The per-method access control lists of standard internet technologies allow only simple forms of access control to be expressed and enforced. They also fail to enforce a strict need-to-know view of persistent data. Real applications require more flexible security constraints including parameter restrictions, logging of accesses and state-dependent access constraints. In particular, the concept ...

Identity federations are emerging in the last years in order to make easier the deployment of resource sharing environments among organizations. One common feature of those environments is the use of access control mechanisms based on the user identity. However, most of those federations have realized that user identity is not enough to offer a more grained access control and value added servic...

Protecting access to digital resources is one of the fundamental problems recognized in the computer security. It yet remains a challenging problem to work out starting from the design of a system till its implementation. Access control is defined as the ability to permit or deny to access a particular resource (object) to a particular entity (subject). Three most widely used traditional access...

Modeling of security policies, along with their realization in code, must be an integral part of the software development process, to achieve an acceptable level of security for a software application. Among all of the security concerns (e.g. authentication, auditing, access control, confidentiality, etc.), this paper addresses the incorporation of access control into software. The approach is ...

many performance evaluations for ieee 802.11distributed coordination function (dcf) have been previouslyreported in the literature. some of them have clearly indicatedthat 802.11 mac protocol has poor performance in multi-hopwireless ad hoc networks due to exposed and hidden nodeproblems. although rts/cts transmission scheme mitigatesthese phenomena, it has not been successful in thoroughlyomit...

One of the security issues in data outsourcing is the enforcement of the data owner’s access control policies. This includes some challenges. The first challenge is preserving confidentiality of data and policies. One of the existing solutions is encrypting data before outsourcing which brings new challenges; namely, the number of keys required to access authorized resources, efficient policy u...

Security requirements approached at the enterprise level initiate the need for models that capture the organisational and distributed aspects of information usage. Such models have to express organisation-specific security policies and internal controls aiming to protect information against unauthorised access and modification, and against usage of information for unintended purposes. This diss...

The traditional access control models, such as Role-Based Access Control (RBAC) and Bell-LaPadula (BLP), are not suitable for pervasive computing applications which typically lack well-defined security perimeters and where all the entities and interactions are not known in advance. We propose an access control model that handles such dynamic applications and uses environmental contexts to deter...

We study admission control mechanisms for wireless access networks where (i) each user has a minimum service requirement, (ii) the capacity of the access network is limited, (iii) the access point is not allowed to use monetary mechanisms to guarantee that users do not lie when disclosing their minimum service requirements, and (iv) the access point wants to admit as many users as possible. To ...

In this paper a mechanism for access control at the instance level of a class in object-oriented databases is suggested. The approach is based on the use of pseudo-random functions and sibling intractable functions, rather than on the traditional access control list associated with each object. Each object-instance in the object-oriented model is associated with secure access keys that insure s...