Hemanth Khambhammettu

Learn More
User delegation is a mechanism for assigning access rights available to one user to another user. A delegation can either be a grant or transfer operation. Existing work on delegation in the context of role-based access control models has extensively studied grant delegations, but transfer delegations have largely been ignored. This is largely because(More)
Incorporating security requirements into system design models is receiving increasing interest. Access control requirements are an important part of overall system security requirements. Existing approaches that incorporate access control requirements into system design models have directly been developed on top of specific access control models. In these(More)
We describe a framework for risk assessment specifically within the context of risk-based access control systems, which make authorization decisions by determining the security risk associated with access requests and weighing such security risk against operational needs together with situational conditions. Our framework estimates risk as a product of(More)
Constraints are an important part of role-based access control policies. The safety or security of a system is maintained by enforcing constraints that are specified in the policy. In order to decide whether an access request is authorized, existing constraint enforcement mechanisms perform both authorization checking, which verifies that the requested(More)
We describe a framework for threat assessment specifically within the context of access control systems, where subjects request access to resources for which they may not be pre-authorized. The framework that we describe includes four different approaches for conducting threat assessment: an object sensitivity-based approach, a subject trustworthiness-based(More)
We discuss the design of an integrated security architecture for authorization and authentication in a distributed object environment. Our architecture will have four main components: an authentication engine, an interface, a session manager and an authorization engine. The core component of our model is the session manager, which issues XML-based session(More)
Certificates have long been used to bind authorization information to an identity or public key. Essentially there are two ways in which a verifying authority (reference monitor) can obtain the information (from a certificate) that is required to make an access control decision: the requesting entity provides the privilege attributes to the verifying(More)