Towards a theory of declarative knowledge
Foundations of deductive databases and logic programming
On the declarative semantics of deductive databases and logic programs
Foundations of deductive databases and logic programming
The alternating fixpoint of logic programs with negation
PODS '89 Proceedings of the eighth ACM SIGACT-SIGMOD-SIGART symposium on Principles of database systems
A model of authorization for next-generation database systems
ACM Transactions on Database Systems (TODS)
Access control for collaborative environments
CSCW '92 Proceedings of the 1992 ACM conference on Computer-supported cooperative work
Authorizations in relational database management systems
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Argos—a configurable access control system for interoperable environments
Proceedings of the ninth annual IFIP TC11 WG11.3 working conference on Database security IX : status and prospects: status and prospects
ACM Transactions on Database Systems (TODS)
An authorization mechanism for a relational database system
ACM Transactions on Database Systems (TODS)
A Temporal Access Control Mechanism for Database Systems
IEEE Transactions on Knowledge and Data Engineering
An Extended Authorization Model for Relational Databases
IEEE Transactions on Knowledge and Data Engineering
An Approach for Building Secure Database Federations
VLDB '94 Proceedings of the 20th International Conference on Very Large Data Bases
Rights in an Object-Oriented Environment
Results of the IFIP WG 11.3 Workshop on Database Security V: Status and Prospects
Supporting Multiple Access Control Policies in Database Systems
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Information systems research at George Mason University
ACM SIGMOD Record
History-based access control for mobile code
CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
An access control model supporting periodicity constraints and temporal reasoning
ACM Transactions on Database Systems (TODS)
Belief reasoning in MLS deductive databases
SIGMOD '99 Proceedings of the 1999 ACM SIGMOD international conference on Management of data
Dynamic rights: safe extensible access control
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Integrated constraints and inheritance in DTAC
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
XML document security based on provisional authorization
Proceedings of the 7th ACM conference on Computer and communications security
Regulating service access and information release on the Web
Proceedings of the 7th ACM conference on Computer and communications security
An access control model for simplifying constraint expression
Proceedings of the 7th ACM conference on Computer and communications security
A modular approach to composing access control policies
Proceedings of the 7th ACM conference on Computer and communications security
Fine grained access control for SOAP E-services
Proceedings of the 10th international conference on World Wide Web
Securing context-aware applications using environment roles
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
A logical framework for reasoning about access control models
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
A graphical definition of authorization schema in the DTAC model
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
History-based access control for mobile code
Secure Internet programming
Flexible support for multiple access control policies
ACM Transactions on Database Systems (TODS)
Practical safety in flexible access control models
ACM Transactions on Information and System Security (TISSEC)
Policy algebras for access control: the propositional case
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Role-based access control and the access control matrix
ACM SIGOPS Operating Systems Review
An agreement centric access control mechanism for business to business e-commerce
Proceedings of the 2002 ACM symposium on Applied computing
Going beyond MAC and DAC using mobile policies
Sec '01 Proceedings of the 16th international conference on Information security: Trusted information: the new decade challenge
A uniform framework for regulating service access and information release on the web
Journal of Computer Security
A logical framework for reasoning about access control models
ACM Transactions on Information and System Security (TISSEC)
Delegation logic: A logic-based approach to distributed authorization
ACM Transactions on Information and System Security (TISSEC)
Nonmonotonic Logic Programming
IEEE Transactions on Knowledge and Data Engineering
Recovery from Malicious Transactions
IEEE Transactions on Knowledge and Data Engineering
EDBT '00 Proceedings of the 7th International Conference on Extending Database Technology: Advances in Database Technology
The Policy Machine for Security Policy Management
ICCS '01 Proceedings of the International Conference on Computational Science-Part II
A Knowledge-Based Approach to Internet Authorizations
ACISP '01 Proceedings of the 6th Australasian Conference on Information Security and Privacy
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Data Protection by Logic Programming
CL '00 Proceedings of the First International Conference on Computational Logic
An Access Control Model for Tree Data Structures
ISC '02 Proceedings of the 5th International Conference on Information Security
EROICA: A Rule-Based Approach to Organizational Policy Management in Workflow Systems
WAIM '02 Proceedings of the Third International Conference on Advances in Web-Age Information Management
A propositional policy algebra for access control
ACM Transactions on Information and System Security (TISSEC)
Manageable access control for CORBA
Journal of Computer Security - Special issue on ESORICS 2000
Cooperative role-based administration
Proceedings of the eighth ACM symposium on Access control models and technologies
Partial outsourcing: a new paradigm for access control
Proceedings of the eighth ACM symposium on Access control models and technologies
Dynamic access control: preserving safety and trust for network defense operations
Proceedings of the eighth ACM symposium on Access control models and technologies
A Logic-based Knowledge Representation for Authorization with Delegation
CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
A Logical Framework for Reasoning on Data Access Control Policies
CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
Efficient damage assessment and repair in resilient distributed database systems
Das'01 Proceedings of the fifteenth annual working conference on Database and application security
ODAR: an on-the-fly damage assessment and repair system for commercial database applications
Das'01 Proceedings of the fifteenth annual working conference on Database and application security
Regulating access to XML documents
Das'01 Proceedings of the fifteenth annual working conference on Database and application security
Rights protection for relational data
Proceedings of the 2003 ACM SIGMOD international conference on Management of data
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Multi-Phase Damage Confinement in Database Systems for Intrusion Tolerance
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Authentic data publication over the internet
Journal of Computer Security - IFIP 2000
Secure mediation: requirements, design, and architecture
Journal of Computer Security - IFIP 2000
Generalized Role-Based Access Control
ICDCS '01 Proceedings of the The 21st International Conference on Distributed Computing Systems
A System to Specify and Manage Multipolicy Access Control Models
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Role-based authorization in decentralized health care environments
Proceedings of the 2003 ACM symposium on Applied computing
A unified security framework for networked applications
Proceedings of the 2003 ACM symposium on Applied computing
An access control framework for business processes for web services
Proceedings of the 2003 ACM workshop on XML security
Authorization Translation for XML Document Transformation
World Wide Web
Role-based access control in ambient and remote space
Proceedings of the ninth ACM symposium on Access control models and technologies
Towards a credential-based implementation of compound access control policies
Proceedings of the ninth ACM symposium on Access control models and technologies
Specifying access control policies for XML documents with XPath
Proceedings of the ninth ACM symposium on Access control models and technologies
A compressed accessibility map for XML
ACM Transactions on Database Systems (TODS)
Modular authorization and administration
ACM Transactions on Information and System Security (TISSEC)
Rights Protection for Relational Data
IEEE Transactions on Knowledge and Data Engineering
Using certified policies to regulate E-commerce transactions
ACM Transactions on Internet Technology (TOIT)
Rights Protection for Categorical Data
IEEE Transactions on Knowledge and Data Engineering
Query execution assurance for outsourced databases
VLDB '05 Proceedings of the 31st international conference on Very large data bases
Secure resource description framework: an access control model
Proceedings of the eleventh ACM symposium on Access control models and technologies
Towards reasonability properties for access-control policy languages
Proceedings of the eleventh ACM symposium on Access control models and technologies
Redirection policies for mission-based information sharing
Proceedings of the eleventh ACM symposium on Access control models and technologies
Ubiquitous computing environments and its usage access control
InfoScale '06 Proceedings of the 1st international conference on Scalable information systems
Real-time data attack isolation for commercial database applications
Journal of Network and Computer Applications
A reconstruction-based algorithm for classification rules hiding
ADC '06 Proceedings of the 17th Australasian Database Conference - Volume 49
A method for access authorisation through delegation networks
ACSW Frontiers '06 Proceedings of the 2006 Australasian workshops on Grid computing and e-research - Volume 54
Supporting access control policies across multiple operating systems
Proceedings of the 43rd annual Southeast regional conference - Volume 2
On the modeling and analysis of obligations
Proceedings of the 13th ACM conference on Computer and communications security
A posteriori compliance control
Proceedings of the 12th ACM symposium on Access control models and technologies
Compressed accessibility map: efficient access control for XML
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
A real-time intrusion prevention system for commercial enterprise databases and file systems
AIKED'05 Proceedings of the 4th WSEAS International Conference on Artificial Intelligence, Knowledge Engineering Data Bases
A real-time intrusion prevention system for commercial enterprise databases
SEPADS'05 Proceedings of the 4th WSEAS International Conference on Software Engineering, Parallel & Distributed Systems
Role engineering: From design to evolution of security schemes
Journal of Systems and Software
Access control management for ubiquitous computing
Future Generation Computer Systems
A real-time intrusion prevention system for commercial enterprise databases and file systems
MMACTEE'08 Proceedings of the 10th WSEAS International Conference on Mathematical Methods and Computational Techniques in Electrical Engineering
KES '07 Knowledge-Based Intelligent Information and Engineering Systems and the XVII Italian Workshop on Neural Networks on Proceedings of the 11th International Conference
Authorization and Obligation Policies in Dynamic Systems
ICLP '08 Proceedings of the 24th International Conference on Logic Programming
Access Control Management for SCADA Systems
IEICE - Transactions on Information and Systems
Expressive policy analysis with enhanced system dynamicity
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Analysis of virtual machine system policies
Proceedings of the 14th ACM symposium on Access control models and technologies
PolicyGlobe: a framework for integrating network and operating system security policies
Proceedings of the 2nd ACM workshop on Assurable and usable security configuration
Proceedings of the 2009 ACM workshop on Secure web services
Security-enhanced OSGi service environments
IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews
Distributed and Parallel Databases
Joining privately on outsourced data
SDM'10 Proceedings of the 7th VLDB conference on Secure data management
Damage assessment and repair in attack resilient distributed database systems
Computer Standards & Interfaces
Security rules versus security properties
ICISS'10 Proceedings of the 6th international conference on Information systems security
An intelligent information sharing control system for dynamic collaborations
Proceedings of the 8th International Conference on Frontiers of Information Technology
More than skin deep: measuring effects of the underlying model on access-control system usability
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Privacy preservation for associative classification: an approximation algorithm
International Journal of Business Intelligence and Data Mining
Rewrite specifications of access control policies in distributed environments
STM'10 Proceedings of the 6th international conference on Security and trust management
Towards secure XML document with usage control
APWeb'05 Proceedings of the 7th Asia-Pacific web conference on Web Technologies Research and Development
Defining and measuring policy coverage in testing access control policies
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
Protecting personal data with various granularities: a logic-based access control approach
CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II
Secure model management operations for the web
DBSec'05 Proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security
Data protection in distributed database systems
ISMIS'05 Proceedings of the 15th international conference on Foundations of Intelligent Systems
Securing data accountability in decentralized systems
OTM'06 Proceedings of the 2006 international conference on On the Move to Meaningful Internet Systems: AWeSOMe, CAMS, COMINF, IS, KSinBIT, MIOS-CIAO, MONET - Volume Part I
Interactive credential negotiation for stateful business processes
iTrust'05 Proceedings of the Third international conference on Trust Management
Secure and efficient information sharing in multi-university E-Learning environments
ICWL'07 Proceedings of the 6th international conference on Advances in web based learning
Protecting disseminative information in E-Learning
ICWL'07 Proceedings of the 6th international conference on Advances in web based learning
Towards remote policy enforcement for runtime protection of mobile code using trusted computing
IWSEC'06 Proceedings of the 1st international conference on Security
Formal specification and validation of security policies
FPS'11 Proceedings of the 4th Canada-France MITACS conference on Foundations and Practice of Security
Subset selection approach for watermarking relational databases
ICDEM'10 Proceedings of the Second international conference on Data Engineering and Management
Pragmatic XML access control using off-the-shelf RDBMS
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
DEAL: A Distributed Authorization Language for Ambient Intelligence
International Journal of Ambient Computing and Intelligence
Least-restrictive enforcement of the Chinese wall security policy
Proceedings of the 18th ACM symposium on Access control models and technologies
Enabling dynamic security policy in the java security manager
FPS'12 Proceedings of the 5th international conference on Foundations and Practice of Security
Incremental processing and indexing for k, e-anonymisation
International Journal of Information and Computer Security
Extensible policy framework for heterogeneous network environments
International Journal of Information and Computer Security
Hi-index | 0.00 |
Although several access control policies can be devised for controlling access to information, all existing authorization models, and the corresponding enforcement mechanisms, are based on a specific policy (usually the closed policy). As a consequence, although different policy choices are possible in theory, in practice only a specific policy can be actually applied within a given system. However, protection requirements within a system can vary dramatically, and no single policy may simultaneously satisfy them all.In this paper we present a flexible authorization manager (FAM) that can enforce multiple access control policies within a single, unified system. FAM is based on a language through which users can specify authorizations and access control policies to be applied in controlling execution of specific actions on given objects. We formally define the language and properties required to hold on the security specifications and prove that this language can express all security specifications. Furthermore, we show that all programs expressed in this language (called FAM/CAM-programs) are also guaranteed to be consistent (i.e., no conflicting access decisions occur) and CAM-programs are complete (i.e., every access is either authorized or denied). We then illustrate how several well-known protection policies proposed in the literature can be expressed in the FAM/CAM language and how users can customize the access control by specifying their own policies. The result is an access control mechanism which is flexible, since different access control policies can all coexist in the same data system, and extensible, since it can be augmented with any new policy a specific application or user may require.