发布求助
文献互助 智能选刊 最新文献

Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies最新文献

筛选
英文 中文
A cloud-based RDF policy engine for assured information sharing 基于云的RDF策略引擎,用于确保信息共享
Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies Pub Date : 2012-06-20 DOI: 10.1145/2295136.2295157
Tyrone Cadenhead, V. Khadilkar, Murat Kantarcioglu, B. Thuraisingham
{"title":"A cloud-based RDF policy engine for assured information sharing","authors":"Tyrone Cadenhead, V. Khadilkar, Murat Kantarcioglu, B. Thuraisingham","doi":"10.1145/2295136.2295157","DOIUrl":"https://doi.org/10.1145/2295136.2295157","url":null,"abstract":"In this paper, we describe a general-purpose, scalable RDF policy engine. The innovations in our work include seamless support for a diverse set of security policies enforced by a highly available and scalable policy engine designed using a cloud-based platform. Our main goal is to demonstrate how coalition agencies can share information stored in multiple formats, through the enforcement of appropriate policies.","PeriodicalId":74509,"journal":{"name":"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies","volume":"30 1","pages":"113-116"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"73589362","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
MOSES: supporting operation modes on smartphones MOSES:支持智能手机的操作模式
Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies Pub Date : 2012-06-20 DOI: 10.1145/2295136.2295140
G. Russello, M. Conti, B. Crispo, Earlence Fernandes
{"title":"MOSES: supporting operation modes on smartphones","authors":"G. Russello, M. Conti, B. Crispo, Earlence Fernandes","doi":"10.1145/2295136.2295140","DOIUrl":"https://doi.org/10.1145/2295136.2295140","url":null,"abstract":"Smartphones are very effective tools for increasing the productivity of business users. With their increasing computational power and storage capacity, smartphones allow end users to perform several tasks and be always updated while on the move. As a consequence, end users require that their personal smartphones are connected to their work IT infrastructure. Companies are willing to support employee-owned smartphones because of the increase in productivity of their employees. However, smartphone security mechanisms have been discovered to offer very limited protection against malicious applications that can leak data stored on them. This poses a serious threat to sensitive corporate data. In this paper we present MOSES, a policy-based framework for enforcing software isolation of applications and data on the Android platform. In MOSES, it is possible to define distinct security profiles within a single smartphone. Each security profile is associated with a set of policies that control the access to applications and data. One of the main characteristics of MOSES is the dynamic switching from one security profile to another.","PeriodicalId":74509,"journal":{"name":"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies","volume":"25 1","pages":"3-12"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74375048","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 89
Access control for RDF graphs using abstract models 使用抽象模型的RDF图的访问控制
Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies Pub Date : 2012-06-20 DOI: 10.1145/2295136.2295155
Vassilis Papakonstantinou, M. Michou, I. Fundulaki, G. Flouris, G. Antoniou
{"title":"Access control for RDF graphs using abstract models","authors":"Vassilis Papakonstantinou, M. Michou, I. Fundulaki, G. Flouris, G. Antoniou","doi":"10.1145/2295136.2295155","DOIUrl":"https://doi.org/10.1145/2295136.2295155","url":null,"abstract":"The Resource Description Framework (RDF) has become the defacto standard for representing information in the Semantic Web. Given the increasing amount of sensitive RDF data available on the Web, it becomes increasingly critical to guarantee secure access to this content. In this paper we advocate the use of an abstract access control model to ensure the selective exposure of RDF information. The model is defined by a set of abstract operators and tokens. Tokens are used to label RDF triples with access information. Abstract operators model RDF Schema inference rules and propagation of labels along the RDF Schema(RDFS) class and property hierarchies. In this way, the access label of a triple is a complex expression that involves the labels of the triples and the operators applied to obtain said label. Different applications can then adopt different concrete access policies that encode an assignment of the abstract tokens and operators to concrete (specific) values. Following this approach, changes in the interpretation of abstract tokens and operators can be easily implemented resulting in a very flexible mechanism that allows one to easily experiment with different concrete access policies (defined per context or user). To demonstrate the feasibility of the approach, we implemented our ideas on top of the MonetDB and PostgreSQL open source database systems. We conducted an initial set of experiments which showed that the overhead for using abstract expressions is roughly linear to the number of triples considered; performance is also affected by the characteristics of the dataset, such as the size and depth of class and property hierarchies as well as the considered concrete policy.","PeriodicalId":74509,"journal":{"name":"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies","volume":"68 1","pages":"103-112"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80326606","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 27
A calculus for privacy-friendly authentication 隐私友好型身份验证的演算
Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies Pub Date : 2012-06-20 DOI: 10.1145/2295136.2295166
Patrik Bichsel, J. Camenisch, Dieter Sommer
{"title":"A calculus for privacy-friendly authentication","authors":"Patrik Bichsel, J. Camenisch, Dieter Sommer","doi":"10.1145/2295136.2295166","DOIUrl":"https://doi.org/10.1145/2295136.2295166","url":null,"abstract":"Establishing authentic channels has become a common operation on the Internet and electronic commerce would not be possible without it. Because traditionally authentication is based on identifying users, the success of electronic commerce causes rapid erosion of their privacy. Privacy-friendly authentication, such as group signatures or anonymous credential systems, could mitigate this issue minimizing the information released during an authentication operation. Unfortunately, privacy-friendly authentication systems are not yet deployed. One reason is their sophistication and feature richness, which is complicating their understanding. By providing a calculus for analyzing and comparing the requirements and goals of privacy-friendly authentication systems, we contribute to a better understanding of such technologies. Our calculus extends the one by Maurer and Schmid [18], by introducing: (1) pseudonyms to enable pseudonymous authentication, (2) a pseudonym annotation function denoting the information an entity reveals about itself, and (3) event-based channel conditions to model conditional release of information used for privacy-friendly accountability.","PeriodicalId":74509,"journal":{"name":"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies","volume":"43 1","pages":"157-166"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89391554","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
SecureBPMN: modeling and enforcing access control requirements in business processes SecureBPMN:在业务流程中建模和实施访问控制需求
Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies Pub Date : 2012-06-20 DOI: 10.1145/2295136.2295160
Achim D. Brucker, Isabelle Hang, Gero Lückemeyer, R. Ruparel
{"title":"SecureBPMN: modeling and enforcing access control requirements in business processes","authors":"Achim D. Brucker, Isabelle Hang, Gero Lückemeyer, R. Ruparel","doi":"10.1145/2295136.2295160","DOIUrl":"https://doi.org/10.1145/2295136.2295160","url":null,"abstract":"Modern enterprise systems have to comply to regulations such as Basel III resulting in complex security requirements. These requirements need to be modeled at design-time and enforced at runtime. Moreover, modern enterprise systems are often business-process driven, i.e., the system behavior is described as high-level business processes that are executed by a business process execution engine.\u0000 Consequently, there is a need for an integrated and tool-supported methodology that allows for specifying and enforcing compliance and security requirements for business process-driven enterprise systems.\u0000 In this paper, we present a tool chain supporting both the design-time modeling as well as the run-time enforcement of security requirements for business process-driven systems.","PeriodicalId":74509,"journal":{"name":"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies","volume":"11 1","pages":"123-126"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74539767","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 108
A model-based approach to automated testing of access control policies 一种基于模型的访问控制策略自动化测试方法
Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies Pub Date : 2012-06-20 DOI: 10.1145/2295136.2295173
Dianxiang Xu, Lijo Thomas, Michael Kent, T. Mouelhi, Yves Le Traon
{"title":"A model-based approach to automated testing of access control policies","authors":"Dianxiang Xu, Lijo Thomas, Michael Kent, T. Mouelhi, Yves Le Traon","doi":"10.1145/2295136.2295173","DOIUrl":"https://doi.org/10.1145/2295136.2295173","url":null,"abstract":"Access control policies in software systems can be implemented incorrectly for various reasons. This paper presents a model-based approach for automated testing of access control implementation. To feed the model-based testing process, test models are constructed by integrating declarative access control rules and contracts (preconditions and post-conditions) of the associated activities. The access control tests are generated from the test models to exercise the interactions of access control activities. Test executability is obtained through a mapping of the modeling elements to implementation constructs. The approach has been implemented in an industry-adopted test automation framework that supports the generation of test code in a variety of languages, such as Java, C, C++, C#, and HTML/Selenium IDE. The full model-based testing process has been applied to two systems implemented in Java. The effectiveness is evaluated in terms of access-control fault detection rate using mutation analysis of access control implementation. The experiments show that the model-based tests killed 99.7% of the mutants and the remaining mutants caused no policy violations.","PeriodicalId":74509,"journal":{"name":"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies","volume":"21 1","pages":"209-218"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90916963","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 41
PlexC: a policy language for exposure control PlexC:用于曝光控制的策略语言
Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies Pub Date : 2012-06-20 DOI: 10.1145/2295136.2295174
Y. L. Gall, Adam J. Lee, Apu Kapadia
{"title":"PlexC: a policy language for exposure control","authors":"Y. L. Gall, Adam J. Lee, Apu Kapadia","doi":"10.1145/2295136.2295174","DOIUrl":"https://doi.org/10.1145/2295136.2295174","url":null,"abstract":"With the widespread use of online social networks and mobile devices, it is not uncommon for people to continuously broadcast contextual information such as their current location or activity. These technologies present both new opportunities for social engagement and new risks to privacy, and traditional static \"write once\" disclosure policies are not well suited for controlling aggregate exposure risks in the current technological landscape.\u0000 Therefore, we present PlexC, a new policy language designed for exposure control. We take advantage of several recent user studies to identify a set of language requirements and features, providing the expressive power to accommodate information sharing in dynamic environments. In our evaluation we show that PlexC can concisely express common policy idioms drawn from survey responses, in addition to more complex information sharing scenarios.","PeriodicalId":74509,"journal":{"name":"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies","volume":"415 1","pages":"219-228"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83065814","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
SCUTA: a server-side access control system for web applications SCUTA:用于web应用程序的服务器端访问控制系统
Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies Pub Date : 2012-06-20 DOI: 10.1145/2295136.2295152
Xi Tan, Wenliang Du, Tongbo Luo, Karthick Duraisamy Soundararaj
{"title":"SCUTA: a server-side access control system for web applications","authors":"Xi Tan, Wenliang Du, Tongbo Luo, Karthick Duraisamy Soundararaj","doi":"10.1145/2295136.2295152","DOIUrl":"https://doi.org/10.1145/2295136.2295152","url":null,"abstract":"The Web is playing a very important role in our lives, and is becoming an essential element of the computing infrastructure. Unfortunately, its importance makes it the preferred target of attacks. Web-based vulnerabilities now outnumber traditional computer security concerns. A recent study shows that over 80 percent of web sites have had at least one serious vulnerability. We believe that the Web's problems, to a large degree, are caused by the inadequacy of its underlying access control systems. To reduce the number of vulnerabilities, it is essential to provide web applications with better access control models that can adequately address the protection needs of the current Web.\u0000 As a part of the efforts to develop a better access control system for the Web, we focus on the server-side access control in this paper. We introduce a new concept called subsession, based on which, we have developed a ringbased access control system (called Scuta) for web servers. Scuta provides a fine-grained and backward-compatible access control mechanism for web applications. We have implemented Scuta in PHP, and have conducted comprehensive case studies to evaluate its benefits.","PeriodicalId":74509,"journal":{"name":"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies","volume":"23 1","pages":"71-82"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"88592418","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Generative models for access control policies: applications to role mining over logs with attribution 访问控制策略的生成模型:对带有属性的日志进行角色挖掘的应用
Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies Pub Date : 2012-06-20 DOI: 10.1145/2295136.2295145
Ian Molloy, Youngja Park, Suresh Chari
{"title":"Generative models for access control policies: applications to role mining over logs with attribution","authors":"Ian Molloy, Youngja Park, Suresh Chari","doi":"10.1145/2295136.2295145","DOIUrl":"https://doi.org/10.1145/2295136.2295145","url":null,"abstract":"We consider a fundamentally new approach to role and policy mining: finding RBAC models which reflect the observed usage of entitlements and the attributes of users. Such policies are interpretable, i.e., there is a natural explanation of why a role is assigned to a user and are conservative from a security standpoint since they are based on actual usage. Further, such \"generative\" models provide many other benefits including reconciliation with policies based on entitlements, detection of provisioning errors, as well as the detection of anomalous behavior. Our contributions include defining the fundamental problem as extensions of the well-known role mining problem, as well as providing several new algorithms based on generative machine learning models. Our algorithms find models which are causally associated with actual usage of entitlements and any arbitrary combination of user attributes when such information is available. This is the most natural process to provision roles, thus addressing a key usability issue with existing role mining algorithms.\u0000 We have evaluated our approach on a large number of real life data sets, and our algorithms produce good role decompositions as measured by metrics such as coverage, stability, and generality We compare our algorithms with traditional role mining algorithms by equating usage with entitlement. Results show that our algorithms improve on existing approaches including exact mining, approximate mining, and probabilistic algorithms; the results are more temporally stable than exact mining approaches, and are faster than probabilistic algorithms while removing artificial constraints such as the number of roles assigned to each user. Most importantly, we believe that these roles more accurately capture what users actually do, the essence of a role, which is not captured by traditional methods.","PeriodicalId":74509,"journal":{"name":"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies","volume":"69 4 1","pages":"45-56"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87671316","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 50
A framework for verification and optimal reconfiguration of event-driven role based access control policies 用于验证和优化重新配置事件驱动的基于角色的访问控制策略的框架
Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies Pub Date : 2012-06-20 DOI: 10.1145/2295136.2295172
Basit Shafiq, Jaideep Vaidya, A. Ghafoor, E. Bertino
{"title":"A framework for verification and optimal reconfiguration of event-driven role based access control policies","authors":"Basit Shafiq, Jaideep Vaidya, A. Ghafoor, E. Bertino","doi":"10.1145/2295136.2295172","DOIUrl":"https://doi.org/10.1145/2295136.2295172","url":null,"abstract":"Role based access control (RBAC) is the de facto model used for advanced access control due to its inherent richness and flexibility. Despite its great success at modeling a variety of organizational needs, maintaining large complex policies is a challenging problem. Conflicts within policies can expose the underlying system to numerous vulnerabilities and security risks. Therefore, more comprehensive verification tools for RBAC need to be developed to enable effective access control. In this paper, we propose a verification framework for detection and resolution of inconsistencies and conflicts in policies modeled through event-driven RBAC, an important subset of generalized temporal RBAC applicable to many domains, such as SCADA systems. We define the conflict resolution problem and propose an integer programming based heuristic. The proposed approach is generic and can be tuned to a variety of optimality measures.","PeriodicalId":74509,"journal":{"name":"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies","volume":"73 1","pages":"197-208"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85712117","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信