Tatyana Ryutov

Learn More
Current intrusion detection systems work in isolation from access control for the application the systems aim to protect. The lack of coordination and interoperation between these components prevents detecting and responding to ongoing attacks in real-time before they cause damage. To address this, we apply dynamic authorization techniques to support(More)
We present a new model for authorization that integrates both local and distributed access control policies and that is extensible across applications and administrative domains. We introduce a general mechanism that is capable of implementing several security policies including role-based access control, Clark-Wilson, ACLs, capabilities, and lattice-based(More)
As web-based technologies mature, dynamic graphs of interlinked resources are replacing hierarchical catalogs as means for storing and organizing information. Such graphs,or semantic networks, often span multiple static and dynamic resources from a variety of sources. It is often highly desirable to give users access only to parts of the semantic network(More)
Access control in computational grids is typically provided by a combination of identity certificates and local accounts. This approach does not scale as the number of users and resources increase. Moreover, identity-based access control is not sufficient because users and resources may reside in different security domains and may not have pre-existing(More)
Electronic transactions regularly occur between business partners in separate security domains. Trust negotiation is an approach that provides an open authentication and access-control environment for such transactions, but it is vulnerable to malicious attacks leading to denial of service or leakage of sensitive information. This paper introduces an(More)
We present a new model that provides clear and precise semantics for authorization. The semantics is independent from underling security mechanisms and is separate from implementation. The model is capable of representing existing access control mechanisms. Our approach is based on set and function formalism. We focus our attention on identifying issues and(More)
Cross-agency collaboration and sharing of digital data is critical to respond to or prevent threats to U.S. interests. While traditional hierarchical information sharing approaches ensure that only relevant information is delivered to authorized nodes, the resulting organizational overhead severely impedes timely sharing of critical information. Although(More)