In this paper, we propose a new security enforcement mechanism and demonstrate how this mechanism can enforce policies for both mandatory access control (MAC) and discretionary access control (DAC) in an object database system. Each class may have a security method that can block messages that leave instances of the class, and can block messages directed to instances of the class. Each supercla...

Role-based access control is an important way of limiting the access users have to computing resources. While the basic concepts of role-based access control are now well understood, there is no consensus on the best approach to managing role-based systems. In this paper, we introduce a new model for role-based administration, using the notions of discretionary and mandatory controls. Our model...

The Role-Based Access Control (RBAC) model is traditionally used to manually assign users to appropriate roles, based on a specific enterprise policy, thereby authorizing them to use the roles' permissions. In environments where the service-providing enterprise has a huge customer base this task becomes formidable. An appealing solution is to automatically assign users to roles. The central con...

The paper presents revocation schemes in role-based access control models. We are particularly interested in two key issues: how to perform revocation and how to manage the revocation policy. We show how to deal with these two aspects in the delegation model based on the OrBAC formalism and its administration licence concept. This model provides means to manage several delegation types, such as...

We demonstrate how access control models and policies can be represented by using term rewriting systems, and how rewriting may be used for evaluating access requests and for proving properties of an access control policy. We focus on two kinds of access control models: discretionary models, based on access control lists (ACLs), and rolebased access control (RBAC) models. For RBAC models, we sh...

extensive researches on wireless sensor networks (wsns) have been performed and many techniques have been developed for the data link (mac) layer. most of them assume single-channel mac protocols. in the usual dense deployment of the sensor networks, single-channel mac protocols may be deficient because of radio collisions and limited bandwidth. hence, using multiple channels can significantly ...

Originator Control is an access control policy that requires recipients to gain originator’s approval for redissemination of disseminated digital object. Originator control policies are one of the generic and key concerns of usage control. Usage control is an emerging concept which encompasses traditional access control and digital rights management solutions. However, current commercial Digita...

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii

The development of complex access control architectures raises the problem of their management. In this article, we describe an architecture providing packet filters configuration in Internet based networks. The performance of the access control process heavily depends on the number of rules used to define the access control service. Therefore an efficient access control architecture relies on ...

A new approach to the discretionary access control in structurally object-oriented databases is suggested. The approach is based on the use of pseudo-random functions and sibling intractable functions, rather than on the traditional access control list associated with each class. The advantage of this approach is that each class in the hierarchy of a complex object class can be associated with ...