介绍特别部分SACMAT'08

Q Engineering
Ninghui Li
{"title":"介绍特别部分SACMAT'08","authors":"Ninghui Li","doi":"10.1145/1952982.1952983","DOIUrl":null,"url":null,"abstract":"This issue of TISSEC includes extended versions of articles selected from the program of the 13th ACM Symposium on Access Control Models and Technologies (SACMAT 2008), which took place from June 11 to 13, 2008 in Estes Park, CO. SACMAT is a successful series of symposiums that continue the tradition, first established by the ACM Workshop on Role-Based Access Control, of being the premier forum for the presentation of research results and experience reports on leading-edge issues of access control, including models, systems, applications, and theory. The missions of the symposium are to share novel access control solutions that fulfill the needs of heterogeneous applications and environments and to identify new directions for future research and development. SACMAT gives researchers and practitioners a unique opportunity to share their perspectives with others interested in the various aspects of access control. The articles in this special issue were invited for submission from the 20 articles presented at SACMAT 2008. These were selected from 79 submissions from authors in 24 countries in Africa, Asia, Australia, Europe, North America, and South America. All the journal submissions went through an additional thorough review process to further ensure their quality. The first article “Detecting and Resolving Policy Misconfigurations in Access-Control Systems” by Lujo Bauer, Scott Garriss, and Michael K. Reiter applies association rule mining to the history of accesses to predict changes to access-control policies that are likely to be consistent with users’ intention, so that these changes can be instituted in advance of misconfigurations interfering with legitimate accesses. As instituting these changes requires the consent of the appropriate administrator, the article also introduces techniques to automatically determine from whom to seek consent and to minimize the costs of doing so. The proposed techniques are evaluated using data from a deployed access-control system. The second article “Authorization Recycling in Hierarchical RBAC Systems” by Qiang Wei, Jason Crampton, Konstantin Beznosov, and Matei Ripeanu introduces and evaluates the mechanisms for authorization “recycling” in RBAC enterprise systems. These mechanisms cache and reuse previous authorization decisions to help address the problem that the policy decision point in distributed applications tends to become a single point of failure and a performance bottleneck. The algorithms that support these mechanisms allow making precise and approximate authorization decisions, thereby masking possible failures of the authorization server and reducing its load. I would like to thank all the authors for submitting their research results in this special issue and to all the reviewers for their insightful comments. I am also grateful to Gene Tsudik, editor-in-chief, for his guidance and help throughout this process.","PeriodicalId":50912,"journal":{"name":"ACM Transactions on Information and System Security","volume":"8 1","pages":"1:1"},"PeriodicalIF":0.0000,"publicationDate":"2011-06-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"88","resultStr":"{\"title\":\"Introduction to special section SACMAT'08\",\"authors\":\"Ninghui Li\",\"doi\":\"10.1145/1952982.1952983\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This issue of TISSEC includes extended versions of articles selected from the program of the 13th ACM Symposium on Access Control Models and Technologies (SACMAT 2008), which took place from June 11 to 13, 2008 in Estes Park, CO. SACMAT is a successful series of symposiums that continue the tradition, first established by the ACM Workshop on Role-Based Access Control, of being the premier forum for the presentation of research results and experience reports on leading-edge issues of access control, including models, systems, applications, and theory. The missions of the symposium are to share novel access control solutions that fulfill the needs of heterogeneous applications and environments and to identify new directions for future research and development. SACMAT gives researchers and practitioners a unique opportunity to share their perspectives with others interested in the various aspects of access control. The articles in this special issue were invited for submission from the 20 articles presented at SACMAT 2008. These were selected from 79 submissions from authors in 24 countries in Africa, Asia, Australia, Europe, North America, and South America. All the journal submissions went through an additional thorough review process to further ensure their quality. The first article “Detecting and Resolving Policy Misconfigurations in Access-Control Systems” by Lujo Bauer, Scott Garriss, and Michael K. Reiter applies association rule mining to the history of accesses to predict changes to access-control policies that are likely to be consistent with users’ intention, so that these changes can be instituted in advance of misconfigurations interfering with legitimate accesses. As instituting these changes requires the consent of the appropriate administrator, the article also introduces techniques to automatically determine from whom to seek consent and to minimize the costs of doing so. The proposed techniques are evaluated using data from a deployed access-control system. The second article “Authorization Recycling in Hierarchical RBAC Systems” by Qiang Wei, Jason Crampton, Konstantin Beznosov, and Matei Ripeanu introduces and evaluates the mechanisms for authorization “recycling” in RBAC enterprise systems. These mechanisms cache and reuse previous authorization decisions to help address the problem that the policy decision point in distributed applications tends to become a single point of failure and a performance bottleneck. The algorithms that support these mechanisms allow making precise and approximate authorization decisions, thereby masking possible failures of the authorization server and reducing its load. I would like to thank all the authors for submitting their research results in this special issue and to all the reviewers for their insightful comments. I am also grateful to Gene Tsudik, editor-in-chief, for his guidance and help throughout this process.\",\"PeriodicalId\":50912,\"journal\":{\"name\":\"ACM Transactions on Information and System Security\",\"volume\":\"8 1\",\"pages\":\"1:1\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-06-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"88\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"ACM Transactions on Information and System Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/1952982.1952983\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q\",\"JCRName\":\"Engineering\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Information and System Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1952982.1952983","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q","JCRName":"Engineering","Score":null,"Total":0}
引用次数: 88

摘要

本期TISSEC包括从第13届ACM访问控制模型和技术研讨会(SACMAT 2008)计划中选择的文章的扩展版本,该研讨会于2008年6月11日至13日在CO. Estes Park举行。SACMAT是一个成功的系列研讨会,延续了传统,首先由ACM基于角色的访问控制研讨会建立。作为展示访问控制前沿问题的研究成果和经验报告的主要论坛,包括模型,系统,应用和理论。研讨会的任务是分享满足异构应用和环境需求的新颖访问控制解决方案,并确定未来研究和发展的新方向。SACMAT为研究人员和从业人员提供了一个独特的机会,与对访问控制的各个方面感兴趣的其他人分享他们的观点。这期特刊的文章被邀请从SACMAT 2008上发表的20篇文章中提交。这些作品是从来自非洲、亚洲、澳大利亚、欧洲、北美和南美24个国家的79位作者提交的作品中挑选出来的。所有提交的期刊都经过了额外的彻底审查过程,以进一步确保其质量。由Lujo Bauer、Scott Garriss和Michael K. Reiter撰写的第一篇文章“在访问控制系统中检测和解决策略错误配置”将关联规则挖掘应用于访问历史,以预测可能与用户意图一致的访问控制策略的更改,以便在错误配置干扰合法访问之前制定这些更改。由于实施这些更改需要适当的管理员的同意,因此本文还介绍了自动确定从谁那里寻求同意并将这样做的成本降至最低的技术。使用部署的访问控制系统的数据对所提出的技术进行了评估。Qiang Wei、Jason Crampton、Konstantin Beznosov和Matei Ripeanu撰写的第二篇文章“分层RBAC系统中的授权回收”介绍并评估了RBAC企业系统中的授权“回收”机制。这些机制缓存和重用以前的授权决策,以帮助解决分布式应用程序中的策略决策点容易成为单点故障和性能瓶颈的问题。支持这些机制的算法允许做出精确和近似的授权决策,从而掩盖授权服务器可能出现的故障并减少其负载。感谢所有作者在本期特刊中提交的研究成果,感谢所有审稿人的精辟评论。我还要感谢主编Gene Tsudik在整个过程中的指导和帮助。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Introduction to special section SACMAT'08
This issue of TISSEC includes extended versions of articles selected from the program of the 13th ACM Symposium on Access Control Models and Technologies (SACMAT 2008), which took place from June 11 to 13, 2008 in Estes Park, CO. SACMAT is a successful series of symposiums that continue the tradition, first established by the ACM Workshop on Role-Based Access Control, of being the premier forum for the presentation of research results and experience reports on leading-edge issues of access control, including models, systems, applications, and theory. The missions of the symposium are to share novel access control solutions that fulfill the needs of heterogeneous applications and environments and to identify new directions for future research and development. SACMAT gives researchers and practitioners a unique opportunity to share their perspectives with others interested in the various aspects of access control. The articles in this special issue were invited for submission from the 20 articles presented at SACMAT 2008. These were selected from 79 submissions from authors in 24 countries in Africa, Asia, Australia, Europe, North America, and South America. All the journal submissions went through an additional thorough review process to further ensure their quality. The first article “Detecting and Resolving Policy Misconfigurations in Access-Control Systems” by Lujo Bauer, Scott Garriss, and Michael K. Reiter applies association rule mining to the history of accesses to predict changes to access-control policies that are likely to be consistent with users’ intention, so that these changes can be instituted in advance of misconfigurations interfering with legitimate accesses. As instituting these changes requires the consent of the appropriate administrator, the article also introduces techniques to automatically determine from whom to seek consent and to minimize the costs of doing so. The proposed techniques are evaluated using data from a deployed access-control system. The second article “Authorization Recycling in Hierarchical RBAC Systems” by Qiang Wei, Jason Crampton, Konstantin Beznosov, and Matei Ripeanu introduces and evaluates the mechanisms for authorization “recycling” in RBAC enterprise systems. These mechanisms cache and reuse previous authorization decisions to help address the problem that the policy decision point in distributed applications tends to become a single point of failure and a performance bottleneck. The algorithms that support these mechanisms allow making precise and approximate authorization decisions, thereby masking possible failures of the authorization server and reducing its load. I would like to thank all the authors for submitting their research results in this special issue and to all the reviewers for their insightful comments. I am also grateful to Gene Tsudik, editor-in-chief, for his guidance and help throughout this process.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
ACM Transactions on Information and System Security
ACM Transactions on Information and System Security 工程技术-计算机:信息系统
CiteScore
4.50
自引率
0.00%
发文量
0
审稿时长
3.3 months
期刊介绍: ISSEC is a scholarly, scientific journal that publishes original research papers in all areas of information and system security, including technologies, systems, applications, and policies.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信