The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Currently the characteristics of Web services and the complexity of the distributed environment poses a great challenges for its security. Moreover, there is no complete role based access control (RBAC) model and RBAC framework for Web services that has been reported in the current literature which considers spatio-temporal constraints in its model. So, in this work we propose a spatio-temporal RBAC...
In this paper we propose the creation and use of a privacy policy vocabulary. The elements of this policy will have criteria for comparison, creating hierarchical relationships between those elements that could not otherwise be directly compared. This policy vocabulary can be used in conjunction with the eXtensible Access Control Markup Language (XACML) to provide storage and enforcement.
Multi-agent systems (MAS) which communicate with intra-domain and inter-domain agent platforms have access control requirements. Instead of a central mechanism, a fine-grained access control mechanism could have been applied to MAS platforms. This paper emphasizes MAS-based domain and security ontologies with XACML-based access control approach for MAS platforms. The domain dependent behaviour and...
SPoX (Security Policy XML) is a declarative language for specifying application security policies for enforcement by In-lined Reference Monitors. Two case studies are presented that demonstrate how this language can be used to effectively enforce application-specific security policies for untrusted Java applications in the absence of source code.
In service oriented architecture (SOA) environment, the communication and infrastructure security is crucial. The most important specification addressing Web services security is WS-Security, which collaborates with the SOAP message specifications, providing integrity, confidentiality and authentication for Web services. However, WS-Security focuses SOAP message security between trusted partners....
With concern of the current research results as well as the features of the demands for access control of the Web-based application system, this paper, first of all, raises a context constraint access control theory model on the level of standard reference model, from the perspective of flexibility, generality, clarity and easy to realize, and elaborates on the theory of this model and the architecture...
The components of different platforms usually need their proprietary testing languages to execute test cases. Thus it is essential to propose XML API-based test framework, which builds on standard component and supports different languages test on cross platforms. This study developed a general component extension test Interface (CETI) consisted of 4 kinds of function ports. Then on the basis of the...
At present, the electronic document in Intranet is not flexible enough in use. We cannot authorize different paragraphs of one document to different persons in file system. Furthermore, there are two security requirements of e-document: (a) The inadvertent disclosure of the commercial confidential information by legal user causes enormous losses. (b) Once the commercial confidential information is...
Because of the limitations of condition configuration and execution mechanism, the exiting access control models are not flexible and can not support multi-policy. Focusing on this, the paper presents a policy-based access control model (PBAC). Different from the traditional models which restrict session only with subject authorization, PBAC realizes policy-based access control by defining attribute...
Authenticated dictionaries have been primarily studied and used in the context of certificate revocation in public key infrastructure (PKI). This paper presents a novel approach to enabling controlled access to and selective sharing of sensitive user attributes in federated identity management (FIM) by integrating an authenticated dictionary (ADT)-based credential into FIM, while attempting to achieve...
Because of the growing complexity of networks and the difficult task of security policy enforcement, system administrators need simple and powerful security management tools. This paper presents a network security management tool that allows policy specification and administration of network security components such as firewall. The tool consists of four main modules. First module is considered the...
There is a huge prevalence of mobile devices being connected to the Internet because of high demands for information access and dissemination. It is now well understood that XML plays a vital role as a means for information representation, exchange, and storage. Naturally, XML data is exchanged and stored as these mobile devices communicate with each other, and over the web. A major concern for one...
In 2006, the IETF released its latest effort, NETCONF, a brand new network management protocol, which is based on the XML encoding method. The NETCONF protocol is thought to be able to meet the requirement of configuration management which SNMP fails to do well. The NETCONF protocol also performs better in other fields such as the efficiency, more flexible operations, etc. But, as a new protocol,...
In this demo proposal, we illustrate ACStream, a system built on top of Stream Base, to specify and enforce access control policies over data streams. ACStream supports a very flexible role-based access control model specifically designed to protect against unauthorized access to streaming data. The core component of ACStream is a query rewriting mechanism that, by exploiting a set of secure operators...
XACML (extensible access control markup language) is an access control policy language standardized by the OASIS (Organization for Advancement of Structured Information Standards). We have extended the standard XACML languages and processing models to allow the access control policies be embedded with digital content in the same XACML-like document. The original content can be further divided into...
Trust establishment is a challenge for services in distributed open environments. Trust Negotiation is a requirements- driven method for establishing trust between strangers and parties with limited mutual trust. Protocols for stateless trust negotiation use messages which contain the whole negotiation state. Stateless trust negotiation systems are advantageous in open environments due to their ability...
The article presents a standard security policy language (SSPL) that provides a flexible, formal, dynamic, and unambiguous language to allow the security officers developing their own security policies with the rules in a readable and formal format. The proposed SSPL simplifies the task of developing standard unambiguous policy statement. The policies can be developed in any specific domain free of...
Independent grid projects have developed their own solutions to information services. These solutions are not interoperable with each other, target vastly different systems and address diverse sets of requirements. To address these challenges, we designed a novel architecture for a grid information service that provides unification, federation and interoperability of major grid information services...
In Service Oriented Computing (SOC), service plays an important role for the development of systems and complex distributed applications. A service may interact with several types of services clients. The central problem, therefore, is how to model the multidimensional aspect of service clients needs and requirements. To tackle this problem, we propose, in this paper, the concept of the multiview...
As more and more sensitive information gets stored in the form of XML, proper access control to the XML documents becomes increasingly important. Moreover, XML documents may be available to users at certain time periods, and unavailable at others. To tackle such dynamic aspects, this paper proposes a bitmap-indexing scheme in which timed access control decisions can be effectively processed. The form...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.