Local model checking in the modal mu-calculus
TAPSOFT '89 2nd international joint conference on Theory and practice of software development
Role-Based Access Control Models
Computer
Reconciling role based management and role based access control
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Role templates for content-based access control
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Protection in operating systems
Communications of the ACM
Modal logic
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Certificate chain discovery in SPKI?SDSI
Journal of Computer Security
Delegation logic: A logic-based approach to distributed authorization
ACM Transactions on Information and System Security (TISSEC)
Design of a Role-Based Trust-Management Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Understanding Trust Management Systems
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Cassandra: Flexible Trust Management, Applied to Electronic Health Records
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
On Safety in Discretionary Access Control
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Role-Based Access Control, Second Edition
Role-Based Access Control, Second Edition
On mutually exclusive roles and separation-of-duty
ACM Transactions on Information and System Security (TISSEC)
Context-aware role-based access control in pervasive computing systems
Proceedings of the 13th ACM symposium on Access control models and technologies
Privacy-Aware Collaborative Access Control in Web-Based Social Networks
Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security
Protection: principles and practice
AFIPS '72 (Spring) Proceedings of the May 16-18, 1972, spring joint computer conference
RelBAC: Relation Based Access Control
SKG '08 Proceedings of the 2008 Fourth International Conference on Semantics, Knowledge and Grid
A semantic web based framework for social network access control
Proceedings of the 14th ACM symposium on Access control models and technologies
Private Relationships in Social Networks
ICDEW '07 Proceedings of the 2007 IEEE 23rd International Conference on Data Engineering Workshop
Enforcing access control in Web-based social networks
ACM Transactions on Information and System Security (TISSEC)
PriMa: an effective privacy protection mechanism for social networks
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
A privacy preservation model for facebook-style social network systems
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Constraining Credential Usage in Logic-Based Access Control
CSF '10 Proceedings of the 2010 23rd IEEE Computer Security Foundations Symposium
Privacy policies for shared content in social network sites
The VLDB Journal — The International Journal on Very Large Data Bases
Decentralized trust management
SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
D-FOAF: distributed identity management with access rights delegation
ASWC'06 Proceedings of the First Asian conference on The Semantic Web
Rule-Based access control for social networks
OTM'06 Proceedings of the 2006 international conference on On the Move to Meaningful Internet Systems: AWeSOMe, CAMS, COMINF, IS, KSinBIT, MIOS-CIAO, MONET - Volume Part II
Relationship-based access control policies and their policy languages
Proceedings of the 16th ACM symposium on Access control models and technologies
Multiparty authorization framework for data sharing in online social networks
DBSec'11 Proceedings of the 25th annual IFIP WG 11.3 conference on Data and applications security and privacy
Detecting and resolving privacy conflicts for collaborative data sharing in online social networks
Proceedings of the 27th Annual Computer Security Applications Conference
Survey Paper: A survey on policy languages in network and security management
Computer Networks: The International Journal of Computer and Telecommunications Networking
Relationship-based access control: its expression and enforcement through hybrid logic
Proceedings of the second ACM conference on Data and Application Security and Privacy
A visualization tool for evaluating access control policies in facebook-style social network systems
Proceedings of the 27th Annual ACM Symposium on Applied Computing
A user-to-user relationship-based access control model for online social networks
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
Towards a socially aware home router
Proceedings of the First ACM International Workshop on Hot Topics on Interdisciplinary Social Networks Research
RABAC: role-centric attribute-based access control
MMM-ACNS'12 Proceedings of the 6th international conference on Mathematical Methods, Models and Architectures for Computer Network Security: computer network security
Towards provenance and risk-awareness in social computing
Proceedings of the First International Workshop on Secure and Resilient Architectures and Systems
A multi-dimensional and event-based model for trust computation in the social web
SocInfo'12 Proceedings of the 4th international conference on Social Informatics
A white-box policy analysis and its efficient implementation
Proceedings of the 18th ACM symposium on Access control models and technologies
Constraint expressions and workflow satisfiability
Proceedings of the 18th ACM symposium on Access control models and technologies
Privacy settings in social networking systems: what you cannot control
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
Preserving user privacy from third-party applications in online social networks
Proceedings of the 22nd international conference on World Wide Web companion
Relational abstraction in community-based secure collaboration
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Anonymously sharing Flickr pictures with facebook friends
Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society
Social access control language (SocACL)
Proceedings of the 6th International Conference on Security of Information and Networks
Using community structure to control information sharing in online social networks
Computer Communications
Hi-index | 0.00 |
Social Network Systems pioneer a paradigm of access control that is distinct from traditional approaches to access control. Gates coined the term Relationship-Based Access Control (ReBAC) to refer to this paradigm. ReBAC is characterized by the explicit tracking of interpersonal relationships between users, and the expression of access control policies in terms of these relationships. This work explores what it takes to widen the applicability of ReBAC to application domains other than social computing. To this end, we formulate an archetypical ReBAC model to capture the essence of the paradigm, that is, authorization decisions are based on the relationship between the resource owner and the resource accessor in a social network maintained by the protection system. A novelty of the model is that it captures the contextual nature of relationships. We devise a policy language, based on modal logic, for composing access control policies that support delegation of trust. We use a case study in the domain of Electronic Health Records to demonstrate the utility of our model and its policy language. This work provides initial evidence to the feasibility and utility of ReBAC as a general-purpose paradigm of access control.