Authorization protects application resources by allowing only authorized entities to access them. Existing authorization solutions are widely based on the request-response model, where a policy enforcement point intercepts application requests, obtains authorization decisions from a remote policy decision point, and enforces those decisions. This model enables sharing the decision point as an a...

Work ows represent processes in manufacturing and o ce environments that typically consist of several well-de ned activities (known as tasks). To ensure that these tasks are executed by authorized users or processes (subjects), proper authorization mechanisms must be in place. Moreover, to make sure that authorized subjects gain access on the required objects only during the execution of the sp...

In this paper, a new authorization delegation model is proposed, which is based on weighted directed graph to present the trust relationship between the entities and the existing issues, such as the evaluation of the trust and the presentation of the trust among the entities are addressed in simple and visual way. The model and the corresponding algorithm of the compliance checking is analyzed ...

We present a novel approach for the specification and enforcement of authorizations that enables controlled data sharing for collaborative queries in the cloud. Data authorities can establish authorizations regulating access to their data distinguishing three visibility levels (no visibility, encrypted visibility, and plaintext visibility). Authorizations are enforced in the query execution by ...

The system-security literature contains numerous papers on authorization which are written according to the following scheme. The authors select a specific situation commonly occurring in a business setting and then describe a formalization of a specific policy that allows for solving the problem of the access to information (in varying granularity: collections of objects, tables, records or ev...

In next generation wireless networks, an application must be capable of rating service information in real-time and prior to initiation of the service it is necessary to check whether the end user’s account provides coverage for the requested service. However, to provide prepaid services effectively, credit-control should have minimal latency. In an endeavor to support real-time credit-control ...

We propose two extensions to the authorization model for relational databases defined originally by Griffiths and Wade. The first extension concerns a new type of revoke operation, called noncascading revoke operation. The original model contains a single, cascading revoke operation, meaning that when a privilege is revoked from a user, a recursive revocation takes place that deletes all author...

Attribute staleness arises due to the physical distribution of authorization information, decision and enforcement points. This is a fundamental problem in virtually any secure distributed system in which the management and representation of authorization state are not globally synchronized. This problem is so intrinsic that it is inevitable an access decision will be made based on attribute va...