Observations on the role life-cycle in the context of enterprise security management
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Models for coalition-based access control (CBAC)
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Efficiently Querying Large XML Data Repositories: A Survey
IEEE Transactions on Knowledge and Data Engineering
Communications of the ACM - Web science
Policy decomposition for collaborative access control
Proceedings of the 13th ACM symposium on Access control models and technologies
Hi-index | 0.00 |
Achieving data security over cooperating web services is becoming a reality, but existing xml access control architectures do not consider this federated service computing. In this paper, we consider a federated access control model, in which Data Provider and Policy Enforcers are separated into different organizations; the Data Provider is responsible for evaluating criticality of requested xml documents based on co-occurrence of security objects, and issuing security clearances. The Policy Enforcers enforce access control rules reflecting their organization-specific policies. A user’s query is sent to the Data Provider and she needs to obtain a permission from the Policy Enforcer in her organization to read the results of her query. The Data Provider evaluates the query and also evaluate criticality of the query, where evaluation of sensitiveness is carried out by using clearance rules. In this setting, we present a novel approach, called the diff approach, to evaluate security clearance by the Data Provider. Our technique is build on top of relational framework and utilizes pre-evaluated clearances by taking the differences (or deltas) between query results.