A fuzzy document retrieval system using the keyword connection matrix and a learning method
Fuzzy Sets and Systems - Special issue on applications of fuzzy systems theory, Iizuka '88
Role-Based Access Control Models
Computer
Computer Evaluation of Indexing and Text Processing
Journal of the ACM (JACM)
Regulating service access and information release on the Web
Proceedings of the 7th ACM conference on Computer and communications security
SSL and TLS: designing and building secure systems
SSL and TLS: designing and building secure systems
On specifying security policies for web documents with an XML-based language
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
ACM SIGAda Ada Letters
ACM Transactions on Information and System Security (TISSEC)
IEEE Internet Computing
Binding identities and attributes using digitally signed certificates
ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
Requirements for Policy Languages for Trust Negotiation
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Towards Practical Automated Trust Negotiation
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Access Control Meets Public Key Infrastructure, Or: Assigning Roles to Strangers
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
An introduction to trust negotiation
iTrust'03 Proceedings of the 1st international conference on Trust management
Hi-index | 0.00 |
The focus of access control in client/server environments is on protecting sensitive server resources by determining whether or not a client is authorized to access those resources. The set of resources are usually static, and an access control policy associated with each resource specifies who is authorized to access the resource. In this paper, we turn the traditional client/server access control model on its head, and address how to protect the sensitive content that clients disclose to servers. Since client content is dynamically generated at runtime, the usual approach of associating a policy with the resource (content) a priori does not work. In this paper, we propose an access control model for protecting client-side content that is dynamically generated and disclosed at runtime. Our model identifies sensitive content, maps the sensitive content to an access control policy, and establishes the trustworthiness of the server before disclosing the sensitive content to the server. The model targets open systems, where clients and servers do not have preexisting trust relationships. We have implemented the model within TrustBuilder, an architecture for negotiating trust between strangers based on properties other than identity. The implementation is the first example of content-triggered trust negotiation and currently supports access control for sensitive content disclosed by web and email clients.