XACML is an XML-based declarative access control language standardized by OASIS. Its latest version 3.0 has several new features including the concept of delegation for decentralized administration of access control. Though it is important to avoid unintended consequences of ill-designed policies, delegation makes formal analysis of XACML policies highly complicated. In this paper, we present a...

Security-Enhanced (SE) Linux is a modi cation of Linux initially released by NSA in January 2001 that provides a language for specifying Linux security policies and, as in the Flask architecture, a security server for enforcing policies de ned in the language. To determine whether user requests to the operating system should be granted, the security server refers to an internal form of the poli...

To benefit from the advantages that Cloud Computing brings to the IT industry, management policies must be implemented as a part of the operation of the Cloud. Among others, for example, the specification of policies can be used for the management of energy to reduce the cost of running the IT system or also for security policies while handling privacy issues of users. As cloud platforms are la...

Security-Enhanced (SE) Linux is a modiication of Linux initially released by NSA in January 2001 that provides a language for specifying Linux security policies and, as in the Flask architecture, a security server for enforcing policies deened in the language. To determine whether user requests to the operating system should be granted, the security server refers to an internal form of the poli...

Security-Enhanced (SE) Linux is a modi cation of Linux initially released by NSA in January 2001 that provides a language for specifying Linux security policies and, as in the Flask architecture, a security server for enforcing policies de ned in the language. To determine whether user requests to the operating system should be granted, the security server refers to an internal form of the poli...

While the horror of the Nazi medical experiments has been unanimously acknowledged, debate continues over whether results of those experiments which are scientifically sound should be used and cited in publications and, by extension, over whether any ethically-suspect research should be cited or published. The author consulted persons in such diverse disciplines as medical journalism, Holocaus...

This article traces significant moments in the history of the magazine Saúde em Debate - sourcing references and information from documents, historical studies, editions of the magazine, academic work and interviews with physicians and writers who contributed to its creation. In its 39 years of existence, although there may have been variations in the magazine's editorial policy, its role as a ...

In the trust-structure model of trust management, principals specify their trusting relationships with other principals in terms of trust policies. In their paper on trust structures, Carbone et al. present a language for such policies, and provide a suitable denotational semantics. The semantics ensures that for any collection of trust policies, there is always a unique global trust-state, com...

Provenance access control has been recognized as one of the most important components in an enterprise-level provenance system. However, it has only received little attention in the context of data security research. One important challenge in provenance access control is the lack of an access control language that supports its specific requirements, e.g., the support of both fine-grained polic...

Languages for the specification of access-control policies should support language features that allow for policies to be written in a clear manner. This work presents a set of language features found in current access-control languages and formalizes a set of intuitive properties the author believes to be relevant to policy clarity. The author analyzes access-control languages with respect to ...