Binding of Duty (BOD) constraints define that the same subject (or role) who performed a certain task t1 must also perform a corresponding bound task t2. In this paper, we describe algorithms for checking the satisfiability of binding constraints in a business process context. In particular, these algorithms check the configuration of a process-related RBAC model to find satisfiability conflict...

Privacy concerns keep users from sharing required information in a collaborative environment. There is a need of privacy preserving methods that can enhance flow of information among collaborating users in dynamic teams without compromising their privacy. We describe a user-defined rolebased sharing control model and architecture that uses hybrid roles and hybrid sharing control policy for the ...

Agent Technology provides a new methodology in implementing workflow environments. This paper is concerned with how this shift in paradigm affects traditional security concepts like access control and separation of duty principles. The discussion focuses on the implementation of task allocation in an agent-based workflow environment (AWE) that is currently being developed. Task allocation is fu...

Traffic control can be regarded as a multiagent application in which car-agents and traffic-light-agents need to coordinate with each other to optimize the traffic flow and to avoid congestions. Environment abstractions naturally suit this scenario in that agents actions are mainly driven by traffic-related information that are distributed across the environment both at a practical and conceptu...

We propose a framework to evaluate the risk incurred when managing users and permissions through RBAC. The risk analysis framework does not require roles to be defined, thus making it applicable before the role engineering phase. In particular, the proposed approach highlights users and permissions that markedly deviate from others, and that might consequently be prone to error when roles are o...

In this paper we address the problem of reducing the role mining complexity in RBAC systems. To this aim, we propose a three steps methodology: first, we associate a weight to roles; second, we identify user-permission assignments that cannot belong to roles with a weight exceeding a given threshold; and third, we restrict the role-finding problem to user-permission assignments identified in th...

In this paper we investigate one aspect of RBAC administration concerning assignment of users to roles. A user-role assignment model can also be used for managing user-group assignment. We overview a constrained user-group assignment model and describe its implementation in the Linux system. Rather than set user and file rights individually for each and every user, the administrator can give ri...

Public low voltage feeders containing a mixture of several micro-sources, distributed energy storage units (ESUs) and controllable loads, which appear to the upstream distribution network as controllable entities, are known as MicroGrids. Through intelligent co-ordination of micro-generators and ESUs, coupled with demand side management techniques, MicroGrids have the potential to offer signifi...

Suppose N people are in a circle and each has a K-bit integer on his forehead and can see the others’ integersht does not know his own. How many bits of information must be exchanged among the players so that each can determine his own number after the exchange? We provide an algorithm for which bits suffice. In particular if N > K , the total of NK bits can be resolved in K + 1 transmissions. ...

Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is an access control mechanism over encrypted data and well suited for secure group-based communication. However, it also suffers from the following problem, i.e., it is impossible to build all desired groups. For example, if two group members have exactly the same attributes, how to construct a group including only one of the two members? O...