A key issue in computer system security is to protect information against unauthorized access. Emerging workflow-based applications in healthcare, manufacturing, the financial sector, and e-commerce inherently have complex, time-based... more
Role-based trust management languages define a formalism, which uses credentials to handle trust in decentralized, distributed access control systems. A credential provides information about the privileges of users and the security... more
Collaborative environments need access control to data and resources to increase working cooperation efficiently yet effectively. Several approaches are proposed and multiple access control models are recommended in this domain. In this... more
We propose and evaluate a novel framework for enforcing global coordination and control policies over message passing software components in enterprise computing environments. This framework combines the use of firewalls, both per-node... more
The article is devoted for managing and controlling users' permissions, defining users' rights, also developing new profitable role-based access control (RBAC) model in collaborative systems. The basis for the protection of the... more
The version in the Kent Academic Repository may differ from the final published version. Users are advised to check http://kar.kent.ac.uk for the status of the paper. Users should always cite the published version of record.
![comprises: the subject policy window (Where Users Are From), the trusted AA policy window (User Account Administators), the user-role assignment policy window (Account Administrator Privileges), the role hierarchy policy window (User’s Roles), the target resource policy window (My Protected Resources), the action policy window (Resources’ Functions) and the role-privilege assignment policy window (Users’ Privileges). These windows provide forms for users to fill in, then the tool generates the corresponding PERMIS policy in XML. Policies can be saved as pure XML in text files, or the XML can be embedded as a policy attribute in an X.509 Attribute Certificate (AC) [3], digitally signed with the policy author’s private key (held in a PKCS#12 file) then stored in either a local file, LDAP directory or WebDAV [27] repository. Various helpers in the Policy Editor are capable of retrieving subject and AA names from LDAP directories, and setting times and dates in the correct format. Authors can use the Policy Editor to browse the LDAP directories and WebDAV repositories to select existing policies to update them.](https://figures.academia-assets.com/112637239/figure_003.jpg)
![Figure 6: GridShibPERMIS Integration Scheme GridShib [10] provides interoperability between Globus Toolkit [9] and Shibboleth [21]. The GridShib Policy Information Point (PIP) (see Figure 6) retrieves a user’s attributes from the Shibboleth Identity Provider (IdP). The Distinguished Name Binder component is responsible for mapping the user’s DN, obtained by the GridShib PIP from the proxy certificate, into the user’s Shibboleth identity. The retrieved attributes are parsed and passed to the GT4 PEP which then feeds them to the PDP for an authorization decision. GridShib integrates Shibboleth’s attribute management functionality with GT4’s authorization decision making for Grid jobs. However, like GT4, GridShib provides only limited PDP functionality, which is based on access control lists and is not capable of coping with dynamically changing conditions, which a policy based engine is.](https://figures.academia-assets.com/112637239/figure_006.jpg)
This paper considers a coalition C of enterprises {E1,..., En}, which is to be governed by a coalition policy PC , and where each memberenterprise Ei has its own internal policy Pi that regulates its participation in the coalition. The... more
We consider the problem of coordination and control of large heterogeneous groups of agents distributed over the Internet in the context of Law-Governed Interaction (LGI) [2, 5]. LGI is a mode of interaction that allows a group of... more
This paper is part of a long term research program on multiagent systems (MASs), based on the proposition that the interactions among the members of a large and heterogeneous system of autonomous agents need to be governed by a global and... more
This paper addresses an important open problem confronting any decentralized and stateful access control (AC) mechanism for networked systems, particularly when the system at hand is large, heterogeneous and open. The problem, in a... more
Linda is a high level communication model which allows agents to communicate via a shared tuple spaces without knowing each other's identities and without having to arrange for a definite rendezvous. This high level of abstraction would... more
Certificate-based delegation (CBD) is a prominent element of distributed access control, providing it with flexibility and scalability. But despite its elegance and effectiveness, CBD has inherent limitations that restrict its... more
We propose and evaluate a novel framework for enforcing global coordination and control policies over message passing software components in enterprise computing environments. This framework combines the use of firewalls, both per-node... more
The problem of finding a mediator to compose secured services has been reduced in our former work to the problem of solving deducibility constraints similar to those employed for cryptographic protocol analysis. We extend in this paper... more
Delegation is a very important part of the administrative process in access control systems; it provides resiliency and flexibility regarding to the management procedure. Delegation is the process of granting a specific authorization from... more
As mobile ad hoc networks (MANETs) are becoming popular for a variety of applications, so are the issues surrounding corresponding implementations. In this paper, a healthcare application is developed for an environment where normal... more
Attribute relations in access control mechanisms or languages allow accurate and efficient specification of some popular access control models. However, most of the access control systems including today's de-facto access control protocol... more
We propose and evaluate a novel framework for enforcing global coordination and control policies over interacting software components in enterprise computing environments. This framework combines a per-node reference monitor with two... more
We propose and evaluate a novel framework for enforcing global coordination and control policies over message passing software components in enterprise computing environments. This framework combines the use of firewalls, both per-node... more
Balancing the competing goals of collaboration and security is a difficult, multidimensional problem. Collaborative systems often focus on building useful connections among people, tools, and information while security seeks to ensure the... more
This paper introduces a scalable and secure contract-enforcement mechanism, called Cop, which can be applied to a broad range of multi-agent systems including small and large systems, time-critical systems, and systems-of-systems. Cop... more
This paper introduces an abstract model for mechanisms for the governance of large, heterogeneous, and open networked systems. This, so called interaction control (IC), model goes well beyond conventional access control, along a number of... more
This paper attempts to identify one of the necessary conditions for self-healing, or self-repair, in complex systems, and to propose means for satisfying this condition in heterogeneous distributed software. The condition identified here... more
This paper introduces an abstract reference model, called interaction control (IC), for the governance of large and heterogeneous distributed systems. This model goes well beyond conventional access control, along a number of dimensions.... more
An enterprise that uses evolving software is susceptible to destructive and even disastrous effects caused either by inadvertent errors, or by malicious attacks by the programmers employed to maintain this software. It is my thesis that... more
One can distinguish between two kinds of trust that may be placed in a given entity e (a person or a thing), which we call: familiarity-based trust and regularity-based trust. A familiarity-based trust in e is a trust based on personal... more
One of the most important challenges facing the builders of enterprise software is the reliable implementation of the policies that are supposed to govern the various communities operating within an enterprise. Such policies are widely... more
Peer-to-peer (P2P) computing, where peers in a community interact directly with each other rather than through intermediary servers, is emerging as a powerful paradigm for collaboration over the Internet. However, this paradigm poses a... more
Software technology is undergoing a transition form monolithic systems, constructed according to a single overall design, into conglomerates of semiautonomous, heterogeneous, and independently designed subsystems, constructed and managed... more
First of all, I would like to thank God who gave me strength and effort to complete my master thesis. I would also like to express my sincere gratitude to those who gave me the assistance and support during my master study especially my... more
Access control is fundamental in protecting information systems but it also poses an obstacle to achieving business objectives. We analyze this tradeoff and its avoidance in the context of systems modeled as workflows restricted by... more
This paper presents a new context-based access control model that allows healthcare professionals to bypass access rules in an accountable manner in case of unexpected (emergency) situation so as to provide continuity of care. The... more
Role Based Access Control (RBAC) offers tight security of information and ease of management to implement. RBAC is a proven and open ended technology that is being attracted by most of the organizations for its capability to reduce... more
Modern healthcare information systems need active security mechanisms that are capable of controlling access to medical data, according to the current need-to-know requirements of users. An access-control model that fits the above... more
An important issue in mobile computing systems is the administration of locationbased access control policies, particularly the mechanism for specification and enforcement of spatial constraints. Simplifying the administration of such... more
Separation of duty (SOD) is a fundamental technique for prevention of fraud and errors, known and practiced long before the existence of computers. It is discussed at several places in the literature, but there has been Iittle work on... more
In most of the current authorization frameworks in application systems, the authorization for a user operation is determined using a static database like ACL entries or system tables. These frameworks cannot provide the foundation for... more
Intrusion response is a more important part of security protection. In industrial automation systems (IASs) have achieved maximum and availability attention. Real-time security policy of intrusion response has big challenge for intrusion... more
Grid computing has emerged as a special form of distributed computing and is distinguished from conventional distributed computing by its focus on dynamic, large-scale resource sharing over a wide geographic distribution. Grid Computing... more
Many security incidents involve legitimate users who misuse their existing privileges, such that they have the system-level right to perform an action, but not the moral right to do so. Current Intrusion Detection Systems (IDSs) are... more
An increasingly important category of location-based services (LBS) responding to the demands of mobility in organizations is represented by Enterprise LBS (E-LBS). E-LBS pose challenging requirements, including the need of selective... more
Collaborative environments need access control to data and resources to increase working cooperation efficiently yet effectively. Several approaches are proposed and multiple access control models are recommended in this domain. In this... more
Role based access control (RBAC) is attracting increasing attention as a security mechanism for both commercial and many military systems. Much of RBAC is fundamentally different from multi-level security (MLS) systems, and the properties... more
Now a days database system is becoming more crucial as the scale of database is growing. Traditional access control policies have certain disadvantages. So as a promising alternative to traditional access control policy, Role-Based Access... more
All Database Management Systems used in the industry provide secure access to data at the server level. The level of security is influenced by technology, security model, password encryption method, password strength and others. The human... more
The focus of this paper is on a specification model for defining security and coordination policies for distributed collaboration and workflow systems. This work is motivated by the objective to build distributed collaboration systems... more
The increasing complexity and heterogeneity in distributed systems is drawing system administrators into applying usage and access control policy engines. Higher-level policy languages allow policy administrators to demarcate themselves... more
Security system designs are required to be flexible enough to support multiple policies. A security policy model always develops; accordingly, the design of a security system using that policy model should reflect the changes. Using... more
Representing and reasoning with both temporal constraints between classes of events (e.g., between the types of actions needed to achieve a goal) and temporal constraints between instances of events (e.g., between the specific actions... more