A Content-Based Authorization Model for Digital Libraries

Authors:
N. R. Adam;V. Atluri;E. Bertino;E. Ferrari
Affiliations:
-;-;-;-
Venue:
IEEE Transactions on Knowledge and Data Engineering
Year:
2002

Citing 23
Cited 36

Access control policies:some unanswered questions

Computers and Security
A model of authorization for next-generation database systems

ACM Transactions on Database Systems (TODS)
A distributed object-oriented database system supporting shared and private databases

ACM Transactions on Information Systems (TOIS)
Network security: private communication in a public world

Network security: private communication in a public world
Role-Based Access Control Models

Computer
The management of computer security profiles using a role-oriented approach

Computers and Security
Strategic directions in electronic commerce and digital libraries: towards a digital agora

ACM Computing Surveys (CSUR) - Special ACM 50th-anniversary issue: strategic directions in computing research
Secure computing: threats and safeguards

Secure computing: threats and safeguards
Extractors for digital library objects

Extractors for digital library objects
Principles of multimedia database systems

Principles of multimedia database systems
A hierarchical access control scheme for digital libraries

Proceedings of the third ACM conference on Digital libraries
Conceptual schema analysis: techniques and applications

ACM Transactions on Database Systems (TODS)
An access control model supporting periodicity constraints and temporal reasoning

ACM Transactions on Database Systems (TODS)
A flexible authorization mechanism for relational data management systems

ACM Transactions on Information Systems (TOIS)
Using digital credentials on the World Wide Web

Journal of Computer Security - Special issue on security in the World Wide Web
A Temporal Access Control Mechanism for Database Systems

IEEE Transactions on Knowledge and Data Engineering
An Authorization Model for a Distributed Hypertext System

IEEE Transactions on Knowledge and Data Engineering
An Extended Authorization Model for Relational Databases

IEEE Transactions on Knowledge and Data Engineering
An Approach for Building Secure Database Federations

VLDB '94 Proceedings of the 20th International Conference on Very Large Data Bases
An Authorization Model for Workflows

ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
A Logical Framework for Reasoning on Data Access Control Policies

CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
Safeguarding Digital Library Contents and Users: Protecting DocumentsRather Than Channels

Safeguarding Digital Library Contents and Users: Protecting DocumentsRather Than Channels
A logic-based approach for enforcing access control[1]A preliminary version of this paper appears in the Proceedings of the 5th European Symposium on Research in Computer Security (ESORICS’98), Louvain-La-Neuve, Belgium, September 1998 under the title “An Authorization Model and its Formal Semantics”.

Journal of Computer Security

SI in digital libraries

Communications of the ACM
An access control model for video database systems

Proceedings of the ninth international conference on Information and knowledge management
Secure and selective dissemination of XML documents

ACM Transactions on Information and System Security (TISSEC)
A logical framework for reasoning about access control models

ACM Transactions on Information and System Security (TISSEC)
A hierarchical access control model for video database systems

ACM Transactions on Information Systems (TOIS)
An authorization system for digital libraries

The VLDB Journal — The International Journal on Very Large Data Bases
An approach to engineer and enforce context constraints in an RBAC environment

Proceedings of the eighth ACM symposium on Access control models and technologies
Concept-level access control for the Semantic Web

Proceedings of the 2003 ACM workshop on XML security
An integrated approach to engineer and enforce context constraints in RBAC environments

ACM Transactions on Information and System Security (TISSEC)
An Authorization Model for Geospatial Data

IEEE Transactions on Dependable and Secure Computing
Preserving mobile customer privacy: an access control system for moving objects and customer profiles

Proceedings of the 6th international conference on Mobile data management
VideoAcM: a transitive and temporal access control mechanism for collaborative video database production applications

Multimedia Tools and Applications
TrustBAC: integrating trust relationships into the RBAC model for access control in open systems

Proceedings of the eleventh ACM symposium on Access control models and technologies
Multimedia-based authorization and access control policy specification

Proceedings of the 3rd ACM workshop on Secure web services
A multimedia access control language for virtual and ambient intelligence environments

Proceedings of the 2007 ACM workshop on Secure web services
MCSE: a multimedia context-based security engine

EDBT '08 Proceedings of the 11th international conference on Extending database technology: Advances in database technology
A geotemporal role-based authorisation system

International Journal of Information and Computer Security
A criterion-based multilayer access control approach for multimedia applications and the implementation considerations

ACM Transactions on Multimedia Computing, Communications, and Applications (TOMCCAP)
RBAC-based access control for privacy protection in pervasive environments

Proceedings of the 3rd International Conference on Ubiquitous Information Management and Communication
Specification and enforcement of flexible security policy for active cooperation

Information Sciences: an International Journal
Detecting Inference Channels in Private Multimedia Data via Social Networks

Proceedings of the 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security XXIII
Automatic transformations between geoscience standards using XML

Computers & Geosciences
Context RBAC/MAC access control for ubiquitous environment

DASFAA'07 Proceedings of the 12th international conference on Database systems for advanced applications
A General Framework for Web Content Filtering

World Wide Web
Integrating constraints to support legally flexible business processes

Information Systems Frontiers
Credential-Based policies management in an access control framework protecting XML resources

ISCIS'06 Proceedings of the 21st international conference on Computer and Information Sciences
A framework for flexible access control in digital library systems

DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
Authrule: a generic rule-based authorization module

DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
Specifying an access control model for ontologies for the semantic web

SDM'05 Proceedings of the Second VDLB international conference on Secure Data Management
A hybrid approach for personalized recommendation of news on the Web

Expert Systems with Applications: An International Journal
A semantic context-aware access control in pervasive environments

ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part II
Ontology-Based policy specification and management

ESWC'05 Proceedings of the Second European conference on The Semantic Web: research and Applications
A flexible framework for content-based access management for federated digital libraries

ECDL'05 Proceedings of the 9th European conference on Research and Advanced Technology for Digital Libraries
A standards-based approach for supporting dynamic access policies for a federated digital library

ICADL'05 Proceedings of the 8th international conference on Asian Digital Libraries: implementing strategies and sharing experiences
A graph-based formalism for controlling access to a digital library ontology

CISIM'12 Proceedings of the 11th IFIP TC 8 international conference on Computer Information Systems and Industrial Management
A semantic authorization model for pervasive healthcare

Journal of Network and Computer Applications

Quantified Score

Hi-index	0.03

Visualization

Abstract

Digital Libraries (DLs) introduce several challenging requirements with respect to the formulation, specification, and enforcement of adequate data protection policies. Unlike conventional database environments, a DL environment typically is characterized by dynamic user population, often making accesses from remote locations, and by an extraordinarily large amount of multimedia information, stored in a variety of formats. Moreover, in a DL environment, access policies are often specified based on user qualifications and characteristics, rather than user identity (for example, a user can be given access to an R-rated video only if he/she is older than 18 years). Another crucial requirement is the support for content-dependent authorizations on digital library objects (for example, all documents containing discussions on how to operate guns must be made available only to users who are 18 or older). Since traditional authorization models do not adequately meet access control requirements typical to DLs, in this paper, we propose a content-based authorization model suitable for a DL environment. Specifically, the most innovative features of our authorization model are: 1) flexible specification of authorizations based on the qualifications and characteristics of users (including positive and negative), 2) both content-dependent and content-independent access control to digital library objects, and 3) varying granularity of authorization objects ranging from sets of library objects to specific portions of objects.