accesscontrol models are becoming increasingly important in several application domains especially in distributed environments like those addressed by Web Services. Established approaches such as DAC [16], MAC [16] R...
详细信息
ISBN:
(纸本)9781595938923
accesscontrol models are becoming increasingly important in several application domains especially in distributed environments like those addressed by Web Services. Established approaches such as DAC [16], MAC [16] RBAC [11, 12, 22] and others [6, 5 15, 1] suggest representing users in different ways (labels, roles, credentials, etc.) in order to facilitate the association of authorization and accesscontrol policies. In intelligent and virtual ambient applications, users exist in a controlled environment equipped with multimedia sensors such as, cameras and microphones, and use their terminals in several application environments. In this paper, we study the problem of integrating multimedia objects into accesscontrol models and particularly role-based ones. Here, we describe a Multimedia access control language (M-2 ACL) in which users and roles are described by using sets of multimedia objects, greatly increasing the flexibility of accesscontrol policies and their applicability to virtual and ambient intelligence (AmI) environments. We address potential risks related to the use of multimedia objects by defining the concept of lter functions used to aggregate a set of values into a relevant one. Finally, we present a set of functional specification and the experiments conducted to validate the proposed approach.
Data provenance refers to the knowledge about data sources and operations carried Out to obtain some piece of data. A provenance-enabled system maintains record of the interoperation of processes across different modu...
详细信息
Data provenance refers to the knowledge about data sources and operations carried Out to obtain some piece of data. A provenance-enabled system maintains record of the interoperation of processes across different modules, stages and authorities to capture the full lineage of the resulting data, and typically allows data-focused audits using semantic technologies, such as ontologies, that capture domain knowledge. However, regulating access to captured provenance data is a non-trivial problem, since execution records form complex, overlapping graphs with individual nodes possibly being subject to different access policies. Applying traditional accesscontrol to provenance queries can either hide from the user the entire graph with nodes that had access to them denied, reveal too much information, or return a semantically invalid graph. An alternative approach is to answer queries with a new graph that abstracts over the missing nodes and fragments. In this paper, we present TACLP, an access control language for provenance data that supports this approach, together with an algorithm that transforms graphs according to sets of access restrictions. The algorithm produces safe and valid provenance graphs that retain the maximum amount of information allowed by the security model. The approach is demonstrated on an example of restricting access to a clinical trial provenance trace. (C) 2015 Elsevier B.V. All rights reserved.
XACML policies can be presented in a graph data structure, but while these solutions increase performance, they also drastically decrease functionality. To address this, the authors' approach models and stores XAC...
详细信息
XACML policies can be presented in a graph data structure, but while these solutions increase performance, they also drastically decrease functionality. To address this, the authors' approach models and stores XACML policies in a graph database.
暂无评论