Issue Downloads
A logic for state-modifying authorization policies
Administering and maintaining access control systems is a challenging task, especially in environments with complex and changing authorization requirements. A number of authorization logics have been proposed that aim at simplifying access control by ...
Security of multithreaded programs by compilation
End-to-End security of mobile code requires that the code neither intentionally nor accidentally propagates sensitive information to an adversary. Although mobile code is commonly multithreaded low-level code, there lack enforcement mechanisms that ...
Combining fragmentation and encryption to protect privacy in data storage
- Valentina Ciriani,
- Sabrina De Capitani Di Vimercati,
- Sara Foresti,
- Sushil Jajodia,
- Stefano Paraboschi,
- Pierangela Samarati
The impact of privacy requirements in the development of modern applications is increasing very quickly. Many commercial and legal regulations are driving the need to develop reliable solutions for protecting sensitive information whenever it is stored, ...
Privacy-aware role-based access control
In this article, we introduce a comprehensive framework supporting a privacy-aware access control mechanism, that is, a mechanism tailored to enforce access control to data containing personally identifiable information and, as such, privacy sensitive. ...
On the consistency of distributed proofs with hidden subtrees
Previous work has shown that distributed authorization systems that fail to sample a consistent snapshot of the underlying system during policy evaluation are vulnerable to a number of attacks. Unfortuantely, the consistency enforcement solutions ...
A logical specification and analysis for SELinux MLS policy
The SELinux mandatory access control (MAC) policy has recently added a multilevel security (MLS) model which is able to express a fine granularity of control over a subject's access rights. The problem is that the richness of the SELinux MLS model makes ...
The role mining problem: A formal perspective
Devising a complete and correct set of roles has been recognized as one of the most important and challenging tasks in implementing role-based access control. A key problem related to this is the notion of goodness/interestingness—when is a role good/...
A framework to enforce access control over data streams
Although access control is currently a key component of any computational system, it is only recently that mechanisms to guard against unauthorized access to streaming data have started to be investigated. To cope with this lack, in this article, we ...
