Organized by three distinguished members of the JBS Editorial Board – Marc Bickle, PhD, of the Max Planck Institute of Molecular Cell Biology and Genetics (Germany); Hakim Djaballah, PhD, of Institut Pasteur Korea (South Korea); and Lorenz Martin Mayr, PhD, of AstraZeneca (UK) – this special issue demonstrates how RNAi is enjoying a revival of popularity and is increasingly being applied to dis...

With the increasing complexity and dynamics of database and information systems, it becomes more and more di cult for administrative personnel to identify, specify and enforce security policies that govern against the misuse of data. Often security policies are not known, too imprecise or simply have been disabled because of changing requirements. Recently several proposals have been made to us...

although the Common Criteria provides an exhaustive list of security requirements, it does not include a similarly complete list of organisational security policies or security objectives that can be used to specify a set of requirements for a product or information system. This paper first presents a hierarchy of abstractions at which security policies and requirements can be stated and maps t...

Security management and maintenance are difficult in a large scale network because there are many different kinds of security tools which each has its own information model and policy. We introduce a framework for policy-based security surveillance in a large network which has various security tools. The framework is based on the manager-agent concept. The central manager stores security polici...

Traditional information flow security policies declare that many useful and necessary programs are insecure. This results from the qualitative nature of these policies: either information flows, or it does not. A richer class of security properties that can express the degree of information flow is needed; we call these quantitative information flow policies. Such policies have recently become ...

In this paper we show how DAC and MAC security policies can be specified, implemented and validated through mutation testing using a generic approach. This work is based on a generic security framework originally designed to support RBAC and OrBAC security policies and their implementation in Java applications.

We propose a language for expressing fine-grained security policies for controlling orchestrated business processes modelled as a BPEL workflow. Our policies are expressed as a process algebra that permits a BPEL activity, denies it or force-terminates it. The outcome is evaluates with compensation contexts. Finally, we give an example of these policies in a distributed map processing scenario ...

Attribute-based Access Control (ABAC) policies are based on mutually processable policy attributes. Assigned permissions in such policies need to be reflected or combined with organisational constraints. Best practice in information security dictates having the operational need to access a particular information artifact independent from the function of the specific application systems. Consequ...