发布求助
文献互助 智能选刊 最新文献

Proceedings of the 20th ACM Symposium on Access Control Models and Technologies最新文献

筛选
英文 中文
Fine-Grained Business Data Confidentiality Control in Cross-Organizational Tracking 跨组织跟踪中的细粒度业务数据机密性控制
Proceedings of the 20th ACM Symposium on Access Control Models and Technologies Pub Date : 2015-06-01 DOI: 10.1145/2752952.2752973
Weili Han, Yin Zhang, Zeqing Guo, E. Bertino
{"title":"Fine-Grained Business Data Confidentiality Control in Cross-Organizational Tracking","authors":"Weili Han, Yin Zhang, Zeqing Guo, E. Bertino","doi":"10.1145/2752952.2752973","DOIUrl":"https://doi.org/10.1145/2752952.2752973","url":null,"abstract":"With the support of the Internet of Things (IoT for short) technologies, tracking systems are being widely deployed in many companies and organizations in order to provide more efficient and trustworthy delivery services. Such systems usually support easy-to-use interfaces, by which users can visualize the shipping status and progress of merchandise, according to business data which are collected directly from the merchandise through sensing technologies. However, these business data may include sensitive business information, which should be strongly protected in cross-organizational scenarios. Thus, it is critical for suppliers that the disclosure of such data to unauthorized users is prevented in the context of the open environment of these tracking systems. As business data from different suppliers and organizations are usually associated together with merchandise being shipped, it is also important to support fine-grained confidentiality control. In this paper, we articulate the problem of fine-grained business data confidentiality control in IoT-enabled cross-organizational tracking systems. We then propose a fine-grained confidentiality control mechanism, referred to as xCP-ABE, to address the problem in the context of open environment. The xCP-ABE mechanism is a novel framework which makes suppliers in tracking systems able to selectively authorize specific sets of users to access their sensitive business data and satisfies the confidentiality of transmission path of goods. We develop a prototype of the xCP-ABE mechanism, and then evaluate its performance. We also carry out a brief security analysis of our proposed mechanism. Our evaluation and analysis show that our framework is an effective and efficient solution to ensure the confidentiality of business data in cross-organizational tracking systems.","PeriodicalId":305802,"journal":{"name":"Proceedings of the 20th ACM Symposium on Access Control Models and Technologies","volume":"330 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116528461","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
On Missing Attributes in Access Control: Non-deterministic and Probabilistic Attribute Retrieval 访问控制中的缺失属性:非确定性和概率属性检索
Proceedings of the 20th ACM Symposium on Access Control Models and Technologies Pub Date : 2015-06-01 DOI: 10.1145/2752952.2752970
J. Crampton, C. Morisset, Nicola Zannone
{"title":"On Missing Attributes in Access Control: Non-deterministic and Probabilistic Attribute Retrieval","authors":"J. Crampton, C. Morisset, Nicola Zannone","doi":"10.1145/2752952.2752970","DOIUrl":"https://doi.org/10.1145/2752952.2752970","url":null,"abstract":"Attribute Based Access Control (ABAC) is becoming the reference model for the specification and evaluation of access control policies. In ABAC policies and access requests are defined in terms of pairs attribute names/values. The applicability of an ABAC policy to a request is determined by matching the attributes in the request with the attributes in the policy. Some languages supporting ABAC, such as PTaCL or XACML 3.0, take into account the possibility that some attributes values might not be correctly retrieved when the request is evaluated, and use complex decisions, usually describing all possible evaluation outcomes, to account for missing attributes. In this paper, we argue that the problem of missing attributes in ABAC can be seen as a non-deterministic attribute retrieval process, and we show that the current evaluation mechanism in PTaCL or XACML can return a complex decision that does not necessarily match with the actual possible outcomes. This, however, is problematic for the enforcing mechanism, which needs to resolve the complex decision into a conclusive one. We propose a new evaluation mechanism, explicitly based on non-deterministic attribute retrieval for a given request. We extend this mechanism to probabilistic attribute retrieval and implement a probabilistic policy evaluation mechanism for PTaCL in PRISM, a probabilistic model-checker.","PeriodicalId":305802,"journal":{"name":"Proceedings of the 20th ACM Symposium on Access Control Models and Technologies","volume":"24 8","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114136311","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 19
Towards a General Framework for Optimal Role Mining: A Constraint Satisfaction Approach 面向最优角色挖掘的通用框架:约束满足方法
Proceedings of the 20th ACM Symposium on Access Control Models and Technologies Pub Date : 2015-06-01 DOI: 10.1145/2752952.2752975
J. H. Jafarian, Hassan Takabi, Hakim Touati, Ehsan Hesamifard, Mohamed Shehab
{"title":"Towards a General Framework for Optimal Role Mining: A Constraint Satisfaction Approach","authors":"J. H. Jafarian, Hassan Takabi, Hakim Touati, Ehsan Hesamifard, Mohamed Shehab","doi":"10.1145/2752952.2752975","DOIUrl":"https://doi.org/10.1145/2752952.2752975","url":null,"abstract":"Role Based Access Control (RBAC) is the most widely used advanced access control model deployed in a variety of organizations. To deploy an RBAC system, one needs to first identify a complete set of roles, including permission role assignments and role user assignments. This process, known as role engineering, has been identified as one of the costliest tasks in migrating to RBAC. Since many organizations already have some form of user permission assignments defined, it makes sense to identify roles from this existing information. This process, known as role mining, has gained significant interest in recent years and numerous role mining techniques have been developed that take into account the characteristics of the core RBAC model, as well as its various extended features and each is based on a specific optimization metric. In this paper, we propose a generic approach which transforms the role mining problem into a constraint satisfaction problem. The transformation allows us to discover the optimal RBAC state based on customized optimization metrics. We also extend the RBAC model to include more context-aware and application specific constraints. These extensions broaden the applicability of the model beyond the classic role mining to include features such as permission usage, hierarchical role mining, hybrid role engineering approaches, and temporal RBAC models. We also perform experiments to show applicability and effectiveness of the proposed approach.","PeriodicalId":305802,"journal":{"name":"Proceedings of the 20th ACM Symposium on Access Control Models and Technologies","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134175021","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 17
SecLoc: Securing Location-Sensitive Storage in the Cloud SecLoc:保护云中的位置敏感存储
Proceedings of the 20th ACM Symposium on Access Control Models and Technologies Pub Date : 2015-06-01 DOI: 10.1145/2752952.2752965
Jingwei Li, A. Squicciarini, D. Lin, Shuang Liang, Chunfu Jia
{"title":"SecLoc: Securing Location-Sensitive Storage in the Cloud","authors":"Jingwei Li, A. Squicciarini, D. Lin, Shuang Liang, Chunfu Jia","doi":"10.1145/2752952.2752965","DOIUrl":"https://doi.org/10.1145/2752952.2752965","url":null,"abstract":"Cloud computing offers a wide array of storage services. While enjoying the benefits of flexibility, scalability and reliability brought by the cloud storage, cloud users also face the risk of losing control of their own data, in partly because they do not know where their data is actually stored. This raises a number of security and privacy concerns regarding one's sensitive data such as health records. For example, according to Canadian laws, data related to personal identifiable information must be stored within Canada. Nevertheless, in contrast to the urgent demands, privacy requirements regarding to cloud storage locations have not been well investigated in the current cloud computing market, fostering security and privacy concerns among potential adopters. Aiming at addressing this emerging critical issue, we propose a novel secure location-sensitive storage framework, called SecLoc, which offers protection for cloud users' data following the storage location restrictions, with minimum management overhead to existing cloud storage services. We conduct security analysis, complexity analysis and experimental evaluation on the proposed SecLoc system. Our results demonstrate both effectiveness and efficiency of our mechanism.","PeriodicalId":305802,"journal":{"name":"Proceedings of the 20th ACM Symposium on Access Control Models and Technologies","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131259691","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
A SMT-based Tool for the Analysis and Enforcement of NATO Content-based Protection and Release Policies 基于smt的工具,用于分析和执行北约基于内容的保护和发布政策
Proceedings of the 20th ACM Symposium on Access Control Models and Technologies Pub Date : 2015-06-01 DOI: 10.1145/2752952.2752954
A. Armando, Silvio Ranise, Riccardo Traverso, K. Wrona
{"title":"A SMT-based Tool for the Analysis and Enforcement of NATO Content-based Protection and Release Policies","authors":"A. Armando, Silvio Ranise, Riccardo Traverso, K. Wrona","doi":"10.1145/2752952.2752954","DOIUrl":"https://doi.org/10.1145/2752952.2752954","url":null,"abstract":"NATO is developing a new IT infrastructure for automated information sharing between different information security domains and supporting dynamic and flexible enforcement of the need-to-know principle. In this context, the Content-based Protection and Release (CPR) model has been introduced to support the specification and enforcement of NATO access control policies. While the ability to define fine-grained security policies for a large variety of users, resources, and devices is desirable, their definition, maintenance, and enforcement can be difficult, time-consuming, and error prone. In this paper, we give an overview of a tool capable of assisting NATO security personnel in these tasks by automatically solving several policy analysis problems of practical interest. The tool levarages state-of-the-art SMT solvers.","PeriodicalId":305802,"journal":{"name":"Proceedings of the 20th ACM Symposium on Access Control Models and Technologies","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115622750","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Challenges in Making Access Control Sensitive to the "Right" Contexts 使访问控制对“正确”上下文敏感的挑战
Proceedings of the 20th ACM Symposium on Access Control Models and Technologies Pub Date : 2015-06-01 DOI: 10.1145/2752952.2752979
T. Jaeger
{"title":"Challenges in Making Access Control Sensitive to the \"Right\" Contexts","authors":"T. Jaeger","doi":"10.1145/2752952.2752979","DOIUrl":"https://doi.org/10.1145/2752952.2752979","url":null,"abstract":"Access control is a fundamental security mechanism that both protects processes from attacks and confines compromised processes that may try to propagate an attack. Nonetheless, we still see an ever increasing number of software vulnerabilities. Researchers have long proposed that improvements in access control could prevent many vulnerabilities, many of which capture contextual information to more accurately detect obviously unsafe operations. However, developers are often hesitant to extend their access control mechanisms to use more sensitive access control policies. My experience leads me to propose that it is imperative that an access control systems be able to extract context accurately and efficiently and be capable of inferring any non-trivial policies. In this talk, I will discuss some recent research that enforces context-sensitive policies by either extracting process context, integrating code to extract context from programs, or extracting user context. We find that context-sensitive mechanisms can prevent some obviously unsafe operations from being authorized efficiently and discuss our experiences in inferring access control policies. Based on this research, we are encouraged that future research may enable context-sensitive access control policies to be produced and enforced to prevent vulnerabilities.","PeriodicalId":305802,"journal":{"name":"Proceedings of the 20th ACM Symposium on Access Control Models and Technologies","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130473529","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Relationship-Based Access Control for an Open-Source Medical Records System 基于关系的开放源代码病历系统访问控制
Proceedings of the 20th ACM Symposium on Access Control Models and Technologies Pub Date : 2015-06-01 DOI: 10.1145/2752952.2752962
Syed Zain R. Rizvi, Philip W. L. Fong, J. Crampton, J. Sellwood
{"title":"Relationship-Based Access Control for an Open-Source Medical Records System","authors":"Syed Zain R. Rizvi, Philip W. L. Fong, J. Crampton, J. Sellwood","doi":"10.1145/2752952.2752962","DOIUrl":"https://doi.org/10.1145/2752952.2752962","url":null,"abstract":"Inspired by the access control models of social network systems, Relationship-Based Access Control (ReBAC) was recently proposed as a general-purpose access control paradigm for application domains in which authorization must take into account the relationship between the access requestor and the resource owner. The healthcare domain is envisioned to be an archetypical application domain in which ReBAC is sorely needed: e.g., my patient record should be accessible only by my family doctor, but not by all doctors. In this work, we demonstrate for the first time that ReBAC can be incorporated into a production-scale medical records system, OpenMRS, with backward compatibility to the legacy RBAC mechanism. Specifically, we extend the access control mechanism of OpenMRS to enforce ReBAC policies. Our extensions incorporate and extend advanced ReBAC features recently proposed by Crampton and Sellwood. In addition, we designed and implemented the first administrative model for ReBAC. In this paper, we describe our ReBAC implementation, discuss the system engineering lessons learnt as a result, and evaluate the experimental work we have undertaken. In particular, we compare the performance of the various authorization schemes we implemented, thereby demonstrating the feasibility of ReBAC.","PeriodicalId":305802,"journal":{"name":"Proceedings of the 20th ACM Symposium on Access Control Models and Technologies","volume":"48 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130998422","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 32
SPA: Inviting Your Friends to Help Set Android Apps SPA:邀请你的朋友帮助设置Android应用程序
Proceedings of the 20th ACM Symposium on Access Control Models and Technologies Pub Date : 2015-06-01 DOI: 10.1145/2752952.2752974
Zeqing Guo, Weili Han, Liangxing Liu, Wenyuan Xu, Ruiqin Bu, Minyue Ni
{"title":"SPA: Inviting Your Friends to Help Set Android Apps","authors":"Zeqing Guo, Weili Han, Liangxing Liu, Wenyuan Xu, Ruiqin Bu, Minyue Ni","doi":"10.1145/2752952.2752974","DOIUrl":"https://doi.org/10.1145/2752952.2752974","url":null,"abstract":"More and more powerful personal smart devices take users, especially the elder, into a disaster of policy administration where users are forced to set personal management policies in these devices. Considering a real case of this issue in the Android security, it is hard for users, even some programmers, to generally identify malicious permission requests when they install a third-party application. Motivated by the popularity of mutual assistance among friends (including family members) in the real world, we propose a novel framework for policy administration, referring to Socialized Policy Administration (SPA for short), to help users manage the policies in widely deployed personal devices. SPA leverages a basic idea that a user may invite his or her friends to help set the applications. Especially, when the size of invited friends increases, the setting result can be more resilient to a few malicious or unprofessional friends. We define the security properties of SPA, and propose an enforcement framework where users' friends can help users set applications without the leakage of friends' preferences with the supports of a privacy preserving mechanism. In our prototype, we only leverage partially homomorphic encryption cryptosystems to implement our framework, because the fully homomorphic encryption is not acceptable to be deployed in a practical service at the moment. Based on our prototype and performance evaluation, SPA is promising to support major types of policies in current popular applications with acceptable performance.","PeriodicalId":305802,"journal":{"name":"Proceedings of the 20th ACM Symposium on Access Control Models and Technologies","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128414330","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Towards an Automatic Top-down Role Engineering Approach Using Natural Language Processing Techniques 基于自然语言处理技术的自动自顶向下角色工程方法
Proceedings of the 20th ACM Symposium on Access Control Models and Technologies Pub Date : 2015-06-01 DOI: 10.1145/2752952.2752958
M. Narouei, Hassan Takabi
{"title":"Towards an Automatic Top-down Role Engineering Approach Using Natural Language Processing Techniques","authors":"M. Narouei, Hassan Takabi","doi":"10.1145/2752952.2752958","DOIUrl":"https://doi.org/10.1145/2752952.2752958","url":null,"abstract":"Role Based Access Control (RBAC) is the most widely used model for access control due to the ease of administration as well as economic benefits it provides. In order to deploy an RBAC system, one requires to first identify a complete set of roles. This process, known as role engineering, has been identified as one of the costliest tasks in migrating to RBAC. In this paper, we propose a top-down role engineering approach and take the first steps towards using natural language processing techniques to extract policies from unrestricted natural language documents. Most organizations have high-level requirement specifications that include a set of access control policies which describes allowable operations for the system. However, it is very time consuming, labor-intensive, and error-prone to manually sift through these natural language documents to identify and extract access control policies. Our goal is to automate this process to reduce manual efforts and human errors. We apply natural language processing techniques, more specifically semantic role labeling to automatically extract access control policies from unrestricted natural language documents, define roles, and build an RBAC model. Our preliminary results are promising and by applying semantic role labeling to automatically identify predicate-argument structure, and a set of predefined rules on the extracted arguments, we were able correctly identify access control policies with a precision of 75%, recall of 88%, and F1 score of 80%.","PeriodicalId":305802,"journal":{"name":"Proceedings of the 20th ACM Symposium on Access Control Models and Technologies","volume":"44 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133803037","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 22
A Logical Approach to Restricting Access in Online Social Networks 限制在线社交网络访问的逻辑方法
Proceedings of the 20th ACM Symposium on Access Control Models and Technologies Pub Date : 2015-06-01 DOI: 10.1145/2752952.2752967
M. Cramer, Jun Pang, Yang Zhang
{"title":"A Logical Approach to Restricting Access in Online Social Networks","authors":"M. Cramer, Jun Pang, Yang Zhang","doi":"10.1145/2752952.2752967","DOIUrl":"https://doi.org/10.1145/2752952.2752967","url":null,"abstract":"Nowadays in popular online social networks users can blacklist some of their friends in order to disallow them to access resources that other non-blacklisted friends may access. We identify three independent binary decisions to utilize users' blacklists in access control policies, resulting into eight access restrictions. We formally define these restrictions in a hybrid logic for relationship-based access control, and provide syntactical transformations to rewrite a hybrid logic access control formula when fixing an access restriction. This enables a flexible and user-friendly approach for restricting access in social networks. We develop efficient algorithms for enforcing a subset of access control policies with restrictions. The effectiveness of the access restrictions and the efficiency of our algorithms are evaluated on a Facebook dataset.","PeriodicalId":305802,"journal":{"name":"Proceedings of the 20th ACM Symposium on Access Control Models and Technologies","volume":"186 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114853264","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信