This paper analysis problems of mandatory access control in strongly distributed information systems that solve computational tasks with long time durability (workflow management systems). We show that problem of mandatory access control may be solved on several levels. There is a strong difference between classification of data the system works with and classification of tasks’ definitions. Th...

For decades, secure operating systems have incorporated mandatory access control (MAC) techniques. Surprisingly, mobile-code platforms such as the Java Virtual Machine (JVM) and the .NET Common Language Runtime (CLR) have largely ignored these advances and have implemented a far weaker security that does not reliably track ownership and access permissions for individual data items. We have impl...

In today’s world, the use of computers and networks is growing and the vision of a single infrastructure for voice and data is becoming a reality. However, with different technologies and services using the same networking infrastructure, the realization of this vision requires higher levels of security to be implemented in computer systems. Current security solutions do not address all of the ...

Multi-tenancy, elasticity and dynamicity pose several novel challenges for access control in a cloud environment. Accessing subjects may dynamically change, resources requiring protection may be created or modified, and subject access requirements to resources may change during the course of the application execution. Users may need to acquire different permissions from different administrative...

Protecting access to digital resources is one of the fundamental problems recognized in the computer security. It yet remains a challenging problem to work out starting from the design of a system till its implementation. Access control is defined as the ability to permit or deny to access a particular resource (object) to a particular entity (subject). Three most widely used traditional access...

Modeling of security policies, along with their realization in code, must be an integral part of the software development process, to achieve an acceptable level of security for a software application. Among all of the security concerns (e.g. authentication, auditing, access control, confidentiality, etc.), this paper addresses the incorporation of access control into software. The approach is ...

In this paper, we present a novel fine-grained access control system for applications where the information flow is critical; the confidentiality of the data is essential and there are a huge number of users who access different portions of an XML document as in military applications. We combine MAC and RBACK models for XML for use in the mentioned type of applications. In accordance with the p...

Organizations invest in information technology (IT) looking for positive results that can only be produced if the technology is effectively used by individuals. The Technology Acceptance Model (TAM) applies a simple and quantitative model to predict intention of use, but it has difficulties to keep its explanatory power when analyzing implementation in mandatory settings (which are usual in bus...

The paper gives an assessment of security for Mobile Ambients, with specific focus on mandatory access control (MAC) policies in multilevel security systems. The first part of the paper reports on different formalization attempts for MAC policies in the Ambient Calculus, and provides an in-depth analysis of the problems one encounters. As it turns out, MAC security does not appear to have fully...

The protection mechanisms of current mainstream operating systems are inadequate to support confidentiality and integrity requirements for end systems. Mandatory access control (MAC) is needed to address such requirements, but the limitations of traditional MAC have inhibited its adoption into mainstream operating systems. The National Security Agency (NSA) worked with Secure Computing Corporat...