Learn More
In this article, we introduce a comprehensive framework supporting a privacy-aware access control mechanism, that is, a mechanism tailored to enforce access control to data containing personally identifiable information and, as such, privacy sensitive. The key component of the framework is a family of models (P-RBAC) that extend the well-known RBAC model in(More)
In this paper, we present a novel obligation model for the Core Privacy-aware Role Based Access Control (P-RBAC), and discuss some design issues in detail. Pre-obligations, post-obligations, conditional obligations, and repeating obligations are supported by the obligation model. Interaction between permissions and obligations is discussed, and efficient(More)
Fuzzy inference is a promising approach to implement risk-based access control systems. However, its application to access control raises some novel problems that have not been yet investigated. First, because there are many different fuzzy operations, one must choose the fuzzy operations that best address security requirements. Second, risk-based access(More)
Provenance access control has been recognized as one of the most important components in an enterprise-level provenance system. However, it has only received little attention in the context of data security research. One important challenge in provenance access control is the lack of an access control language that supports its specific requirements, e.g.,(More)
Role-based provisioning has been adopted as a standard component in leading Identity Management products due to its low administration cost. However, the cost of adjusting existing roles to entitlements from newly deployed applications is usually very high. In this paper, a learning-based approach to automate the provisioning process is proposed and its(More)
Policy analysis techniques have usually been developed independently of applications or they have been tailored to policies with specific purposes, e.g. they have been used to analyze access control policies, system management policies or privacy policies. There are analysis techniques to detect redundancy and incompleteness of policies. There are also(More)
One important issue in Pervasive Computing is how to assist non-expert users to use devices and even to combine their functionality without explicit goals. In this paper, we present an Ontology enabled Service Oriented Architecture (OSOA), which combines interoperability provided by Web services and semantic description provided by Ontologies, to solve this(More)