The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Security principles, like least privilege, are among the resources in the security body of knowledge that survived the test of time. The implementation of these principles in a software architecture is difficult, as there are no systematic rules on how to apply them in practice. As a result, they are often neglected, which lowers the overall security level of the software system and increases the...
Patient-controlled health records (PCHRs) allow patients complete control over their health information. They decide who to share their information with, which makes the patient the administrator of access control. While PCHRs have a great potential for patient empowerment, they have an equally great risk for breach of privacy if consequences of sharing are not completely clear to the patient. This...
Today's de facto standard for assigning trust, involving X.509 proxy credentials and virtual organizations, is analyzed and found to present a number of problems. A model is proposed which is simpler and has less inherent security risks while still providing the functionality needed by current grid applications.
Usage control is a generalization of access control that also addresses how data is handled after it is released. Usage control requirements are specified in policies. We present tool support for the following analysis problems. Is a policy consistent, i.e., satisfiable? Is an abstractly specified usage control mechanism capable of enforcing a given policy? Can we configure such a mechanism by analyzing...
It is impractical to use traditional access control mechanisms to design a digital content access control mechanism for an organization since even a role-based access control mechanism only guarantees that it can be flexibly applied to the determined access policy for various roles in an organization. It cannot allow users to flexibly define various access rights for different digital contents for...
Authorization and authentication services are the major components protecting integrity and authenticity. Authorization control service provides a mechanism to verify user permission to access services. In wireless networks, not only users may change roles but also services can be added, removed or modified more frequently. Although role-based access control or RBAC can simplify the management of...
This paper aims at building a responsibility model based on the concepts of accountability, capability and commitment. The model's objectives are firstly to help organizations for verifying the organizational structure and detecting policy problems and inconsistency. Secondly, the paper brings up a conceptual framework to support organization for defining their corporate, security and access control...
Delegation is a key facility in dynamic, distributed and collaborative environments like Grids and enables an effective use of a wide range of dynamic applications. Traditional delegation frameworks approach a top-down model of delegation for delegating rights from a superior to a subordinate in advance before a delegate starts off a delegated task. However, a top-down model of delegation cannot meet...
The use of roles in identity management infrastructures (IdMI) has proven to be a solution for reorganising and securing access structures of employees. The definition of enterprise-wide roles is one of the most challenging and costly tasks during role development projects. It needs to be carried out on the basis of a predefined role development methodology (RDM). In this paper we present existing...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.