PeerAccess: a logic for distributed authorization
Proceedings of the 12th ACM conference on Computer and communications security
Towards reasonability properties for access-control policy languages
Proceedings of the eleventh ACM symposium on Access control models and technologies
A survey of autonomic communications
ACM Transactions on Autonomous and Adaptive Systems (TAAS)
Audit-Based Access Control for Electronic Health Records
Electronic Notes in Theoretical Computer Science (ENTCS)
A posteriori compliance control
Proceedings of the 12th ACM symposium on Access control models and technologies
Engineering Trust Management into Software Models
MISE '07 Proceedings of the International Workshop on Modeling in Software Engineering
A type discipline for authorization policies
ACM Transactions on Programming Languages and Systems (TOPLAS) - Special Issue ESOP'05
Security policy analysis using deductive spreadsheets
Proceedings of the 2007 ACM workshop on Formal methods in security engineering
Journal of the ACM (JACM)
Integration of rules and policies for Semantic Web Services
International Journal of Advanced Media and Communication
International Journal of Web and Grid Services
Offline count-limited certificates
Proceedings of the 2008 ACM symposium on Applied computing
Detecting and resolving policy misconfigurations in access-control systems
Proceedings of the 13th ACM symposium on Access control models and technologies
Using First-Order Logic to Reason about Policies
ACM Transactions on Information and System Security (TISSEC)
Authorization in trust management: Features and foundations
ACM Computing Surveys (CSUR)
A Logical Approach to Dynamic Role-Based Access Control
AIMSA '08 Proceedings of the 13th international conference on Artificial Intelligence: Methodology, Systems, and Applications
Towards Role Based Trust Management without Distributed Searching of Credentials
ICICS '08 Proceedings of the 10th International Conference on Information and Communications Security
A Model-Driven Approach for the Specification and Analysis of Access Control Policies
OTM '08 Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part II on On the Move to Meaningful Internet Systems
Expressive policy analysis with enhanced system dynamicity
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Trust Management and Trust Negotiation in an Extension of SQL
Trustworthy Global Computing
Patient-centric authorization framework for sharing electronic health records
Proceedings of the 14th ACM symposium on Access control models and technologies
Trust negotiation: authorization for virtual organizations
Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies
Security and trust in virtual healthcare communities
Proceedings of the 2nd International Conference on PErvasive Technologies Related to Assistive Environments
Computer Standards & Interfaces
The role of abduction in declarative authorization policies
PADL'08 Proceedings of the 10th international conference on Practical aspects of declarative languages
An introduction to the role based trust management framework RT
Foundations of security analysis and design IV
A logic for state-modifying authorization policies
ACM Transactions on Information and System Security (TISSEC)
Dynamic policy based model for trust based access control in P2P applications
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
SecPAL: Design and semantics of a decentralized authorization language
Journal of Computer Security - Digital Identity Management (DIM 2007)
Negotiating and delegating obligations
Proceedings of the International Conference on Management of Emergent Digital EcoSystems
Relationship-based access control: protection model and policy language
Proceedings of the first ACM conference on Data and application security and privacy
Detecting and resolving policy misconfigurations in access-control systems
ACM Transactions on Information and System Security (TISSEC)
Nexus authorization logic (NAL): Design rationale and applications
ACM Transactions on Information and System Security (TISSEC)
Relationship-based access control policies and their policy languages
Proceedings of the 16th ACM symposium on Access control models and technologies
An approach to modular and testable security models of real-world health-care applications
Proceedings of the 16th ACM symposium on Access control models and technologies
Securing electronic medical records using attribute-based encryption on mobile devices
Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
STM'10 Proceedings of the 6th international conference on Security and trust management
Stateful authorization logic: proof theory and a case study
STM'10 Proceedings of the 6th international conference on Security and trust management
Opacity analysis in trust management systems
ISC'11 Proceedings of the 14th international conference on Information security
Relaxed safeness in Datalog-based policies
RuleML'11 Proceedings of the 5th international conference on Rule-based modeling and computing on the semantic web
Trust management with safe privilege propagation
APPT'05 Proceedings of the 6th international conference on Advanced Parallel Processing Technologies
Distributed access control for grid environments using trust management approach
ISPA'05 Proceedings of the 2005 international conference on Parallel and Distributed Processing and Applications
Context-aware regulation of context-aware mobile services in pervasive computing environments
ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part IV
Specifying and reasoning about dynamic access-control policies
IJCAR'06 Proceedings of the Third international joint conference on Automated Reasoning
A type discipline for authorization policies
ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems
Towards more controllable and practical delegation
MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security
A calculus for trust management
FSTTCS'04 Proceedings of the 24th international conference on Foundations of Software Technology and Theoretical Computer Science
Compiling constraint handling rules for efficient tabled evaluation
PADL'07 Proceedings of the 9th international conference on Practical Aspects of Declarative Languages
Bring efficient connotation expressible policies to trust management
ICICS'09 Proceedings of the 11th international conference on Information and Communications Security
Baby careware: a online secured health consultant
APWeb'12 Proceedings of the 14th Asia-Pacific international conference on Web Technologies and Applications
Comparison of Response Times of a Mobile-Web EHRs System Using PHP and JSP Languages
Journal of Medical Systems
Efficient proving for practical distributed access-control systems
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
A logic for state-modifying authorization policies
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Stateful authorization logic --Proof theory and a case study
Journal of Computer Security - STM'10
Formal verification of security properties in trust management policy
Journal of Computer Security
Information flow in trust management systems
Journal of Computer Security - CSF 2010
Hi-index | 0.00 |
We study the specification of access control policy inlarge-scale distributed systems. We present Cassandra, alanguage and system for expressing policy, and the resultsof a substantial case study, a security policy for a nationalElectronic Health Record system, based on the requirementsfor the ongoing UK National Health Service procurementexercise.Cassandra policies are expressed in a language based onDatalog with constraints. The expressiveness of the language(and its computational complexity) can be tuned bychoosing an appropriate constraint domain. Cassandra isrole-based; it supports credential-based access control (e.g.between administrative domains); and rules can refer to remotepolicies (for automatic credential retrieval and trustnegotiation). Moreover, the policy language is small, andit has a formal semantics for query evaluation and for theaccess control engine.For the case study we choose a constraint domain C驴 thatis sufficiently expressive to encode many policy idioms. Thecase study turns out to require many subtle variants of these;it is important to express this variety smoothly, rather thanadd them as ad hoc features. By ensuring only a constraintcompact fragment of C驴 is used, we guarantee a finite andcomputable fixed-point model. We use a top-down evaluationalgorithm, for efficiency and to guarantee termination.The case study (with some 310 rules and 58 roles) demonstratesthat this language is expressive enough for a real-worldapplication; preliminary results suggest that the performanceshould be acceptable.