Search results
1 – 10 of over 129000Mariemma I. Yagüe, Antonio Maña and Javier Lopez
Provide a secure solution for web services (WS). A new interoperable and distributed access control for WS is presented.
Abstract
Purpose
Provide a secure solution for web services (WS). A new interoperable and distributed access control for WS is presented.
Design/methodology/approach
Based on the separation of the access control (AC) and authorization function.
Findings
Mechanisms presented allow seamless integration of external authorization entities in the AC system. The Semantic Policy Language (SPL) developed facilitates specification of policies and semantic policy validation. SPL specifications are modular and can be composed without ambiguity. Also addressed was the problem of the association of policies to resources (WS or their operations) in a dynamic, flexible and automated way.
Research limitations/implications
The ACProxy component is currently under development. Ongoing work is focused on achieving a richer “use control” for some types of WS.
Practical implications
Administrators of WS can specify AC policies and validate them to find syntactic and semantic errors. Components for automated validation of policies at different levels are included. This ensures that the AC policies produce the desired effects, facilitating the creation and maintenance of policies. It also provides mechanisms for the use of interoperable authorizations.
Originality/value
A practical system that provides a secure solution to AC for WS. To the best of one's knowledge, no other system provides mechanisms for semantic validation of policies based on external authorization entities. Likewise, the mechanisms for interoperability of external authorization entities are also novel. The system provides content‐based access control and a secure, decentralized and dynamic solution for authorization that facilitates the management of complex systems and enhances the overall security of the AC.
Details
Keywords
This paper aims to manage access control tasks to satisfy the user privacy needs of online information resources according to social relations and tags.
Abstract
Purpose
This paper aims to manage access control tasks to satisfy the user privacy needs of online information resources according to social relations and tags.
Design/methodology/approach
The study proposes a method for access control management in the online social context. The proposed method includes the access control policy management process, metadata of access control policies, the data of ontologies, tags, and social relations, and conflict detection rules.
Findings
Online information sharing and hiding, which needs to consider social relations and mentioned topics, is a unique context and needs a novel access control mechanism. Ontologies are powerful and expressive enough to identify conflicts in access control policies. The paper provides a method using ontologies to control the access control activities based on social relations and tags on web content. The effectiveness of the method's conflict detection rules is validated through several scenarios.
Research limitations/implications
To make the proposed method suitable for widespread usage, further work is required to develop an access control policy specification and conflict detection tool. The proposed method introduces relatively novel usage scenarios, which consider social relationships, and tags compared with existing access control methods for online information sharing.
Practical implications
The proposed access control mechanism can be integrated into existing web sites. Online users can use this method to share information more easily than at present.
Originality/value
The method enables flexible access control in social contexts and handles unavoidable conflicts. It also opens the way to new access control scenarios in online social activities. The method can be used to keep secrets hidden from selected people.
Details
Keywords
Mariemma I. Yagüe, Antonio Maña, Javier López, Ernesto Pimentel and José M. Troya
Distributed systems usually contain objects with heterogeneous security requirements that pose important challenges for the underlying security mechanisms and especially in access…
Abstract
Distributed systems usually contain objects with heterogeneous security requirements that pose important challenges for the underlying security mechanisms and especially in access control systems. Access control in distributed systems often relies on centralised security administration. Existing solutions for distributed access control do not provide the flexibility and manageability required. This paper presents the XML‐based secure content distribution (XSCD) infrastructure, which is based on the production of protected software objects that convey contents (software or data) and can be distributed without further security measures because they embed the access control enforcement mechanism. It also provides means for integrating privilege management infrastructures (PMIs). Semantic information is used in the dynamic instantiation and semantic validation of policies. XSCD is scalable, facilitates the administration of the access control system, guarantees the secure distribution of the contents, enables semantic integration and interoperability of heterogeneous sources, provides persistent protection and allows actions (such as payment) to be bound to the access to objects.
Details
Keywords
Aya Khaled Youssef Sayed Mohamed, Dagmar Auer, Daniel Hofer and Josef Küng
Authorization and access control have been a topic of research for several decades. However, existing definitions are inconsistent and even contradicting each other. Furthermore…
Abstract
Purpose
Authorization and access control have been a topic of research for several decades. However, existing definitions are inconsistent and even contradicting each other. Furthermore, there are numerous access control models and even more have recently evolved to conform with the challenging requirements of resource protection. That makes it hard to classify the models and decide for an appropriate one satisfying security needs. Therefore, this study aims to guide through the plenty of access control models in the current state of the art besides this opaque accumulation of terms meaning and how they are related.
Design/methodology/approach
This study follows the systematic literature review approach to investigate current research regarding access control models and illustrate the findings of the conducted review. To provide a detailed understanding of the topic, this study identified the need for an additional study on the terms related to the domain of authorization and access control.
Findings
The authors’ research results in this paper are the distinction between authorization and access control with respect to definition, strategies, and models in addition to the classification schema. This study provides a comprehensive overview of existing models and an analysis according to the proposed five classes of access control models.
Originality/value
Based on the authors’ definitions of authorization and access control along with their related terms, i.e. authorization strategy, model and policy as well as access control model and mechanism, this study gives an overview of authorization strategies and propose a classification of access control models providing examples for each category. In contrast to other comparative studies, this study discusses more access control models, including the conventional state-of-the-art models and novel ones. This study also summarizes each of the literature works after selecting the relevant ones focusing on the database system domain or providing a survey, a classification or evaluation criteria of access control models. Additionally, the introduced categories of models are analyzed with respect to various criteria that are partly selected from the standard access control system evaluation metrics by the National Institute of Standards and Technology.
Details
Keywords
Marijke Coetzee and J.H.P. Eloff
This paper seeks to investigate how the concept of a trust level is used in the access control policy of a web services provider in conjunction with the attributes of users.
Abstract
Purpose
This paper seeks to investigate how the concept of a trust level is used in the access control policy of a web services provider in conjunction with the attributes of users.
Design/methodology/approach
A literature review is presented to provide background to the progressive role that trust plays in access control architectures. The web services access control architecture is defined.
Findings
The architecture of an access control service of a web service provider consists of three components, namely an authorisation interface, an authorisation manager, and a trust manager. Access control and trust policies are selectively published according to the trust levels of web services requestors. A prototype highlights the incorporation of a trust level in the access control policy as a viable solution to the problem of web services access control, where decisions of an autonomous nature need to be made, based on information and evidence.
Research limitations/implications
The WSACT architecture addresses the selective publication of policies. The implementation of sophisticated policy‐processing points at each web service endpoint, to automatically negotiate about policies, is an important element needed to complement the architecture.
Practical implications
The WSACT access control architecture illustrates how access control decisions can be made autonomously by including a trust level of web services requestors in an access control policy.
Originality/value
The WSACT architecture incorporates the trust levels of web services requestors and the attributes of users into one model. This allows web services providers to grant advanced access to the users of trusted web services requestors, in contrast with the limited access that is given to users who make requests through web services requestors with whom a minimal level of trust has been established.
Details
Keywords
Aya Khaled Youssef Sayed Mohamed, Dagmar Auer, Daniel Hofer and Josef Küng
Data protection requirements heavily increased due to the rising awareness of data security, legal requirements and technological developments. Today, NoSQL databases are…
Abstract
Purpose
Data protection requirements heavily increased due to the rising awareness of data security, legal requirements and technological developments. Today, NoSQL databases are increasingly used in security-critical domains. Current survey works on databases and data security only consider authorization and access control in a very general way and do not regard most of today’s sophisticated requirements. Accordingly, the purpose of this paper is to discuss authorization and access control for relational and NoSQL database models in detail with respect to requirements and current state of the art.
Design/methodology/approach
This paper follows a systematic literature review approach to study authorization and access control for different database models. Starting with a research on survey works on authorization and access control in databases, the study continues with the identification and definition of advanced authorization and access control requirements, which are generally applicable to any database model. This paper then discusses and compares current database models based on these requirements.
Findings
As no survey works consider requirements for authorization and access control in different database models so far, the authors define their requirements. Furthermore, the authors discuss the current state of the art for the relational, key-value, column-oriented, document-based and graph database models in comparison to the defined requirements.
Originality/value
This paper focuses on authorization and access control for various database models, not concrete products. This paper identifies today’s sophisticated – yet general – requirements from the literature and compares them with research results and access control features of current products for the relational and NoSQL database models.
Details
Keywords
To define a framework for access control for virtual applications, enabled through web services technologies. The framework supports the loosely coupled manner in which web…
Abstract
Purpose
To define a framework for access control for virtual applications, enabled through web services technologies. The framework supports the loosely coupled manner in which web services are shared between partners.
Design/methodology/approach
A background discussion on relevant literature, with an example is used to illustrate the problem that exists. To enable access control composition, an extension is proposed to authorisation specification language, together with publication of access control requirements of a web service provider.
Findings
The framework shows that loosely coupled access control can be made possible by making use of the standard manner in which messages are communicated in XML, and by composing assertions with the access control policy of the provider in a consistent manner. Access to web service methods is only granted if permission can be derived for it, where the derivation step forms a formal proof.
Research limitations/implications
A basic framework has been defined. An architecture to support it must be defined. Only a very basic level of access control composition has been illustrated.
Practical implications
The publication of access control requirements in standards such as WS‐Policy can be considered.
Originality/value
This paper offers a practical approach to address access control for web services.
Details
Keywords
This work empirically evaluates the effectiveness of the novel ontology-based access-control mechanism and the common password-protected access-control mechanism for social blogs…
Abstract
Purpose
This work empirically evaluates the effectiveness of the novel ontology-based access-control mechanism and the common password-protected access-control mechanism for social blogs. The paper aims to discuss these issues.
Design/methodology/approach
The ontology-based access-control scheme is designed to fit two characteristics of blog activities: social relationships and tags. A laboratory experiment is conducted to assess the perceived privacy benefit and perceived ease of use of the two mechanisms.
Findings
Analytical results indicate that, with the ontology-based access-control scheme, users perceive more privacy benefit than with the password-protected access-control scheme. The perceived ease of use with the ontology-based and password-protected access-control systems did not differ significantly.
Research limitations/implications
Cross-boundary collaborations need an appropriate approach to control communication access. Further study is required to evaluate the ontology-based access-control scheme applied in cross-organizational and cross-departmental collaborations.
Practical implications
From a knowledge management perspective, blogs can store personal and organizational knowledge and experiences. The ontology-based access-control scheme encourages knowledge sharing for appropriate persons.
Originality/value
The new ontology-based access-control mechanism can help online users keep secrets from selected people to gain more privacy benefits than the existing password-protected access-control mechanism.
Details
Keywords
Jonathan Willson and Tony Oulton
Policies and practices of UK public libraries in providing access to Internet services are reviewed. Results of a questionnaire survey conducted as part of the Library and…
Abstract
Policies and practices of UK public libraries in providing access to Internet services are reviewed. Results of a questionnaire survey conducted as part of the Library and Information Commission funded PuPPS (public places, private spaces) scoping study of privacy, anonymity and confidentiality in public libraries, are reported. Ninety‐six per cent of respondents indicated that they had Internet facilities for the public. Many respondents indicated that they had policy documents on provision of and access to electronic and print materials. The majority of libraries (71 per cent) imposed some form of control on public access computers and a smaller majority (56 per cent) on staff only computers. The reliability and effectiveness of software currently available for filtering and blocking was a major cause for concern amongst respondents. The major reason for the imposition of control software appeared to be concern about access to sexually explicit material. The use of such software is frequently part of a broad corporate policy, designed to protect the local authority from adverse criticism by public or staff. Issues of privacy, anonymity and confidentiality were of lesser concern to public library respondents than control of public access to inappropriate material on the Internet.
Details
Keywords
Goran Sladić, Branko Milosavljević, Dušan Surla and Zora Konjović
The goal of this paper is to propose a data access control framework that is used for editing MARC‐based bibliographic databases. In cases where the bibliographic record editing…
Abstract
Purpose
The goal of this paper is to propose a data access control framework that is used for editing MARC‐based bibliographic databases. In cases where the bibliographic record editing activities carried out in libraries are complex and involve many people with different skills and expertise, a way of managing the workflow and data quality is needed. Enforcing access control can contribute to these goals.
Design/methodology/approach
The proposed solution for data access control enforcement is based on the well‐studied standard role‐based access control (RBAC) model. The bibliographic data, for the purpose of this system, is represented using the XML language. The software architecture of the access control system is modelled using the Unified Modelling Language (UML).
Findings
The access control framework presented in this paper represents a successful application of concepts of role‐based access control to bibliographic databases. The use of XML language for bibliographic data representation provides the means to integrate this solution into many different library information systems, facilitates data exchange and simplifies the software implementation because of the abundance of available XML tools. The solution presented is not dependent on any particular XML schema for bibliographic records and may be used in different library environments. Its flexibility stems from the fact that access control rules can be defined at different levels of granularity and for different XML schemas.
Research limitations/implications
This access control framework is designed to handle XML documents. Library systems that utilise bibliographic databases in other formats not easily convertible to XML would hardly integrate the framework into their environment.
Practical implications
The use of an access control enforcement framework in a bibliographic database can significantly improve the quality of data in organisations where record editing is performed by a large number of people with different skills. The examples of access control enforcement presented in this paper are extracted from the actual workflow for editing bibliographic records in the Belgrade City Library, the largest public city library in Serbia. The software implementation of the proposed framework and its integration in the BISIS library information system prove the practical usability of the framework. BISIS is currently deployed in over 40 university, public, and specialized libraries in Serbia.
Originality/value
A proposal for enforcing access control in bibliographic databases is given, and a software implementation and its integration in a library information system are presented. The proposed framework can be used in library information systems that use MARC‐based cataloguing.
Details