The NIST model for role-based access control: towards a unified standard
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
A network-centric design for relationship-based security and access control
Journal of Computer Security - Special issue on security in the World Wide Web
Configuring role-based access control to enforce mandatory and discretionary access control policies
ACM Transactions on Information and System Security (TISSEC)
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Flexible support for multiple access control policies
ACM Transactions on Database Systems (TODS)
A fine-grained access control system for XML documents
ACM Transactions on Information and System Security (TISSEC)
Going beyond MAC and DAC using mobile policies
Sec '01 Proceedings of the 16th international conference on Information security: Trusted information: the new decade challenge
An efficient software protection scheme
Sec '01 Proceedings of the 16th international conference on Information security: Trusted information: the new decade challenge
The Ponder Policy Specification Language
POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
The PERMIS X.509 role based privilege management infrastructure
Future Generation Computer Systems - Special section: Selected papers from the TERENA networking conference 2002
Integrity issues in the Web: beyond distributed databases
Database integrity
A Logical Language for Expressing Authorizations
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Certificate-based access control for widely distributed resources
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Secure Content Distribution for Digital Libraries
ICADL '02 Proceedings of the 5th International Conference on Asian Digital Libraries: Digital Libraries: People, Knowledge, and Technology
Integrating PMI services in CORBA applications
Computer Standards & Interfaces - CORBA: protocols, applications, process models and standards
X-RDR: a role-based delegation processor for web-based information systems
ACM SIGOPS Operating Systems Review
A flexible delegation processor for web-based information systems
Computer Standards & Interfaces
A semantic approach for access control in web services
EuroWeb'02 Proceedings of the 2002 international conference on EuroWeb
Hi-index | 0.00 |
The use of attribute certificates andthe concept of mobile policies have been proposed to overcome some of the limitations of the role based access control (RBAC) paradigm and to implement security requirements such as the "originator controlled" (ORCON) policy. Mobile policies are attached to the data that they control and enforced by their execution in trusted servers. In this paper we extend this idea to allow the execution of the policies in untrusted systems. Our extension allows policies to be bound to the data but not attached to. Through this modification security administrators are able to change policies dynamically and transparently. Additionally, we introduce X-ACS, an XML-based language designedto express policies in a simple and unambiguous way overcoming the limitations of other approaches. Important features of X-ACS are that it can be used by processors with limited capabilities such as smart cards while allowing the automated validation of policies.