The Experts below are selected from a list of 8250 Experts worldwide ranked by ideXlab platform
Gail-joon Ahn - One of the best experts on this subject based on the ideXlab platform.
-
Multiparty Authorization Framework for Data Sharing in Online Social Networks
2011Co-Authors: Gail-joon AhnAbstract:Online social networks (OSNs) have experienced tremendous growth in recent years and become a de facto portal for hundreds of millions of Internet users. These OSNs offer attractive means for digital social interactions and information sharing, but also raise a number of security and privacy issues. While OSNs allow users to restrict access to shared data, they currently do not provide effective mechanisms to enforce privacy concerns over data associated with multiple users. In this paper, we propose a multiparty Authorization Framework that enables collaborative management of shared data in OSNs. An access control model is formulated to capture the essence of multiparty Authorization requirements. We also demonstrate the applicability of our approach by implementing a proof-of-concept prototype hosted in Facebook.
-
DBSec - Multiparty Authorization Framework for data sharing in online social networks
Lecture Notes in Computer Science, 2011Co-Authors: Gail-joon AhnAbstract:Online social networks (OSNs) have experienced tremendous growth in recent years and become a de facto portal for hundreds of millions of Internet users. These OSNs offer attractive means for digital social interactions and information sharing, but also raise a number of security and privacy issues. While OSNs allow users to restrict access to shared data, they currently do not provide effective mechanisms to enforce privacy concerns over data associated with multiple users. In this paper, we propose a multiparty Authorization Framework that enables collaborative management of shared data in OSNs. An access control model is formulated to capture the essence of multiparty Authorization requirements. We also demonstrate the applicability of our approach by implementing a proof-of-concept prototype hosted in Facebook.
-
Patient-centric Authorization Framework for electronic healthcare services
Computers & Security, 2010Co-Authors: Jing Jin, Gail-joon Ahn, Michael J. Covington, Xinwen ZhangAbstract:In modern healthcare environments, a fundamental requirement for achieving continuity of care is the seamless access to distributed patient health records in an integrated and unified manner, directly at the point of care. However, Electronic Health Records (EHRs) contain a significant amount of sensitive information, and allowing data to be accessible at many different sources increases concerns related to patient privacy and data theft. Access control solutions must guarantee that only authorized users have access to such critical records for legitimate purposes, and access control policies from distributed EHR sources must be accurately reflected and enforced accordingly in the integrated EHRs. In this paper, we propose a unified access control scheme that supports patient-centric selective sharing of virtual composite EHRs using different levels of granularity, accommodating data aggregation and privacy protection requirements. We also articulate and address issues and mechanisms on policy anomalies that occur in the composition of discrete access control policies from different data sources.
-
Authorization Framework for resource sharing in grid environments
International Conference on Grid and Distributed Computing, 2009Co-Authors: Jing Jin, Gail-joon AhnAbstract:Grid data sharing services provide a unified platform for dynamic discovery, access and sharing of distributed data in Grid environments. A common Authorization system is needed to provide access control for both Grid data sharing services as well as the data resources that are being shared through these services, accommodating different security requirements from the service providers and the data providers. In this paper, we present a flexible policy-driven Authorization system, called RamarsAuthZ, for secure data sharing services in Grid environments. RamarsAuthZ adopts a flexible role-based approach with trust-aware feature to advocate originator control and provide unified access control both at the service level and at the data level.
-
patient centric Authorization Framework for sharing electronic health records
Symposium on Access Control Models and Technologies, 2009Co-Authors: Jing Jin, Gail-joon Ahn, Michael J. Covington, Xinwen ZhangAbstract:In modern healthcare environments, a fundamental requirement for achieving continuity of care is the seamless access to distributed patient health records in an integrated and unified manner, directly at the point of care. However, Electronic Health Records (EHRs) contain a significant amount of sensitive information, and allowing data to be accessible at many different sources increases concerns related to patient privacy and data theft. Access control solutions must guarantee that only authorized users have access to such critical records for legitimate purposes, and access control policies from distributed EHR sources must be accurately reflected and enforced accordingly in the integrated EHRs. In this paper, we propose a unified access control scheme that supports patient-centric selective sharing of virtual composite EHRs using different levels of granularity, accommodating data aggregation and various privacy protection requirements. We also articulate and handle the policy anomalies that might occur in the composition of discrete access control policies from multiple data sources.
Xinwen Zhang - One of the best experts on this subject based on the ideXlab platform.
-
Patient-centric Authorization Framework for electronic healthcare services
Computers & Security, 2010Co-Authors: Jing Jin, Gail-joon Ahn, Michael J. Covington, Xinwen ZhangAbstract:In modern healthcare environments, a fundamental requirement for achieving continuity of care is the seamless access to distributed patient health records in an integrated and unified manner, directly at the point of care. However, Electronic Health Records (EHRs) contain a significant amount of sensitive information, and allowing data to be accessible at many different sources increases concerns related to patient privacy and data theft. Access control solutions must guarantee that only authorized users have access to such critical records for legitimate purposes, and access control policies from distributed EHR sources must be accurately reflected and enforced accordingly in the integrated EHRs. In this paper, we propose a unified access control scheme that supports patient-centric selective sharing of virtual composite EHRs using different levels of granularity, accommodating data aggregation and privacy protection requirements. We also articulate and address issues and mechanisms on policy anomalies that occur in the composition of discrete access control policies from different data sources.
-
patient centric Authorization Framework for sharing electronic health records
Symposium on Access Control Models and Technologies, 2009Co-Authors: Jing Jin, Gail-joon Ahn, Michael J. Covington, Xinwen ZhangAbstract:In modern healthcare environments, a fundamental requirement for achieving continuity of care is the seamless access to distributed patient health records in an integrated and unified manner, directly at the point of care. However, Electronic Health Records (EHRs) contain a significant amount of sensitive information, and allowing data to be accessible at many different sources increases concerns related to patient privacy and data theft. Access control solutions must guarantee that only authorized users have access to such critical records for legitimate purposes, and access control policies from distributed EHR sources must be accurately reflected and enforced accordingly in the integrated EHRs. In this paper, we propose a unified access control scheme that supports patient-centric selective sharing of virtual composite EHRs using different levels of granularity, accommodating data aggregation and various privacy protection requirements. We also articulate and handle the policy anomalies that might occur in the composition of discrete access control policies from multiple data sources.
-
SACMAT - Patient-centric Authorization Framework for sharing electronic health records
Proceedings of the 14th ACM symposium on Access control models and technologies - SACMAT '09, 2009Co-Authors: Jing Jin, Gail-joon Ahn, Michael J. Covington, Xinwen ZhangAbstract:In modern healthcare environments, a fundamental requirement for achieving continuity of care is the seamless access to distributed patient health records in an integrated and unified manner, directly at the point of care. However, Electronic Health Records (EHRs) contain a significant amount of sensitive information, and allowing data to be accessible at many different sources increases concerns related to patient privacy and data theft. Access control solutions must guarantee that only authorized users have access to such critical records for legitimate purposes, and access control policies from distributed EHR sources must be accurately reflected and enforced accordingly in the integrated EHRs. In this paper, we propose a unified access control scheme that supports patient-centric selective sharing of virtual composite EHRs using different levels of granularity, accommodating data aggregation and various privacy protection requirements. We also articulate and handle the policy anomalies that might occur in the composition of discrete access control policies from multiple data sources.
-
A usage-based Authorization Framework for collaborative computing systems
Proceedings of the eleventh ACM symposium on Access control models and technologies SACMAT 06, 2006Co-Authors: Xinwen Zhang, Masayuki Nakae, Mitchener J Covington, Ravi SandhuAbstract:Collaborative systems such as Grids provide efficient and scalable access to distributed computing capabilities and enable seamless resource sharing between users and platforms. This heterogeneous distribution of resources and the various modes of collaborations that exist between users, virtual organizations, and resource providers require scalable, flexible, and fine-grained access control to pro- tect both individual and shared computing resources. In this paper we propose a usage control (UCON) based Authorization frame- work for collaborative applications. In our Framework, usage con- trol policies are defined using subject and object attributes, along with system attributes as conditions. General attributes include not only persistent attributes such as role and group memberships, but also mutable usage attributes of subjects and objects. Conditions in UCON can be used to support context-based Authorizations in ad-hoc collaborations. As a proof-of-concept we implement a pro- totype system based on our proposed architecture and conduct ex- perimental studies to demonstrate the feasibility and performance of our approach.
-
SACMAT - A usage-based Authorization Framework for collaborative computing systems
Proceedings of the eleventh ACM symposium on Access control models and technologies - SACMAT '06, 2006Co-Authors: Xinwen Zhang, Masayuki Nakae, Michael J. Covington, Ravi SandhuAbstract:Collaborative systems such as Grids provide efficient and scalable access to distributed computing capabilities and enable seamless resource sharing between users and platforms. This heterogeneous distribution of resources and the various modes of collaborations that exist between users, virtual organizations, and resource providers require scalable, flexible, and fine-grained access control to pro-tect both individual and shared computing resources. In this paper we propose a usage control (UCON) based Authorization frame-work for collaborative applications. In our Framework, usage con-trol policies are defined using subject and object attributes, along with system attributes as conditions. General attributes include not only persistent attributes such as role and group memberships, but also mutable usage attributes of subjects and objects. Conditions in UCON can be used to support context-based Authorizations in ad-hoc collaborations. As a proof-of-concept we implement a pro-totype system based on our proposed architecture and conduct ex-perimental studies to demonstrate the feasibility and performance of our approach.
Hui Zhang - One of the best experts on this subject based on the ideXlab platform.
-
open social and xacml based group Authorization Framework
International Conference on Cloud and Green Computing, 2012Co-Authors: Hui ZhangAbstract:In a data-driven Science Collaborative Framework, access Authorization is a vital component to facilitate the management of the collective data and computing resources shared by researchers from geographically distributed locations. But traditional virtual organization based access control Frameworks are not suitable for self-organizing, ad-hoc and opportunistic scientific collaborations, in which scientists can easily set up group-oriented Authorization rules across the administrative domains to share their resources by flexible and effective access control. Using the emerging OAuth2.0 protocol and XACML Framework, this paper introduces a novel Open Social based access control Framework to support ad-hoc team formation and user-controlled resource sharing. To verify the effectiveness of our Authorization Framework, we develop a infant birth-defect data and data mining resource-sharing application. Our experiences demonstrate that the proposed Framework is a very promising approach to resource sharing in cross-domain network environments.
-
CGC - Open Social and XACML Based Group Authorization Framework
2012 Second International Conference on Cloud and Green Computing, 2012Co-Authors: Hui ZhangAbstract:In a data-driven Science Collaborative Framework, access Authorization is a vital component to facilitate the management of the collective data and computing resources shared by researchers from geographically distributed locations. But traditional virtual organization based access control Frameworks are not suitable for self-organizing, ad-hoc and opportunistic scientific collaborations, in which scientists can easily set up group-oriented Authorization rules across the administrative domains to share their resources by flexible and effective access control. Using the emerging OAuth2.0 protocol and XACML Framework, this paper introduces a novel Open Social based access control Framework to support ad-hoc team formation and user-controlled resource sharing. To verify the effectiveness of our Authorization Framework, we develop a infant birth-defect data and data mining resource-sharing application. Our experiences demonstrate that the proposed Framework is a very promising approach to resource sharing in cross-domain network environments.
Ravi Sandhu - One of the best experts on this subject based on the ideXlab platform.
-
Authorization Framework for secure cloud assisted connected cars and vehicular internet of things
Symposium on Access Control Models and Technologies, 2018Co-Authors: Maanak Gupta, Ravi SandhuAbstract:Internet of Things has become a predominant phenomenon in every sphere of smart life. Connected Cars and Vehicular Internet of Things, which involves communication and data exchange between vehicles, traffic infrastructure or other entities are pivotal to realize the vision of smart city and intelligent transportation. Vehicular Cloud offers a promising architecture wherein storage and processing capabilities of smart objects are utilized to provide on-the-fly fog platform. Researchers have demonstrated vulnerabilities in this emerging vehicular IoT ecosystem, where data has been stolen from critical sensors and smart vehicles controlled remotely. Security and privacy is important in Internet of Vehicles (IoV) where access to electronic control units, applications and data in connected cars should only be authorized to legitimate users, sensors or vehicles. In this paper, we propose an Authorization Framework to secure this dynamic system where interactions among entities is not pre-defined. We provide an extended access control oriented (E-ACO) architecture relevant to IoV and discuss the need of vehicular clouds in this time and location sensitive environment. We outline approaches to different access control models which can be enforced at various layers of E-ACO architecture and in the Authorization Framework. Finally, we discuss use cases to illustrate access control requirements in our vision of cloud assisted connected cars and vehicular IoT, and discuss possible research directions.
-
SACMAT - Authorization Framework for Secure Cloud Assisted Connected Cars and Vehicular Internet of Things
Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies, 2018Co-Authors: Maanak Gupta, Ravi SandhuAbstract:Internet of Things has become a predominant phenomenon in every sphere of smart life. Connected Cars and Vehicular Internet of Things, which involves communication and data exchange between vehicles, traffic infrastructure or other entities are pivotal to realize the vision of smart city and intelligent transportation. Vehicular Cloud offers a promising architecture wherein storage and processing capabilities of smart objects are utilized to provide on-the-fly fog platform. Researchers have demonstrated vulnerabilities in this emerging vehicular IoT ecosystem, where data has been stolen from critical sensors and smart vehicles controlled remotely. Security and privacy is important in Internet of Vehicles (IoV) where access to electronic control units, applications and data in connected cars should only be authorized to legitimate users, sensors or vehicles. In this paper, we propose an Authorization Framework to secure this dynamic system where interactions among entities is not pre-defined. We provide an extended access control oriented (E-ACO) architecture relevant to IoV and discuss the need of vehicular clouds in this time and location sensitive environment. We outline approaches to different access control models which can be enforced at various layers of E-ACO architecture and in the Authorization Framework. Finally, we discuss use cases to illustrate access control requirements in our vision of cloud assisted connected cars and vehicular IoT, and discuss possible research directions.
-
multi layer Authorization Framework for a representative hadoop ecosystem deployment
Symposium on Access Control Models and Technologies, 2017Co-Authors: Maanak Gupta, Farhan Patwa, James Benson, Ravi SandhuAbstract:Apache Hadoop is a predominant software Framework to store and process vast amount of data, produced in varied formats. Data stored in Hadoop multi-tenant data lake often includes sensitive data such as social security numbers, intelligence sources and medical particulars, which should only be accessed by legitimate users. Apache Ranger and Apache Sentry are important Authorization systems providing fine-grained access control across several Hadoop ecosystem services. In this paper, we provide a comprehensive explanation for the Authorization Framework offered by Hadoop ecosystem, incorporating core Hadoop 2.x native access control features and capabilities offered by Apache Ranger, with prime focus on data services including Apache Hive and Hadoop 2.x core services. A multi-layer Authorization system is discussed and demonstrated, reflecting access control for services, data, applications and infrastructure resources inside a representative Hadoop ecosystem instance. A concrete use case is discussed to underline the application of aforementioned access control points. We use Hortonworks Hadoop distribution HDP 2.5 to exhibit this multi-layer access control Framework.
-
SACMAT - Multi-Layer Authorization Framework for a Representative Hadoop Ecosystem Deployment
Proceedings of the 22nd ACM on Symposium on Access Control Models and Technologies - SACMAT '17 Abstracts, 2017Co-Authors: Maanak Gupta, Farhan Patwa, James Benson, Ravi SandhuAbstract:Apache Hadoop is a predominant software Framework to store and process vast amount of data, produced in varied formats. Data stored in Hadoop multi-tenant data lake often includes sensitive data such as social security numbers, intelligence sources and medical particulars, which should only be accessed by legitimate users. Apache Ranger and Apache Sentry are important Authorization systems providing fine-grained access control across several Hadoop ecosystem services. In this paper, we provide a comprehensive explanation for the Authorization Framework offered by Hadoop ecosystem, incorporating core Hadoop 2.x native access control features and capabilities offered by Apache Ranger, with prime focus on data services including Apache Hive and Hadoop 2.x core services. A multi-layer Authorization system is discussed and demonstrated, reflecting access control for services, data, applications and infrastructure resources inside a representative Hadoop ecosystem instance. A concrete use case is discussed to underline the application of aforementioned access control points. We use Hortonworks Hadoop distribution HDP 2.5 to exhibit this multi-layer access control Framework.
-
A usage-based Authorization Framework for collaborative computing systems
Proceedings of the eleventh ACM symposium on Access control models and technologies SACMAT 06, 2006Co-Authors: Xinwen Zhang, Masayuki Nakae, Mitchener J Covington, Ravi SandhuAbstract:Collaborative systems such as Grids provide efficient and scalable access to distributed computing capabilities and enable seamless resource sharing between users and platforms. This heterogeneous distribution of resources and the various modes of collaborations that exist between users, virtual organizations, and resource providers require scalable, flexible, and fine-grained access control to pro- tect both individual and shared computing resources. In this paper we propose a usage control (UCON) based Authorization frame- work for collaborative applications. In our Framework, usage con- trol policies are defined using subject and object attributes, along with system attributes as conditions. General attributes include not only persistent attributes such as role and group memberships, but also mutable usage attributes of subjects and objects. Conditions in UCON can be used to support context-based Authorizations in ad-hoc collaborations. As a proof-of-concept we implement a pro- totype system based on our proposed architecture and conduct ex- perimental studies to demonstrate the feasibility and performance of our approach.
Jing Jin - One of the best experts on this subject based on the ideXlab platform.
-
Patient-centric Authorization Framework for electronic healthcare services
Computers & Security, 2010Co-Authors: Jing Jin, Gail-joon Ahn, Michael J. Covington, Xinwen ZhangAbstract:In modern healthcare environments, a fundamental requirement for achieving continuity of care is the seamless access to distributed patient health records in an integrated and unified manner, directly at the point of care. However, Electronic Health Records (EHRs) contain a significant amount of sensitive information, and allowing data to be accessible at many different sources increases concerns related to patient privacy and data theft. Access control solutions must guarantee that only authorized users have access to such critical records for legitimate purposes, and access control policies from distributed EHR sources must be accurately reflected and enforced accordingly in the integrated EHRs. In this paper, we propose a unified access control scheme that supports patient-centric selective sharing of virtual composite EHRs using different levels of granularity, accommodating data aggregation and privacy protection requirements. We also articulate and address issues and mechanisms on policy anomalies that occur in the composition of discrete access control policies from different data sources.
-
Authorization Framework for resource sharing in grid environments
International Conference on Grid and Distributed Computing, 2009Co-Authors: Jing Jin, Gail-joon AhnAbstract:Grid data sharing services provide a unified platform for dynamic discovery, access and sharing of distributed data in Grid environments. A common Authorization system is needed to provide access control for both Grid data sharing services as well as the data resources that are being shared through these services, accommodating different security requirements from the service providers and the data providers. In this paper, we present a flexible policy-driven Authorization system, called RamarsAuthZ, for secure data sharing services in Grid environments. RamarsAuthZ adopts a flexible role-based approach with trust-aware feature to advocate originator control and provide unified access control both at the service level and at the data level.
-
patient centric Authorization Framework for sharing electronic health records
Symposium on Access Control Models and Technologies, 2009Co-Authors: Jing Jin, Gail-joon Ahn, Michael J. Covington, Xinwen ZhangAbstract:In modern healthcare environments, a fundamental requirement for achieving continuity of care is the seamless access to distributed patient health records in an integrated and unified manner, directly at the point of care. However, Electronic Health Records (EHRs) contain a significant amount of sensitive information, and allowing data to be accessible at many different sources increases concerns related to patient privacy and data theft. Access control solutions must guarantee that only authorized users have access to such critical records for legitimate purposes, and access control policies from distributed EHR sources must be accurately reflected and enforced accordingly in the integrated EHRs. In this paper, we propose a unified access control scheme that supports patient-centric selective sharing of virtual composite EHRs using different levels of granularity, accommodating data aggregation and various privacy protection requirements. We also articulate and handle the policy anomalies that might occur in the composition of discrete access control policies from multiple data sources.
-
FGIT-GDC - Authorization Framework for Resource Sharing in Grid Environments
Communications in Computer and Information Science, 2009Co-Authors: Jing Jin, Gail-joon AhnAbstract:Grid data sharing services provide a unified platform for dynamic discovery, access and sharing of distributed data in Grid environments. A common Authorization system is needed to provide access control for both Grid data sharing services as well as the data resources that are being shared through these services, accommodating different security requirements from the service providers and the data providers. In this paper, we present a flexible policy-driven Authorization system, called RamarsAuthZ, for secure data sharing services in Grid environments. RamarsAuthZ adopts a flexible role-based approach with trust-aware feature to advocate originator control and provide unified access control both at the service level and at the data level.
-
SACMAT - Patient-centric Authorization Framework for sharing electronic health records
Proceedings of the 14th ACM symposium on Access control models and technologies - SACMAT '09, 2009Co-Authors: Jing Jin, Gail-joon Ahn, Michael J. Covington, Xinwen ZhangAbstract:In modern healthcare environments, a fundamental requirement for achieving continuity of care is the seamless access to distributed patient health records in an integrated and unified manner, directly at the point of care. However, Electronic Health Records (EHRs) contain a significant amount of sensitive information, and allowing data to be accessible at many different sources increases concerns related to patient privacy and data theft. Access control solutions must guarantee that only authorized users have access to such critical records for legitimate purposes, and access control policies from distributed EHR sources must be accurately reflected and enforced accordingly in the integrated EHRs. In this paper, we propose a unified access control scheme that supports patient-centric selective sharing of virtual composite EHRs using different levels of granularity, accommodating data aggregation and various privacy protection requirements. We also articulate and handle the policy anomalies that might occur in the composition of discrete access control policies from multiple data sources.
