The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
In this paper, we introduce the elementary UCONABC models for usage control (UCON), which integrate Authorizations (A), oBligations (B), and Conditions (C). We call these core models because they address the essence of UCON. UCONABC covers traditional access controls such as mandatory, discretionary, role-based access control, digital rights management (DRM) and other modern access controls. In the...
Web service is a new service-oriented computing paradigm which poses the unique security challenges due to its inherent heterogeneity and highly dynamic nature. A key challenge in Web service security is the design of effective access control schemas. However, traditional role-based access control (RBAC) model can not meet the dynamic and context sensitivity features of Web service demands. In this...
To meet the requirements in developing distributed simulation technology, a grid-based distributed simulation platform (GDSP), which was based on latest grid technology and high level architecture (HLA), was proposed. GDSP is the base infrastructure of service-oriented simulation support environment. And it can run simulations on wide area network efficiently, realize share and reuse of simulation...
Power market operating system is the technical supporting system of power market, and the security control of information access is the key factor for its normal running. So the information secrecy of power market, diversity of the user role and polytropy of access authority require strict and flexible access control mechanism must be possessed in power market operating system. In order to guarantee...
The inability to share information across systems is just one of the major impediments in the health care business that hinders progress towards efficiency and cost-effectiveness. Workflow management systems are very popular and largely being used in a business environment for inter-organizations. This paper investigates workflow involvement of healthcare process in order to support and complement...
The virtual machine system such as Xen provides a security isolation between virtual machines (VM) running on the virtual machine monitor (VMM). With the wide application of the virtualization technology, VMM is expected to not only provide the simple isolation but also provide limited sharing between VMs in a secure manner. In this paper, we present an access control mechanism for the virtual machine...
For the limitation of current workflow delegation models, a conditional delegation model based on weighted roles for workflow is proposed. For the model, it is supporting conditional partial delegation by adding weights to roles and importing variables in workflow tasks. The role delegation tree is defined to address the multi-step delegation issue, and the consistency delegation checking method is...
In current access control mechanisms, the system will assign access privileges to authenticated users without taking into account of the trustworthiness of the user, and the fact that authentication and access control are implemented in different modules provides a possibility for the illegal access. In this paper we first introduce the measure of user's trust, Certainty Factor (CF), and its computing...
We propose an access control model that extends RBAC (role-based access control) to take time and location into account, and use term rewriting systems to specify access control policies in this model. We discuss implementation techniques for rewrite-based policy specifications, and the integration of these policies in Web applications. The declarative nature of the model facilitates the analysis...
A classified distributed storage model and a layered access control model in distributed computing environment is presented in order to enhance the efficiency of data access and to protect the security of information. In classified distributed storage model, the data distributed in each physical storage spot is organized into four components which includes active data storage, static data storage,...
Securing access to data in location-based services and mobile applications pose interesting security requirements against spatially aware access control systems. In particular, the permissions assigned to users depend on their physical positions in a reference space. When a session is established in a spatial regionby users, some spatial constraints related to thissession will be triggered and control...
That ensuring the electronic documents security is the key to the protection of internal information. With the extent of file sharing enlarged, it is hard to keep balance between the security and sharing. To achieve this goal, file tracing and audit, dynamic adjustment of right must be solved better. In this paper, a electronic document security system based on lineage mechanism is proposed,it support...
Current approaches for malicious code defense are mostly signature-scanning and execution-monitoring. Limited by the undecidability of malicious codes, they can't defend against unknown attacks effectively. This paper investigates an integrity measurement and access control combined program security inspection model. On initial system setup, it indexes all known and trusted programs by both the identifiers...
With the enterprise applications being integrated into the pervasive computing environment, the traditional access control models based on the identity of the user and object have not been suitable to the new requirements of dynamic access authorization to enterprise resources. In this paper, we integrate business and pervasive computing requirements in a single model by extending the Task-Role Based...
The Electronic Medical Record (EMR) allows for the distributed collection and searching of healthcare information. However, it usually does not integrate easily into healthcare professionalspsila daily workflows. Barriers to its acceptance include costs such as time and effort, but also relational and educational issues. Access controls are likely to increase the barrier to acceptance, since their...
We propose an access control model that takes into account the specific behaviour of distributed, highly dynamic environments, and describe their representation using an algebraic-functional framework. The declarative nature of the model facilitates the analysis of policies, and direct implementations for access control checking even when resources and information are widely dispersed.
Authentication and encryption technology are the core components of the DRM (Digital Rights Management) system. In this paper, a security protocol basing on the identity-based signcryption scheme is proposed to implement these technologies simultaneously. According to the comparison with the PKI (public key infrastructure)-based DRM system, the advantages of this protocol are proved. However, in practice...
Role based access control (RBAC) has emerged as a leading access control model to other traditional access control models. However, the traditional RBAC models can not capture fine-grained authorization with mono-type inheritance. In this paper, we discuss the hybrid inheritance based on our extended RBAC model, which is very desirable for capturing the fine-grained access control permissions. When...
One of the major threats that an enterprise information system networks are facing today is the internal threat. In this paper we develop a formal network access control model as per ISO/IEC security evaluation criteria - common criteria to provide a formal framework for implementing an Internal threat protection security solution in network computing environment. We used network interpretation of...
IEEE802.11 suffered from limited data confidentiality and cumbersome procedure for exchange of security parameters. In response to the security limitations in IEEE802.11, IEEE introduced 802.1x for authentication and key management. IEEE802.1x is a port based network access control protocol that uses extensible authentication protocol (EAP) at the transport layer.IEEE802.1x defines authentication...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.