Learn More
Access control policies define what resources can be accessed by which subjects and under which conditions. It is, however, often not possible to anticipate all subjects that should be permitted access and the conditions under which they should be permitted. For example, predicting and correctly encoding all emergency and exceptional situations is(More)
Access control operates under the assumption that it is possible to correctly encode and predict all subjects' needs and rights. However, in human-centric pervasive domains, such as health care, it is hard if not impossible to encode all emergencies and exceptions, but also to imagine a priori all the permissible requests. Break-glass is an approach that(More)
—Recent years have seen a significant increase in the popularity of social networking services. These online services enable users to construct groups of contacts, referred to as friends, with which they can share digital content and communicate. This sharing is actively encouraged by the social networking services, with users' privacy often seen as a(More)
Compliance policies often stipulate conditions on aggregated data. Current policy monitoring approaches are limited in the kind of aggregations that they can handle. We rectify this as follows. First, we extend metric first-order temporal logic with aggregation operators. This extension is inspired by the aggregation operators common in database query(More)
—Pervasive systems are increasingly being designed using a service-oriented approach where services are distributed across wireless devices of varying capabilities. Service orchestration is a simple and popular method to coordinate web-based services but introduces a single point of failure and lacks the flexibility to cope with the greater variability of(More)
—Event-Condition-Action (ECA) policies are often used to manage various aspects of adaptation and execution of pervasive systems. Such policies are well suited for services where: 1) given actions are reliably executed when they are requested, 2) there is no priority ordering amongst multiple available actions, and 3) execution is instantaneous with respect(More)
Decentralized and distributed access control systems are subject to communication and component failures. These can affect access decisions in surprising and unintended ways, resulting in insecure systems. Existing analysis frameworks however ignore the influence of failure handling in decision making. Thus, it is currently all but impossible to derive(More)