The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
The openness and accessibility of the web Services on the Internet makes them vulnerable to various attacks. Therefore, security solutions are necessary to restrict access to web services and objects they manipulate.
Due to the popularity of smartphones, finding and recommending suitable services on mobile devices are increasingly important. Recent research has attempted to use role-based approaches to recommend mobile services to other members among the same group in a context dependent manner. However, the traditional role mining approaches originated from the domain of security control tend to be rigid and...
As current trends show, the Semantic Web is the future interaction environment used in data exchange and integration among homogenous applications. This trend raises new challenges in security models used for access control, and the only acceptable model is to take into account the semantic relations of the interacting entities. In this article we present the access control module used by the Mobile...
Pervasive applications promote a seamless integration of computer artifacts with our daily an business lives. However, they threaten privacy in two ways. Firstly, adaptation to a user's context necessitates a large collection of data. Secondly, context should be addressed when granting users access to information. This paper handles privacy management as an access control problem and argues that privacy...
Distributed systems such as SOA are typically heterogeneous systems that are opened to a wide variety of partners, customers,clients and resources, which introduce a new security threats. The organizations must protect their information assets from attacks. Their information assets would be accessed typically through services, which come in different technologies. Therefore in order to obtain security...
Web service environment is characterized by its openness and distribution, in which the interacting entities usually have little knowledge about each other and may be in different domains, so the access control for web service has become a challenging problem that needs to be addressed properly. In this paper, an access control policy model based on context and role is proposed that can be appropriate...
Service cloud provides added value to customers by allowing them to compose services from multiple providers. Most existing web service security models focus on the protection of individual web services. When multiple services from different domains are composed together, it is critical to ensure the proper information flow on the chain of services. In a service chain, each service needs to determine...
Binary attestation in trusted computing platforms provide the ability to reason about the state of a system using hash measurements. Property based attestation on the other hand enables more meaningful attestation by abstracting low level binary values to high level security properties or functions of systems. In this paper, we try to understand the kind of security properties that trusted platforms...
The need of interoperable e-government services is addressed through the use of web services where sensitive services need to be granted to only authorized subjects from different organizations. In this paper, we propose a Trust and Dynamic Role Based Access Control model (TDRBAC) which deals with the specific requirements of e-government services. It effectively enhances the access control level...
The Internet of Things is a rapidly growing concept in recent years. It refers to the idea that every physical thing in this world can be also connected to the Internet as well as computers. As the development of embedded systems, computing, and networking, the growing number of physical objects in our daily life become addressable through a network, however, more and more resources along with privacy...
The interacting entities in web service usually can't be predetermined and may be in different security domains. To address the access authorization for unknown users across domain borders, access control of web service should be performed based on the domain-independent access control information but not the identities. In this paper, a context and role based access control policy model is proposed...
Web services over the Internet are widely used nowadays. Controlling access in Web services environment is crucial and a significant challenge because this environment is more dynamic and heterogeneous. Compared with the existing models, attribute-based access control is more appropriate for Web services, but it do not fully exploit the semantic power and reasoning capabilities of emerging web applications...
The paper proposes a dynamic access control model for Web services that based on the trust-authorization -WS-TABAC model. A simple evaluation algorithm about trust is defined, which can calculate the trust degree of users easily. In WS-TABAC model, part or complete privileges can be achieved through the mapping relations defined between trust and authorization. Theoretical analysis and examples demonstrate...
Constraints are considered to be the principal motivation for RBAC model. XACML profile for RBAC can not meet the need of expressing static and dynamic RBAC constraints well. We give the XACML syntax of common static and dynamic Separation of Duty constraints and cardinality constraints of RBAC. We also complement Role Enablement Authority to extend this profile in order to enforce these constraints.
To protect the services against illegal accessing, misusing and tempering is the essential problem in service oriented computing paradigm. SOC relies on the SOA, which is a way of reorganizing software applications and infrastructure into a set of interacting services. Due to loosely coupled and dynamic characteristics of SOC environment, existing access control models and security mechanisms can...
Main requirement of recent computing environments, like mobile and then ubiquitous computing, is to adapt applications to context. On the other hand, access control generally trust users once they have authenticated, despite the fact that they may reach unauthorized situations. We analyse how dynamic information can be used to improve security in the authorization process, especially in the case of...
Networked enterprises create virtual teams of distributed experts belonging to different enterprises where one user can be part of multiple teams; How to effectively control the sharing of personal and shared context information among members of multiple overlapping teams without compromising their privacy is a challenging research question. This paper describes sharing control in Peer to Peer and...
Web service is a new service-oriented computing paradigm which poses the unique security challenges due to its inherent heterogeneity and highly dynamic nature. A key challenge in Web service security is the design of effective access control schemas. However, traditional role-based access control (RBAC) model can not meet the dynamic and context sensitivity features of Web service demands. In this...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.