The Experts below are selected from a list of 39963 Experts worldwide ranked by ideXlab platform
Elisa Bertino - One of the best experts on this subject based on the ideXlab platform.
-
Availability
2015Co-Authors: Elisa BertinoAbstract:• Information Security: basic concepts • Privacy: basic concepts and comparison with security • Access Control, security Policies, and models – Access Control Policies • the matrix model and the safety problem • discretionary Access Control • mandatory Access Control • role-based and task-based Access Control • context-based Access Control • chinese wall Access contro
-
privacy preserving similarity measurement for Access Control Policies
Digital Identity Management, 2010Co-Authors: Eunae Cho, Gabriel Ghinita, Elisa BertinoAbstract:The emergence of global-scale infrastructures for outsourcing data and content to service providers (e.g., cloud computing) creates unprecedented opportunities for data owners to expand their operations and increase their customer base. On the other hand, each data owner (DO) has a certain set of Access Control Policies, which may be different than those of the service providers (SP). Therefore, to enable effective outsourcing, it is important for the DOs to choose SPs with similar Access Control Policies.Several techniques that measure policy similarity have been proposed in previous work, but they assume that Policies are publicly Accessible. However, in a global-scale environment without well-established relationships of trust, participants may not be willing to reveal their Policies to every other stakeholder. Therefore, the need arises to perform policy similarity in a privacy-preserving manner. Specifically, we propose a technique that allows similarity evaluation of encrypted Policies. Our technique relies on an existing encryption method for numerical data called asymmetric scalar product-preserving encryption (ASPE). ASPE allows answering of nearest-neighbor queries without the need to reveal the plaintext contents of either the query or the data. We adapt ASPE to support Access Control Policies, and we present a case study of how private policy similarity evaluation is performed within our proposed framework.
-
d algebra for composing Access Control policy decisions
Computer and Communications Security, 2009Co-Authors: Elisa Bertino, Jorge LoboAbstract:This paper proposes a D-algebra to compose decisions from multiple Access Control Policies. Compared to other algebra-based approaches aimed at policy composition, D-algebra is the only one that satisfies both functional completeness (any possible decision matrix can be expressed by a D-algebra formula) and computational effectiveness (a formula can be computed efficiently given any decision matrix). The D-algebra has several relevant applications in the context of Access Control Policies, namely the analysis of policy languages decision mechanisms, and the development of tools for policy authoring and enforcement.
-
an obligation model bridging Access Control Policies and privacy Policies
Symposium on Access Control Models and Technologies, 2008Co-Authors: Qun Ni, Elisa Bertino, Jorge LoboAbstract:In this paper, we present a novel obligation model for the Core Privacy-aware Role Based Access Control (P-RBAC), and discuss some design issues in detail. Pre-obligations, post-obligations, conditional obligations, and repeating obligations are supported by the obligation model. Interaction between permissions and obligations is discussed, and efficient algorithms are provided to detect undesired effects.
-
a security punctuation framework for enforcing Access Control on streaming data
International Conference on Data Engineering, 2008Co-Authors: Rimma V Nehme, Elke A Rundensteiner, Elisa BertinoAbstract:The management of privacy and security in the context of data stream management systems (DSMS) remains largely an unaddressed problem to date. Unlike in traditional DBMSs where Access Control Policies are persistently stored on the server and tend to remain stable, in streaming applications the contexts and with them the Access Control Policies on the real-time data may rapidly change. A person entering a casino may want to immediately block others from knowing his current whereabouts. We thus propose a novel ";stream-centric"; approach, where security restrictions are not persistently stored on the DSMS server, but rather streamed together with the data. Here, the Access Control Policies are expressed via security constraints (called security punctuations, or short, sps) and are embedded into data streams. The advantages of the sp model include flexibility, dynamicity and speed of enforcement. DSMSs can adapt to not only data-related but also security-related selectivities, which helps reduce the waste of resources, when few subjects have Access to data. We propose a security-aware query algebra and new equivalence rules together with cost estimations to guide the security-aware query plan optimization. We have implemented the sp framework in a real DSMS. Our experimental results show the validity and the performance advantages of our sp model as compared to alternative Access Control enforcement solutions for DSMSs.
Shriram Krishnamurthi - One of the best experts on this subject based on the ideXlab platform.
-
specifying and reasoning about dynamic Access Control Policies
International Joint Conference on Automated Reasoning, 2006Co-Authors: Daniel J Dougherty, Kathi Fisler, Shriram KrishnamurthiAbstract:Access-Control Policies have grown from simple matrices to non- trivial specifications written in sophisticated languages. The increasing complexity of these Policies demands correspondingly strong automated reasoning techniques for understanding and debugging them. The need for these techniques is even more pressing given the rich and dynamic nature of the environments in which these Policies evaluate. We define a framework to represent the behavior of Access-Control Policies in a dynamic environment. We then specify several interesting, decidable analyses using first-order temporal logic. Our work illustrates the subtle interplay between logical and state-based methods, particularly in the presence of three-valued Policies. We also define a notion of policy equivalence that is especially useful for modular reasoning.
-
verification and change impact analysis of Access Control Policies
International Conference on Software Engineering, 2005Co-Authors: Kathi Fisler, Shriram Krishnamurthi, Leo A Meyerovich, Michael Carl TschantzAbstract:Sensitive data are increasingly available on-line through the Web and other distributed protocols. This heightens the need to carefully Control Access to data. Control means not only preventing the leakage of data but also permitting Access to necessary information. Indeed, the same datum is often treated differently depending on context.System designers create Policies to express conditions on the Access to data. To reduce source clutter and improve maintenance, developers increasingly use domain-specific, declarative languages to express these Policies. In turn, administrators need to analyze Policies relative to properties, and to understand the effect of policy changes even in the absence of properties.This paper presents Margrave, a software suite for analyzing role-based Access-Control Policies. Margrave includes a verifier that analyzes Policies written in the XACML language, translating them into a form of decision-diagram to answer queries. It also provides semantic differencing information between versions of Policies. We have implemented these techniques and applied them to Policies from a working software application.
R Chow - One of the best experts on this subject based on the ideXlab platform.
-
an extended capability architecture to enforce dynamic Access Control Policies
Annual Computer Security Applications Conference, 1996Co-Authors: Ilung Kao, R ChowAbstract:Capability has been widely used as a fundamental mechanism for Access Control in distributed systems. When an object manager receives a capability from a user process for Accessing an object, it verifies the genuineness of the capability and checks whether the Access request is allowed with the Access rights placed on the capability. Capabilities have been recognized to be more suitable than centralized Access Control lists for object protection in a distributed system because of several obvious reasons. However, most existing capability based systems can only enforce static Access Control Policies, which means all the Access privileges a user possesses for an object are fully represented by a capability and will not change due to object Access. These capability systems cannot be used to enforce dynamic Access Control Policies, required by many complex applications, in which each authorization may depend upon a user's Access history and/or an object's history of being Accessed. The paper proposes an extended capability architecture to enforce dynamic Access Control Policies both effectively and efficiently. The key issue is how to capture the dynamic Access information in both capabilities and object managers while avoiding main disadvantages of centralized Access Control lists. A number of frequently desired security Policies are used to demonstrate the power and flexibility of the proposed architecture. The problems regarding capability management including propagation, revocation, and distribution of capabilities are also discussed.
Kathi Fisler - One of the best experts on this subject based on the ideXlab platform.
-
specifying and reasoning about dynamic Access Control Policies
International Joint Conference on Automated Reasoning, 2006Co-Authors: Daniel J Dougherty, Kathi Fisler, Shriram KrishnamurthiAbstract:Access-Control Policies have grown from simple matrices to non- trivial specifications written in sophisticated languages. The increasing complexity of these Policies demands correspondingly strong automated reasoning techniques for understanding and debugging them. The need for these techniques is even more pressing given the rich and dynamic nature of the environments in which these Policies evaluate. We define a framework to represent the behavior of Access-Control Policies in a dynamic environment. We then specify several interesting, decidable analyses using first-order temporal logic. Our work illustrates the subtle interplay between logical and state-based methods, particularly in the presence of three-valued Policies. We also define a notion of policy equivalence that is especially useful for modular reasoning.
-
verification and change impact analysis of Access Control Policies
International Conference on Software Engineering, 2005Co-Authors: Kathi Fisler, Shriram Krishnamurthi, Leo A Meyerovich, Michael Carl TschantzAbstract:Sensitive data are increasingly available on-line through the Web and other distributed protocols. This heightens the need to carefully Control Access to data. Control means not only preventing the leakage of data but also permitting Access to necessary information. Indeed, the same datum is often treated differently depending on context.System designers create Policies to express conditions on the Access to data. To reduce source clutter and improve maintenance, developers increasingly use domain-specific, declarative languages to express these Policies. In turn, administrators need to analyze Policies relative to properties, and to understand the effect of policy changes even in the absence of properties.This paper presents Margrave, a software suite for analyzing role-based Access-Control Policies. Margrave includes a verifier that analyzes Policies written in the XACML language, translating them into a form of decision-diagram to answer queries. It also provides semantic differencing information between versions of Policies. We have implemented these techniques and applied them to Policies from a working software application.
Pierangela Samarati - One of the best experts on this subject based on the ideXlab platform.
-
A Web Service Architecture for Enforcing Access Control Policies
Electronic Notes in Theoretical Computer Science, 2006Co-Authors: Claudio Agostino Ardagna, Ernesto Damiani, Sabrina De Capitani Di Vimercati, Pierangela SamaratiAbstract:Web services represent a challenge and an opportunity for organizations wishing to expose product and services offerings through the Internet. The Web service technology provides an environment in which service providers and consumers can discover each other and conduct business transactions through the exchange of XML-based documents. However, any organization using XML and Web Services must ensure that only the right users, sending the appropriate XML content, can Access their Web Services. Access Control policy specification for Controlling Access to Web services is then becoming an emergent research area due to the rapid development of Web services in modern economy. This paper is an effort to understand the basic concepts for securing Web services and the requirements for implementing secure Web services. We describe the design and implementation of a Web service architecture for enforcing Access Control Policies, the overall rationale and some specific choices of our design are discussed.
-
an algebra for composing Access Control Policies
ACM Transactions on Information and System Security, 2002Co-Authors: Piero A Bonatti, Sabrina De Capitani Di Vimercati, Pierangela SamaratiAbstract:Despite considerable advancements in the area of Access Control and authorization languages, current approaches to enforcing Access Control are all based on monolithic and complete specifications. This assumption is too restrictive when Access Control restrictions to be enforced come from the combination of different policy specifications, each possibly under the Control of independent authorities, and where the specifics of some component Policies may not even be known apriori. Turning individual specifications into a coherent policy to be fed into the Access Control system requires a nontrivial combination and translation process. This article addresses the problem of combining authorization specifications that may be independently stated, possibly in different languages and according to different Policies. We propose an algebra of security Policies together with its formal semantics and illustrate how to formulate complex Policies in the algebra and reason about them. A translation of policy expressions into equivalent logic programs is illustrated, which provides the basis for the implementation of the algebra. The algebra's expressiveness is analyzed through a comparison with first-order logic.
-
flexible support for multiple Access Control Policies
ACM Transactions on Database Systems, 2001Co-Authors: Sushil Jajodia, Pierangela Samarati, Maria Luisa Sapino, V S SubrahmanianAbstract:Although several Access Control Policies can be devised for Controlling Access to information, all existing authorization models, and the corresponding enforcement mechanisms, are based on a specific policy (usually the closed policy). As a consequence, although different policy choices are possible in theory, in practice only a specific policy can actually be applied within a given system. In this paper, we present a unified framework that can enforce multiple Access Control Policies within a single system. The framework is based on a language through which users can specify security Policies to be enforced on specific Accesses. The language allows the specification of both positive and negative authorizations and incorporates notions of authorization derivation, conflict resolution, and decision strategies. Different strategies may be applied to different users, groups, objects, or roles, based on the needs of the security policy. The overall result is a flexible and powerful, yet simple, framework that can easily capture many of the traditional Access Control Policies as well as protection requirements that exist in real-world applications, but are seldom supported by existing systems. The major advantage of our approach is that it can be used to specify different Access Control Policies that can all coexist in the same system and be enforced by the same security server.
-
supporting multiple Access Control Policies in database systems
IEEE Symposium on Security and Privacy, 1996Co-Authors: Elisa Bertino, Sushi Jajodia, Pierangela SamaratiAbstract:Elisa Bertino, Sushil Jajodia, and Pierangela Samarati Although there are several choices of Policies for protection of information, Access Control models have been developed for a fixed set pre-defined Access Control Policies that are then built into the corresponding Access Control mechanisms. This becomes a problem, however, if the Access Control requirements of an application are different from the Policies built into a mechanism. In most cases, the only solution is to enforce the requirements as part of the application code, but this makes verification, modification, and adequate enforcement of these Policies impossible. In this paper, we propose a flexible authorization mechanism that can support different security Policies. The mechanism enforces a general authorization model onto which multiple Access Control Policies can be mapped. The model permits negative and positive authorizations, authorizations that must be strongly obeyed and authorizations that allow for exceptions, and enforces ownership together with delegation of administrative privileges.
