The AMSC network control system

The American Mobile Satellite Corporation (AMSC) is going to construct, launch, and operate a satellite system in order to provide mobile satellite services to the United States. AMSC is going to build, own, and operate a Network Control System (NCS) for managing the communications usage of the satellites, and to control circuit switched access between mobile earth terminals and feeder-link earth stations. An overview of the major NCS functional and performance requirements, the control system physical architecture, and the logical architecture is provided

Towards a Formal Model of Privacy-Sensitive Dynamic Coalitions

The concept of dynamic coalitions (also virtual organizations) describes the temporary interconnection of autonomous agents, who share information or resources in order to achieve a common goal. Through modern technologies these coalitions may form across company, organization and system borders. Therefor questions of access control and security are of vital significance for the architectures supporting these coalitions. In this paper, we present our first steps to reach a formal framework for modeling and verifying the design of privacy-sensitive dynamic coalition infrastructures and their processes. In order to do so we extend existing dynamic coalition modeling approaches with an access-control-concept, which manages access to information through policies. Furthermore we regard the processes underlying these coalitions and present first works in formalizing these processes. As a result of the present paper we illustrate the usefulness of the Abstract State Machine (ASM) method for this task. We demonstrate a formal treatment of privacy-sensitive dynamic coalitions by two example ASMs which model certain access control situations. A logical consideration of these ASMs can lead to a better understanding and a verification of the ASMs according to the aspired specification.Comment: In Proceedings FAVO 2011, arXiv:1204.579

Managing Access Control in the Presence of Physical and Logical Mobility

The emerging mobile computing environment draws new attention to the need for co-ordination among networked components. The very nature of this environment requires parties to interact even when they have never met before, and subsequent encounters are totally unpredictable. Because mobile networks are often decoupled from any fixed network infrastructure, reliance on centralized servers to authenticate agents and to establish data access policies is impractical. Access control is a key component of security in such systems, and application agents must be able to directly manipulate and examine policies because they need full and flexible control over their data. Starting from this premise, we examine the essential features of general access control policies designed to respond to the specific needs of agent coordination in the presence of logical and physical mobility. A novel construct to support such policies is proposed and evaluated with respect to its impact on mobile applications. We also show some example uses of this access control construct

Control of Highway Access

I. Introduction—The Need for Access Control II. The Origin of the Right of Access … A. The Logical Use of the Lot and Road … B. The Economic History of Road Building … C. The Response to a Felt Need III. The Nature of the Right of Access … A. Diversion of Traffic … B. Circuity of Travel IV. The Means of Access Control … A. Denial or Limitation of Access … 1. The Controlled Access Road … 2. The Freeway … 3. The Parkway … B. Control of the Amount of Access … 1. Subdivision Controls … 2. Official Mapping … C. Control of the Type of Access … 1. Restricted Use Highways … 2. Roadside Zoning … 3. Master Planning V. Conclusio

Control of Highway Access

I. Introduction—The Need for Access Control II. The Origin of the Right of Access … A. The Logical Use of the Lot and Road … B. The Economic History of Road Building … C. The Response to a Felt Need III. The Nature of the Right of Access … A. Diversion of Traffic … B. Circuity of Travel IV. The Means of Access Control … A. Denial or Limitation of Access … 1. The Controlled Access Road … 2. The Freeway … 3. The Parkway … B. Control of the Amount of Access … 1. Subdivision Controls … 2. Official Mapping … C. Control of the Type of Access … 1. Restricted Use Highways … 2. Roadside Zoning … 3. Master Planning V. Conclusio

Policy inconsistency detection bassed on RBAC model in cross-organizational collaboration

Policy integration and conflict resolutions among various organizations still remain a major challenge.Moreover, policy inconsistency detection approach with logical reasoning techniques which considers integration requirements from collaboration parties has not been well studied.In this paper, we proposed a model to detect inconsistencies based on role-based access control (RBAC) that considers role hierarchy (RH) and temporal and spatial constraints.A model to prune and collect only the required policies based on access control requirements from different organizations is designed.Policy inconsistency detection should be enhanced with logical-based analysis in order to develop security policy integration.We believe this work could provide manner to filter a large amount of unrelated policies and only return potential collaboration policies for conflict resolution

Benefits of Location-Based Access Control:A Literature Study

Location-based access control (LBAC) has been suggested as a means to improve IT security. By 'grounding' users and systems to a particular location, \ud attackers supposedly have more difficulty in compromising a system. However, the motivation behind LBAC and its potential benefits have not been investigated thoroughly. To this end, we perform a structured literature review, and examine the goals that LBAC can potentially fulfill, \ud the specific LBAC systems that realize these goals and the context on which LBAC depends. Our paper has four main contributions:\ud first we propose a theoretical framework for LBAC evaluation, based on goals, systems and context. Second, we formulate and apply criteria for evaluating the usefulness of an LBAC system. Third, we identify four usage scenarios for LBAC: open areas and systems, hospitals, enterprises, and finally data centers and military facilities. Fourth, we propose directions for future research:\ud (i) assessing the tradeoffs between location-based, physical and logical access control, (ii) improving the transparency of LBAC decision making, and \ud (iii) formulating design criteria for facilities and working environments for optimal LBAC usage

A Semantic Hierarchy for Erasure Policies

We consider the problem of logical data erasure, contrasting with physical erasure in the same way that end-to-end information flow control contrasts with access control. We present a semantic hierarchy for erasure policies, using a possibilistic knowledge-based semantics to define policy satisfaction such that there is an intuitively clear upper bound on what information an erasure policy permits to be retained. Our hierarchy allows a rich class of erasure policies to be expressed, taking account of the power of the attacker, how much information may be retained, and under what conditions it may be retained. While our main aim is to specify erasure policies, the semantic framework allows quite general information-flow policies to be formulated for a variety of semantic notions of secrecy.Comment: 18 pages, ICISS 201