Attribute-based Access Control (ABAC) was recently proposed as a general model which is able to capture the main existing access control models. This paper discusses the problems of configuring ABAC and engineering access policies. We question how to design attributes, how to assign attributes to subjects, objects, actions, and how to formulate access policies which bind subjects to objects and...

The safety and availability policies are very important in an access control system for ensuring security and success when performing a certain task. However, conflicts may arise between safety and availability policies due to their opposite focuses. In this paper, we address the problem of consistency checking for safety and availability policies, especially for the co-existence of static sepa...

HE, QINGFENG. Requirements-Based Access Control Analysis and Policy Specification. (Under the direction of Dr. Ana (Annie) I. Antón.) Access control is a mechanism for achieving confidentiality and integrity in software systems. Access control policies (ACPs) define how access is managed and the high-level rules of who can access what information under certain conditions. Traditionally, access ...

The PolicyUpdater1 system is a generic access control system that provides policy evaluations and dynamic policy updates. These functions are achieved by the use of a logic-based language to represent access control policies. In this paper, we discuss the underlying details of the PolicyUpdater system as well as the issues arising from its application to a web server access control system. Inte...

The increased pervasiveness of wireless mobile computing devices draws new attention to the need for coordination among small, networked components. The very nature of the environment requires devices to interact even when they meet unpredictably. Because these networks are often decoupled from a fixed infrastructure, reliance on centralized servers for authentication and access policies is imp...

Gender equity is easily supported in theory but harder to pursue in practice. In this article, the case of Zika travel policies is used to illustrate some glaring gaps related to gender, for both men and women, at both international and national levels. Zika travel policies have not considered new evidence on biological or social determinants of health, putting babies at risk of exposure. The a...

Despite the widespread adoption of Role-based Access Control (RBAC) models, new access control models are required for new applications for which RBAC may not be especially well suited and for which implementations of RBAC do not enable properties of access control policies to be adequately defined and proven. To address these issues, we propose a form of access control model that is based upon...

Access control is a mechanism for achieving confidentiality and integrity in software systems. Access control policies (ACPs) are security requirements that define how access is managed and the high-level rules of who, under what conditions, can access what information. Traditionally, access control policies are often specified after a system is designed and deployed. Because ACP specification ...

Mandatory access control has traditionally been employed as a robust security mechanism in critical environments like military ones. As computing technology becomes more pervasive and mobile services are deployed, applications will need flexible access control mechanisms. Aggregating mandatory models with context-awareness would provide us with essential means to define dynamic policies needed ...

We develop a new system for defining and enforcing access control statically. In our system, key-pairsguard access to resources, and the association between key-pairs and resources can be changed at anyprogram point (i.e., the binding is late). Our static system uses an ordering on lexically scoped abstractnames to allow local access control policies to be enforced in other parts of...