The latest researches on access control model are dramatically different from conventional ones. Nowadays, most attention is paid to accessing across organizational boundaries. So, how to identify the applicant and determine authorization with limited information; how to express and exchange control rules expediently; how to protect confidential information and enhance collaboration simultaneou...

Abstract: Situations can arise in which organizations have to merge policies that are based on different access control frameworks, such as Role Based Access Control (RBAC) and Mandatory Access Control (MAC). Integrating policies requires addressing the following question: How will the integration impact access to protected resources? In particular, one needs to determine that the integration d...

Our role-based/mandatory access control (RBAC/MAC) security model and enforcement framework for inter-operating legacy, COTS, GOTS, databases, servers, etc., limits: who (user/user role) can invoke which methods (based on value and MAC level) of artifact APIs at what times, and who (user) can delegate which responsibility (user role) at what times. In this chapter, we focus on assurance for the...

Security requirements approached at the enterprise level initiate the need for models that capture the organisational and distributed aspects of information usage. Such models have to express organisation-specific security policies and internal controls aiming to protect information against unauthorised access and modification, and against usage of information for unintended purposes. This diss...

with rapid development and increase in the amount of available resources in E-learning platforms, the need to design new architecture for such systems has become inevitable to improve the search quality and simplifying ways to take online courses. The integration of multi-agent systems has played a very important role in developing open, interactive and distributed learning systems. A lot of re...

Delegation is a proIIlIsmg alternative to traditional role administration paradigms in role-based systems. It empowers users to exercise discretion in how they use resources as it is in discretionary access control (DAC). Unlike the anarchy of DAC, in role-based access control (RBAC) higher-level organizational policies can be specified on roles to regulate user's action. Delegations and revoca...

Separation of duty constraints define mutual exclusion relations between two entities (e.g. two permissions). Thus, a software component that supports the definition of separation of duty constraints implicitly requires a means to control their definition and to ensure the consistency of the resulting runtime structures. In this paper, we present our experiences with the implementation of confl...

................................................................................................................................... ii Acknowledgements ................................................................................................................. iii Table of

Applying role–based administration to role–based access control systems has gained some attention in recent literature. Scoped Administration for Role–Based Access Control (SARBAC) puts forward what is claimed to be a complete, versatile, and practical role–based administrative model. These attributes are deemed to be key for SARBAC’s dynamic, flexible nature. However, SARBAC shuns alternative ...

In this paper we describe a mainframe access control system (DENT) and its associated delegated administration tool (DSAS) that were used in a financial institution for over 20 years to control access to banking transaction products. The first part of this paper describes the design and operation of DENT/DSAS as an example of a long-lived access control system in a financial institution. A stan...