The NTree: a two dimension partial order for protection groups
ACM Transactions on Computer Systems (TOCS)
The schematic protection model: its definition and analysis for acyclic attenuating schemes
Journal of the ACM (JACM)
Secure Broadcasting Using the Secure Lock
IEEE Transactions on Software Engineering
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
A temporal authorization model
CCS '94 Proceedings of the 2nd ACM Conference on Computer and communications security
Role-Based Access Control Models
Computer
On Some Methods for Unconditionally Secure Key Distributionand Broadcast Encryption
Designs, Codes and Cryptography - Special issue: selected areas in cryptography I
Iolus: a framework for scalable secure multicasting
SIGCOMM '97 Proceedings of the ACM SIGCOMM '97 conference on Applications, technologies, architectures, and protocols for computer communication
RBAC '95 Proceedings of the first ACM Workshop on Role-based access control
The ARBAC97 model for role-based administration of roles
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
A Linear Time Algorithm for Deciding Subject Security
Journal of the ACM (JACM)
Secure group communications using key graphs
IEEE/ACM Transactions on Networking (TON)
Simple and fault-tolerant key agreement for dynamic collaborative groups
Proceedings of the 7th ACM conference on Computer and communications security
Protection in operating systems
Communications of the ACM
Protection and the control of information sharing in multics
Communications of the ACM
A note on the confinement problem
Communications of the ACM
Secure virtual enclaves: Supporting coalition use of distributed application technologies
ACM Transactions on Information and System Security (TISSEC)
Practical safety in flexible access control models
ACM Transactions on Information and System Security (TISSEC)
TRBAC: A temporal role-based access control model
ACM Transactions on Information and System Security (TISSEC)
Information sharing and security in dynamic coalitions
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Models for coalition-based access control (CBAC)
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Multicast-specific security threats and counter-measures
SNDSS '95 Proceedings of the 1995 Symposium on Network and Distributed System Security (SNDSS'95)
Design of a Role-Based Trust-Management Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Reasoning about Joint Administration of Access Policies for Coalition Resources
ICDCS '02 Proceedings of the 22 nd International Conference on Distributed Computing Systems (ICDCS'02)
dRBAC: Distributed Role-based Access Control for Dynamic Coalition Environments
ICDCS '02 Proceedings of the 22 nd International Conference on Distributed Computing Systems (ICDCS'02)
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Practical Domain and Type Enforcement for UNIX
SP '95 Proceedings of the 1995 IEEE Symposium on Security and Privacy
A survey of key management for secure group communication
ACM Computing Surveys (CSUR)
DEXA '03 Proceedings of the 14th International Workshop on Database and Expert Systems Applications
A Model for Access Negotiations in Dynamic Coalitions
WETICE '04 Proceedings of the 13th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
A Generalized Temporal Role-Based Access Control Model
IEEE Transactions on Knowledge and Data Engineering
Secure information sharing enabled by Trusted Computing and PEI models
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Privacy and Contextual Integrity: Framework and Applications
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Super-sticky and declassifiable release policies for flexible information dissemination control
Proceedings of the 5th ACM workshop on Privacy in electronic society
Towards secure information sharing using role-based delegation
Journal of Network and Computer Applications - Special issue: Network and information security: A computational intelligence approach
PEI models towards scalable, usable and high-assurance information sharing
Proceedings of the 12th ACM symposium on Access control models and technologies
Using semantics for automatic enforcement of access control policies among dynamic coalitions
Proceedings of the 12th ACM symposium on Access control models and technologies
Enclaves: enabling secure collaboration over the internet
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Proving the Correctness of Multiprocess Programs
IEEE Transactions on Software Engineering
The temporal logic of programs
SFCS '77 Proceedings of the 18th Annual Symposium on Foundations of Computer Science
Enforcing "sticky" security policies throughout a distributed application
Proceedings of the 2008 workshop on Middleware security
Developing a Community Cyber Security Incident Response Capability
HICSS '09 Proceedings of the 42nd Hawaii International Conference on System Sciences
A conceptual framework for Group-Centric secure information sharing
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Foundations for group-centric secure information sharing models
Proceedings of the 14th ACM symposium on Access control models and technologies
EUROCRYPT'91 Proceedings of the 10th annual international conference on Theory and application of cryptographic techniques
Group-centric models for secure and agile information sharing
MMM-ACNS'10 Proceedings of the 5th international conference on Mathematical methods, models and architectures for computer network security
Automatic enforcement of access control policies among dynamic coalitions
ICDCIT'04 Proceedings of the First international conference on Distributed Computing and Internet Technology
Refinement-based design of a group-centric secure information sharing model
Proceedings of the second ACM conference on Data and Application Security and Privacy
Authorization policy specification and enforcement for group-centric secure information sharing
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Property-testing real-world authorization systems
Proceedings of the 18th ACM symposium on Access control models and technologies
Relational abstraction in community-based secure collaboration
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
On the suitability of dissemination-centric access control systems for group-centric sharing
Proceedings of the 4th ACM conference on Data and application security and privacy
| Hi-index | 0.00 |
Group-Centric Secure Information Sharing (g-SIS) envisions bringing users and objects together in a group to facilitate agile sharing of information brought in from external sources as well as creation of new information within the group. We expect g-SIS to be orthogonal and complementary to authorization systems deployed within participating organizations. The metaphors “secure meeting room” and “subscription service” characterize the g-SIS approach. The focus of this article is on developing the foundations of isolated g-SIS models. Groups are isolated in the sense that membership of a user or an object in a group does not affect their authorizations in other groups. Present contributions include the following: formal specification of core properties that at once help to characterize the family of g-SIS models and provide a “sanity check” for full policy specifications; informal discussion of policy design decisions that differentiate g-SIS policies from one another with respect to the authorization semantics of group operations; formalization and verification of a specific member of the family of g-SIS models; demonstration that the core properties are logically consistent and mutually independent; and identification of several directions for future extensions. The formalized specification is highly abstract. Besides certain well-formedness requirements that specify, for instance, a user cannot leave a group unless she is a member, it constrains only whether user-level read and write operations are authorized and it does so solely in terms of the history of group operations; join and leave for users and add, create, and remove for objects. This makes temporal logic one of the few formalisms in which the specification can be clearly and concisely expressed. The specification serves as a reference point that is the first step in deriving authorization-system component specifications from which a programmer with little security expertise could implement a high-assurance enforcement system for the specified policy.