Search results

Provide a secure solution for web services (WS). A new interoperable and distributed access control for WS is presented.

Based on the separation of the access control (AC) and authorization function.

Mechanisms presented allow seamless integration of external authorization entities in the AC system. The Semantic Policy Language (SPL) developed facilitates specification of policies and semantic policy validation. SPL specifications are modular and can be composed without ambiguity. Also addressed was the problem of the association of policies to resources (WS or their operations) in a dynamic, flexible and automated way.

The ACProxy component is currently under development. Ongoing work is focused on achieving a richer “use control” for some types of WS.

Administrators of WS can specify AC policies and validate them to find syntactic and semantic errors. Components for automated validation of policies at different levels are included. This ensures that the AC policies produce the desired effects, facilitating the creation and maintenance of policies. It also provides mechanisms for the use of interoperable authorizations.

A practical system that provides a secure solution to AC for WS. To the best of one's knowledge, no other system provides mechanisms for semantic validation of policies based on external authorization entities. Likewise, the mechanisms for interoperability of external authorization entities are also novel. The system provides content‐based access control and a secure, decentralized and dynamic solution for authorization that facilitates the management of complex systems and enhances the overall security of the AC.

This paper aims to manage access control tasks to satisfy the user privacy needs of online information resources according to social relations and tags.

The study proposes a method for access control management in the online social context. The proposed method includes the access control policy management process, metadata of access control policies, the data of ontologies, tags, and social relations, and conflict detection rules.

Online information sharing and hiding, which needs to consider social relations and mentioned topics, is a unique context and needs a novel access control mechanism. Ontologies are powerful and expressive enough to identify conflicts in access control policies. The paper provides a method using ontologies to control the access control activities based on social relations and tags on web content. The effectiveness of the method's conflict detection rules is validated through several scenarios.

To make the proposed method suitable for widespread usage, further work is required to develop an access control policy specification and conflict detection tool. The proposed method introduces relatively novel usage scenarios, which consider social relationships, and tags compared with existing access control methods for online information sharing.

The proposed access control mechanism can be integrated into existing web sites. Online users can use this method to share information more easily than at present.

The method enables flexible access control in social contexts and handles unavoidable conflicts. It also opens the way to new access control scenarios in online social activities. The method can be used to keep secrets hidden from selected people.

Distributed systems usually contain objects with heterogeneous security requirements that pose important challenges for the underlying security mechanisms and especially in access control systems. Access control in distributed systems often relies on centralised security administration. Existing solutions for distributed access control do not provide the flexibility and manageability required. This paper presents the XML‐based secure content distribution (XSCD) infrastructure, which is based on the production of protected software objects that convey contents (software or data) and can be distributed without further security measures because they embed the access control enforcement mechanism. It also provides means for integrating privilege management infrastructures (PMIs). Semantic information is used in the dynamic instantiation and semantic validation of policies. XSCD is scalable, facilitates the administration of the access control system, guarantees the secure distribution of the contents, enables semantic integration and interoperability of heterogeneous sources, provides persistent protection and allows actions (such as payment) to be bound to the access to objects.

Authorization and access control have been a topic of research for several decades. However, existing definitions are inconsistent and even contradicting each other. Furthermore, there are numerous access control models and even more have recently evolved to conform with the challenging requirements of resource protection. That makes it hard to classify the models and decide for an appropriate one satisfying security needs. Therefore, this study aims to guide through the plenty of access control models in the current state of the art besides this opaque accumulation of terms meaning and how they are related.

This study follows the systematic literature review approach to investigate current research regarding access control models and illustrate the findings of the conducted review. To provide a detailed understanding of the topic, this study identified the need for an additional study on the terms related to the domain of authorization and access control.

The authors’ research results in this paper are the distinction between authorization and access control with respect to definition, strategies, and models in addition to the classification schema. This study provides a comprehensive overview of existing models and an analysis according to the proposed five classes of access control models.

Based on the authors’ definitions of authorization and access control along with their related terms, i.e. authorization strategy, model and policy as well as access control model and mechanism, this study gives an overview of authorization strategies and propose a classification of access control models providing examples for each category. In contrast to other comparative studies, this study discusses more access control models, including the conventional state-of-the-art models and novel ones. This study also summarizes each of the literature works after selecting the relevant ones focusing on the database system domain or providing a survey, a classification or evaluation criteria of access control models. Additionally, the introduced categories of models are analyzed with respect to various criteria that are partly selected from the standard access control system evaluation metrics by the National Institute of Standards and Technology.

This paper seeks to investigate how the concept of a trust level is used in the access control policy of a web services provider in conjunction with the attributes of users.

A literature review is presented to provide background to the progressive role that trust plays in access control architectures. The web services access control architecture is defined.

The architecture of an access control service of a web service provider consists of three components, namely an authorisation interface, an authorisation manager, and a trust manager. Access control and trust policies are selectively published according to the trust levels of web services requestors. A prototype highlights the incorporation of a trust level in the access control policy as a viable solution to the problem of web services access control, where decisions of an autonomous nature need to be made, based on information and evidence.

The WSACT architecture addresses the selective publication of policies. The implementation of sophisticated policy‐processing points at each web service endpoint, to automatically negotiate about policies, is an important element needed to complement the architecture.

The WSACT access control architecture illustrates how access control decisions can be made autonomously by including a trust level of web services requestors in an access control policy.

The WSACT architecture incorporates the trust levels of web services requestors and the attributes of users into one model. This allows web services providers to grant advanced access to the users of trusted web services requestors, in contrast with the limited access that is given to users who make requests through web services requestors with whom a minimal level of trust has been established.

Data protection requirements heavily increased due to the rising awareness of data security, legal requirements and technological developments. Today, NoSQL databases are increasingly used in security-critical domains. Current survey works on databases and data security only consider authorization and access control in a very general way and do not regard most of today’s sophisticated requirements. Accordingly, the purpose of this paper is to discuss authorization and access control for relational and NoSQL database models in detail with respect to requirements and current state of the art.

This paper follows a systematic literature review approach to study authorization and access control for different database models. Starting with a research on survey works on authorization and access control in databases, the study continues with the identification and definition of advanced authorization and access control requirements, which are generally applicable to any database model. This paper then discusses and compares current database models based on these requirements.

As no survey works consider requirements for authorization and access control in different database models so far, the authors define their requirements. Furthermore, the authors discuss the current state of the art for the relational, key-value, column-oriented, document-based and graph database models in comparison to the defined requirements.

This paper focuses on authorization and access control for various database models, not concrete products. This paper identifies today’s sophisticated – yet general – requirements from the literature and compares them with research results and access control features of current products for the relational and NoSQL database models.

To define a framework for access control for virtual applications, enabled through web services technologies. The framework supports the loosely coupled manner in which web services are shared between partners.

A background discussion on relevant literature, with an example is used to illustrate the problem that exists. To enable access control composition, an extension is proposed to authorisation specification language, together with publication of access control requirements of a web service provider.

The framework shows that loosely coupled access control can be made possible by making use of the standard manner in which messages are communicated in XML, and by composing assertions with the access control policy of the provider in a consistent manner. Access to web service methods is only granted if permission can be derived for it, where the derivation step forms a formal proof.

A basic framework has been defined. An architecture to support it must be defined. Only a very basic level of access control composition has been illustrated.

The publication of access control requirements in standards such as WS‐Policy can be considered.

This paper offers a practical approach to address access control for web services.

This work empirically evaluates the effectiveness of the novel ontology-based access-control mechanism and the common password-protected access-control mechanism for social blogs. The paper aims to discuss these issues.

The ontology-based access-control scheme is designed to fit two characteristics of blog activities: social relationships and tags. A laboratory experiment is conducted to assess the perceived privacy benefit and perceived ease of use of the two mechanisms.

Analytical results indicate that, with the ontology-based access-control scheme, users perceive more privacy benefit than with the password-protected access-control scheme. The perceived ease of use with the ontology-based and password-protected access-control systems did not differ significantly.

Cross-boundary collaborations need an appropriate approach to control communication access. Further study is required to evaluate the ontology-based access-control scheme applied in cross-organizational and cross-departmental collaborations.

From a knowledge management perspective, blogs can store personal and organizational knowledge and experiences. The ontology-based access-control scheme encourages knowledge sharing for appropriate persons.

The new ontology-based access-control mechanism can help online users keep secrets from selected people to gain more privacy benefits than the existing password-protected access-control mechanism.

Policies and practices of UK public libraries in providing access to Internet services are reviewed. Results of a questionnaire survey conducted as part of the Library and Information Commission funded PuPPS (public places, private spaces) scoping study of privacy, anonymity and confidentiality in public libraries, are reported. Ninety‐six per cent of respondents indicated that they had Internet facilities for the public. Many respondents indicated that they had policy documents on provision of and access to electronic and print materials. The majority of libraries (71 per cent) imposed some form of control on public access computers and a smaller majority (56 per cent) on staff only computers. The reliability and effectiveness of software currently available for filtering and blocking was a major cause for concern amongst respondents. The major reason for the imposition of control software appeared to be concern about access to sexually explicit material. The use of such software is frequently part of a broad corporate policy, designed to protect the local authority from adverse criticism by public or staff. Issues of privacy, anonymity and confidentiality were of lesser concern to public library respondents than control of public access to inappropriate material on the Internet.

The goal of this paper is to propose a data access control framework that is used for editing MARC‐based bibliographic databases. In cases where the bibliographic record editing activities carried out in libraries are complex and involve many people with different skills and expertise, a way of managing the workflow and data quality is needed. Enforcing access control can contribute to these goals.

The proposed solution for data access control enforcement is based on the well‐studied standard role‐based access control (RBAC) model. The bibliographic data, for the purpose of this system, is represented using the XML language. The software architecture of the access control system is modelled using the Unified Modelling Language (UML).

The access control framework presented in this paper represents a successful application of concepts of role‐based access control to bibliographic databases. The use of XML language for bibliographic data representation provides the means to integrate this solution into many different library information systems, facilitates data exchange and simplifies the software implementation because of the abundance of available XML tools. The solution presented is not dependent on any particular XML schema for bibliographic records and may be used in different library environments. Its flexibility stems from the fact that access control rules can be defined at different levels of granularity and for different XML schemas.

This access control framework is designed to handle XML documents. Library systems that utilise bibliographic databases in other formats not easily convertible to XML would hardly integrate the framework into their environment.

The use of an access control enforcement framework in a bibliographic database can significantly improve the quality of data in organisations where record editing is performed by a large number of people with different skills. The examples of access control enforcement presented in this paper are extracted from the actual workflow for editing bibliographic records in the Belgrade City Library, the largest public city library in Serbia. The software implementation of the proposed framework and its integration in the BISIS library information system prove the practical usability of the framework. BISIS is currently deployed in over 40 university, public, and specialized libraries in Serbia.

A proposal for enforcing access control in bibliographic databases is given, and a software implementation and its integration in a library information system are presented. The proposed framework can be used in library information systems that use MARC‐based cataloguing.