With Federated Identity Management (FIM) protocols, service providers can request user attributes, such as the billing address, from the user’s identity provider. Access to this information is managed using so-called Attribute Release Policies (ARPs). In this paper, we first analyze various shortcomings of existing ARP implementations; then, we demonstrate that the eXtensible Access Control Mar...

We propose a formal account of XACML, an OASIS standard adhering to the Policy Based Access Control model for the specification and enforcement of access control policies. To clarify all ambiguous and intricate aspects of XACML, we provide it with a more manageable alternative syntax and with a solid semantic ground. This lays the basis for developing tools and methodologies which allow softwar...

Pervasive computing and Internet of Things (IoT) have recently received considerable interest to deploy solutions for the future Internet. Smart environments are integrated with Semantic Web to provide context-awareness to the processed information. Self-learning techniques have been adopted within smart solutions for efficient retrieval of data but do not process data with privacy parameters f...

Abstract The high increase in the use of graph databases also for business- and privacy-critical applications demands a sophisticated, flexible, fine-grained authorization access control (AC) approach. Attribute-based (ABAC) supports definition rules policies. Attributes can be associated with subject, requested resource action, but environment. Thus, this is promising starting point. However, ...

In the medical sphere, personal and medical information is collected, stored, and transmitted for various purposes, such as, continuity of care, rapid formulation of diagnoses, and billing. Many of these operations must comply with federal regulations like the Health Insurance Portability and Accountability Act (HIPAA). To this end, we need a specification language that can precisely capture th...

We propose in this paper the Security Policy Language (SePL), which is a formal language for capturing and integrating distributed security policies. The syntax of SePL includes several operators for the integration of policies and it is endowed with a denotational semantics that is a generic semantics, i.e., which is independent of any evaluation environment. We prove the completeness of SePL ...

THIS special issue presents recent research results in a field of research that is itself rather new. When Service Oriented Architectures (SOA) came of age, no specific security technology for web services was available and transport protocols security mechanisms were used instead. For instance, web services message confidentiality was achieved using transport security protocols like SSL and HT...

We study the international standard XACML 3.0 for describing security access control policy in a compositional way. Our main contribution is to derive a logic that precisely captures the idea behind the standard and to formally define the semantics of the policy combining algorithms of XACML. To guard against modelling artifacts we provide an alternative way of characterizing the policy combini...

We study the international standard XACML 3.0 for describing security access control policy in a compositional way. Our main contribution is to derive a logic that precisely captures the idea behind the standard and to formally define the semantics of the policy combining algorithms of XACML. To guard against modelling artefacts we provide an alternative way of characterizing the policy combini...

The increasing popularity of remote Cloud File Sharing (CFS) has become a major concern for privacy breach sensitive data. Aiming at this concern, we present new resource sharing framework by integrating enterprise-side Attribute-Based Access Control/eXtensible Control Markup Language (ABAC/XACML) model, client-side Ciphertext-Policy Encryption (CP-ABE) scheme, and cloud-side CFS service. Moreo...