In this paper we define formally a wide variety of separation-of-duty (SoD) properties, which include the best known to date, and establish their relationships within a formal model of role-based access control (RBAC). The formalism helps remove all ambiguities of informal definition, and offers a wide choice of implementation strategies. We also explore the composability of SoD properties and ...

With the growing use of wireless networks and mobile devices, we are moving towards an era where location information will be necessary for access control. The use of location information can be used for enhancing the security of an application, and it can also be exploited to launch attacks. For critical applications, such as the military, a formal model for location-based access control is ne...

Two basic paradigms towards speciication of information security requirements can be taken: continuous speciication and early speciication of requirements. In models supporting continuous specii-cation and reenement of information security requirements, the development organization is more vulnerable to the tampering with partially speciied requirement primitives. This paper proposes a formal m...

With the growing use of wireless networks and mobile devices, we are moving towards an era where location information will be necessary for access control. The use of location information can be used for enhancing the security of an application, and it can also be exploited to launch attacks. For critical applications, a formal model for location-based access control is needed that increases th...

With the growing advancement of pervasive computing technologies, we are moving towards an era where spatio-temporal information will be necessary for access control. The use of such information can be used for enhancing the security of an application, and it can also be exploited to launch attacks. For critical applications, a formal model for spatio-temporal-based access control is needed tha...

In this paper, we investigate the feasibility of providing two-way broadband access for residential interactive multimedia services over multi-beam satellite systems. We propose air-interface protocols and terminal structures for broadband access with special emphasis on the MAC (Medium Access Control) sub-layer. We have used SDLbased formal techniques to describe and validate the behavior of t...

We present a specification approach of secured systems as transition systems and security policies as constraints that guard the transitions. In this context, security properties are expressed as invariants. Then we propose an abduction algorithm to generate possible security policies for a given transition-based system. Because abduction is guided by invariants, the generated security policies...

In this paper, we consider how to improve dynamic access methods which are designed to perform data-intensive selection queries in a dynamic setting. A large number of dynamic access methods have been proposed for supporting such queries. Almost all of them are designed with the primarily goal to reduce the number of page accesses, whereas our main attention is paid to decreasing the cost of in...