Many cryptographic schemes have been designed to enforce information flow policies. However, enterprise security requirements are often better encoded, or can only be encoded, using role-based access control policies rather than information flow policies. In this paper, we provide an alternative formulation of role-based access control that enables us to apply existing cryptographic schemes to ...

This paper shows how role-based access control (RBAC) models can be implemented in distributed object-based systems that follow OMG/CORBA standards. We introduce a novel approach that provides for automatic role activation by the security components of the middleware, which brings role-based access control to security-unaware applications.

Location-based Access Control (LBAC) techniques allow the definition of users’ access rights based on location predicates that exploit the users’ physical location. However, evaluating the physical location of a user is a specialized activity that is unlikely to be performed by the same entity (e.g., organization or system) in charge of the access control decision. For this reason, location eva...

OASIS is a distributed RBAC implementation with many extensions. Sound policy design will permit OASIS to protect the distributed resources whose access privileges it controls. However, through operating in a distributed environment, the underlying OASIS infrastructure is open to a number of potential attacks. This paper identifies three main classes of such attack and introduces techniques to ...

The overrt problem in empirical learning and the utility problem in explanation-based learning describe a similar phenomenon: the degradation of performance due to an increase in the amount of learned knowledge. Plotting the performance of learned knowledge during the course of learning (the performance response) reveals a common trend for several learning methods. Modeling this trend allows a ...

The Metia Framework defines a set of standard, open and portable models, interfaces, and protocols facilitating the construction of tools and environments optimized for the management, referencing, distribution, storage, and retrieval of electronic media; as well as a set of core software components (agents) providing functions and services relating to archival, versioning, access control, sear...

This paper presents a new computational framework for modelling visual-object based attention and attention-driven eye movements within an integrated system in a biologically inspired approach. Attention operates at multiple levels of visual selection by space, feature, object and group depending on the nature of targets and visual tasks. Attentional shifts and gaze shifts are constructed upon ...

Article history: Received 28 July 2010 Received in revised form 30 November 2010 Accepted 30 November 2010 Available online 13 December 2010

In this paper we describe a new probabilistic approach to the role engineering process for RBAC. In particular, we address the issue of minimizing the number of roles, problem known in literature as the Basic Role Mining Problem (basicRMP). We leverage the equivalence of the above issue with the vertex coloring problem. Our main result is the proof that the minimum number of roles is sharply co...