Search results

Data protection requirements heavily increased due to the rising awareness of data security, legal requirements and technological developments. Today, NoSQL databases are increasingly used in security-critical domains. Current survey works on databases and data security only consider authorization and access control in a very general way and do not regard most of today’s sophisticated requirements. Accordingly, the purpose of this paper is to discuss authorization and access control for relational and NoSQL database models in detail with respect to requirements and current state of the art.

This paper follows a systematic literature review approach to study authorization and access control for different database models. Starting with a research on survey works on authorization and access control in databases, the study continues with the identification and definition of advanced authorization and access control requirements, which are generally applicable to any database model. This paper then discusses and compares current database models based on these requirements.

As no survey works consider requirements for authorization and access control in different database models so far, the authors define their requirements. Furthermore, the authors discuss the current state of the art for the relational, key-value, column-oriented, document-based and graph database models in comparison to the defined requirements.

This paper focuses on authorization and access control for various database models, not concrete products. This paper identifies today’s sophisticated – yet general – requirements from the literature and compares them with research results and access control features of current products for the relational and NoSQL database models.

Workflow systems are often associated with business process re‐engineering (BPR). This paper argues that the functional access control requirements in workflow systems are rooted in the scope of a BPR project. A framework for access control in workflow systems is developed. The framework suggests that existing role‐based access control mechanisms can be used as a foundation in workflow systems. The framework separates the administration‐time and the run‐time aspects. Key areas that must be investigated to meet the functional requirements imposed by workflow systems on access control services are identified.

Authorization and access control have been a topic of research for several decades. However, existing definitions are inconsistent and even contradicting each other. Furthermore, there are numerous access control models and even more have recently evolved to conform with the challenging requirements of resource protection. That makes it hard to classify the models and decide for an appropriate one satisfying security needs. Therefore, this study aims to guide through the plenty of access control models in the current state of the art besides this opaque accumulation of terms meaning and how they are related.

This study follows the systematic literature review approach to investigate current research regarding access control models and illustrate the findings of the conducted review. To provide a detailed understanding of the topic, this study identified the need for an additional study on the terms related to the domain of authorization and access control.

The authors’ research results in this paper are the distinction between authorization and access control with respect to definition, strategies, and models in addition to the classification schema. This study provides a comprehensive overview of existing models and an analysis according to the proposed five classes of access control models.

Based on the authors’ definitions of authorization and access control along with their related terms, i.e. authorization strategy, model and policy as well as access control model and mechanism, this study gives an overview of authorization strategies and propose a classification of access control models providing examples for each category. In contrast to other comparative studies, this study discusses more access control models, including the conventional state-of-the-art models and novel ones. This study also summarizes each of the literature works after selecting the relevant ones focusing on the database system domain or providing a survey, a classification or evaluation criteria of access control models. Additionally, the introduced categories of models are analyzed with respect to various criteria that are partly selected from the standard access control system evaluation metrics by the National Institute of Standards and Technology.

Provide a secure solution for web services (WS). A new interoperable and distributed access control for WS is presented.

Based on the separation of the access control (AC) and authorization function.

Mechanisms presented allow seamless integration of external authorization entities in the AC system. The Semantic Policy Language (SPL) developed facilitates specification of policies and semantic policy validation. SPL specifications are modular and can be composed without ambiguity. Also addressed was the problem of the association of policies to resources (WS or their operations) in a dynamic, flexible and automated way.

The ACProxy component is currently under development. Ongoing work is focused on achieving a richer “use control” for some types of WS.

Administrators of WS can specify AC policies and validate them to find syntactic and semantic errors. Components for automated validation of policies at different levels are included. This ensures that the AC policies produce the desired effects, facilitating the creation and maintenance of policies. It also provides mechanisms for the use of interoperable authorizations.

A practical system that provides a secure solution to AC for WS. To the best of one's knowledge, no other system provides mechanisms for semantic validation of policies based on external authorization entities. Likewise, the mechanisms for interoperability of external authorization entities are also novel. The system provides content‐based access control and a secure, decentralized and dynamic solution for authorization that facilitates the management of complex systems and enhances the overall security of the AC.

Web‐based social networks (WBSNs) are today one of the most relevant phenomena related to the advent of Web 2.0. The purpose of this paper is to discuss main security and privacy requirements arising in WBSNs, with a particular focus on access control, and to survey the main research activities carried out in the field. The social networking paradigm is today used not only for recreational purposes; it is also used at the enterprise level as a means to facilitate knowledge sharing and information dissemination both at the internet and at the intranet level. As a result of the widespread use of WBSN services, millions of individuals can today easily share personal and confidential information with an incredible amount of (possible unknown) other users. Clearly, this huge amount of information and the ease with which it can be shared and disseminated pose serious security and privacy concerns.

The paper discusses the main requirements related to access control and privacy enforcement in WBSNs. It presents the protection functionalities provided by today WBSNs and examines the main research proposals defined so far, in view of the identified requirements.

The area of access control and privacy for WBSNs is new and, therefore, many research issues still remain open. The paper provides an overview of some of these new issues.

The paper provides a useful discussion of the main security and privacy requirements arising in WBSNs, with a particular focus on access control. It also surveys the main research activities carried out in the field.

The goal of this paper is to propose a data access control framework that is used for editing MARC‐based bibliographic databases. In cases where the bibliographic record editing activities carried out in libraries are complex and involve many people with different skills and expertise, a way of managing the workflow and data quality is needed. Enforcing access control can contribute to these goals.

The proposed solution for data access control enforcement is based on the well‐studied standard role‐based access control (RBAC) model. The bibliographic data, for the purpose of this system, is represented using the XML language. The software architecture of the access control system is modelled using the Unified Modelling Language (UML).

The access control framework presented in this paper represents a successful application of concepts of role‐based access control to bibliographic databases. The use of XML language for bibliographic data representation provides the means to integrate this solution into many different library information systems, facilitates data exchange and simplifies the software implementation because of the abundance of available XML tools. The solution presented is not dependent on any particular XML schema for bibliographic records and may be used in different library environments. Its flexibility stems from the fact that access control rules can be defined at different levels of granularity and for different XML schemas.

This access control framework is designed to handle XML documents. Library systems that utilise bibliographic databases in other formats not easily convertible to XML would hardly integrate the framework into their environment.

The use of an access control enforcement framework in a bibliographic database can significantly improve the quality of data in organisations where record editing is performed by a large number of people with different skills. The examples of access control enforcement presented in this paper are extracted from the actual workflow for editing bibliographic records in the Belgrade City Library, the largest public city library in Serbia. The software implementation of the proposed framework and its integration in the BISIS library information system prove the practical usability of the framework. BISIS is currently deployed in over 40 university, public, and specialized libraries in Serbia.

A proposal for enforcing access control in bibliographic databases is given, and a software implementation and its integration in a library information system are presented. The proposed framework can be used in library information systems that use MARC‐based cataloguing.

An electronic health record (EHR) enables clinicians to access and share patient information electronically and has the ultimate goal of improving the delivery of healthcare. However, this can create security and privacy risks to patient information. This paper aims to present a model for securing the EHR based on role-based access control (RBAC), attribute-based access control (ABAC) and the Clark-Wilson model.

A systematic literature review was conducted which resulted in the collection of secondary data that was used as the content analysis sample. Using the MAXQDA software program, the secondary data was analysed quantitatively using content analysis, resulting in 2,856 tags, which informed the discussion. An expert review was conducted to evaluate the proposed model using an evaluation framework.

The study found that a combination of RBAC, ABAC and the Clark-Wilson model may be used to secure the EHR. While RBAC is applicable to healthcare, as roles are linked to an organisation’s structure, its lack of dynamic authorisation is addressed by ABAC. Additionally, key concepts of the Clark-Wilson model such as well-formed transactions, authentication, separation of duties and auditing can be used to secure the EHR.

Although previous studies have been based on a combination of RBAC and ABAC, this study also uses key concepts of the Clark-Wilson model for securing the EHR. Countries implementing the EHR can use the model proposed by this study to help secure the EHR while also providing EHR access in a medical emergency.

This paper aims to manage access control tasks to satisfy the user privacy needs of online information resources according to social relations and tags.

The study proposes a method for access control management in the online social context. The proposed method includes the access control policy management process, metadata of access control policies, the data of ontologies, tags, and social relations, and conflict detection rules.

Online information sharing and hiding, which needs to consider social relations and mentioned topics, is a unique context and needs a novel access control mechanism. Ontologies are powerful and expressive enough to identify conflicts in access control policies. The paper provides a method using ontologies to control the access control activities based on social relations and tags on web content. The effectiveness of the method's conflict detection rules is validated through several scenarios.

To make the proposed method suitable for widespread usage, further work is required to develop an access control policy specification and conflict detection tool. The proposed method introduces relatively novel usage scenarios, which consider social relationships, and tags compared with existing access control methods for online information sharing.

The proposed access control mechanism can be integrated into existing web sites. Online users can use this method to share information more easily than at present.

The method enables flexible access control in social contexts and handles unavoidable conflicts. It also opens the way to new access control scenarios in online social activities. The method can be used to keep secrets hidden from selected people.

This work empirically evaluates the effectiveness of the novel ontology-based access-control mechanism and the common password-protected access-control mechanism for social blogs. The paper aims to discuss these issues.

The ontology-based access-control scheme is designed to fit two characteristics of blog activities: social relationships and tags. A laboratory experiment is conducted to assess the perceived privacy benefit and perceived ease of use of the two mechanisms.

Analytical results indicate that, with the ontology-based access-control scheme, users perceive more privacy benefit than with the password-protected access-control scheme. The perceived ease of use with the ontology-based and password-protected access-control systems did not differ significantly.

Cross-boundary collaborations need an appropriate approach to control communication access. Further study is required to evaluate the ontology-based access-control scheme applied in cross-organizational and cross-departmental collaborations.

From a knowledge management perspective, blogs can store personal and organizational knowledge and experiences. The ontology-based access-control scheme encourages knowledge sharing for appropriate persons.

The new ontology-based access-control mechanism can help online users keep secrets from selected people to gain more privacy benefits than the existing password-protected access-control mechanism.

Distributed systems usually contain objects with heterogeneous security requirements that pose important challenges for the underlying security mechanisms and especially in access control systems. Access control in distributed systems often relies on centralised security administration. Existing solutions for distributed access control do not provide the flexibility and manageability required. This paper presents the XML‐based secure content distribution (XSCD) infrastructure, which is based on the production of protected software objects that convey contents (software or data) and can be distributed without further security measures because they embed the access control enforcement mechanism. It also provides means for integrating privilege management infrastructures (PMIs). Semantic information is used in the dynamic instantiation and semantic validation of policies. XSCD is scalable, facilitates the administration of the access control system, guarantees the secure distribution of the contents, enables semantic integration and interoperability of heterogeneous sources, provides persistent protection and allows actions (such as payment) to be bound to the access to objects.