Policy evaluation is a process to determine whether a request submitted by a user satisfies the access control policies defined by an organization. Modality conflict is one of the main issues in policy evaluation. Existing modality conflict detection approaches do not consider complex condition attributes such as spatial and temporal constraints. An effective authorization propagation rule is n...

In a large networking system,to manage authorizations in a complicated XML documents system is very difficult. Recently, Access Policy Sheet (APS) [6] was introduced to provide a solution to access control for XML systems. In this paper, we proposed a temporal access control scheme in APS where the propagation of authorization rights is assumed.The authorization policies can be automatically re...

Access control is a significant issue in any secure database system. In this paper, we develop a logic programming based approach for temporal decentralized authorization administration in which users can be delegated, granted or forbidden some access rights for restricted periods of time. Three major aspects are taken into consideration for the semantics of the program, the temporal authorizat...

In this paper, we present a logic based approach to temporal decentralized authorization administration that supports time constrained authorization delegations, both positive and negative authorizations, and implicit authorizations. A set of domain-independent rules are given to capture the features of temporal delegation correctness, temporal conflict resolution and temporal authorization pro...

We propose an access control scheme for developing authorization rules for XML documents, allowing flexible data granularity and authorization propagation. To simplify the complex access control policies in XML, we introduce a new tool: Authorization Policy Sheet (APS). Complex access control rules can be easily described in an APS. The administrator of a system can easily manage the access con...

This paper proposes Zás, a novel, flexible, and expressive authorization mechanism for Java. Zás has been inspired by Ramnivas Laddad’s proposal to modularize Java Authentication and Authorization Services (JAAS) using an Aspect-Oriented Programming (AOP) approach. Zás’ aims are to be simultaneously very expressive, reusable, and easy to use and configure. Zás allows authorization services to b...

One of the important tasks of managing eXtensible Markup Language (XML) documents is to uniformly specify and securely maintain both target documents and authorization policies. However‚ since existing techniques decouple access authorization from query processing‚ the query processing time with access control is not satisfactorily fast. The access control requires the overhead in addition to t...

  The primary characteristic of an Ultra-Large-Scale (ULS) system is ultra-large size on any related dimension. A ULS system is generally considered as a system-of-systems with heterogeneous nodes and autonomous domains. As the size of a system-of-systems grows, and interoperability demand between sub-systems is increased, achieving more scalable and dynamic access control system becomes an im...

The use of Optical Biopsies-OB (in the present case Confocal endomicroscopy-CEM) is limited due to difficulties to interpret images. The OB-CEM are taken by endoscopists, not trained in microscopic morphology which is the domain of the surgical pathology. To gain diagnostic confidence the endoscopists could consult the images to a pathologist or could use the technique proposed in the paper. Th...

This article presents a survey of authorization models and considers their 'fitness-for-purpose' in facilitating information sharing. Network-supported information sharing is an important technical capability that underpins collaboration in support of dynamic and unpredictable activities such as emergency response, national security, infrastructure protection, supply chain integration and emerg...