32,134 research outputs found
Canonical Completeness in Lattice-Based Languages for Attribute-Based Access Control
The study of canonically complete attribute-based access control (ABAC)
languages is relatively new. A canonically complete language is useful as it is
functionally complete and provides a "normal form" for policies. However,
previous work on canonically complete ABAC languages requires that the set of
authorization decisions is totally ordered, which does not accurately reflect
the intuition behind the use of the allow, deny and not-applicable decisions in
access control. A number of recent ABAC languages use a fourth value and the
set of authorization decisions is partially ordered. In this paper, we show how
canonical completeness in multi-valued logics can be extended to the case where
the set of truth values forms a lattice. This enables us to investigate the
canonical completeness of logics having a partially ordered set of truth
values, such as Belnap logic, and show that ABAC languages based on Belnap
logic, such as PBel, are not canonically complete. We then construct a
canonically complete four-valued logic using connections between the generators
of the symmetric group (defined over the set of decisions) and unary operators
in a canonically suitable logic. Finally, we propose a new authorization
language , an extension of PTaCL, which
incorporates a lattice-ordered decision set and is canonically complete. We
then discuss how the advantages of can be
leveraged within the framework of XACML
A Survey on IT-Techniques for a Dynamic Emergency Management in Large Infrastructures
This deliverable is a survey on the IT techniques that are relevant to the three use cases of the project EMILI. It describes the state-of-the-art in four complementary IT areas: Data cleansing, supervisory control and data acquisition, wireless sensor networks and complex event processing. Even though the deliverableās authors have tried to avoid a too technical language and have tried to explain every concept referred to, the deliverable might seem rather technical to readers so far little familiar with the techniques it describes
On Properties of Policy-Based Specifications
The advent of large-scale, complex computing systems has dramatically
increased the difficulties of securing accesses to systems' resources. To
ensure confidentiality and integrity, the exploitation of access control
mechanisms has thus become a crucial issue in the design of modern computing
systems. Among the different access control approaches proposed in the last
decades, the policy-based one permits to capture, by resorting to the concept
of attribute, all systems' security-relevant information and to be, at the same
time, sufficiently flexible and expressive to represent the other approaches.
In this paper, we move a step further to understand the effectiveness of
policy-based specifications by studying how they permit to enforce traditional
security properties. To support system designers in developing and maintaining
policy-based specifications, we formalise also some relevant properties
regarding the structure of policies. By means of a case study from the banking
domain, we present real instances of such properties and outline an approach
towards their automatised verification.Comment: In Proceedings WWV 2015, arXiv:1508.0338
Authorised Translations of Electronic Documents
A concept is proposed to extend authorised translations of documents to
electronically signed, digital documents. Central element of the solution is an
electronic seal, embodied as an XML data structure, which attests to the
correctness of the translation and the authorisation of the translator. The
seal contains a digital signature binding together original and translated
document, thus enabling forensic inspection and therefore legal security in the
appropriation of the translation. Organisational aspects of possible
implementation variants of electronic authorised translations are discussed and
a realisation as a stand-alone web-service is presented.Comment: In: Peer-reviewed Proceedings of the Information Security South
Africa (ISSA) 2006 From Insight to Foresight Conference, 5 to 7 July 2006,
Sandton, South Afric
- ā¦