Benefits of Location-Based Access Control:A Literature Study

Location-based access control (LBAC) has been suggested as a means to improve IT security. By 'grounding' users and systems to a particular location, \ud attackers supposedly have more difficulty in compromising a system. However, the motivation behind LBAC and its potential benefits have not been investigated thoroughly. To this end, we perform a structured literature review, and examine the goals that LBAC can potentially fulfill, \ud the specific LBAC systems that realize these goals and the context on which LBAC depends. Our paper has four main contributions:\ud first we propose a theoretical framework for LBAC evaluation, based on goals, systems and context. Second, we formulate and apply criteria for evaluating the usefulness of an LBAC system. Third, we identify four usage scenarios for LBAC: open areas and systems, hospitals, enterprises, and finally data centers and military facilities. Fourth, we propose directions for future research:\ud (i) assessing the tradeoffs between location-based, physical and logical access control, (ii) improving the transparency of LBAC decision making, and \ud (iii) formulating design criteria for facilities and working environments for optimal LBAC usage

On Properties of Policy-Based Specifications

The advent of large-scale, complex computing systems has dramatically increased the difficulties of securing accesses to systems' resources. To ensure confidentiality and integrity, the exploitation of access control mechanisms has thus become a crucial issue in the design of modern computing systems. Among the different access control approaches proposed in the last decades, the policy-based one permits to capture, by resorting to the concept of attribute, all systems' security-relevant information and to be, at the same time, sufficiently flexible and expressive to represent the other approaches. In this paper, we move a step further to understand the effectiveness of policy-based specifications by studying how they permit to enforce traditional security properties. To support system designers in developing and maintaining policy-based specifications, we formalise also some relevant properties regarding the structure of policies. By means of a case study from the banking domain, we present real instances of such properties and outline an approach towards their automatised verification.Comment: In Proceedings WWV 2015, arXiv:1508.0338

CRiBAC: Community-centric role interaction based access control model

As one of the most efficient solutions to complex and large-scale problems, multi-agent cooperation has been in the limelight for the past few decades. Recently, many research projects have focused on context-aware cooperation to dynamically provide complex services. As cooperation in the multi-agent systems (MASs) becomes more common, guaranteeing the security of such cooperation takes on even greater importance. However, existing security models do not reflect the agents' unique features, including cooperation and context-awareness. In this paper, we propose a Community-based Role interaction-based Access Control model (CRiBAC) to allow secure cooperation in MASs. To do this, we refine and extend our preliminary RiBAC model, which was proposed earlier to support secure interactions among agents, by introducing a new concept of interaction permission, and then extend it to CRiBAC to support community-based cooperation among agents. We analyze potential problems related to interaction permissions and propose two approaches to address them. We also propose an administration model to facilitate administration of CRiBAC policies. Finally, we present the implementation of a prototype system based on a sample scenario to assess the proposed work and show its feasibility. © 2012 Elsevier Ltd. All rights reserved

Applications of the Oriented Permission Role-Based Access Control Model

Role-based access control and role hierarchies have been the subject of considerable research in recent years. In this paper, we consider three useful applications of a new role-based access control model that contains a novel approach to permissions and permission inheritance: one is to illustrate that the new model provides a simpler and more natural way to implement BLP model using role-based techniques; a second application is to make it possible to define separation of duty constraints on two roles that have a common senior role and for a user to be assigned to or activate the senior role; finally, we describe how a single hierarchy in the new model can support the distinction between role activation and permission usage. In short, the oriented permission model provides ways of implementing a number of useful features that have previously required ad hoc and inelegant solutions

Security Mechanisms for Workflows in Service-Oriented Architectures

Die Arbeit untersucht, wie sich Unterstützung für Sicherheit und Identitätsmanagement in ein Workflow-Management-System integrieren lässt. Basierend auf einer Anforderungsanalyse anhand eines Beispiels aus der beruflichen Weiterbildung und einem Abgleich mit dem Stand der Technik wird eine Architektur für die sichere Ausführung von Workflows und die Integration mit Identitätsmanagement-Systemen entwickelt, die neue Anwendungen mit verbesserter Sicherheit und Privatsphäre ermöglicht