Reasoning about change: time and causation from the standpoint of artificial intelligence
Reasoning about change: time and causation from the standpoint of artificial intelligence
A model of authorization for next-generation database systems
ACM Transactions on Database Systems (TODS)
A glossary of temporal database concepts
ACM SIGMOD Record
PARDES: a data-driven oriented active database model
ACM SIGMOD Record
A framework for distributed authorization
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Authorizations in relational database management systems
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
High assurance discretionary access control for object bases
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
A temporal authorization model
CCS '94 Proceedings of the 2nd ACM Conference on Computer and communications security
Propagation of authorizations in distributed database systems
CCS '94 Proceedings of the 2nd ACM Conference on Computer and communications security
Role-Based Access Control Models
Computer
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
An access control model supporting periodicity constraints and temporal reasoning
ACM Transactions on Database Systems (TODS)
On an algebra for historical relational databases: two views
SIGMOD '85 Proceedings of the 1985 ACM SIGMOD international conference on Management of data
First-class views: a key to user-centered computing
ACM SIGMOD Record
An authorization model for temporal data
Proceedings of the 7th ACM conference on Computer and communications security
Enforcing mandatory and discretionary security in workflow management systems
Journal of Computer Security - Special issue on database security
Authorization specification and enforcement in federated database systems
Journal of Computer Security
A Temporal Access Control Mechanism for Database Systems
IEEE Transactions on Knowledge and Data Engineering
An Authorization Model for a Distributed Hypertext System
IEEE Transactions on Knowledge and Data Engineering
An Approach for Building Secure Database Federations
VLDB '94 Proceedings of the 20th International Conference on Very Large Data Bases
TALE: A Temporal Active Language and Execution Model
CAiSE ;96 Proceedings of the 8th International Conference on Advances Information System Engineering
Security Administration for Federations, Warehouses, and other Derived Data
Proceedings of the IFIP WG 11.3 Thirteenth International Conference on Database Security: Research Advances in Database and Information Systems Security
An Authorization Model for Workflows
ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
Propagating Integrity Information among Interrelated Databases
Proceedings of the IFIP TC11 Working Group 11.5, Second Working Conference on Integrity and Internal Control in Information Systems: Bridging Business Requirements and Research Results
Authorization in Distributed Systems: A Formal Approach
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Policy management using access control spaces
ACM Transactions on Information and System Security (TISSEC)
Concept-level access control for the Semantic Web
Proceedings of the 2003 ACM workshop on XML security
An integrated approach to engineer and enforce context constraints in RBAC environments
ACM Transactions on Information and System Security (TISSEC)
A Generalized Temporal Role-Based Access Control Model
IEEE Transactions on Knowledge and Data Engineering
An Authorization Model for Geospatial Data
IEEE Transactions on Dependable and Secure Computing
A fine-grained, controllable, user-to-user delegation method in RBAC
Proceedings of the tenth ACM symposium on Access control models and technologies
IEEE Transactions on Dependable and Secure Computing
A geotemporal role-based authorisation system
International Journal of Information and Computer Security
CRBAC: Imposing multi-grained constraints on the RBAC model in the multi-application environment
Journal of Network and Computer Applications
Towards formal security analysis of GTRBAC using timed automata
Proceedings of the 14th ACM symposium on Access control models and technologies
Automatic transformations between geoscience standards using XML
Computers & Geosciences
Semantics-aware security policy specification for the semantic web data
International Journal of Information and Computer Security
Towards a times-based usage control model
Proceedings of the 21st annual IFIP WG 11.3 working conference on Data and applications security
A labelling system for derived data control
DBSec'10 Proceedings of the 24th annual IFIP WG 11.3 working conference on Data and applications security and privacy
A task-oriented access control model for WfMS
ISPEC'05 Proceedings of the First international conference on Information Security Practice and Experience
Foundation for a time interval access control model
MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security
Implementation of access control model for distributed information systems using usage control
SIIS'11 Proceedings of the 2011 international conference on Security and Intelligent Information Systems
Deploy, adjust and readjust: supporting dynamic reconfiguration of policy enforcement
Middleware'11 Proceedings of the 12th ACM/IFIP/USENIX international conference on Middleware
Deploy, adjust and readjust: supporting dynamic reconfiguration of policy enforcement
Proceedings of the 12th International Middleware Conference
A modal logic for information system security
AISC '11 Proceedings of the Ninth Australasian Information Security Conference - Volume 116
Hi-index | 0.00 |
The term information portals refers to Web sites that serve as main providers of focused information, gathered from distributed data sources. Gathering and disseminating information through information portals introduce new security challenges. In particular, the authorization specifications, as well as the granting process, are temporal by nature. Also, more often than not, the information provided by the portal is in fact derived from more than one backend data source. Therefore, any authorization model for information portals should support access control based on temporal characteristics of the data, and also should provide tools to prevent indirect unauthorized access through the use of derived data. In this article we focus our attention on devising such an authorization model. The distinguishing features of this model include: (1) the specification of authorizations based on temporal characteristics of data, and (2) a formal framework to derive authorizations in a consistent and safe manner, based on relationships among data.