The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Modern electronic healthcare (e-health) settings constitute collaborative environments with complex access requirements. Thus, there is a need for sophisticated fine-grained access control mechanisms to cater these access demands and thereby experience the full potential of e-health systems. In order to realize a flexible access control scheme, integrating access delegation is of paramount importance...
Cyber-physical systems (CPS) integrate cyber components into physical processes. This integration enhances the capabilities of physical systems by incorporating intelligence into objects and services. On the other hand, integration of cyber and physical components and interaction between them introduce new security threats. Since CPSs are mostly safety-critical systems, data stored and communicated...
Attribute-based Access Control (ABAC) has been emerging as a suitable choice for large and federated enterprises due to its flexibility in expressing various types of security policies. Improved flexibility, however, results in higher design complexity and consequently, possibility of undesired flow of information. Reliance of access decision on the attribute values of subjects, objects and environment...
User authorization in software systems is and has been a serious security concern for a long time. Attribute based Access Control (ABAC), as a new model of user authorization, makes it possible to restrict user access based on rules against different attributes. In the context of service access control in enterprise systems, it seems necessary to separate business rules from service logic and user...
Access control typically requires translating policies or rules given in natural language into a form such as a programming language or decision table, which can be processed by an access control system. Once rules have been described in machine-processable form, testing is necessary to ensure that the rules are implemented correctly. This paper describes an approach based on combinatorial test methods...
We present concepts which can be used for the efficient implementation of Attribute Based Access Control (ABAC) in large applications using maybe several data storage technologies, including Hadoop, NoSQL and relational database systems. The ABAC authorization process takes place in two main stages. Firstly a sequence of permissions is derived which specifies permitted data to be retrieved for the...
Attribute-Based Access Control (ABAC) is a fine-grained and flexible authorization method. In this paper, considering the layered structure of Grid resources, an ABAC model named Grid_ABAC is presented, and the implementation architecture of Grid_ABAC basing on XACML is proposed. The paper also describes the method for integrating Grid_ABAC seamlessly into the authorization framework of the Globus...
Attribute based access control (ABAC) offers a great deal of flexibility over more traditional forms of access control in that it relies less on user identity or role but on various attributes of a subject or object. In many instances where a traditional access control approach is taken, such as mandatory access control (MAC) environments, more information beyond a classification is desirable to make...
One of the most important challenges that have threatened cloud computing and caused its slow adoption is security. Since clouds have diverse groups of users with different sets of security requirements, restricting the users' accesses and protecting information from unauthorized accesses have become the most difficult tasks. To address these critical challenges, in this paper we first formalize Attribute...
Ciphertext-Policy Attribute Based Encryption (CP-ABE) is recognized as an important data protection mechanism in cloud computing environment for its flexible, scalable and fine-grained access control features. For enhancing its security, efficiency and policy flexibility, researchers have proposed different schemes of CP-ABE which have different kinds of access policy structures. However, as far as...
Cloud computing is one of the emerging technologies that is being used widely these days. It makes use of the computing resources such as hardware and software that is delivered over the internet and provides remote services with user's data, software and computation. There has been a growing trend to use the cloud for large-scale data storage. This has raised the important security issue of how to...
Cloud Infrastructure as a Service (IaaS), where traditional IT infrastructure resources such as compute, storage and networking are owned by a cloud service provider (CSP) and offered as on-demand virtual resources to customers (tenants), is the fastest maturing service model in cloud computing. The transformation of physical resources into virtual offers great flexibility to CSP customers including...
In a highly competitive global service market, service consumers tend to select a provider from a large pool of functionally equivalent services based on Quality of Service (QoS). To gain competitive advantages, it is desirable for a service provider to adopt service customization, particularly QoS customization, as one of the key strategies to differentiate itself from the competitors. This, however,...
Digital rights management has become a solution for copyright owners to protect the content in any digital object that transacted over the internet or digital storage from the risk of modifications such save a copy, edit, and illegal transfer from the irresponsible or piracy[16]. In DRM, content owners may limit the use of documents through the provision of encryption, copy control modifications,...
Recently, attribute based access control (ABAC) has received considerable attention from the security community for its policy flexibility and dynamic decision making capabilities. In ABAC, authorization decisions are based on various attributes of entities involved in the access (e.g., users, subjects, objects, context, etc.). In an ABAC system, correct attribute assignment to different entities...
City management platform based on conception of smart city is a public network platform in which internet of things, cloud computing and information intelligent analysis technologies are synthetically applied. Great information resources about city management are conserved in the platform, and some parts of resources are important information related to security and benefit of country. Therefore a...
In this paper, we propose an attribute based access control (ABAC) approach for safely sharing knowledge in a collaborative environment. Indeed, existing similar systems facilitate collaboration at the risk to convey doubtful information and sometimes serve as a gate to vandalism. Our system called “Wise-Share” ensures collaboration while focusing on the reliability of the broadcasted content. To...
Providing the right information to the right person at the right time is critical, especially for emergency response and law enforcement operations. Accomplishing this across sovereign organizations while keeping resources secure is a formidable task. What is needed is an access control solution that can break down information silos by securely enabling information sharing with non-provisioned users...
One of the key motivations of policy-based management is flexibility and adaptability to existing infrastructure and change management. In the context of security, modern policy languages such as XACML are extensible and support natively the expression of new information and manipulation operations. However, policy engines, which evaluate users' requests according to policies, may not support this...
Concept alignment, namely how to make different domains know each other about the semantics of concepts defined by them, is one of the key issues of applying attribute based access control in dynamic open multi-domain environment. In this paper, a novel approach is proposed for building up a concept alignment framework based on other domains' knowledge about specific concept relationship. The knowledge...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.