One primary challenge of applying access control methods in cloud computing is to ensure data security while supporting access efficiency, particularly when adopting multiple access control policies. Many existing works attempt to propose suitable frameworks and schemes to solve the problems, however, these proposals only satisfy specified use cases. In this paper, we take XACML as the policy l...

To facilitate managing access control in a system, security officers increasingly write access control policies in specification languages such as XACML, and use a dedicated software component called a Policy Decision Point (PDP). To increase confidence on written policies, certain types of policy testing (often in an ad hoc way) are usually conducted, which probe the PDP with some typical requ...

There have been many proposals for access control models and authorization policy languages, which are used to inform the design of access control systems. Most, if not all, of these proposals impose restrictions on the implementation of access control systems, thereby limiting the type of authorization requests that can be processed or the structure of the authorization policies that can be sp...

Access Control systems are used in computer security to regulate the access to critical or valuable resources. The rights of subjects to access such resources are typically expressed through access control policies, which are evaluated at access request time against the current access context. This paper proposes a new approach based on blockchain technology to publish the policies expressing t...

This paper describes how location-aware Role-Based Access Control (RBAC) can be implemented on top of the Geographically eXtensible Access Control Markup Language (GeoXACML). It furthermore sketches how spatial separation of duty constraints (both static and dynamic) can be implemented using GeoXACML on top of the XACML RBAC profile. The solution uses physical addressing of geographical locatio...

Privacy management is different across the many online social networks and not always satisfies the user expectations. Some social networks members may demand choosing their privacy preferences more richly and exercise a tighter control on the information they drop. For this regard, it is under question if some of the Digital Rights Management systems features may be incorporated to the privacy...

The increasing complexity of (distributed) information systems requires new solutions for dealing with access control problems. In particular, information systems are based on a large number of resources, with very complex structure, that must be accessed by a large variety of users. Traditional and instance based solutions are not adequate. In this paper, we propose a new approach to the probl...

Modern authorization systems span domains of administration, rely on many different authentication sources, and manage complex attributes as part of the authorization process. This paper presents Cardea, a distributed system that facilitates dynamic access control, as a valuable piece of an inter-operable authorization framework. First, the authorization model employed in Cardea and its functio...

The growing importance of access control has led to the definition of numerous languages for specifying policies. Since these languages are based on different foundations, language users and designers would benefit from formal means to compare them. We present a set of properties that examine the behavior of policies under enlarged requests, policy growth, and policy decomposition. They therefo...

In collaborative service-based health data sharing environments, participating services may host different sets of data about the same individuals, identified by some common properties. Each organization in such environments (e.g., testing labs, research institutes, etc.) manages it’s data access and usage through a specialized Web service end point through which users can submit queries. For i...