发布求助
文献互助 智能选刊 最新文献

Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies最新文献

筛选
英文 中文
A framework for verification and optimal reconfiguration of event-driven role based access control policies 用于验证和优化重新配置事件驱动的基于角色的访问控制策略的框架
Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies Pub Date : 2012-06-20 DOI: 10.1145/2295136.2295172
Basit Shafiq, Jaideep Vaidya, A. Ghafoor, E. Bertino
{"title":"A framework for verification and optimal reconfiguration of event-driven role based access control policies","authors":"Basit Shafiq, Jaideep Vaidya, A. Ghafoor, E. Bertino","doi":"10.1145/2295136.2295172","DOIUrl":"https://doi.org/10.1145/2295136.2295172","url":null,"abstract":"Role based access control (RBAC) is the de facto model used for advanced access control due to its inherent richness and flexibility. Despite its great success at modeling a variety of organizational needs, maintaining large complex policies is a challenging problem. Conflicts within policies can expose the underlying system to numerous vulnerabilities and security risks. Therefore, more comprehensive verification tools for RBAC need to be developed to enable effective access control. In this paper, we propose a verification framework for detection and resolution of inconsistencies and conflicts in policies modeled through event-driven RBAC, an important subset of generalized temporal RBAC applicable to many domains, such as SCADA systems. We define the conflict resolution problem and propose an integer programming based heuristic. The proposed approach is generic and can be tuned to a variety of optimality measures.","PeriodicalId":74509,"journal":{"name":"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies","volume":"73 1","pages":"197-208"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85712117","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
Ensuring authorization privileges for cascading user obligations 确保级联用户义务的授权特权
Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies Pub Date : 2012-06-20 DOI: 10.1145/2295136.2295144
Omar Chowdhury, M. Pontual, W. Winsborough, Ting Yu, Keith Irwin, Jianwei Niu
{"title":"Ensuring authorization privileges for cascading user obligations","authors":"Omar Chowdhury, M. Pontual, W. Winsborough, Ting Yu, Keith Irwin, Jianwei Niu","doi":"10.1145/2295136.2295144","DOIUrl":"https://doi.org/10.1145/2295136.2295144","url":null,"abstract":"User obligations are actions that the human users are required to perform in some future time. These are common in many practical access control and privacy and can depend on and affect the authorization state. Consequently, a user can incur an obligation that she is not authorized to perform which may hamper the usability of a system. To mitigate this problem, previous work introduced a property of the authorization state, accountability, which requires that all the obligatory actions to be authorized when they are attempted. Although, existing work provides a specific and tractable decision procedure for a variation of the accountability property, it makes a simplified assumption that no cascading obligations may happen, i.e., obligatory actions cannot further incur obligations. This is a strong assumption which reduces the expressive power of past models, and thus cannot support many obligation scenarios in practical security and privacy policies. In this work, we precisely specify the strong accountability property in the presence of cascading obligations and prove that deciding it is NP-hard. We provide for several special yet practical cases of cascading obligations (i.e., repetitive, finite cascading, etc.) a tractable decision procedure for accountability. Our experimental results illustrate that supporting such special cases is feasible in practice.","PeriodicalId":74509,"journal":{"name":"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies","volume":"38 1","pages":"33-44"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81277451","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
SCUTA: a server-side access control system for web applications SCUTA:用于web应用程序的服务器端访问控制系统
Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies Pub Date : 2012-06-20 DOI: 10.1145/2295136.2295152
Xi Tan, Wenliang Du, Tongbo Luo, Karthick Duraisamy Soundararaj
{"title":"SCUTA: a server-side access control system for web applications","authors":"Xi Tan, Wenliang Du, Tongbo Luo, Karthick Duraisamy Soundararaj","doi":"10.1145/2295136.2295152","DOIUrl":"https://doi.org/10.1145/2295136.2295152","url":null,"abstract":"The Web is playing a very important role in our lives, and is becoming an essential element of the computing infrastructure. Unfortunately, its importance makes it the preferred target of attacks. Web-based vulnerabilities now outnumber traditional computer security concerns. A recent study shows that over 80 percent of web sites have had at least one serious vulnerability. We believe that the Web's problems, to a large degree, are caused by the inadequacy of its underlying access control systems. To reduce the number of vulnerabilities, it is essential to provide web applications with better access control models that can adequately address the protection needs of the current Web.\u0000 As a part of the efforts to develop a better access control system for the Web, we focus on the server-side access control in this paper. We introduce a new concept called subsession, based on which, we have developed a ringbased access control system (called Scuta) for web servers. Scuta provides a fine-grained and backward-compatible access control mechanism for web applications. We have implemented Scuta in PHP, and have conducted comprehensive case studies to evaluate its benefits.","PeriodicalId":74509,"journal":{"name":"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies","volume":"23 1","pages":"71-82"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"88592418","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Android permissions: a perspective combining risks and benefits Android权限:风险与收益相结合的视角
Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies Pub Date : 2012-06-20 DOI: 10.1145/2295136.2295141
B. Sarma, Ninghui Li, Christopher S. Gates, Rahul Potharaju, C. Nita-Rotaru, Ian Molloy
{"title":"Android permissions: a perspective combining risks and benefits","authors":"B. Sarma, Ninghui Li, Christopher S. Gates, Rahul Potharaju, C. Nita-Rotaru, Ian Molloy","doi":"10.1145/2295136.2295141","DOIUrl":"https://doi.org/10.1145/2295136.2295141","url":null,"abstract":"The phenomenal growth of the Android platform in the past few years has made it a lucrative target of malicious application (app) developers. There are numerous instances of malware apps that send premium rate SMS messages, track users' private data, or apps that, even if not characterized as malware, conduct questionable actions affecting the user's privacy or costing them money. In this paper, we investigate the feasibility of using both the permissions an app requests, the category of the app, and what permissions are requested by other apps in the same category to better inform users whether the risks of installing an app is commensurate with its expected benefit. Existing approaches consider only the risks of the permissions requested by an app and ignore both the benefits and what permissions are requested by other apps, thus having a limited effect. We propose several risk signals that and evaluate them using two datasets, one consists of 158,062 Android apps from the Android Market, and another consists of 121 malicious apps. We demonstrate the effectiveness of our proposal through extensive data analysis.","PeriodicalId":74509,"journal":{"name":"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies","volume":"57 1","pages":"13-22"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81344362","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 339
Practical risk aggregation in RBAC models RBAC模型中的实际风险聚合
Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies Pub Date : 2012-06-20 DOI: 10.1145/2295136.2295158
Suresh Chari, Jorge Lobo, Ian Molloy
{"title":"Practical risk aggregation in RBAC models","authors":"Suresh Chari, Jorge Lobo, Ian Molloy","doi":"10.1145/2295136.2295158","DOIUrl":"https://doi.org/10.1145/2295136.2295158","url":null,"abstract":"This paper describes our system, built as part of a commercially available product, for inferring the risk in an RBAC policy model, i.e., the assignment of permissions to roles and roles to users. Our system implements a general model of risk based on any arbitrary set of properties of permissions and users. Our experience shows that fuzzy inferencing systems are best suited to capture how humans assign risk to such assignments. To implement fuzzy inferencing practically we need the axiom of monotonicity, i.e., risk can not decrease when more permissions are assigned to a role or when the role is assigned to fewer users. We describe the visualization component which administrators can use to infer aggregate risk in role assignments as well as drill down into which assignments are actually risky. Administrators can then use this knowledge to refactor roles and assignments.","PeriodicalId":74509,"journal":{"name":"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies","volume":"1 1","pages":"117-118"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77929937","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Encryption-enforced access control for an RFID discovery service 用于RFID发现服务的加密强制访问控制
Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies Pub Date : 2012-06-20 DOI: 10.1145/2295136.2295161
F. Kerschbaum, Leonardo Weiss Ferreira Chaves
{"title":"Encryption-enforced access control for an RFID discovery service","authors":"F. Kerschbaum, Leonardo Weiss Ferreira Chaves","doi":"10.1145/2295136.2295161","DOIUrl":"https://doi.org/10.1145/2295136.2295161","url":null,"abstract":"In this demonstration we present a novel encryption scheme for enforcing access control in a Discovery Service. A Discovery Service is a piece of software that allows one to \"discover\" item-level data which is stored in data repositories of different companies. Such data can be gathered with the help of Radio Frequency Identification or 2D bar codes. Our software allows the data owner to enforce access control on an item-level by managing the corresponding keys. Data remains confidential even against the provider of the Discovery Service. We present three ways of querying data and evaluate them with databases containing up to 50 million tuples.","PeriodicalId":74509,"journal":{"name":"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies","volume":"122 1","pages":"127-130"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87654675","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Visualizing security in business processes 可视化业务流程中的安全性
Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies Pub Date : 2011-06-15 DOI: 10.1145/1998441.1998465
Ganna Monakova, A. Schaad
{"title":"Visualizing security in business processes","authors":"Ganna Monakova, A. Schaad","doi":"10.1145/1998441.1998465","DOIUrl":"https://doi.org/10.1145/1998441.1998465","url":null,"abstract":"Defining constraints at the business process level is an often demanded feature. Our approach guides a business user in the analysis of threats to resources used in a business process, and provides the means to specify appropriate controls on the identified threats. These controls are of a highly visual nature and address both safety as well as security concerns.","PeriodicalId":74509,"journal":{"name":"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies","volume":"8 1","pages":"147-148"},"PeriodicalIF":0.0,"publicationDate":"2011-06-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87568816","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
An authorization scheme for version control systems 版本控制系统的授权方案
Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies Pub Date : 2011-06-15 DOI: 10.1145/1998441.1998460
Sitaram Chamarty, Hiren D. Patel, Mahesh V. Tripunitara
{"title":"An authorization scheme for version control systems","authors":"Sitaram Chamarty, Hiren D. Patel, Mahesh V. Tripunitara","doi":"10.1145/1998441.1998460","DOIUrl":"https://doi.org/10.1145/1998441.1998460","url":null,"abstract":"We present gitolite, an authorization scheme for Version Control Systems (VCSes). We have implemented it for the Git VCS. A VCS enables versioning, distributed collaboration and several other features, and is an important context for authorization and access control. Our main consideration behind the design of gitolite is the balance between expressive power, correctness and usability in realistic settings. We discuss our design of gitolite, and in particular the four user-classes in its delegation model, and the administrative actions a user at each class performs. We discuss also our ongoing work on expressing gitolite precisely in first-order logic, to thereby give it a precise semantics and establish correctness properties. gitolite has been adopted in open-source software development, university and industry settings. We discuss our experience with these deployments, and present some performance results related to access enforcement from a real deployment.","PeriodicalId":74509,"journal":{"name":"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies","volume":"37 1","pages":"123-132"},"PeriodicalIF":0.0,"publicationDate":"2011-06-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90855245","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Usable access control for all 所有可用的访问控制
Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies Pub Date : 2011-06-15 DOI: 10.1145/1998441.1998469
R. Reeder
{"title":"Usable access control for all","authors":"R. Reeder","doi":"10.1145/1998441.1998469","DOIUrl":"https://doi.org/10.1145/1998441.1998469","url":null,"abstract":"PANEL SUMMARY Managing access-control policies has traditionally been the domain of information security experts or system administrators, but is increasingly performed by individual consumers who may have no technical expertise. A variety of new applications create the need for consumers to use access control, including online social networks, online healthcare records databases, location-based mobile applications, mobile application stores, and cloud-based file shares. With these applications, data that is both personal and highly sensitive is being moved online, where it can be conveniently accessed by others. There are great benefits to be gained by making this sensitive data available to some--for example, by making an individual’s medical history available to healthcare providers---and great risks to making the data available to others---for example, making location data available to stalkers. Access-control technologies thus become the gateway to enabling applications to provide value through sharing data while keeping that data safe from those who should not be allowed to have it.","PeriodicalId":74509,"journal":{"name":"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies","volume":"5 1","pages":"153-154"},"PeriodicalIF":0.0,"publicationDate":"2011-06-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77250629","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Modeling data flow in socio-information networks: a risk estimation approach 社会信息网络中的数据流建模:一种风险评估方法
Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies Pub Date : 2011-06-15 DOI: 10.1145/1998441.1998458
Ting Wang, M. Srivatsa, D. Agrawal, Ling Liu
{"title":"Modeling data flow in socio-information networks: a risk estimation approach","authors":"Ting Wang, M. Srivatsa, D. Agrawal, Ling Liu","doi":"10.1145/1998441.1998458","DOIUrl":"https://doi.org/10.1145/1998441.1998458","url":null,"abstract":"Information leakage via the networks formed by subjects (e.g., Facebook, Twitter) and objects (e.g., blogosphere) - some of whom may be controlled by malicious insiders - often leads to unpredicted access control risks. While it may be impossible to precisely quantify information flows between two entities (e.g., two friends in a social network), this paper presents a first attempt towards leveraging recent advances in modeling socio-information networks to develop a statistical risk estimation paradigm for quantifying such insider threats. In the context of socio-information networks, our models estimate the following likelihoods: prior flow - has a subject $s$ acquired covert access to object o via the networks? posterior flow - if s is granted access to o, what is its impact on information flows between subject s' and object o'? network evolution - how will a newly created social relationship between s and s' influence current risk estimates? Our goal is not to prescribe a one-size-fits-all solution; instead we develop a set of composable network-centric risk estimation operators, with implementations configurable to concrete socio-information networks. The efficacy of our solutions is empirically evaluated using real-life datasets collected from the IBM SmallBlue project and Twitter.","PeriodicalId":74509,"journal":{"name":"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies","volume":"54 1","pages":"113-122"},"PeriodicalIF":0.0,"publicationDate":"2011-06-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77765749","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
首页 上一页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信