As privacy becomes a major concern for both consumers and enterprises, many research efforts have been devoted to the development, of privacy protecting technology. We recently proposed a privacy preserving accesscontrol model for relational databases, where purpose information associated with a given data element specifies the intended use of the data element. In this paper, we extend our previous work to handle other advanced data management systems, such as the ones based on XML and the ones based on the object-relational data model. Another contribution of our paper is that we address the problem of how to determine the purpose for which certain data are accessed by a given user. Our proposed solution relics on the well-known RBAC model as well as the notion of conditional role which is based on the notions of role attribute and system attribute. Copyright 2005acm.
Protecting information over the web is today becoming a primary need. Although many accesscontrolmodels have been so far proposed to address the specific protection requirements of the web environment, no comparable...
详细信息
ISBN:
(纸本)9781595930453
Protecting information over the web is today becoming a primary need. Although many accesscontrolmodels have been so far proposed to address the specific protection requirements of the web environment, no comparable amount of work has been done for finding efficient techniques for performing accesscontrol. We believe that the availability of techniques for speeding-up accesscontrol is a key issue to make an accesscontrol model widely acceptable. this is particularly crucial in an environment such as the web, characterized by thousands of users and thousands of documents. For these reasons, in this paper we propose a technique for speeding-up accesscontrol, which can be applied to credential-based accesscontrolmodels. We propose a data structure that keeps track of the policies that apply to the various portions of a data source, and which does not require the scanning of the policy base for performing accesscontrol. In the paper, besides giving the algorithms for building such data structure and for performing accesscontrol, we present a complexity analysis of the proposed approach, which demonstrates the benefits with respect to traditional methods. Copyright 2005acm.
accesscontrol features are often spread across and tangled with other functionality in a design. this makes modifying and replacing these features in a design difficult. Aspect-oriented modeling (AOM) techniques can ...
详细信息
ISBN:
(纸本)9781595930453
accesscontrol features are often spread across and tangled with other functionality in a design. this makes modifying and replacing these features in a design difficult. Aspect-oriented modeling (AOM) techniques can be used to support separation of accesscontrol concerns from other application design concerns. Using an AOM approach, accesscontrol features are described by aspect models and other application features are described by a primary model. Composition of aspect and primary models yields a design model in which accesscontrol features are integrated with other application features. In this paper, we present, through an example, an AOM approach that supports verifiable composition of behaviors described in accesscontrol aspect models and primary models. Given an aspect model, a primary model, and a specified property, the composition technique produces proof obligations as the behavioral descriptions in the aspect and primary models are composed. One has to discharge the proof obligations to establish that the composed model has the specified property. Copyright 2005acm.
暂无评论