1,049,585 research outputs found
Time Dependent Policy-Based Access Control
Access control policies are essential to determine who is allowed to access data in a system without compromising the data\u27s security. However, applications inside a distributed environment may require those policies to be dependent on the actual content of the data, the flow of information, while also on other attributes of the environment such as the time.
In this paper, we use systems of Timed Automata to model distributed systems and we present a logic in which one can express time-dependent policies for access control. We show how a fragment of our logic can be reduced to a logic that current model checkers for Timed Automata such as UPPAAL can handle and we present a translator that performs this reduction. We then use our translator and UPPAAL to enforce time-dependent policy-based access control on an example application from the aerospace industry
A Ciphertext Policy Attributes-based Encryption Scheme with Policy Revocation
There are a lot of data exchanges among the parties by
using cloud computing. So data protection is very
important in cloud security environment. Especially, data
protection is needed for all organization by security
services against unauthorized accesses. There are many
security mechanisms for data protection. Attributes-based
Encryption (ABE) is a one-to-many encryption to encrypt
and decrypt data based on user attributes in which the
secret key of a user and the ciphertext are dependent
upon attributes. Ciphertext policy attributes-based
encryption (CP-ABE), an improvement of ABE schemes
performs an access control of security mechanisms for
cloud storage. In this paper, sensitive parts of personal
health records (PHRs) are encrypted by ABE with the
help of CP-ABE. Moreover, an attributes-based policy
revocation case is considered as well as user revocation
and it needs to generate a new secret key. In proposed
policy revocation case, PHRs owner changes attributes
policy to update available user lists. A trusted authority
(TA) is used to issue secret keys as a third party. This
paper emphasizes on key management and it also
improves attributes policy management and user
revocation. Proposed scheme provides a full control on
data owner as much as he changes policy. It supports a
flexible policy revocation in CP-ABE and it saves time
consuming by comparing with traditional CP-ABE
Optimal finite horizon sensing for wirelessly powered devices
We are witnessing a significant advancements in the sensor technologies which has enabled a broad spectrum of applications. Often, the resolution of the produced data by the sensors significantly affects the output quality of an application. We study a sensing resolution optimization problem for a wireless powered device (WPD) that is powered by wireless power transfer (WPT) from an access point (AP). We study a class of harvest-first-transmit-later type of WPT policy, where an access point (AP) first employs RF power to recharge the WPD in the down-link, and then, collects the data from the WPD in the up-link. The WPD optimizes the sensing resolution, WPT duration and dynamic power control in the up-link to maximize an application dependant utility at the AP. The utility of a transmitted packet is only achieved if the data is delivered successfully within a finite time. Thus, we first study a finite horizon throughput maximization problem by jointly optimizing the WPT duration and power control. We prove that the optimal WPT duration obeys a time-dependent threshold form depending on the energy state of the WPD. In the subsequent data transmission stage, the optimal transmit power allocations for the WPD is shown to posses a channel-dependent fractional structure. Then, we optimize the sensing resolution of the WPD by using a Bayesian inference based multi armed bandit problem with fast convergence property to strike a balance between the quality of the sensed data and the probability of successfully delivering it
Context dependent revocation in delegated XACML
The XACML standard defines an XML based language for defining access control policies and a related processing model. Recent work aims to add delegation to XACML in order to express the right to administrate XACML policies within XACML itself. The delegation profile draft explains how to validate the right to issue a policy, but there are no provisions for removing a policy. This paper proposes a revocation model for delegated XACML. A novel feature of this model is that whether a revocation is valid or not, depends not only on who issued the revocation, but also on the context in which an attempt to use the revoked policy is done
Dependent Coverage Expansions: Estimating the Impact of Current State Policies
Presents preliminary findings on common provisions in state regulations of dependent health coverage and discusses the analytic approach to estimating the impact of state policy changes on young adults
On Properties of Policy-Based Specifications
The advent of large-scale, complex computing systems has dramatically
increased the difficulties of securing accesses to systems' resources. To
ensure confidentiality and integrity, the exploitation of access control
mechanisms has thus become a crucial issue in the design of modern computing
systems. Among the different access control approaches proposed in the last
decades, the policy-based one permits to capture, by resorting to the concept
of attribute, all systems' security-relevant information and to be, at the same
time, sufficiently flexible and expressive to represent the other approaches.
In this paper, we move a step further to understand the effectiveness of
policy-based specifications by studying how they permit to enforce traditional
security properties. To support system designers in developing and maintaining
policy-based specifications, we formalise also some relevant properties
regarding the structure of policies. By means of a case study from the banking
domain, we present real instances of such properties and outline an approach
towards their automatised verification.Comment: In Proceedings WWV 2015, arXiv:1508.0338
Recommended from our members
Electricity Sector Reform in Developing Countries: A Survey of Empirical Evidence on Determinants and Performance
This paper reviews the empirical evidence on electricity reform in developing countries. We find that country institutions and sector governance play an important role in success and failure of reform; reforms appear to have increased operating efficiency and expanded access to urban customers; they have to a lesser degree passed on efficiency gains to customers, tackled distributional effects, or improved rural access. Moreover, some of the literature is not methodologically robust or on a par with general development economics literature and findings on some issues are limited and inconclusive while some important areas are yet to be addressed. Until we know more, implementation of reforms will be more based on ideology and economic theory rather than solid economic evidence.The World Bank Electricity Research Programme and the CMI Electricity Project (IR-45
- âŠ