Access control with IBM Tivoli access manager
ACM Transactions on Information and System Security (TISSEC)
A case study of separation of duty properties in the context of the Austrian "eLaw" process.
Proceedings of the 2005 ACM symposium on Applied computing
Model driven security: From UML models to access control infrastructures
ACM Transactions on Software Engineering and Methodology (TOSEM)
The secondary and approximate authorization model and its application to Bell-LaPadula policies
Proceedings of the eleventh ACM symposium on Access control models and technologies
Constraint generation for separation of duty
Proceedings of the eleventh ACM symposium on Access control models and technologies
A comparison of two privacy policy languages: EPAL and XACML
Proceedings of the 3rd ACM workshop on Secure web services
Automated xacml policy reconfiguration for evaluation optimisation
Proceedings of the fourth international workshop on Software engineering for secure systems
Xengine: a fast and scalable XACML policy evaluation engine
SIGMETRICS '08 Proceedings of the 2008 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
PERMIS: a modular authorization infrastructure
Concurrency and Computation: Practice & Experience - UK e-Science All Hands Meeting 2006
ProActive Access Control for Business Process-Driven Environments
ACSAC '08 Proceedings of the 2008 Annual Computer Security Applications Conference
ProActive Caching: Generating Caching Heuristics for Business Process Environments
CSE '09 Proceedings of the 2009 International Conference on Computational Science and Engineering - Volume 03
Introducing concurrency in policy-based access control
Proceedings of the 8th Workshop on Middleware for Next Generation Internet Computing
| Hi-index | 0.00 |
Business requirements for modern enterprise systems usually comprise a variety of dynamic constraints, i.e., constraints that require a complex set of context information only available at runtime. Thus, the efficient evaluation of dynamic constraints, e.g., expressing separation of duties requirements, becomes an important factor for the overall performance of the access control enforcement. In distributed systems, e. g., based on the service-oriented architecture (soa), the time for evaluating access control constraints depends significantly on the protocol between the central Policy Decision Point (pdp) and the distributed Policy Enforcement Points (peps). In this paper, we present a policy-driven approach for generating customized protocol for the communication between the pdp and the peps. We provide a detailed comparison of several approaches for querying context information during the evaluation of access control constraints.