70 research outputs found
Flexible Resolution of Authorisation Conflicts in Distributed Systems
Flexible Resolution of Authorisation Conflicts in Distributed System
Privacy in an Ambient World
Privacy is a prime concern in today's information society. To protect\ud
the privacy of individuals, enterprises must follow certain privacy practices, while\ud
collecting or processing personal data. In this chapter we look at the setting where an\ud
enterprise collects private data on its website, processes it inside the enterprise and\ud
shares it with partner enterprises. In particular, we analyse three different privacy\ud
systems that can be used in the different stages of this lifecycle. One of them is the\ud
Audit Logic, recently introduced, which can be used to keep data private when it\ud
travels across enterprise boundaries. We conclude with an analysis of the features\ud
and shortcomings of these systems
Nonmonotonic Trust Management for P2P Applications
Community decisions about access control in virtual communities are
non-monotonic in nature. This means that they cannot be expressed in current,
monotonic trust management languages such as the family of Role Based Trust
Management languages (RT). To solve this problem we propose RT-, which adds a
restricted form of negation to the standard RT language, thus admitting a
controlled form of non-monotonicity. The semantics of RT- is discussed and
presented in terms of the well-founded semantics for Logic Programs. Finally we
discuss how chain discovery can be accomplished for RT-.Comment: This paper appears in the proceedings of the 1st International
Workshop on Security and Trust Management (STM 2005). To appear in ENTC
RelBAC: Relation Based Access Control
TheWeb 2.0, GRID applications and, more recently, semantic desktop applications are bringing the Web to a situation where more and more data and metadata are shared and made available to large user groups. In this context, metadata may be tags or complex graph structures such as file system or web directories, or (lightweight) ontologies. In turn, users can themselves be tagged by certain properties, and can be organized in complex directory structures, very much in the same way as data. Things are further complicated by the highly unpredictable and autonomous dynamics of data, users, permissions and access control rules. In this paper we propose a new access control model and a logic, called RelBAC (for Relation Based Access Control) which allows us to deal with this novel scenario. The key idea, which differentiates RelBAC from the state of the art, e.g., Role Based Access Control (RBAC), is that permissions are modeled as relations between users and data, while access control rules are their instantiations on specific sets of users and objects. As such, access control rules are assigned an arity which allows a fine tuning of which users can access which data, and can evolve independently, according to the desires of the policy manager(s). Furthermore, the formalization of the RelBAC model as an Entity-Relationship (ER) model allows for its direct translation into Description Logics (DL). In turn, this allows us to reason, possibly at run time, about access control policies
Recommended from our members
Expressive Policy Analysis with Enhanced System Dynamicity
Despite several research studies, the effective analysis of policy based systems remains a significant challenge. Policy analysis should at least (i) be expressive (ii) take account of obligations and authorizations, (iii) include a dynamic system model, and (iv) give useful diagnostic information. We present a logic-based policy analysis framework which satisfies these requirements, showing how many significant policy-related properties can be analysed, and we give details of a prototype implementation. Copyright 2009 ACM
Language means of support of policy of access to semantic network based on situation of use
The article considers approach to creation of language means for support of policy of access. The solution based on use of intensional logic is proposed. The developed formal language and means of interpretation are presented. Elements of the offered approach have been approved for systems in the sphere of information support of introduction of the best available technologies (BAT)
- …