Access Control Rule - Explore the Science & Experts | ideXlab

Scan Science and Technology

Contact Leading Edge Experts & Companies

Access Control Rule

The Experts below are selected from a list of 105 Experts worldwide ranked by ideXlab platform

Access Control Rule – Free Register to Access Experts & Abstracts

Karen W. Brannon – One of the best experts on this subject based on the ideXlab platform.

  • Secure information caching on the Web
    Lecture Notes in Computer Science, 2004
    Co-Authors: Hui-i Hsiao, Karen W. Brannon
    Abstract:

    Web has become the key information source over the last few years and caching has been exploited and applied to reduce web server and network congestion as well as to improve response time. There are three types of web caching techniques: forward proxy, reverse proxy, and transparent proxy. Forward proxy server caches data close to users and is targeted to improve the user/browser response time. On the contrary, reverse proxy server normally locates next to a back-end server and is mainly targeted to reduce back-end server workload. As the web moving from primarily for information sharing to also becoming a key platform for business operations, a new generation of caching mechanism is needed to enforce the security of business content and to preserve the confidentiality of personal information. In this paper, we describe a web caching system that enhances the caching function by optionally enforcing fine grain Access Control Rules, set by the back-end servers, on the cached content. Our system takes advantage of edge (proxy) server technology for delivering data/information from locations adjacent to users while enforcing Access Control Rule set for each piece of cached content or page fragment.

  • APWeb – Secure Information Caching on the Web
    Advanced Web Technologies and Applications, 2004
    Co-Authors: Hui-i Hsiao, Karen W. Brannon
    Abstract:

    Web has become the key information source over the last few years and caching has been exploited and applied to reduce web server and network congestion as well as to improve response time. There are three types of web caching techniques: forward proxy, reverse proxy, and transparent proxy. Forward proxy server caches data close to users and is targeted to improve the user/browser response time. On the contrary, reverse proxy server normally locates next to a back-end server and is mainly targeted to reduce back-end server workload. As the web moving from primarily for information sharing to also becoming a key platform for business operations, a new generation of caching mechanism is needed to enforce the security of business content and to preserve the confidentiality of personal information. In this paper, we describe a web caching system that enhances the caching function by optionally enforcing fine grain Access Control Rules, set by the back-end servers, on the cached content. Our system takes advantage of edge (proxy) server technology for delivering data/information from locations adjacent to users while enforcing Access Control Rule set for each piece of cached content or page fragment.

Matthias Beckerle – One of the best experts on this subject based on the ideXlab platform.

  • Usable Access Control
    , 2014
    Co-Authors: Matthias Beckerle
    Abstract:

    The research described in this work can significantly simplify and facilitate the creation and configuration of secure Access Control Rule sets. Access Control is used to provide confidential data or information only to authorized entities and deny Access otherwise. Access Control mechanisms can be configured with Access Control Rule sets that need to be created and maintained by the users or administrators. The research commences by answering the first research question: 1. How can Access Control be integrated into future products? Basic concepts are presented and integrated into a holistic design. The latter is embedded into a general framework, which was developed by an academia-industry consortium, and in which the author participated. Questions arise regarding usability aspects of Access Control mechanisms. An analysis of security services in the beginning of this dissertation shows that, especially for Access Control mechanisms that are managed by casual users, a high level of usability is required because individual preferences of the data owner have to be taken into account. Analysis of how the core security objectives (see Section [sec:Core-Security-Principles]) can be achieved identifies a usability gap regarding the generation and configuration of Access Control Rule sets. Automation is not fully possible because individual preferences of users need to be considered. Related research questions are: 2. What are the requirements for usable Access Control Rule sets? 3. What are formally founded quantifiable measurements for those requirements, and how can these measurements be used to support users in generating of usable Access Control Rule sets? To answer these questions, a systematic analysis of expert opinions and related work was performed. The results of that analysis were grouped into categories and further refined into six informal requirements. The six informal requirements were mathematically formalized and six associated sets with respective linear metrics were derived. These formal tools are used to automatically calculate additional information about the actual Access Control Rule set to support users in generating and optimizing the Rule set properly. Two user studies were carried out to validate and evaluate the research and the findings presented in this work. They demonstrate that our metrics help users generate statistically significant better Rule sets. The dissertation concludes with an outlook and a vision for further research in usable Access Control Rule set configuration.

  • formal definitions for usable Access Control Rule sets from goals to metrics
    Symposium On Usable Privacy and Security, 2013
    Co-Authors: Matthias Beckerle, Leonardo A. Martucci
    Abstract:

    Access Control policies describe high level requirements for Access Control systems. Access Control Rule sets ideally translate these policies into a coherent and manageable collection of Allow/Deny Rules. Designing Rule sets that reflect desired policies is a difficult and time-consuming task. The result is that Rule sets are difficult to understand and manage. The goal of this paper is to provide means for obtaining usable Access Control Rule sets, which we define as Rule sets that (i) reflect the Access Control policy and (ii) are easy to understand and manage. In this paper, we formally define the challenges that users face when generating usable Access Control Rule sets and provide formal tools to handle them more easily. We started our research with a pilot study in which specialists were interviewed. The objective was to list usability challenges regarding the management of Access Control Rule sets and verify how those challenges were handled by specialists. The results of the pilot study were compared and combined with results from related work and refined into six novel, formally defined metrics that are used to measure the security and usability aspects of Access Control Rule sets. We validated our findings with two user studies, which demonstrate that our metrics help users generate statistically significant better Rule sets.

  • SOUPS – Formal definitions for usable Access Control Rule sets from goals to metrics
    Proceedings of the Ninth Symposium on Usable Privacy and Security – SOUPS '13, 2013
    Co-Authors: Matthias Beckerle, Leonardo A. Martucci
    Abstract:

    Access Control policies describe high level requirements for Access Control systems. Access Control Rule sets ideally translate these policies into a coherent and manageable collection of Allow/Deny Rules. Designing Rule sets that reflect desired policies is a difficult and time-consuming task. The result is that Rule sets are difficult to understand and manage. The goal of this paper is to provide means for obtaining usable Access Control Rule sets, which we define as Rule sets that (i) reflect the Access Control policy and (ii) are easy to understand and manage. In this paper, we formally define the challenges that users face when generating usable Access Control Rule sets and provide formal tools to handle them more easily. We started our research with a pilot study in which specialists were interviewed. The objective was to list usability challenges regarding the management of Access Control Rule sets and verify how those challenges were handled by specialists. The results of the pilot study were compared and combined with results from related work and refined into six novel, formally defined metrics that are used to measure the security and usability aspects of Access Control Rule sets. We validated our findings with two user studies, which demonstrate that our metrics help users generate statistically significant better Rule sets.

Karen A Scarfone – One of the best experts on this subject based on the ideXlab platform.

  • real time Access Control Rule fault detection using a simulated logic circuit
    International Conference on Social Computing, 2013
    Co-Authors: Karen A Scarfone
    Abstract:

    Access Control (AC) policies can be implemented based on different AC models, which are fundamentally composed by semantically independent AC Rules in expressions of privilege assignments described by attributes of subjects/attributes, actions, objects/attributes, and environment variables of the protected systems. Incorrect implementations of AC policies result in faults that not only leak but also disable Access of information, and faults in AC policies are difficult to detect without support of verification or automatic fault detection mechanisms. This research proposes an automatic method through the construction of a simulated logic circuit that simulates AC Rules in AC policies or models. The simulated logic circuit allows real-time detection of policy faults including conflicts of privilege assignments, leaks of information, and conflicts of interest assignments. Such detection is traditionally done by tools that perform verification or testing after all the Rules of the policy/model are completed, and it provides no information about the source of verification errors. The real-time fault detecting capability proposed by this research allows a Rule fault to be detected and fixed immediately before the next Rule is added to the policy/model, thus requiring no later verification and saving a significant amount of fault fixing time.

  • SocialCom – Real-Time Access Control Rule Fault Detection Using a Simulated Logic Circuit
    2013 International Conference on Social Computing, 2013
    Co-Authors: Karen A Scarfone
    Abstract:

    Access Control (AC) policies can be implemented based on different AC models, which are fundamentally composed by semantically independent AC Rules in expressions of privilege assignments described by attributes of subjects/attributes, actions, objects/attributes, and environment variables of the protected systems. Incorrect implementations of AC policies result in faults that not only leak but also disable Access of information, and faults in AC policies are difficult to detect without support of verification or automatic fault detection mechanisms. This research proposes an automatic method through the construction of a simulated logic circuit that simulates AC Rules in AC policies or models. The simulated logic circuit allows real-time detection of policy faults including conflicts of privilege assignments, leaks of information, and conflicts of interest assignments. Such detection is traditionally done by tools that perform verification or testing after all the Rules of the policy/model are completed, and it provides no information about the source of verification errors. The real-time fault detecting capability proposed by this research allows a Rule fault to be detected and fixed immediately before the next Rule is added to the policy/model, thus requiring no later verification and saving a significant amount of fault fixing time.

Hui-i Hsiao – One of the best experts on this subject based on the ideXlab platform.

  • Secure information caching on the Web
    Lecture Notes in Computer Science, 2004
    Co-Authors: Hui-i Hsiao, Karen W. Brannon
    Abstract:

    Web has become the key information source over the last few years and caching has been exploited and applied to reduce web server and network congestion as well as to improve response time. There are three types of web caching techniques: forward proxy, reverse proxy, and transparent proxy. Forward proxy server caches data close to users and is targeted to improve the user/browser response time. On the contrary, reverse proxy server normally locates next to a back-end server and is mainly targeted to reduce back-end server workload. As the web moving from primarily for information sharing to also becoming a key platform for business operations, a new generation of caching mechanism is needed to enforce the security of business content and to preserve the confidentiality of personal information. In this paper, we describe a web caching system that enhances the caching function by optionally enforcing fine grain Access Control Rules, set by the back-end servers, on the cached content. Our system takes advantage of edge (proxy) server technology for delivering data/information from locations adjacent to users while enforcing Access Control Rule set for each piece of cached content or page fragment.

  • APWeb – Secure Information Caching on the Web
    Advanced Web Technologies and Applications, 2004
    Co-Authors: Hui-i Hsiao, Karen W. Brannon
    Abstract:

    Web has become the key information source over the last few years and caching has been exploited and applied to reduce web server and network congestion as well as to improve response time. There are three types of web caching techniques: forward proxy, reverse proxy, and transparent proxy. Forward proxy server caches data close to users and is targeted to improve the user/browser response time. On the contrary, reverse proxy server normally locates next to a back-end server and is mainly targeted to reduce back-end server workload. As the web moving from primarily for information sharing to also becoming a key platform for business operations, a new generation of caching mechanism is needed to enforce the security of business content and to preserve the confidentiality of personal information. In this paper, we describe a web caching system that enhances the caching function by optionally enforcing fine grain Access Control Rules, set by the back-end servers, on the cached content. Our system takes advantage of edge (proxy) server technology for delivering data/information from locations adjacent to users while enforcing Access Control Rule set for each piece of cached content or page fragment.

Li Lei – One of the best experts on this subject based on the ideXlab platform.

  • Access Control Rule Description Based on Logic Unify
    Computer Science, 2011
    Co-Authors: Li Lei
    Abstract:

    Traditional methods are hard to describe the subsume relationship of subjects and objects among some Access Control Rules.In this paper,we built an algorithm based on logic unify to resolve which problem.Firstly,we converted Access Control request to logic question,obtained the Access Control result by means of logic answer.Next,we utilized the facts to describe the each component of Access Control,and we realized the flexible Access Control by using the dynamic instantiation of variables in non-ground facts during the system running period.Finally,our experiment results show that our algorithm is effective.