ML for the working programmer (2nd ed.)
ML for the working programmer (2nd ed.)
Towards OLAP security design — survey and research issues
Proceedings of the 3rd ACM international workshop on Data warehousing and OLAP
ACM SIGAda Ada Letters
Verification and change-impact analysis of access-control policies
Proceedings of the 27th international conference on Software engineering
Supporting conditional delegation in secure workflow management systems
Proceedings of the tenth ACM symposium on Access control models and technologies
Reasoning about XACML policies using CSP
Proceedings of the 2005 workshop on Secure web services
Using XML and XACML to Support Attribute Based Delegation
CIT '05 Proceedings of the The Fifth International Conference on Computer and Information Technology
Enforcing well-formed and partially-formed transactions for Unix
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
An approach to evaluate policy similarity
Proceedings of the 12th ACM symposium on Access control models and technologies
Using semantics for automatic enforcement of access control policies among dynamic coalitions
Proceedings of the 12th ACM symposium on Access control models and technologies
ProActive Access Control for Business Process-Driven Environments
ACSAC '08 Proceedings of the 2008 Annual Computer Security Applications Conference
Extending access control models with break-glass
Proceedings of the 14th ACM symposium on Access control models and technologies
An auto-delegation mechanism for access control systems
STM'10 Proceedings of the 6th international conference on Security and trust management
Risk-Based auto-delegation for probabilistic availability
DPM'11 Proceedings of the 6th international conference, and 4th international conference on Data Privacy Management and Autonomous Spontaneus Security
| Hi-index | 0.00 |
Today's IT systems typically comprise a fine-grained access control mechanism based on complex policies. The strict enforcement of these policies, at runtime, always contains the risk of hindering people in their regular work. An efficient support for assisted delegation can help in resolving the conflict between too tight access control and the required flexibility as well as support the resolution of conflicts. Here, assisted delegation means that, additional to denying the access, a user is informed about a list of users that could either grant him access to the requested resource or which could execute this task in behalf of the user. In this paper, we present an approach for determining a set of users which are able to resolve an access control conflict. This set is based on various information sources and are ordered with respect to different distance functions. We show that one distance function can be used to serve different types of contextual input, e.g., role hierarchies, geospatial information as well as shared business object structure data or social network graphs.