Authors’ Note: This work has been partially funded by the Spanish National Projects FLeXO (TSI-0203012008-19, www.ines.org.es/flexo) and aDaPTaLeaRN (TIN2007-68125-C02-01) and by european Projects eU4aLL (IST-2006-034778, www.eu4all-project.eu) and alfa-CID (ww.aproa.cl/cid-alfa/, II-0511-a). The Complutense University of Madrid has also supported this work (research group 921340). We also than...

With the adoption of mobile healthcare applications and the success of cloud service models, we propose a privacy management framework for mobile health care applications with support for dynamic privacy management of health data sharing. Our solution extends the XACML policy language by incorporating user access context into the privacy policy rule enforcement. We provide an implementation of ...

Formal foundations for access control policies with both authority delegation and policy composition operators are partial and limited. Correctness guarantees cannot therefore be formally stated and verified for decentralized composite access control systems, such as those based on XACML 3. To address this problem we develop a formal policy language BelLog that can express both delegation and c...

An ever-growing number of XML-based languages are used to describe Web Service related issues such as security (WS-Security Policy), access control (XACML), or privacy (P3P-WS). While it is desirable to specify policies in a declarative way, these languages expose great diversity in both syntax and semantics making it hard to realize a unified system. Our contribution to this problem is twofold...

An outstanding security problem in mobile agent systems is resource access control, or authorization in its broader sense. In this paper we present an authorization framework for mobile agents. The system takes as a base distributed RBAC policies allowing the discretionary delegation of authorizations. A solution is provided to assign authorizations to mobile agents in a safe manner. Mobile age...

Purpose is a key concept in privacy policies. Based on the purpose framework developed in our earlier work [11] we present an access control model for a work ow-based information system in which a work ows reference monitor ( WfRM ) enforces purpose-based policies. We use a generic access control policy language and show how it can be connected to the purpose modal logic language ( PML ) to lin...

Social Networks, as the main axis of Web 2.0, are creating a number of interesting challenges to the research and standardisation communities. In this paper, we analyse the current and future use of access control policies in Social Networks. Subsequently, two main issues are addressed: the interoperability among systems using different policy languages and the lack of elements in the existing ...

European data protection regulation states that organisations must have data subjects’ consent to use their personally identifiable information (PII) for a variety of purposes. Solutions have been proposed which generally handle consent in a coarse-grained way, by means of opt in/out choices. However, we believe that consent’s representation should be extended to allow data subjects to express ...

one of the main requirements for providing software security is the enforcement of access control policies, which is sometimes referred to as the heart of security. the main purpose of access control policies is to protect resources of the system against unauthorized accesses. any error in the implementation of access control policies may lead to undesirable outcomes. hence, we should ensure th...