Role-Based Access Control Models
Computer
The RSL99 language for role-based separation of duty constraints
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
An architecture for distributed OASIS services
IFIP/ACM International Conference on Distributed systems platforms
Securing context-aware applications using environment roles
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
A model of OASIS role-based access control and its support for active security
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Location Privacy in Pervasive Computing
IEEE Pervasive Computing
Preserving Privacy in Environments with Location-Based Applications
IEEE Pervasive Computing
Cerberus: A Context-Aware Security Scheme for Smart Spaces
PERCOM '03 Proceedings of the First IEEE International Conference on Pervasive Computing and Communications
A Logical Language for Expressing Authorizations
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
SD3: A Trust Management System with Certified Evaluation
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
KNOW Why your access was denied: regulating feedback for usable security
Proceedings of the 11th ACM conference on Computer and communications security
Anonymous Usage of Location-Based Services Through Spatial and Temporal Cloaking
Proceedings of the 1st international conference on Mobile systems, applications and services
Access control to information in pervasive computing environments
HOTOS'03 Proceedings of the 9th conference on Hot Topics in Operating Systems - Volume 9
Lightweight cnsistency enforcement schemes for distributed proofs with hidden subtrees
Proceedings of the 12th ACM symposium on Access control models and technologies
Single-bit re-encryption with applications to distributed proof systems
Proceedings of the 2007 ACM workshop on Privacy in electronic society
The Traust Authorization Service
ACM Transactions on Information and System Security (TISSEC)
Data-centric middleware for context-aware pervasive computing
Pervasive and Mobile Computing
Securing services in nomadic computing environments
Information and Software Technology
Enforcing Safety and Consistency Constraints in Policy-Based Authorization Systems
ACM Transactions on Information and System Security (TISSEC)
Context-aware systems: A literature review and classification
Expert Systems with Applications: An International Journal
Confidentiality-preserving distributed proofs of conjunctive queries
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
xDomain: cross-border proofs of access
Proceedings of the 14th ACM symposium on Access control models and technologies
Effective trust management through a hybrid logical and relational approach
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
On the consistency of distributed proofs with hidden subtrees
ACM Transactions on Information and System Security (TISSEC)
Confidentiality-preserving proof theories for distributed proof systems
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Scalability in a secure distributed proof system
PERVASIVE'06 Proceedings of the 4th international conference on Pervasive Computing
Efficient proving for practical distributed access-control systems
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Hi-index | 0.00 |
There is a recent trend toward rule-based authorization systems to achieve flexible security policies. Also, new sensing technologies in pervasive computing make it possible to define context-sensitive rules, such as ''allow database access only to staff who are currently located in the main office''. However, these rules, or the facts that are needed to verify authority, often involve sensitive context information. This paper presents a secure context-sensitive authorization system that protects confidential information in facts or rules. Furthermore, our system allows multiple hosts in a distributed environment to perform the evaluation of an authorization query in a collaborative way; we do not need a universally trusted central host that maintains all the context information. The core of our approach is to decompose a proof for making an authorization decision into a set of sub-proofs produced on multiple different hosts, while preserving the integrity and confidentiality policies of the mutually untrusted principals operating these hosts. We prove the correctness of our algorithm.