In most existing systems, authorization is speciied using some low-level system-speciic mechanisms, e.g., protection bits, capabilities and access control lists. We argue that authorization is an independent semantic concept that must be separated from implementation mechanisms and given a precise semantics. We propose a logical approach to representing and evaluating authorization. Speciically...

Grid computing has received widespread attention in recent years as a significant new research field. Yet to date, there has been only a limited work on the grid system authorization problem. In this paper, we address the authorization problem and its requirements in a grid system environment. We propose a new integrated authorization service that tackles the authorization problem at two levels...

Access control is a critical functionality in distributed systems. Services and resources must be protected from unauthorized access. The prevalent practice is that service specific policies reside at the services and govern the access control. It is hard to keep distributed authorization policies consistent with the global security policy of an organization. A recent trend is to unify the diff...

American and European Legislation for protection of medical data agree that the patient has the right to play a pivotal role in the decisions regarding the content and distribution of her/his medical records. The Role Based Access Control (RBAC) model is the most commonly used authorization model in healthcare. The first goal of this work is to review if existing models and standards provide fo...

OpenStack has been rapidly established as the most popular open-source platform for cloud Infrastrusture-as-a-Service in this fast moving industry. In response to increasing access control requirements from its users, the OpenStack identity service Keystone has introduced several entities, such as domains and projects in addition to roles, resulting in a rather complex and somewhat obscure auth...

Model security for collaborative product development in a networked environment (or called networked manufacturing, grid manufacturing, and cloud manufacturing) is an important and also challenging research issue. An encryption based partial sharing approach for CAD models has been developed and presented in this paper. First, a random invertible decimal matrix to support the encryption approac...

Android applications that manage sensitive data such as email and files downloaded from cloud storage services need to protect their data from malware installed on the phone. While prior security analyses have focused on protecting system data such as GPS locations from malware, not much attention has been given to the protection of application data. We show that many popular commercial applica...

Web services can be composed of other services in a highly dynamic manner. The existing role based authorization approaches have not adequately taken component services into account when managing access control for composite services. In this paper, we propose a service oriented conceptual model as an extension of role based access control that can facilitate the administration and management o...