A secure, constraint-aware role-based access control interoperation framework

With the growing needs for and the benefits of sharing resources and information among different organizations, an interoperation framework that automatically integrates policies to facilitate such cross-domain sharing in a secure way is becoming increasingly important. To avoid security breaches, such policies must enforce the policy constraints of the individual domains. Such constraints may include temporal constraints that limit the times when the users can access the resources, and separation of duty (SoD) constraints. Existing interoperation solutions do not address such cross-domain temporal access control and SoDs requirements. In this paper, we propose a role-based framework to facilitate secure interoperation among multiple domains by ensuring the enforcement of temporal and SoD constraints of individual domains. To support interoperation, we do not modify the internal policies, as most of the current approaches do. We present experimental results to demonstrate our proposed framework is effective and easily realizable. © 2011 IEEE

Benefits of Location-Based Access Control:A Literature Study

Location-based access control (LBAC) has been suggested as a means to improve IT security. By 'grounding' users and systems to a particular location, \ud attackers supposedly have more difficulty in compromising a system. However, the motivation behind LBAC and its potential benefits have not been investigated thoroughly. To this end, we perform a structured literature review, and examine the goals that LBAC can potentially fulfill, \ud the specific LBAC systems that realize these goals and the context on which LBAC depends. Our paper has four main contributions:\ud first we propose a theoretical framework for LBAC evaluation, based on goals, systems and context. Second, we formulate and apply criteria for evaluating the usefulness of an LBAC system. Third, we identify four usage scenarios for LBAC: open areas and systems, hospitals, enterprises, and finally data centers and military facilities. Fourth, we propose directions for future research:\ud (i) assessing the tradeoffs between location-based, physical and logical access control, (ii) improving the transparency of LBAC decision making, and \ud (iii) formulating design criteria for facilities and working environments for optimal LBAC usage

Expressive Policy Analysis with Enhanced System Dynamicity

Despite several research studies, the effective analysis of policy based systems remains a significant challenge. Policy analysis should at least (i) be expressive (ii) take account of obligations and authorizations, (iii) include a dynamic system model, and (iv) give useful diagnostic information. We present a logic-based policy analysis framework which satisfies these requirements, showing how many significant policy-related properties can be analysed, and we give details of a prototype implementation. Copyright 2009 ACM

Welfare, Dialectic, and Mediation in Corporate Law

Bill Klein extends an idealistic and progressive invitation with the Criteria for Good Laws of Business Association (the Criteria). The structure of our debates, he says, prevents us from joining the issue. The discourse will move forward if we can isolate core components on which we agree and disagree. The invitation, thus directed, is well-constructed. To facilitate engagement, each criterion is set out as pari passu with each other. And there is a good reason for the inclusion of each listed criterion. Each has an established place in public and private law jurisprudence. Each has influenced results, coming forth as salient in one or another area of law, in one or another regulation or case. We can, then, agree in the abstract to take each criterion seriously. Klein bids us then to cull, modify, and restate, so as to identify more clearly the goals we hold out for corporate law. The remainder of this essay takes up that invitation, taking our debates to the Criteria, taking the Criteria to our debates, and taking both to the law itself. It suggests that the criteria on which we can agree lie at a higher level of generality than the Criteria: corporate law makes us all welfare consequentialists who agree that good corporate law is about encouraging productivity. We differ over the means to that end in debates that have over time evolved away from the ideological and toward the functional. Absent an ex ante set of empirically verifiable formulas for productive business organization, we are left to our debates