客座编辑SACMAT 2009和2010

Q Engineering
J. Joshi, B. Carminati
{"title":"客座编辑SACMAT 2009和2010","authors":"J. Joshi, B. Carminati","doi":"10.1145/2043621.2043622","DOIUrl":null,"url":null,"abstract":"This issue of TISSEC includes extended versions of articles selected from the programs of the 14th and 15th ACM Symposium on Access Control Models and Technologies (SACMAT 2009 and SACMAT 2010), which were held, respectively, in Stresa, Italy on June 3-5, 2009, and in Pittsburgh, USA on June 9-11, 2010. These symposiums continued the SACMAT tradition of being the premier forum for presentation of research results on cutting edge issues of access control, including models, systems, applications, and theory. SACMAT 2009 received 75 submissions from around the world. After a rigorous review process and program committee discussion, 24 papers were included in the program. SACMAT 2010 attracted a total of 79 papers from Africa, Asia, Australia, Europe and North America. In SACMAT 2010, submissions were anonymous, and each of them was reviewed according to a blind review process by at least three reviewers who are experts in the field. As result of this review process, the SACMAT 2010 program committee selected 19 articles that cover a variety of topics, including RBAC, policy analysis, role engineering and access control in distributed environments. Based on the original reviews and the feedback from session chairs, two papers from SACMAT 2009 and two papers from SACMAT 2010 were invited for submission for this special issue. The journal submissions went through an additional review process by selected members of the SACMAT 2010 program committee as well as external reviewers. The authors were required to incorporate significant technical extensions into their extended versions. Each article went through two rounds of reviews where the authors were requested to respond to the review comments and update the submissions accordingly. As the result of this review process, we finalized three articles to be included in this special issue. The first two articles are from the SACMAT 2009 program and the third article is from the SACMAT 2010 program. The first article titled “Group-Centric Secure Information-Sharing Models for Isolated Groups” by Ram Krishnan, Jianwei Niu, Ravi Sandhu, and William H. Winsborough proposes a theory for Group-Centric Secure Information Sharing (g-SIS) with isolated groups and formalizes a family of g-SIS models. The proposed g-SIS approach brings together users and objects in a group from different external sources and facilitates information sharing. The authors focus on the authorization semantics of group operations of join, leave for users and add, remove and create for objects. They use first-order temporal logic to define the core properties and some additional properties related to authorization consequences of these operations. They show that the core properties are logically consistent and mutually dependent. Further, they specify authorization behavior for a family of g-SIS models and prove that these models satisfy the core and selected additional properties. The second article titled “Combining Discretionary Policy with Mandatory Information Flow in Operating Systems” by Ziqing Mao, Ninghui Li Hong Chen, and Xuxian Jiang proposes an Information Flow Enhanced Discretionary Access Control (IFEDAC) model by combining discretionary policy in DAC with the dynamic information-flow techniques in MAC. The authors describe the design of IFDAC, show its relationship to the existing usable mandatory integrity protection model, and analyze their security properties. The authors also describe their implementations of IFEDAC in Linux and present their evaluation results. The third article titled “Access Control Policy Translation, Verification, and Minimization within Heterogeneous Data Federations,” by Gregory Leighton and Denilson Barbosa deals with the problem of enforcing access control policies across","PeriodicalId":50912,"journal":{"name":"ACM Transactions on Information and System Security","volume":"36 1","pages":"22:1-22:2"},"PeriodicalIF":0.0000,"publicationDate":"2011-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Guest Editorial SACMAT 2009 and 2010\",\"authors\":\"J. Joshi, B. Carminati\",\"doi\":\"10.1145/2043621.2043622\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This issue of TISSEC includes extended versions of articles selected from the programs of the 14th and 15th ACM Symposium on Access Control Models and Technologies (SACMAT 2009 and SACMAT 2010), which were held, respectively, in Stresa, Italy on June 3-5, 2009, and in Pittsburgh, USA on June 9-11, 2010. These symposiums continued the SACMAT tradition of being the premier forum for presentation of research results on cutting edge issues of access control, including models, systems, applications, and theory. SACMAT 2009 received 75 submissions from around the world. After a rigorous review process and program committee discussion, 24 papers were included in the program. SACMAT 2010 attracted a total of 79 papers from Africa, Asia, Australia, Europe and North America. In SACMAT 2010, submissions were anonymous, and each of them was reviewed according to a blind review process by at least three reviewers who are experts in the field. As result of this review process, the SACMAT 2010 program committee selected 19 articles that cover a variety of topics, including RBAC, policy analysis, role engineering and access control in distributed environments. Based on the original reviews and the feedback from session chairs, two papers from SACMAT 2009 and two papers from SACMAT 2010 were invited for submission for this special issue. The journal submissions went through an additional review process by selected members of the SACMAT 2010 program committee as well as external reviewers. The authors were required to incorporate significant technical extensions into their extended versions. Each article went through two rounds of reviews where the authors were requested to respond to the review comments and update the submissions accordingly. As the result of this review process, we finalized three articles to be included in this special issue. The first two articles are from the SACMAT 2009 program and the third article is from the SACMAT 2010 program. The first article titled “Group-Centric Secure Information-Sharing Models for Isolated Groups” by Ram Krishnan, Jianwei Niu, Ravi Sandhu, and William H. Winsborough proposes a theory for Group-Centric Secure Information Sharing (g-SIS) with isolated groups and formalizes a family of g-SIS models. The proposed g-SIS approach brings together users and objects in a group from different external sources and facilitates information sharing. The authors focus on the authorization semantics of group operations of join, leave for users and add, remove and create for objects. They use first-order temporal logic to define the core properties and some additional properties related to authorization consequences of these operations. They show that the core properties are logically consistent and mutually dependent. Further, they specify authorization behavior for a family of g-SIS models and prove that these models satisfy the core and selected additional properties. The second article titled “Combining Discretionary Policy with Mandatory Information Flow in Operating Systems” by Ziqing Mao, Ninghui Li Hong Chen, and Xuxian Jiang proposes an Information Flow Enhanced Discretionary Access Control (IFEDAC) model by combining discretionary policy in DAC with the dynamic information-flow techniques in MAC. The authors describe the design of IFDAC, show its relationship to the existing usable mandatory integrity protection model, and analyze their security properties. The authors also describe their implementations of IFEDAC in Linux and present their evaluation results. The third article titled “Access Control Policy Translation, Verification, and Minimization within Heterogeneous Data Federations,” by Gregory Leighton and Denilson Barbosa deals with the problem of enforcing access control policies across\",\"PeriodicalId\":50912,\"journal\":{\"name\":\"ACM Transactions on Information and System Security\",\"volume\":\"36 1\",\"pages\":\"22:1-22:2\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"ACM Transactions on Information and System Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2043621.2043622\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q\",\"JCRName\":\"Engineering\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Information and System Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2043621.2043622","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q","JCRName":"Engineering","Score":null,"Total":0}
引用次数: 0

摘要

本期TISSEC收录了第十四届和第十五届ACM访问控制模型与技术研讨会(SACMAT 2009和SACMAT 2010)的文章扩展版,这两届研讨会分别于2009年6月3-5日在意大利斯特雷萨和2010年6月9-11日在美国匹兹堡举行。这些研讨会延续了SACMAT作为展示访问控制前沿问题研究成果的主要论坛的传统,包括模型、系统、应用和理论。SACMAT 2009收到了来自世界各地的75份意见书。经过严格的审查过程和项目委员会的讨论,24篇论文被纳入项目。SACMAT 2010共吸引了来自非洲、亚洲、澳大利亚、欧洲和北美的79篇论文。在SACMAT 2010中,提交的材料是匿名的,每一份材料都由至少三名该领域的专家根据盲审程序进行审查。作为审查过程的结果,SACMAT 2010计划委员会选择了19篇文章,涵盖了各种主题,包括RBAC、策略分析、角色工程和分布式环境中的访问控制。根据原始评论和会议主席的反馈,本特刊邀请了来自SACMAT 2009的两篇论文和来自SACMAT 2010的两篇论文。期刊提交经过了SACMAT 2010计划委员会选定成员以及外部审稿人的额外审查过程。作者被要求在他们的扩展版本中加入重要的技术扩展。每篇文章都经过两轮评审,作者被要求对评审意见做出回应,并相应地更新提交的文章。作为这个审查过程的结果,我们最终确定了三篇文章将被纳入本期特刊。前两篇文章来自SACMAT 2009项目,第三篇文章来自SACMAT 2010项目。由Ram Krishnan、Jianwei Niu、Ravi Sandhu和William H. Winsborough撰写的第一篇题为“孤立组的以组为中心的安全信息共享模型”的文章提出了一个与孤立组的以组为中心的安全信息共享(g-SIS)理论,并形式化了g-SIS模型族。建议的g-SIS方法将来自不同外部来源的用户和对象聚集在一个组中,并促进信息共享。作者着重于用户的join、leave和对象的add、remove和create组操作的授权语义。它们使用一阶时间逻辑来定义核心属性以及与这些操作的授权结果相关的一些附加属性。它们表明,核心属性在逻辑上是一致的和相互依赖的。此外,它们还指定了一系列g-SIS模型的授权行为,并证明这些模型满足核心和选定的附加属性。毛子青、李宁辉、陈红、蒋绪贤等人的第二篇文章《操作系统中自由决策策略与强制信息流的结合》,将自由决策策略与MAC中的动态信息流技术相结合,提出了一种信息流增强的自由访问控制(IFDAC)模型。作者描述了IFDAC的设计,说明了它与现有可用的强制完整性保护模型的关系。并分析它们的安全属性。作者还描述了他们在Linux上对IFEDAC的实现,并给出了他们的评估结果。第三篇文章题为“异构数据联合中的访问控制策略转换、验证和最小化”,作者Gregory Leighton和Denilson Barbosa讨论了跨访问控制策略的实施问题
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Guest Editorial SACMAT 2009 and 2010
This issue of TISSEC includes extended versions of articles selected from the programs of the 14th and 15th ACM Symposium on Access Control Models and Technologies (SACMAT 2009 and SACMAT 2010), which were held, respectively, in Stresa, Italy on June 3-5, 2009, and in Pittsburgh, USA on June 9-11, 2010. These symposiums continued the SACMAT tradition of being the premier forum for presentation of research results on cutting edge issues of access control, including models, systems, applications, and theory. SACMAT 2009 received 75 submissions from around the world. After a rigorous review process and program committee discussion, 24 papers were included in the program. SACMAT 2010 attracted a total of 79 papers from Africa, Asia, Australia, Europe and North America. In SACMAT 2010, submissions were anonymous, and each of them was reviewed according to a blind review process by at least three reviewers who are experts in the field. As result of this review process, the SACMAT 2010 program committee selected 19 articles that cover a variety of topics, including RBAC, policy analysis, role engineering and access control in distributed environments. Based on the original reviews and the feedback from session chairs, two papers from SACMAT 2009 and two papers from SACMAT 2010 were invited for submission for this special issue. The journal submissions went through an additional review process by selected members of the SACMAT 2010 program committee as well as external reviewers. The authors were required to incorporate significant technical extensions into their extended versions. Each article went through two rounds of reviews where the authors were requested to respond to the review comments and update the submissions accordingly. As the result of this review process, we finalized three articles to be included in this special issue. The first two articles are from the SACMAT 2009 program and the third article is from the SACMAT 2010 program. The first article titled “Group-Centric Secure Information-Sharing Models for Isolated Groups” by Ram Krishnan, Jianwei Niu, Ravi Sandhu, and William H. Winsborough proposes a theory for Group-Centric Secure Information Sharing (g-SIS) with isolated groups and formalizes a family of g-SIS models. The proposed g-SIS approach brings together users and objects in a group from different external sources and facilitates information sharing. The authors focus on the authorization semantics of group operations of join, leave for users and add, remove and create for objects. They use first-order temporal logic to define the core properties and some additional properties related to authorization consequences of these operations. They show that the core properties are logically consistent and mutually dependent. Further, they specify authorization behavior for a family of g-SIS models and prove that these models satisfy the core and selected additional properties. The second article titled “Combining Discretionary Policy with Mandatory Information Flow in Operating Systems” by Ziqing Mao, Ninghui Li Hong Chen, and Xuxian Jiang proposes an Information Flow Enhanced Discretionary Access Control (IFEDAC) model by combining discretionary policy in DAC with the dynamic information-flow techniques in MAC. The authors describe the design of IFDAC, show its relationship to the existing usable mandatory integrity protection model, and analyze their security properties. The authors also describe their implementations of IFEDAC in Linux and present their evaluation results. The third article titled “Access Control Policy Translation, Verification, and Minimization within Heterogeneous Data Federations,” by Gregory Leighton and Denilson Barbosa deals with the problem of enforcing access control policies across
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
ACM Transactions on Information and System Security
ACM Transactions on Information and System Security 工程技术-计算机:信息系统
CiteScore
4.50
自引率
0.00%
发文量
0
审稿时长
3.3 months
期刊介绍: ISSEC is a scholarly, scientific journal that publishes original research papers in all areas of information and system security, including technologies, systems, applications, and policies.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信