This paper presents an authorization solution for resource management and control developing as a part of the China Education and Research Network (CERNET) to perform fine-grained authorization of job and resource management requested in the Grid environment which meets the Fusion-Grid’s security needs in large scale networks such as CERNET. It integrates the GT2 job manager and X.509 authoriza...

An authorization management model named five-layer-two-section is proposed through studying on problems of authorization management model and role network model. The model inherits the thought of role network model, and at the same time it expands the role network model by putting website into management model, so as to more accurate authority management. And it puts user and post into one syst...

As part of the access control process an authorization decision needs to be taken based on a certain authorization model. Depending on the environment different models are applicable (e.g., RBAC in organizations, MAC in the military field). An authorization model contains all necessary elements needed for the decision (e.g., subjects, objects, and roles) as well as their relations. As these ele...

We present the first automated proof of the authorization protocols in TPM 2.0 in the computational model. The Trusted Platform Module(TPM) is a chip that enables trust in computing platforms and achieves more security than software alone. The TPM interacts with a caller via a predefined set of commands. Many commands reference TPM-resident structures, and use of them may require authorization....

In this paper we present a systematic categorization of the user access authorization exceptions which may occur in conventional role-based access control models. We propose a slightly revised NIST RBAC model which allows us to express all the authorization exceptions we consider. We give a formal definition of the model and show how it can be implemented in DATALOG with negation to give simple...

We present algorithms for access rights control in multiuser, object-oriented databases. These algorithms follow the model of authorization introduced in F. Rabitti et al., A model of authorization for next-generation databases, ACM Transaction on Database Systems 16:88{131, 1991. We show how the three basic operations: AccessControl, Grant, and Revoke can be eeciently implemented using methods...

Logical formulas and enumeration are the two major ways for specifying authorization policies in Attribute Based Access Control (ABAC). While considerable research has been done for specifying logical-formula authorization policy ABAC, there has been less attention to enumerated authorization policy ABAC. This paper presents a finite attribute, finite domain ABAC model for enumerated authorizat...

AbstrucfThe integration of object-oriented programming concepts with databases is one of the most significant advances in the evelution of database systems. Many aspects of such a combination have been studied, but there are few models to provide security for this richly structured information. We develop here an authorization model for object-oriented databases. This model consists of a set of...