We describe the self-adaptive authorization framework (SAAF), an autonomic self-adapting system for federated RBAC/ABAC authorization infrastructures. SAAF monitors the behaviour of users, and when it detects abnormal behaviour, it responds by adapting the authorization infrastructure to prevent any further abnormal behaviour. The models and components of SAAF are described, as well as the curr...

The naming extensions to the Generic Security Service Application Programming Interface (GSS-API) provide a mechanism for applications to discover authorization and personalization information associated with GSS-API names. The Extensible Authentication Protocol GSS-API mechanism allows an Authentication, Authorization, and Accounting (AAA) peer to provide authorization attributes alongside an ...

fields, which are needed for checking firewall policy violations, from the pattern expression of a flow rule to represent the space of corresponding flow path. In addition, we reorganize these fields with a (source address, destination address) pair to specify a flow path space. Then, we define three kinds of spaces for representing a flow path space: (1) Incoming Space represents original head...

Dense feature extraction is becoming increasingly popular in face recognition. Face recognition is a vital component for authorization and security. In earlier days, CCA (Canonical Correlation Analysis) and SIFT (Scale Invariant Feature Transforms) was used for face recognition. Since multi scale extraction is not possible with these existing methods, a new approach to dense feature extraction ...

We present algorithms for access rights control in multiuser, object-oriented databases. These algorithms follow the model of authorization introduced in F. Rabitti et al., A model of authorization for next-generation databases, ACM Transaction on Database Systems 16:88{131, 1991. We show how the three basic operations: AccessControl, Grant, and Revoke can be eeciently implemented using methods...

Date The final copy of this thesis has been examined by the signatories, and we find that both the content and the form meet acceptable presentation standards of scholarly work in the above mentioned discipline. iii Abstract Anand Chavali (M.S., Telecommunications) Implementing Role-based Authorization capabilities in the Session Initiation Protocol (SIP) Thesis directed by Professor Douglas Si...

The naming extensions to the Generic Security Service Application Programming Interface (GSS-API) provide a mechanism for applications to discover authorization and personalization information associated with GSS-API names. The Extensible Authentication Protocol GSS-API mechanism allows an Authentication, Authorization, and Accounting (AAA) peer to provide authorization attributes alongside an ...

This paper defines a framework in which one can formalize a variety of authorization and policy issues that arise in access control of shared computing resources. Instantiations of the framework address such issues as privacy, recency, validity, and trust. The paper presents an efficient algorithm for solving all authorization problems in the framework; this approach yields new algorithms for a...

Information systems of large enterprises experience a shift from an application-centric architecture towards a focus on process orientation and web services. The information system is opened to business partners to allow for self-management and seamless cross-enterprise process integration. Aiming at higher flexibility and lower costs, this strategy also produces great new challenges the securi...

(ABAC) mechanisms are gaining in popularity while the role-based access control (RBAC) mechanism is widely accepted as a general mechanism for authorization management. This paper proposes a new access control model, CRBAC, which aims to combine the advantages of RBAC and ABAC, and integrates all kinds of constraints into the RBAC model. Unlike other work in this area, which only incorporates o...