2014 Proceeding- General Chair:
- Sylvia Osborn,
- Program Chairs:
- Mahesh V. Tripunitara,
- Ian M. Molloy
It is our great pleasure to welcome you to the 19th ACM Symposium on Access Control Models and Technologies (SACMAT 2014). This year's symposium continues its tradition of being the premier forum for presentation of research results on leading edge issues of access control, including models, systems, applications, and theory, with an expanded scope to include cyber-physical systems, applications, systems, hardware, cloud computing, and usability.
58 papers have been submitted from a variety of countries around the world. Submissions were anonymous; each paper has been reviewed by at least four reviewers who are experts in the field. Extensive online discussions took place to make the selections for the symposium. The program committee finally accepted 17 papers that cover a variety of topics, including Privacy & Compliance, Policy Management & Enforcement, Systems & Information Flow, Policy Analysis, and Applications. The program again contains two demo sessions with four demos covering topics such as risk aware role mining, privacy, attribute based access control, and integrity in Linux. In addition, the program includes a panel on the challenges of access control in new computing domains, such as mobile, cloud, and cyber-physical systems, and two keynote talks by Dr. Ari Juels and Dr. Andrew Clement. We hope that these proceedings will serve as a valuable reference for security researchers and developers.
Proceeding Downloads
A bodyguard of lies: the use of honey objects in information security
Decoy objects, often labeled in computer security with the term honey, are a powerful tool for compromise detection and mitigation. There has been little exploration of overarching theories or set of principles or properties, however. This short paper (...
Hardware-enhanced distributed access enforcement for role-based access control
The protection of information in enterprise and cloud platforms is growing more important and complex with increasing numbers of users who need to access resources with distinct permissions. Role-based access control (RBAC) eases administrative ...
An access control concept for novel automotive HMI systems
- Simon Gansel,
- Stephan Schnitzer,
- Ahmad Gilbeau-Hammoud,
- Viktor Friesen,
- Frank Dürr,
- Kurt Rothermel,
- Christian Maihöfer
The relevance of graphical functions in vehicular applications has increased significantly during the few last years. Modern cars are equipped with multiple displays used by different applications such as speedometer or navigation system. However, so ...
Monitor placement for large-scale systems
System administrators employ network monitors, such as traffic analyzers, network intrusion prevention systems, and firewalls, to protect the network's hosts from remote adversaries. The problem is that vulnerabilities are caused primarily by errors in ...
Anomaly detection and visualization in generative RBAC models
With the wide use of Role-based Access Control (RBAC), the need for monitoring, evaluation, and verification of RBAC implementations (e.g., to evaluate ex post which users acting in which roles were authorized to execute permissions) is evident. In this ...
Reduction of access control decisions
Access control has been proposed as "the" solution to prevent unauthorized accesses to sensitive system resources. Historically, access control models use a two-valued decision set to indicate whether an access should be granted or denied. Many access ...
Sorting out role based access control
Role-based access control (RBAC) is a popular framework for modelling access control rules. In this paper we identify a fragment of RBAC called bi-sorted role based access control (RBAC). We start from the observation that "classic" RBAC blends together ...
Towards more usable information flow policies for contemporary operating systems
There has been a resurgence of interest in information flow based techniques in security. A key attraction of these techniques is that they can provide strong, principled protection against malware, regardless of its sophistication. In spite of this ...
Attribute based access control for APIs in spring security
The widespread adoption of Application Programming Interfaces (APIs) by enterprises is changing the way business is done by permitting the implementation of a multitude of apps, customized to user needs. While supporting a more flexible exploitation of ...
Comprehensive integrity protection for desktop linux
Information flow provides principled defenses against malware. It can provide system-wide integrity protection without requiring any program-specific understanding. Information flow policies have been around for 40+ years but they have not been explored ...
Game theoretic analysis of multiparty access control in online social networks
Existing online social networks (OSNs) only allow a single user to restrict access to her/his data but cannot provide any mechanism to enforce privacy concerns over data associated with multiple users. This situation leaves privacy conflicts largely ...
Scalable and precise automated analysis of administrative temporal role-based access control
Extensions of Role-Based Access Control (RBAC) policies taking into account contextual information (such as time and space) are increasingly being adopted in real-world applications. Their administration is complex since they must satisfy rapidly ...
Access control models for geo-social computing systems
A Geo-Social Computing System (GSCS) allows users to declare their current locations, and uses these declared locations to make authorization decisions. Recent years have seen the emergence of a new generation of social computing systems that are GSCSs. ...
What are the most important challenges for access control in new computing domains, such as mobile, cloud and cyber-physical systems?
We are seeing a significant shift in the types and characteristics of computing devices that are commonly used. Today, more smartphones are sold than personal computers. An area of rapid growth are also cloud systems; and our everyday lives are invaded ...
Limiting access to unintentionally leaked sensitive documents using malware signatures
Organizations are repeatedly embarrassed when their sensitive digital documents go public or fall into the hands of adversaries, often as a result of unintentional or inadvertent leakage. Such leakage has been traditionally handled either by preventive ...
Optimized and controlled provisioning of encrypted outsourced data
- Andreas Schaad,
- Anis Bkakria,
- Florian Keschbaum,
- Frederic Cuppens,
- Nora Cuppens-Boulahia,
- David Gross-Amblard
Recent advances in encrypted outsourced databases support the direct processing of queries on encrypted data. Depend- ing on functionality (i.e. operators) required in the queries the database has to use different encryption schemes with different ...
User-centric identity as a service-architecture for eIDs with selective attribute disclosure
Unique identification and secure authentication of users are essential processes in numerous security-critical areas such as e-Government, e-Banking, or e-Business. Therefore, many countries (particularly in Europe) have implemented national eID ...
Towards fine grained RDF access control
The Semantic Web is envisioned as the future of the current web, where the information is enriched with machine understandable semantics. According to the World Wide Web Consortium (W3C), "The Semantic Web provides a common framework that allows data to ...
Redaction based RDF access control language
We propose an access control language for securing RDF graphs which essentially leverages an underlying query language based redaction mechanism to provide fine grained RDF access control. The access control language presented is equipped with critical ...
A system for risk awareness during role mining
This paper demonstrates a proof-of-concept prototype that is able to automatically and effectively detect and report different types of risk factors during the process of role mining. A role mining platform is embedded within the tool so that different ...
Re-thinking networked privacy, security, identity and access control in our surveillance states
Mass surveillance activities by the security agencies of the Five Eyes countries (e.g. NSA, CSEC, etc) pose a significant challenge to those who care about the privacy, security and other democratic rights related to our burgeoning digitally mediated ...
Path conditions and principal matching: a new approach to access control
Traditional authorization policies are user-centric, in the sense that authorization is defined, ultimately, in terms of user identities. We believe that this user-centric approach is inappropriate for many applications, and that what should determine ...
An actor-based, application-aware access control evaluation framework
To date, most work regarding the formal analysis of access control schemes has focused on quantifying and comparing the expressive power of a set of schemes. Although expressive power is important, it is a property that exists in an *absolute* sense, ...
Policy models to protect resource retrieval
Processes need a variety of resources from their operating environment in order to run properly, but adversary may control the inputs to resource retrieval or the end resource itself, leading to a variety of vulnerabilities. Conventional access control ...
Index Terms
- Proceedings of the 19th ACM symposium on Access control models and technologies
Recommendations
Acceptance Rates
| Year | Submitted | Accepted | Rate |
|---|---|---|---|
| SACMAT '19 | 52 | 12 | 23% |
| SACMAT '18 | 50 | 14 | 28% |
| SACMAT '17 Abstracts | 50 | 14 | 28% |
| SACMAT '16 | 55 | 18 | 33% |
| SACMAT '15 | 59 | 17 | 29% |
| SACMAT '14 | 58 | 17 | 29% |
| SACMAT '13 | 62 | 19 | 31% |
| SACMAT '12 | 73 | 19 | 26% |
| SACMAT '09 | 75 | 24 | 32% |
| SACMAT '03 | 63 | 23 | 37% |
| Overall | 597 | 177 | 30% |