(ABAC) mechanisms are gaining in popularity while the role-based access control (RBAC) mechanism is widely accepted as a general mechanism for authorization management. This paper proposes a new access control model, CRBAC, which aims to combine the advantages of RBAC and ABAC, and integrates all kinds of constraints into the RBAC model. Unlike other work in this area, which only incorporates o...

We present a novel approach for the specification and enforcement of authorizations that enables controlled data sharing collaborative queries in cloud. Data authorities can establish regulating access to their distinguishing three visibility levels (no visibility, encrypted plaintext visibility). Authorizations are enforced accounting information content carried computation ensure no is improp...

Signaling layer protocols specified within the Next Steps in Signaling (NSIS) framework may rely on the General Internet Signaling Transport (GIST) protocol to handle authorization. Still, the signaling layer protocol above GIST itself may require separate authorization to be performed when a node receives a request for a certain kind of service or resources. This document presents a generic mo...

This thesis intends to develop application-level access control models to address several major security issues in enterprise environments. The first goal is to provide simple and efficient authorization specifications to reduce the complexity of security management. The second goal is to provide dynamic access control for Web service applications. The third goal is to provide an access control...

Collaborative business can become unreliable in terms of authorization policy conflicts, for example, when (1) incorrect role assignment or modification occurs in a service within one organization or (2) messages transferred from one organization are accessed by unqualified roles in other collaborating business partners. Therefore reliability verification based on access policies is critical fo...

Existing web services and mashups exemplify the need for flexible construction of distributed applications. How to do so securely remains a topic of current research. We present TAPIDO, a programming model to address Trust and Authorization concerns via Provenance and Integrity in systems of Distributed Objects. Creation of TAPIDO objects requires (static) authorization checks and their communi...

Service composition is a fundamental technique for developing Web services based applications. As autonomous services are invoked through protocols, issues such as security must be taken into account. Thus, ensuring security in such a system is challenging and not supported by most of the security frameworks proposed in current literature. This paper presents a formal model for composing securi...

ion and Composition One of the rst issues that arises is that of abstraction and modeling. What is the proper abstraction to specify and manage authorization functions and tasks. We propose the abstraction of an authorization-task-unit to model the authorizations associated with every authorization function. Such an authorization unit may be composed of other smaller units called called approva...

Business processes are usually expected to meet high level authorization requirements (e.g., Separation of Duty). Since violation of authorization requirements may lead to economic losses and/or legal implications, ensuring that a business process meets them is of paramount importance. Previous work showed that model checking can be profitably used to check authorization requirements in busines...