Learn More
Access control policies define what resources can be accessed by which subjects and under which conditions. It is, however, often not possible to anticipate all subjects that should be permitted access and the conditions under which they should be permitted. For example, predicting and correctly encoding all emergency and exceptional situations is(More)
Access control operates under the assumption that it is possible to correctly encode and predict all subjects' needs and rights. However, in human-centric pervasive domains, such as health care, it is hard if not impossible to encode all emergencies and exceptions, but also to imagine a priori all the permissible requests. Break-glass is an approach that(More)
Recent years have seen a significant increase in the popularity of social networking services. These online services enable users to construct groups of contacts, referred to as friends, with which they can share digital content and communicate. This sharing is actively encouraged by the social networking services, with users’ privacy often seen as(More)
In system monitoring, one is often interested in checking properties of aggregated data. Current policy monitoring approaches are limited in the kinds of aggregations they handle. To rectify this, we extend an expressive language, metric first-order temporal logic, with aggregation operators. Our extension is inspired by the aggregation operators common in(More)
Pervasive systems are increasingly being designed using a service-oriented approach where services are distributed across wireless devices of varying capabilities. Service orchestration is a simple and popular method to coordinate web-based services but introduces a single point of failure and lacks the flexibility to cope with the greater variability of(More)
Formal foundations for access control policies with both authority delegation and policy composition operators are partial and limited. Correctness guarantees cannot therefore be formally stated and verified for decentralized composite access control systems, such as those based on XACML 3. To address this problem we develop a formal policy language BelLog(More)
There is growing interest in using workflows to describe, monitor and direct a wide-range of medical procedures in hospitals. Unlike their well-established business counterparts, medical workflows require a high degree of execution flexibility since it is impossible to anticipate all the possible circumstances that might influence their execution and it is(More)
Event-Condition-Action (ECA) policies are often used to manage various aspects of adaptation and execution of pervasive systems. Such policies are well suited for services where: 1) given actions are reliably executed when they are requested, 2) there is no priority ordering amongst multiple available actions, and 3) execution is instantaneous with respect(More)
Decentralized and distributed access control systems are subject to communication and component failures. These can affect access decisions in surprising and unintended ways, resulting in insecure systems. Existing analysis frameworks however ignore the influence of failure handling in decision making. Thus, it is currently all but impossible to derive(More)