An Access Control Model for NoSQL Databases

Current development platforms are web scale, unlike recent platforms which were just network scale. There has been a rapid evolution in computing paradigm that has created the need for data storage as agile and scalable as the applications they support. Relational databases with their joins and locks influence performance in web scale systems negatively. Thus, various types of non-relational databases have emerged in recent years, commonly referred to as NoSQL databases. To fulfill the gaps created by their relational counter-part, they trade consistency and security for performance and scalability. With NoSQL databases being adopted by an increasing number of organizations, the provision of security for them has become a growing concern. This research presents a context based abstract model by extending traditional role based access control for access control in NoSQL databases. The said model evaluates and executes security policies which contain versatile access conditions against the dynamic nature of data. The goal is to devise a mechanism for a forward looking, assertive yet flexible security feature to regulate access to data in the database system that is devoid of rigid structures and consistency, namely a document based database such as MongoDB

A secure, constraint-aware role-based access control interoperation framework

With the growing needs for and the benefits of sharing resources and information among different organizations, an interoperation framework that automatically integrates policies to facilitate such cross-domain sharing in a secure way is becoming increasingly important. To avoid security breaches, such policies must enforce the policy constraints of the individual domains. Such constraints may include temporal constraints that limit the times when the users can access the resources, and separation of duty (SoD) constraints. Existing interoperation solutions do not address such cross-domain temporal access control and SoDs requirements. In this paper, we propose a role-based framework to facilitate secure interoperation among multiple domains by ensuring the enforcement of temporal and SoD constraints of individual domains. To support interoperation, we do not modify the internal policies, as most of the current approaches do. We present experimental results to demonstrate our proposed framework is effective and easily realizable. © 2011 IEEE

Agri-food qualification and certification process as an interface between exchange marketing and reciprocity

Ce texte mobilise la théorie de la réciprocité en anthropologie économique pour analyser les processus de qualification des produits de l'agriculture familiale au Brésil. Tout processus de qualification qui garantit l'origine, la spécificité, la qualité d'un produit peut réduire les effets de concurrence et de spéculation spécifiques à l'échange capitaliste. Je fais l'hypothèse que les processus de qualification peuvent contribuer à établir une relation de réciprocité symétrique entre producteur et consommateur. Ils peuvent également concourir à engendrer une structure de partage (de la qualité) au sein d'un groupe de producteurs. Mais, les mécanismes de qualification et certification peuvent également introduire l'exclusion, car en dehors du groupe et des produits certifiés ce sont les lois de l'échange qui régulent le marché. C'est pourquoi on a besoin d'une forme d'interface ou d'articulation entre production et marché. L'interface offerte par les mécanismes de certification de la qualification permet de réintroduire la dimension de la réciprocité économique dans le système du marché d'échange capitaliste. Ce texte repose sur la comparaison de trois systèmes de certification de produits agro-écologiques au Brésil : la certification externe de groupes, la certification participative et la cocertification. (Résumé d'auteur

V-Model Role Engineering

The paper focuses on role engineering which is an important topic in the development of access control system, particularly when considering Role Based Access Control – RBAC models. Despite the wide use of RBAC in various applications, the role engineering process is not a standardized approach. The paper aims to define a methodology and a process model for role engineeringInformation security, access control systems, role based access control systems – RBAC, engineering methodologies, security policies, access control models

Dependencies and Separation of Duty Constraints in GTRBAC

A Generalized Temporal Role Based Access Control (GTRBAC) model that captures an exhaustive set of temporal constraint needs for access control has recently been proposed. GTRBAC’s language constructs allow one to specify various temporal constraints on role, user-role assignments and role-permission assignments. In this paper, we identify various time-constrained cardinality, control flow dependency and separation of duty constraints (SoDs). Such constraints allow specification of dynamically changing access control requirements that are typical in today’s large systems. In addition to allowing specification of time, the constraints introduced here also allow expressing access control policies at a finer granularity. The inclusion of control flow dependency constraints allows defining much stricter dependency requirements that are typical in workflow types of applications

Applications of the Oriented Permission Role-Based Access Control Model

Role-based access control and role hierarchies have been the subject of considerable research in recent years. In this paper, we consider three useful applications of a new role-based access control model that contains a novel approach to permissions and permission inheritance: one is to illustrate that the new model provides a simpler and more natural way to implement BLP model using role-based techniques; a second application is to make it possible to define separation of duty constraints on two roles that have a common senior role and for a user to be assigned to or activate the senior role; finally, we describe how a single hierarchy in the new model can support the distinction between role activation and permission usage. In short, the oriented permission model provides ways of implementing a number of useful features that have previously required ad hoc and inelegant solutions

The Area of Freedom, Security and Justice ten years on: Successes and future challenges under the Stockholm Programme. CEPS Paperbacks. June 2010

This book celebrates the tenth anniversary of the Area of Freedom, Security and Justice (AFSJ) by bringing together the views of key practitioners and policy-makers who have played an outstanding role in thinking about and shaping EU policies on freedom, security and justice. Ten years ago, the member states transferred competences to the EU for law and policy-making in the fields of immigration, asylum and border controls, and began the transfer process for criminal justice and policing. This decade of European cooperation on AFSJ policies has experienced very dynamic convergence, the enactment of a large body of European law and the setting-up of numerous EU agencies working in these domains. Such dynamism in policy-making has not been without challenges and vulnerabilities, however. As this collective volume shows, the main dilemmas that lie ahead relate to an effective (while more plural) institutional framework under the Treaty of Lisbon, stronger judicial scrutiny through a greater role for national courts and the Court of Justice in Luxembourg, better mechanisms for evaluating and monitoring the implementation of EU AFSJ law and a more solid fundamental rights strategy. The contributions in this volume address the progress achieved so far in these policy areas, identify the challenges for future European cooperation in the AFSJ and put forward possible paths for making more progress in the next generation of the EU’s AFSJ