This paper describes how the composition principle of Abadi and Lamport can be applied to specify and compose systems where access control policies are distributed among a hierarchy of agents. Examples of such systems are layered secure operating systems, where the mandatory access control policy is enforced by the lowest system layer and discretionary and application-speciic policies are imple...

Vehicular ad hoc networks (VANETs) have evolved considerably over the last years, but despite the wide number of potential applications, VANETs also raise a broad range of critical security and privacy challenges. To achieve privacy, VANETs enforce the concepts of authentication and authorisation via public key infrastructures, relying on a large set of regional certification authorities with e...

By its definition “discretionary access control” or “DAC” was not designed or intended for use in the untrusted environment of current globally connected information systems. In addition, DAC assumed control and responsibility for all programs vested in the user; a situation now largely obsolete with the rapid development of the software industry itself. However, the superior “mandatory access ...

Computer Integrated Manufacturing (CIM) applications require a different database functionality than applications in more traditional areas. Due to the growing importance of CIM, advanced database systems and data models have been developed to meet the CIM specific requirements. However, none of these approaches considers to include the security control in CIM databases. In this paper we identi...

The basic concept of role-based access control (RBAC) is that permissions are associated with roles, and users are made members of appropriate roles thereby acquiring the roles' permissions. This idea has been around since the advent of multi-user computing. Until recently, however, RBAC has received little attention from the research community. This article describes the motivations, results a...

Distributed applications for day-to-day operations of corporations and government agencies are composed of inter-operating legacy, COTs, databases, clients, servers, etc. One critical challenge, therein, is information assurance and security, to insure that users are accessing only information to which they have been authorized. In the past three years, we have designed and prototyped a securit...

Despite its widespread usage, the Unified Modeling Language (UML) specification still lacks formal, explicit, support for access control. This paper proposes an approach to model security as a separate concern by augmenting UML with separate and new diagrams for role-based, discretionary, and mandatory access controls; collectively, these diagrams provide visual access-control aspects. Individu...

The Distributed Object Kernel (DOK) is a federated database system currently under development at the Royal Melbourne Institute of Technology. One of the issues currently under study is the development of a federated access control, as well a secure logical architecture allowing the DOK system to enforce federated security policies in the context of autonomous, distributed and heterogeneous dat...

Traditional user-oriented access control models such as Mandatory Access Control (MAC) and Discretionary Access Control (DAC) cannot differentiate between processes acting on behalf of users and those behaving maliciously. Consequently, these models are limited in their ability to protect users from the threats posed by vulnerabilities and malicious software as all code executes with full acces...

Personalized security in E-banking is an important issue for many individuals and companies that are looking for achieving the proper level of security. The cloud environment is a suitable infrastructure to implement personalized security mechanisms for many big companies such as banks. Employing mandatory access controls boosts the security of E-banking to a high level. Flask architecture is t...