SACMAT

In this paper we have addressed confidentiality and privacy for video surveillance databases. First we discussed our overall approach for suspicious event detection. Next we discussed an access control model and accedes control algorithms for ...

Access hierarchies are useful in many applications and are modeled as a set of access classes organized by a partial order. A user who obtains access to a class in such a hierarchy is entitled to access objects stored at that class, as well as objects ...

We propose an integrity measurement approach based on information flow integrity,which we call the Policy-Reduced Integrity Measurement Architecture (PRIMA).The recent availability of secure hardware has made it practical for a system to measure its own ...

This paper presents a classification of implementations of access control systems based on a lattice taxonomy where the axes are properties of the implementation. The current taxonomy has six axes representing:partitioning of control over sharing of ...

In recent years, trust negotiation (TN) has been proposed as a novel access control solution for use in open system environments in which resources are shared across organizational boundaries. Researchers have shown that TN is indeed a viable solution ...

Conventional access control are suitable for regulating access to resources by known users.However,these models have often found to be inadequate for open and decentralized multi-centric systems where the user population is dynamic and the identity of ...

We propose a new architecture for trust management in ubiquitous environments that deals with RBAC policy, digital signatures, and user presence in a uniform framework. The proposed architecture includes inferences about user presence from incomplete ...

Trust Management is increasingly playing a major role especially with the growing need for security in decentralized, unsecured networks like peer-to-peer networks. Effective trust management solutions especially one geared towards handling trust in ...

Delegation of authority is an important process that needs to be captured by any access control model. In role-based access control models, delegation of authority involves delegating roles that a user can assume or the set of permissions that he can ...

We present a model for delegation that is based on our decentralized administrative role graph model. We use a combination of user/group assignment and user-role assignment to support user to user,permission to user and role to role delegation. A ...

Integrity has long been considered a fundamental requirement for secure computerized systems, and especially today's demand for data integrity is stronger than ever as many organizations are in-creasing their reliance on data and information systems. A ...

We introduce the concept, model, and policy-specific algorithms for inferring new access control decisions from previous ones. Our secondary and approximate authorization model (SAAM) defines the notions of primary vs. secondary and precise vs. ...

In this paper we propose an access control model for the Resource Description Framework (RDF). We argue that existing access control models, like the ones developed for securing eXtensible Markup Language (XML) documents, do not provide sufficient ...

Separation of Duty (SoD) is widely recognized to be a fundamental principle in computer security. A Static SoD (SSoD) policy states that in order to have all permissions necessary to complete a sensitive task, the cooperation of at least a certain ...

Demonstrating the safety of a system (ie. avoiding the undesired propagation of access rights or indirect access through some other granted resource) is one of the goals of access control research, e.g. [1-4]. However, the flexibility required from ...

We present an approach for secure information flow property preserving refinement and transformation of UML inspired interaction diagrams.The approach is formally underpinned by trace-semantics.The semantics is sufficiently expressive to distinguish ...

The growing importance of access control has led to the definition of numerous languages for specifying policies. Since these languages are based on different foundations, language users and designers would benefit from formal means to compare them. We ...

In J2EE and .NET roles are assigned to methods using external configuration files, called the deployment descriptors. Assigning roles to methods, although conceptually simple, in practice it is quite complicated. For instance, in order for a deployer to ...

Collaborative systems such as Grids provide efficient and scalable access to distributed computing capabilities and enable seamless resource sharing between users and platforms. This heterogeneous distribution of resources and the various modes of ...

Work flows model and control the execution of business process in an organization. They are typically comprised of tasks or logical steps in the business process. To mitigate the ability of insiders to commit fraud, care should be taken that people ...

Under scientific collaborations, resource sharing tends to be highly dynamic and often ad hoc. The dynamic characteristics and sharing patterns of ad-hoc collaborative sharing impose a need for comprehensive and flexible approaches to reflect and cope ...

When an access decision function denies a data access request by a mission participant in a mission-critical situation, the mission often suffers. In this paper, we propose a sharing control mechanism that computes and executes requests that are mission-...

XACML is the OASIS standard language for the specification of authorization and entitlement policies. However, while XACML well addresses security requirements of a single enterprise (even if large and composed by multiple departments), it does not ...

The role hierarchy is one of the most distinguished features of an RBAC approach to securing large systems as it facilitates efficient administration of permissions. However, the role hierarchy as defined in the currently standardized RBAC model has ...

Sharing information across different organizations is a critical problem. Using security enforcement mechanisms, accessing databases is limited to authorized users only. However, if databases and access control policies are syntactically and ...