Classical authentication and authorization in grid environments can become a user management issue due to the flat nature of credentials based on X.509 certificates. While such credentials are able to identify user affiliations, such systems typically leave out a crucial aspect in user management and resource allocation: privilege levels. Shibboleth-based authentication mechanisms facilitate th...

Current approaches to access control on Web servers do not scale to enterprisewide systems, since they are mostly based on individual users. Therefore, we were motivated by the need to manage and enforce the strong access control technology of RBAC in large-scale Web environments. Cookies can be used to support RBAC on the Web, holding users’ role information. However, it is insecure to store a...

Internet servers are always in danger of being “hijacked” by various attacks like the buffer overflow attack. To minimize damages in cases where full control of the servers are stolen, imposing access restrictions on the servers is still needed. However, designing a secure access control mechanism against hijacking is not easy because that mechanism itself can be a security hole. In this paper,...

The Bluetooth standard has a provision for mutual authentication of connecting devices but not their actual users and allows access control during connection setup only. We propose a user authorization and pairing (UAP) application, that has the ability to perform authentication and authorization of users using role based model. The pairing procedure, which exchanges link key between devices, i...

Abstract With the widespread use of Internet Things (IoT) in various applications and several security vulnerabilities reported them, requirements have become an integral part IoT system. Authentication access control are two principal for ensuring authorized restricted accesses to limited essential resources IoT. The built-in authentication mechanism devices is not reliable, because revealed f...

Access control is a fundamental concern in any system that manages resources, e.g., operating systems, file systems, databases and communications systems. The problem we address is how to specify, enforce, and implement access control in distributed environments. Starting from an access relation between users and resources, we derive a user hierarchy, a resource hierarchy, and a unified hierarc...

The present paper addresses privacy and security enhancements to a basic role-based access control system. The contribution is twofold. First, the paper presents an approach to personalized access control, i.e. a combination of role-based access control and user-managed access control. Second, the proposed access control approach is crypto&aphically enforced and an efficient key management meth...