Authorization algorithms for permission-role assignments

Permission-role assignments (PRA) is one important process in Role-based access control (RBAC) which has been proven to be a flexible and useful access model for information sharing in distributed collaborative environments. However, problems may arise during the procedures of PRA. Conflicting permissions may assign to one role, and as a result, the role with the permissions can derive unexpected access capabilities. This paper aims to analyze the problems during the procedures of permission-role assignments in distributed collaborative environments and to develop authorization allocation algorithms to address the problems within permission-role assignments. The algorithms are extended to the case of PRA with the mobility of permission-role relationship. Finally, comparisons with other related work are discussed to demonstrate the effective work of the paper

Expressive Policy Analysis with Enhanced System Dynamicity

Despite several research studies, the effective analysis of policy based systems remains a significant challenge. Policy analysis should at least (i) be expressive (ii) take account of obligations and authorizations, (iii) include a dynamic system model, and (iv) give useful diagnostic information. We present a logic-based policy analysis framework which satisfies these requirements, showing how many significant policy-related properties can be analysed, and we give details of a prototype implementation. Copyright 2009 ACM

Weight faltering and failure to thrive in infancy and early childhood

Weight faltering, or failure to thrive, is a childhood condition that provokes concern about possible neglect, deprivation, and organic illness. However, research over the past 20 years has brought the validity of this concern into question, leading to the proposal that management should be less aggressive.We summarise the evidence base, discuss new developments, and provide a practical approach to management. Failure to thrive has been defined in a range of ways, with no overall accepted definition but an essential element is subnormal growth or weight gain, hence the increasing use in recent years of the term weight faltering

Privacy in an Ambient World

Privacy is a prime concern in today's information society. To protect\ud the privacy of individuals, enterprises must follow certain privacy practices, while\ud collecting or processing personal data. In this chapter we look at the setting where an\ud enterprise collects private data on its website, processes it inside the enterprise and\ud shares it with partner enterprises. In particular, we analyse three different privacy\ud systems that can be used in the different stages of this lifecycle. One of them is the\ud Audit Logic, recently introduced, which can be used to keep data private when it\ud travels across enterprise boundaries. We conclude with an analysis of the features\ud and shortcomings of these systems

Covert research and adult protection and safeguarding: An ethical dilemma?

Purpose: This paper aims to consider the contentious issue of covert research in studying the social contexts of vulnerable groups. It explores its potential utility in areas where overt strategies may be problematic or denied; and examines and problematises the issue of participant consent. Design/methodology/approach: Using a literature-based review and selected previous studies, the paper explores the uses and abuses of covert research in relation to ethics review proceedings governing social research, with an especial focus on vulnerability. Findings: Findings indicate that although the use of covert research is subject to substantial critique by apparently transgressing the often unquestioned moral legitimacy of informed consent, this carries ethical and practical utility for research related to safeguarding concerns. Arguably covert research enables research access to data likely to reveal abusive and oppressive practices. Research limitations/implications: Covert research assists in illuminating the hidden voices and lives of vulnerable people that may otherwise remain inaccessible. Such research needs to be subject to rigorous ethical standards to ensure that it is both justified and robust. Practical implications: Emphasising the need to consider all angles, questions and positions when addressing the social problem of adult protection and safeguarding. Originality/value: Increasingly social research is treated as being as potentially harmful as medical research. Ethics review tends towards conservative conformity, legitimising methodologies that may serve less social utility than other forms of investigation that privilege the safeguarding of vulnerable people. © Emerald Group Publishing Limited

Implementation of Formal Semantics and the Potential of Non-Classical Logic Systems for the Enhancement of Access Control Models: A Literature Review

This literature review discovers an implementation of formal logic systems in cyber security by enhancing access control models. We explore the characteristics of the existing access control theories, their limitations and how classical logic is used therein. We then delve into the possibility of utilising non-classical logic systems for improving the models. In particular, we explore how classical logic can be used to describe and prove the correctness of role-based access control and attribute-based access control models.Comment: 10 page

CA-ARBAC: privacy preserving using context-aware role-based access control on Android permission system

Existing mobile platforms are based on manual way of granting and revoking permissions to applications. Once the user grants a given permission to an application, the application can use it without limit, unless the user manually revokes the permission. This has become the reason for many privacy problems because of the fact that a permission that is harmless at some occasion may be very dangerous at another condition. One of the promising solutions for this problem is context-aware access control at permission level that allows dynamic granting and denying of permissions based on some predefined context. However, dealing with policy configuration at permission level becomes very complex for the user as the number of policies to configure will become very large. For instance, if there are A applications, P permissions, and C contexts, the user may have to deal with A × P × C number of policy configurations. Therefore, we propose a context-aware role-based access control model that can provide dynamic permission granting and revoking while keeping the number of policies as small as possible. Although our model can be used for all mobile platforms, we use Android platform to demonstrate our system. In our model, Android applications are assigned roles where roles contain a set of permissions and contexts are associated with permissions. Permissions are activated and deactivated for the containing role based on the associated contexts. Our approach is unique in that our system associates contexts with permissions as opposed to existing similar works that associate contexts with roles. As a proof of concept, we have developed a prototype application called context-aware Android role-based access control. We have also performed various tests using our application, and the result shows that our model is working as desired

Verification of Resilience Policies that Assist Attribute Based Access Control

Access control offers mechanisms to control and limit the actions or operations that are performed by a user on a set of resources in a system. Many access control models exist that are able to support this basic requirement. One of the properties examined in the context of these models is their ability to successfully restrict access to resources. Nevertheless, considering only restriction of access may not be enough in some environments, as in critical infrastructures. The protection of systems in this type of environment requires a new line of enquiry. It is essential to ensure that appropriate access is always possible, even when users and resources are subjected to challenges of various sorts. Resilience in access control is conceived as the ability of a system not to restrict but rather to ensure access to resources. In order to demonstrate the application of resilience in access control, we formally define an attribute based access control model (ABAC) based on guidelines provided by the National Institute of Standards and Technology (NIST). We examine how ABAC-based resilience policies can be specified in temporal logic and how these can be formally verified. The verification of resilience is done using an automated model checking technique, which eventually may lead to reducing the overall complexity required for the verification of resilience policies and serve as a valuable tool for administrators