Learn More
—Current intrusion detection systems work in isolation from access control for the application the systems aim to protect. The lack of coordination and interoperation between these components prevents detecting and responding to ongoing attacks in real-time before they cause damage. To address this, we apply dynamic authorization techniques to support(More)
Electronic transactions regularly occur between business partners in separate security domains. Trust negotiation is an approach that provides an open authentication and access-control environment for such transactions, but it is vulnerable to malicious attacks leading to denial of service or leakage of sensitive information. This paper introduces an(More)
In a distributed multiuser environment, the security policy must not only specify legitimate user privileges but also aid in the detection of the abuse of the privileges and adapt to perceived system threat conditions. This paper advocates extending authorization policy evaluation mechanisms with a means for generating audit data allowing immediate(More)
To span administrative boundaries, metacomputing systems require the integration of strong authenti-cation and authorization methods. The problem is complicated because diierent components of the system may have diierent security policies. This paper presents a distributed model for authorization that we have integrated with the Prospero Resource Manager ,(More)
—As web-based technologies mature, dynamic graphs of interlinked resources are replacing hierarchical catalogs as means for storing and organizing information. Such graphs, or semantic networks, often span multiple static and dynamic resources from a variety of sources. It is often highly desirable to give users access only to parts of the semantic network(More)
We present a new model that provides clear and precise semantics for authorization. The semantics is independent from underling security mechanisms and is separate from implementation. The model is capable of representing existing access control mechanisms. Our approach is based on set and function formalism. We focus our attention on identifying issues and(More)
This paper¢ presents an authorization framework for supporting fine-grained access control policies enhanced with lightweight intrusion/misuse detectors and response capabilities. The framework intercepts and analyzes access requests and dynamically adjusts security policies to prevent attackers from exploiting application level vulnerabilities. We present(More)