Most of current access control systems are not expressive enough for current applications, in the sense that they cannot express several access control policies required by them. Most of these applications have no choice but to build their owned very specific access control systems completely independently from other applications running on the same environment, which entails potential incohere...

Mandatory access control (MAC) mechanisms control which users or processes have access to which resources in a system. MAC policies are increasingly specified to facilitate managing and maintaining access control. However, the correct specification of the policies is a very challenging problem. To formally and precisely capture the security properties that MAC should adhere to, MAC models are u...

Significant effort has been invested in developing expressive and flexible access-control languages and systems. However, little work has been done to evaluate these theoretically interesting systems in practical situations with real users, and few attempts have been made to discover and analyze the accesscontrol policies that users actually want to implement. In this paper we report on a study...

Since the number of compromised computers, or botnet, continues to grow, the cyber security problem has become increasingly important and challenging to both academic researchers and industry practitioners. A respect to combat botnet propagation is to understand the attacker’s behaviors based on the whole operation of a system that can be modeled with population models used in epidemiological s...

Role based access control (RBAC) is attracting increasing attention as a security mechanism for both commercial and many military systems. Much of RBAC is fundamentally diierent from multi-level security (MLS) systems, and the properties of RBAC systems have not been explored formally to the extent that MLS system properties have. This paper explores some aspects of mutual exclusion of roles as...

In the past, Mandatory Access Control (MAC) systems have used very rigid policies that were implemented in particular protocols and platforms. As MAC systems become more widely deployed, additional flexibility in mechanism and policy will be required. While traditional trusted systems implemented Multi-Level Security (MLS) and integrity models, modern systems have expanded to include such techn...

This paper presents a PCIM-based framework for storing and enforcing RBAC (Role Based Access Control) policies in distributed heterogeneous systems. PCIM (Policy Core Information Model) is an information model proposed by IETF. PCIM permits to represent network policies in a standard form, allowing software from different vendors to read the same set of policy rules. This paper describes a PCIM...

Security requirements approached at the enterprise level initiate the need for models that capture the organisational and distributed aspects of information usage. Such models have to express organisation-specific security policies and internal controls aiming to protect information against unauthorised access and modification, and against usage of information for unintended purposes. This diss...