Modeling of security policies, along with their realization in code, must be an integral part of the software development process, to achieve an acceptable level of security for a software application. Among all of the security concerns (e.g. authentication, auditing, access control, confidentiality, etc.), this paper addresses the incorporation of access control into software. The approach is ...

XACML has become increasingly popular for specifying access control policies in mission critical domains to protect sensitive resources. However, manually crafted XACML policies may contain errors which can only be identified with manual policies review. Recent progress in policy testing still requires tedious and inefficient manual efforts to compose access requests. In this paper, we propose ...

Specifying and managing access control policies for large distributed systems is a non{ trivial task. Commonly, access control policies are speciied in natural language and later reformulated in terms of a particular access control mechanism. Management of policies is thus done in terms of low{level constructs rather than in terms of the speciication. This paper presents and discusses concepts ...

Specifying and managing access control policies for large distributed systems is a non{ trivial task. Commonly, access control policies are speciied in natural language and later reformulated in terms of a particular access control mechanism. Management of policies is thus done in terms of low{level constructs rather than in terms of the speciication. This paper presents and discusses concepts ...

Web-based software systems are increasingly used for accessing and manipulating sensitive information. Managing access control policies in such systems can be challenging and error-prone, especially when multiple access policies are combined to form new policies, possibly introducing unintended consequences. In this paper, we present a framework for automated verification of access control poli...

This paper focuses on problems of access control for business processes. The subject of the paper is a specification of the Contextsensitive access control model for business processes (COBAC). In order to efficiently define and enforce access control for different business processes, the COBAC model is based on the RBAC (Role-based Access Control) model which is extended with the following ent...

ZAC is a practical lightweight library for access control in JavaScript based on aspect orientation. The ZAC access control architecture is stack-based, very similar to the ones of Java and C#. However, ZAC integrates other interesting features for more expressive access control. First, access control policies can be enforced at the level of objects, which permits more fine-grained control over...

Purpose is a key concept in privacy policies. Based on the purpose framework developed in our earlier work [11] we present an access control model for a work ow-based information system in which a work ows reference monitor ( WfRM ) enforces purpose-based policies. We use a generic access control policy language and show how it can be connected to the purpose modal logic language ( PML ) to lin...

Many cryptographic schemes have been designed to enforce information flow policies. However, enterprise security requirements are often better encoded, or can only be encoded, using role-based access control policies rather than information flow policies. In this paper, we provide an alternative formulation of role-based access control that enables us to apply existing cryptographic schemes to ...