Sign in
Author
|
Conference
|
Journal
|
Organization
|
Year
|
DOI
Look for results that meet for the following criteria:
since
equal to
before
between
and
Search in all fields of study
Limit my searches in the following fields of study
Agriculture Science
Arts & Humanities
Biology
Chemistry
Computer Science
Economics & Business
Engineering
Environmental Sciences
Geosciences
Material Science
Mathematics
Medicine
Physics
Social Science
Multidisciplinary
Keywords
(7)
Authoring System
Conflict Resolution
Contextual Information
Dynamic System
Information System
New Combination
Policy Language
Subscribe
Academic
Publications
An attribute-based authorization policy framework with dynamic conflict resolution
An attribute-based authorization policy framework with dynamic conflict resolution,10.1145/1750389.1750395,Apurva Mohan,Douglas M. Blough
Edit
An attribute-based authorization policy framework with dynamic conflict resolution
(
Citations: 1
)
BibTex
|
RIS
|
RefWorks
Download
Apurva Mohan
,
Douglas M. Blough
Policy-based authorization systems are becoming more common as information systems become larger and more complex. In these systems, to authorize a requester to access a particular resource, the authorization system must verify that the policy authorizes the access. The overall authorization policy may consist of a number of policy groups, where each group consists of policies defined by different entities. Each policy contains a number of authorization rules. The access request is evaluated against these policies, which may produce conflicting authorization decisions. To resolve these conflicts and to reach a unique decision for the access request at the rule and policy level, rule and policy combination algorithms are used. In the current systems, these rule and policy combination algorithms are defined on a static basis during policy composition, which is not desirable in dynamic systems with fast changing environments. In this paper, we motivate the need for changing the rule and policy combination algorithms dynamically based on contextual information. We propose a framework that supports this functionality and also eliminates the need to recompose policies if the owner decides to change the combination algorithm. It provides a novel method to dynamically add and remove specialized policies, while retaining the clarity and modularity in the policies. The proposed framework also provides a mechanism to reduce the set of potential target matches, thereby increasing the efficiency of the evaluation mechanism. We developed a prototype system to demonstrate the usefulness of this framework by extending some basic capabilities of the XACML policy language. We implemented these enhancements by adding two specialized modules and several
new combination
algorithms to the Sun XACML engine.
Conference:
Identity and Trust on the Internet - IDtrust
, pp. 37-50, 2010
DOI:
10.1145/1750389.1750395
Cumulative
Annual
View Publication
The following links allow you to view full publications. These links are maintained by other sources not affiliated with Microsoft Academic Search.
(
portal.acm.org
)
(
portal.acm.org
)
(
www.informatik.uni-trier.de
)
(
doi.acm.org
)
More »
Citation Context
(1)
...Role-Based Access Control (RBAC) [9] and Attribute-Based Access Control (ABAC) [
10
,11] are the most popular models for EHR...
Rui Zhang
,
et al.
Security Models and Requirements for Healthcare Application Clouds
References
(18)
Extending Relational Database Systems to Automatically Enforce Privacy Policies
(
Citations: 45
)
Rakesh Agrawal
,
Paul Bird
,
Tyrone Grandison
,
Jerry Kiernan
,
Scott Logan
,
Walid Rjaibi
Conference:
International Conference on Data Engineering - ICDE
, pp. 1013-1022, 2005
Conflict and combination in privacy policy languages
(
Citations: 19
)
Adam Barth
,
John C. Mitchell
,
Justin Rosenstein
Conference:
Workshop On Privacy In The Electronic Society - WPES
, pp. 45-46, 2004
Analysis of privacy and security policies
(
Citations: 2
)
Elisa Bertino
,
Carolyn Brodie
,
Seraphin B. Calo
,
Lorrie Faith Cranor
,
Clare-Marie Karat
,
John Karat
,
Ninghui Li
,
Dan Lin
,
Jorge Lobo
,
Qun Ni
,
Prathima Rao
,
Xiping Wang
Journal:
Ibm Journal of Research and Development - IBMRD
, vol. 53, no. 2, pp. 3-18, 2009
Supporting Multiple Access Control Policies in Database Systems
(
Citations: 67
)
Elisa Bertino
,
Sushil Jajodia
,
Pierangela Samarati
Conference:
IEEE Symposium on Security and Privacy - S&P
, pp. 94-107, 1996
Conflict Resolution Using Logic Programming
(
Citations: 57
)
Jan Chomicki
,
Jorge Lobo
,
Shamim A. Naqvi
Journal:
IEEE Transactions on Knowledge and Data Engineering - TKDE
, vol. 15, no. 1, pp. 244-249, 2003
Sort by:
Citations
(1)
Security Models and Requirements for Healthcare Application Clouds
(
Citations: 7
)
Rui Zhang
,
Ling Liu
Conference:
IEEE International Conference on Cloud Computing - CLOUD
, 2010