A unified framework for enforcing multiple access control policies
SIGMOD '97 Proceedings of the 1997 ACM SIGMOD international conference on Management of data
Distributed Policies for Data Management Making Policies Mobile
Proceedings of the IFIP TC11/ WG11.3 Fourteenth Annual Working Conference on Database Security: Data and Application Security, Development and Directions
Using attribute certificates with mobile policies in electronic commerce applications
ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
A Logical Language for Expressing Authorizations
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Consistent policy enforcement in distributed systems using mobile policies
Data & Knowledge Engineering - Data and applications security
XML-Based Distributed Access Control System
EC-WEB '02 Proceedings of the Third International Conference on E-Commerce and Web Technologies
Hi-index | 0.00 |
Many access control requirements cannot be automated using traditional mandatory access control (MAC) and discretionary access control (DAC) security mechanisms. Example includes user-attribute (---) based access control and owner-retained access control for handling specially marked data. While several researchers have identified the need for access controls that provide more flexibility than MAC and DAC, the proposed mechanisms for implementing these controls have several shortcomings. In this paper, we describe an access control mechanism that combines attribute certificates permit fine-grained authorisations based on user attributes, such as group membership, rank, and role. Mobile policies allow application-specific policies to move along with the object to other elements of the system. Mobile policies are expressed using an extension to a high-level definition language that we previously proposed in Reference.