Ensuring secure interoperation in multidomain environments based on role based access control (RBAC) has drawn considerable research works in the past. However, RBAC primarily consider static authorization decisions based on subjects’ permissions on target objects, and there is no further enforcement during the access. Recently proposed usage control (UCON) can address these requirements of acc...

The EU DataGrid has deployed a grid testbed at approximately 20 sites across Europe, with several hundred registered users. This paper describes authorisation systems produced by GridPP and currently used on the EU DataGrid Testbed, including local Unix pool accounts and fine-grained access control with Access Control Lists and Grid-aware filesystems, fileservers and web developement environments.

Lately, Web-accessed resources have superceded the resources accessed by local or wide-area networks. Therefore, new mechanisms should be implemented for protecting resources from unknown clients. Attribute Certificates is a quite new technology offering such functionality. Those certificates are issued by Attribute Authorities validating the attributes of the owner of the certificate. Based on...

This chapter examines techniques for securing various types of event-based systems. The first section discusses typical application requirements. The following section examines specific event dissemination approaches. Applying applicationlevel security to event-based systems is introduced at first, along with an overview of Role-Based Access Control. Application-level security is a perimeter de...

Özet. Anlamsal web, web içeriklerinin diğer yazılımlar tarafından anlaşılabilir, yorumlanabilir, kullanılabilir olmasını ve bilginin paylaşılmasını amaçlamaktadır. Anlamsal web’de bilginin güvenliği erişim denetimi ile sağlanmaktadır. OBAC(Ontology Based Access Control – Ontoloji Tabanlı Erişim Denetimi) verinin anlamsal tanımının olduğu ontolojilere erişim denetiminin sağlanmasında kullanılan ...

In 1996, Chiu and Hsu proposed a multi-rolebased access control (MRBAC) policy. Nevertheless, the ChiuHsu scheme can be further enforced by role list, union, and intersection (i.e. containment) to deal with the problems regarding the MRBAC and the object role with different security ranks. The author presents an improvement of the Chiu-Hsu scheme using more detailed list structure. This improve...

b Bell Labs e-mail address: aje rey bell-labs. om Abstra t. We study me hanisms that permit program omponents to express role onstraints on lients, fo using on programmati se urity me hanisms, whi h permit a ess ontrols to be expressed, in situ, as part of the ode realizing basi fun tionality. In this setting, two questions immediately arise. (1) The user of a omponent fa es the issue of safety...

Role-based access control (RBAC) has recently received a lot of attention due to its exibility, expressive power and simplicity in administration. In RBAC permissions are associated with roles and users are made members of roles thereby acquiring the associated permissions. Centralized management of RBAC in large systems is a tedious and costly task. An appealing possibility is to use RBAC itse...