The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
In Attribute-Based Access Control (ABAC), attributes are defined as characteristics of subjects, objects as well as environment, and access is granted or denied based on the values of these attributes. With increasing number of organizations showing interest in migrating to ABAC, it is imperative that algorithmic techniques be developed to facilitate the process. While the traditional ABAC policy...
Trust management can be applied to deal with a number of security issues in virtual networks. In internet communications, efficient and secure trust negotiation between virtual individuals/organizations is very important because it can achieve resource sharing, collaborative computing and communication security. This investigation aims to strengthen the efficiency and security of trust negotiation...
coRBAC is a specifically optimized RBAC system for cloud computing environment. It inherits the existing RBAC's role model and dRBAC's domain model, optimizes and improves the access control system for services which are hosted on the cloud computing platform. coRBAC greatly improves the certification process and user experience by reducing the unnecessary process of establishing secure connection...
Workforce management is an important issue for human involved collaboration. When multiple urgent events simultaneously happen at different places with unexpected requirements, administrators should schedule workforce under the consideration of both system and user context, such as event requirements, user qualifications, etc. In this paper, we tackle this challenging problem of scheduling workforce...
Database applications in enterprise information system for flexibility of security policy large require the Row Level Security mechanism. Large number of users and tables in database increases the process complexity of administration. In this paper, we propose automated design method of hierarchical access control in database to reduce the number of operations for user data spaces creation. An algorithm...
In a real world, it is often in a group setting that sensitive information has to be stored in databases of a server. Although personal information does not need to be stored in a server, the secret information shared by group members is likely to be stored there. The shared sensitive information requires more security and privacy protection. To our best knowledge, there is no paper which deals with...
Software security testing tools and methodologies are presently abundant, and the question no longer seems to be "if to test" for security, but rather "where and when to test" and "then what?". In this paper we present a review of security testing literature, and propose a software security testing scheme that exploits an intra-organisational repository of discovered...
We present a new approach for mutation analysis of security policies test cases. We propose a metamodel that provides a generic representation of security policies access control models and define a set of mutation operators at this generic level. We use Kermeta to build the metamodel and implement the mutation operators. We also illustrate our approach with two successful instantiation of this metamodel:...
Due to the increasing complexity of Web systems, security testing is becoming a critical activity to guarantee the respect of such systems to their security requirements. To challenge this issue, we rely in this paper on model based active testing. We first specify the Web system behavior using IF formalism. Second, we integrate security rules -modeled in Nomad language- within this IF model using...
In recent years, organizations have been shifting focus to their core business competencies, and reducing total cost of ownership (TCO) associated with training and management of their IT infrastructure. In the same motif, organizations are establishing security and survivability frameworks as an integral part of their business strategy so as to provide an acceptable quality-of-service for their clients...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.