发布求助
文献互助 智能选刊 最新文献

Proceedings of the 24th ACM Symposium on Access Control Models and Technologies最新文献

筛选
英文 中文
Owner-Centric Sharing of Physical Resources, Data, and Data-Driven Insights in Digital Ecosystems 数字生态系统中以所有者为中心的物理资源、数据和数据驱动的洞察共享
Proceedings of the 24th ACM Symposium on Access Control Models and Technologies Pub Date : 2019-05-28 DOI: 10.1145/3322431.3326326
Kwok-Ho Cheung, M. Huth, Laurence Kirk, Leif-Nissen Lundbæk, R. Marques, Jan Petsche
{"title":"Owner-Centric Sharing of Physical Resources, Data, and Data-Driven Insights in Digital Ecosystems","authors":"Kwok-Ho Cheung, M. Huth, Laurence Kirk, Leif-Nissen Lundbæk, R. Marques, Jan Petsche","doi":"10.1145/3322431.3326326","DOIUrl":"https://doi.org/10.1145/3322431.3326326","url":null,"abstract":"We are living in an age in which digitization will connect more and more physical assets with IT systems and where IoT endpoints will generate a wealth of valuable data. Companies, individual users, and organizations alike therefore have the need to control their own physical or non-physical assets and data sources. At the same time, they recognize the need for, and opportunity to, share access to such data and digitized physical assets. This paper sets out our technology vision for such sharing ecosystems, reports initial work in that direction, identifies challenges for realizing this vision, and seeks feedback and collaboration from the academic access-control community in that R&D space.","PeriodicalId":435953,"journal":{"name":"Proceedings of the 24th ACM Symposium on Access Control Models and Technologies","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122466964","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
FriendGuard FriendGuard
Proceedings of the 24th ACM Symposium on Access Control Models and Technologies Pub Date : 2019-05-28 DOI: 10.1145/3322431.3325103
Joshua Morris, Dan Lin, A. Squicciarini
{"title":"FriendGuard","authors":"Joshua Morris, Dan Lin, A. Squicciarini","doi":"10.1145/3322431.3325103","DOIUrl":"https://doi.org/10.1145/3322431.3325103","url":null,"abstract":"With the prevalence of online social networking, a large amount of studies have focused on online users' privacy. Existing work has heavily focused on preventing unauthorized access of one's personal information (e.g. locations, posts and photos). Very little research has been devoted into protecting the friend search engine, a service that allows people to explore others' friend lists. Although most friend search engines only disclose a partial view of one's friend list (e.g., k friends) or offer the ability to show all or no friends, attackers may leverage the combined knowledge from views obtained from different queries to gain a much larger social network of a targeted victim, potentially revealing sensitive information of a victim. In this paper, we propose a new friend search engine, namely FriendGuard, which guarantees the degree of friend exposure as set by users. If a user only allows k of his/her friends to be disclosed, our search engine will ensure that any attempts of discovering more friends of this user through querying the user's other friends will be a failure. The key idea underlying our search engine is the construction of a unique sub social network that is capable of satisfying query needs as well as controlling the degree of friend exposure. We have carried out an extensive experimental study and the results demonstrate both efficiency and effectiveness in our approach.","PeriodicalId":435953,"journal":{"name":"Proceedings of the 24th ACM Symposium on Access Control Models and Technologies","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117261471","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Mutual Authorizations: Semantics and Integration Issues 相互授权:语义和集成问题
Proceedings of the 24th ACM Symposium on Access Control Models and Technologies Pub Date : 2019-05-28 DOI: 10.1145/3322431.3325415
Gabriela Suntaxi, A. A. E. Ghazi, Klemens Böhm
{"title":"Mutual Authorizations: Semantics and Integration Issues","authors":"Gabriela Suntaxi, A. A. E. Ghazi, Klemens Böhm","doi":"10.1145/3322431.3325415","DOIUrl":"https://doi.org/10.1145/3322431.3325415","url":null,"abstract":"Studies in fields like psychology and sociology have revealed that reciprocity is a powerful determinant of human behavior. None of the existing access control models however captures this reciprocity phenomenon. In this paper, we introduce a new kind of grant, which we call mutual, to express authorizations that actually do this, i.e., users grant access to their resources only to users who allow them access to theirs. We define the syntax and semantics of mutual authorizations and show how this new grant can be included in the Role-Based Access Control model, i.e., extend RBAC with it.","PeriodicalId":435953,"journal":{"name":"Proceedings of the 24th ACM Symposium on Access Control Models and Technologies","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127587393","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Expat 外籍人士
Proceedings of the 24th ACM Symposium on Access Control Models and Technologies Pub Date : 2019-05-28 DOI: 10.1145/3322431.3325107
Moosa Yahyazadeh, P. Podder, E. Hoque, Omar Chowdhury
{"title":"Expat","authors":"Moosa Yahyazadeh, P. Podder, E. Hoque, Omar Chowdhury","doi":"10.1145/3322431.3325107","DOIUrl":"https://doi.org/10.1145/3322431.3325107","url":null,"abstract":"This paper focuses on developing a security mechanism geared towards appified smart-home platforms. Such platforms often expose programming interfaces for developing automation apps that mechanize different tasks among smart sensors and actuators (e.g., automatically turning on the AC when the room temperature is above 80 F). Due to the lack of effective access control mechanisms, these automation apps can not only have unrestricted access to the user's sensitive information (e.g., the user is not at home) but also violate user expectations by performing undesired actions. As users often obtain these apps from unvetted sources, a malicious app can wreak havoc on a smart-home system by either violating the user's security and privacy, or creating safety hazards (e.g., turning on the oven when no one is at home). To mitigate such threats, we propose Expat which ensures that user expectations are never violated by the installed automation apps at runtime. To achieve this goal, Expat provides a platform-agnostic, formal specification language UEI for capturing user expectations of the installed automation apps' behavior. For effective authoring of these expectations (as policies) in UEI, Expat also allows a user to check the desired properties (e.g., consistency, entailment) of them; which due to their formal semantics can be easily discharged by an SMT solver. Expat then enforces UEI policies in situ with an inline reference monitor which can be realized using the same app programming interface exposed by the underlying platform. We instantiate Expat for one of the representative platforms, OpenHAB, and demonstrate it can effectively mitigate a wide array of threats by enforcing user expectations while incurring only modest performance overhead.","PeriodicalId":435953,"journal":{"name":"Proceedings of the 24th ACM Symposium on Access Control Models and Technologies","volume":"49 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115691760","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 25
Poster 海报
Proceedings of the 24th ACM Symposium on Access Control Models and Technologies Pub Date : 2019-05-28 DOI: 10.1145/3322431.3326450
Ryan Shah, Shishir Nagaraja
{"title":"Poster","authors":"Ryan Shah, Shishir Nagaraja","doi":"10.1145/3322431.3326450","DOIUrl":"https://doi.org/10.1145/3322431.3326450","url":null,"abstract":"","PeriodicalId":435953,"journal":{"name":"Proceedings of the 24th ACM Symposium on Access Control Models and Technologies","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121854351","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
PolTree: A Data Structure for Making Efficient Access Decisions in ABAC PolTree: ABAC中有效访问决策的数据结构
Proceedings of the 24th ACM Symposium on Access Control Models and Technologies Pub Date : 2019-05-28 DOI: 10.1145/3322431.3325102
Ronit Nath, Saptarshi Das, S. Sural, Jaideep Vaidya, V. Atluri
{"title":"PolTree: A Data Structure for Making Efficient Access Decisions in ABAC","authors":"Ronit Nath, Saptarshi Das, S. Sural, Jaideep Vaidya, V. Atluri","doi":"10.1145/3322431.3325102","DOIUrl":"https://doi.org/10.1145/3322431.3325102","url":null,"abstract":"In Attribute-Based Access Control (ABAC), a user is permitted or denied access to an object based on a set of rules (together called an ABAC Policy) specified in terms of the values of attributes of various types of entities, namely, user, object and environment. Efficient evaluation of these rules is therefore essential for ensuring decision making at on-line speed when an access request comes. Sequentially evaluating all the rules in a policy is inherently time consuming and does not scale with the size of the ABAC system or the frequency of access requests. This problem, which is quite pertinent for practical deployment of ABAC, surprisingly has not so far been addressed in the literature. In this paper, we introduce two variants of a tree data structure for representing ABAC policies, which we name as PolTree. In the binary version (B-PolTree), at each node, a decision is taken based on whether a particular attribute-value pair is satisfied or not. The n-ary version (N-PolTree), on the other hand, grows as many branches out of a given node as the total number of possible values for the attribute being checked at that node. An extensive experimental evaluation with diverse data sets shows the scalability and effectiveness of the proposed approach.","PeriodicalId":435953,"journal":{"name":"Proceedings of the 24th ACM Symposium on Access Control Models and Technologies","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129155762","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
Bounded and Approximate Strong Satisfiability in Workflows 工作流中的有界和近似强可满足性
Proceedings of the 24th ACM Symposium on Access Control Models and Technologies Pub Date : 2019-04-15 DOI: 10.1145/3322431.3325418
J. Crampton, G. Gutin, Diptapriyo Majumdar
{"title":"Bounded and Approximate Strong Satisfiability in Workflows","authors":"J. Crampton, G. Gutin, Diptapriyo Majumdar","doi":"10.1145/3322431.3325418","DOIUrl":"https://doi.org/10.1145/3322431.3325418","url":null,"abstract":"There has been a considerable amount of interest in recent years in the problem of workflow satisfiability, which asks whether the existence of constraints in a workflow specification makes it impossible to allocate authorized users to each step in the workflow. Recent developments have seen the workflow satisfiability problem (WSP) studied in the context of workflow specifications in which the set of steps may vary from one instance of the workflow to another. This, in turn, means that some constraints may only apply to certain workflow instances. Inevitably, WSP becomes more complex for such workflow specifications. Other approaches have considered the possibility of associating costs with the violation of \"soft'' constraints and authorizations. Workflow satisfiability in this context becomes a question of minimizing the cost of allocating users to steps in the workflow. In this paper, we introduce new problems, which we believe to be of practical relevance, that combine these approaches. In particular, we consider the question of whether, given a workflow specification with costs and a \"budget'', all possible workflow instances have an allocation of users to steps that does not exceed the budget. We design a fixed-parameter tractable algorithm to solve this problem parameterized by the total number of steps, release points and xor branchings.","PeriodicalId":435953,"journal":{"name":"Proceedings of the 24th ACM Symposium on Access Control Models and Technologies","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-04-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121782469","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Efficient and Extensible Policy Mining for Relationship-Based Access Control 基于关系访问控制的高效可扩展策略挖掘
Proceedings of the 24th ACM Symposium on Access Control Models and Technologies Pub Date : 2019-03-18 DOI: 10.1145/3322431.3325106
Thang Bui, S. Stoller, Hieu Le
{"title":"Efficient and Extensible Policy Mining for Relationship-Based Access Control","authors":"Thang Bui, S. Stoller, Hieu Le","doi":"10.1145/3322431.3325106","DOIUrl":"https://doi.org/10.1145/3322431.3325106","url":null,"abstract":"Relationship-based access control (ReBAC) is a flexible and expressive framework that allows policies to be expressed in terms of chains of relationship between entities as well as attributes of entities. ReBAC policy mining algorithms have a potential to significantly reduce the cost of migration from legacy access control systems to ReBAC, by partially automating the development of a ReBAC policy. Existing ReBAC policy mining algorithms support a policy language with a limited set of operators; this limits their applicability. This paper presents a ReBAC policy mining algorithm designed to be both (1) easily extensible (to support additional policy language features) and (2) scalable. The algorithm is based on Bui et al.'s evolutionary algorithm for ReBAC policy mining algorithm. First, we simplify their algorithm, in order to make it easier to extend and provide a methodology that extends it to handle new policy language features. However, extending the policy language increases the search space of candidate policies explored by the evolutionary algorithm, thus causes longer running time and/or worse results. To address the problem, we enhance the algorithm with a feature selection phase. The enhancement utilizes a neural network to identify useful features. We use the result of feature selection to reduce the evolutionary algorithm's search space. The new algorithm is easy to extend and, as shown by our experiments, is more efficient and produces better policies.","PeriodicalId":435953,"journal":{"name":"Proceedings of the 24th ACM Symposium on Access Control Models and Technologies","volume":"T151 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-03-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125645745","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 14
Brokering Policies and Execution Monitors for IoT Middleware 物联网中间件的代理策略和执行监视器
Proceedings of the 24th ACM Symposium on Access Control Models and Technologies Pub Date : 2018-09-26 DOI: 10.1145/3322431.3325098
Juan Carlos Fuentes Carranza, Philip W. L. Fong
{"title":"Brokering Policies and Execution Monitors for IoT Middleware","authors":"Juan Carlos Fuentes Carranza, Philip W. L. Fong","doi":"10.1145/3322431.3325098","DOIUrl":"https://doi.org/10.1145/3322431.3325098","url":null,"abstract":"Event-based systems lie at the heart of many cloud-based Internet-of-Things (IoT) platforms. This combination of the Broker architectural style and the Publisher-Subscriber design pattern provides a way for smart devices to communicate and coordinate with one another. The present design of these cloud-based IoT frameworks lacks measures to (i) protect devices against malicious cloud disconnections, (ii) impose information flow control among communicating parties, and (iii) enforce coordination protocols in the presence of compromised devices. In this work, we propose to extend the modular event-based system architecture of Fiege et al., to incorporate brokering policies and execution monitors, in order to address the three protection challenges mentioned above. We formalized the operational semantics of our protection scheme, explored how the scheme can be used to enforce BLP-style information flow control and RBAC-style protection domains, implemented the proposal in an open-source MQTT broker, and evaluated the performance impact of the protection mechanisms.","PeriodicalId":435953,"journal":{"name":"Proceedings of the 24th ACM Symposium on Access Control Models and Technologies","volume":"215 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133118696","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
CAOS: Concurrent-Access Obfuscated Store CAOS:并发访问模糊存储
Proceedings of the 24th ACM Symposium on Access Control Models and Technologies Pub Date : 2017-09-29 DOI: 10.1145/3322431.3325101
M. Ordean, M. Ryan, D. Galindo
{"title":"CAOS: Concurrent-Access Obfuscated Store","authors":"M. Ordean, M. Ryan, D. Galindo","doi":"10.1145/3322431.3325101","DOIUrl":"https://doi.org/10.1145/3322431.3325101","url":null,"abstract":"This paper proposes Concurrent-Access Obfuscated Store (CAOS), a construction for remote data storage that provides access-pattern obfuscation in a honest-but-curious adversarial model, while allowing for low bandwidth overhead and client storage. Compared to other approaches, the main advantage of CAOS is that it supports concurrent access without a proxy, for multiple read-only clients and a single read-write client. Concurrent access is achieved by letting clients maintain independent maps that describe how the data is stored. Even though the maps might diverge from client to client, the protocol guarantees that clients will always have access to the data. Efficiency and concurrency are achieved at the expense of perfect obfuscation: in CAOS the extent to which access patterns are hidden is determined by the resources allocated to its built-in obfuscation mechanism. To assess this trade-off we provide both a security and a performance analysis of CAOS. We additionally provide a proof-of-concept implementation available at https://github.com/meehien/caos.","PeriodicalId":435953,"journal":{"name":"Proceedings of the 24th ACM Symposium on Access Control Models and Technologies","volume":"44 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123876287","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信