Android users do not have control over the application capabilities once the applications have been granted the requested privileges upon installation. In many cases, however, whether an application may get a privilege depends on the specific user context and thus we need a context-based access control mechanism by which privileges can be dynamically granted or revoked to applications based on ...

The purpose of this research is to explore behavioral, normative, and control beliefs in the discussion of advance care planning (ACP) among older and younger Chinese Americans. Ethnic minority groups have been identified as less engaged in ACP and this represents an ethnic and cultural gap. Older Chinese American adults often have different beliefs and values compared to the younger generation...

XACML is apparently the most convenient way to express attribute-based access control policies. Though XACML has been used in several access control areas, processing XACML policies for attribute-based database access control still has not been studied in depth. In this work we compile XACML policies, and utilize the underlying database access mechanisms such as ACLs to protect sensitive data. ...

In this paper, firstly, we point out that access control mechanisms are not suitable in existing commercial Relational Data Base Management Systems (RDBMS). Secondly, the idea of Policy-Driven Role-Based Database Access Control (PDRBDAC) is proposed. Thirdly, the issue of multiple inheritance in a role hierarchy is discussed. Finally, a PROLOG interpreting algorithm for dealing with it is descr...

We propose an access control scheme for developing authorization rules for XML documents, allowing flexible data granularity and authorization propagation. To simplify the complex access control policies in XML, we introduce a new tool: Authorization Policy Sheet (APS). Complex access control rules can be easily described in an APS. The administrator of a system can easily manage the access con...

This paper presents a policy-based framework for managing access control in distributed heterogeneous systems. This framework is based on the PDP/PEP approach. The PDP (Policy Decision Point) is a network policy server responsible for supplying policy information for network devices and applications. The PEP (Policy Enforcement Point) is the policy client (usually, a component of the network de...

Existing policy languages suffer from a limited ability of directly and elegantly expressing high-level access control principles such as history-based separation of duty [22], binding of duty [26], context constraints [24], Chinese wall properties [10], and obligations [20]. It is often difficult to extend a language in order to retrofit these features once required or it is necessary to use c...

The wide proliferation of the Internet has set new requirements for access control policy specification. Due to the demand for ad-hoc cooperation between organisations, applications are no longer isolated from each other; consequently, access control policies face a large, heterogeneous, and dynamic environment. Policies, while maintaining their main functionality, go through many minor adaptat...

Access control systems are among the most critical of computer security components. Faulty policies, misconfigurations, or flaws in software implementations can result in serious vulnerabilities. To formally and precisely capture the security properties that access control should adhere to, access control models are usually written, bridging the gap in abstraction between policies and mechanism...

Role-based access control (RBAC) has significantly simplified the management of users and permissions in computing systems. In dynamic environments, systems are subject to changes, so that the associated configurations need to be updated accordingly in order to reflect the systems’ evolution. Access control update is complex, especially for large-scale systems; because the updated system is exp...