Bertino, Ferrari and Atluri (BFA) have recently presented a model for specifying and enforcing authorization constraints for Workflow Management Systems (WFMS). The model is comprehensive and exhibits strong properties such as (1) a language to express constraints, (2) formal notions of constraint consistency and (3) algorithms for role-task and user-task assignments. In this paper, we extend t...

Recently, IACR ePrint archive posted two fully homomorphic encryption schemes without bootstrapping. In this note, we show that these schemes are trivially insecure. Furthermore, we also show that the encryption schemes of Liu and Wang [6] in CCS 2012 and the encryption scheme of Liu, Bertino, and Xun [5] in ASIACCS 2014 are insecure either.

In this paper, we present a provably secure redactable signature scheme allowing to independently redact structure and content. We identify the problems when structure is not separated from content, resulting in an attack on the scheme proposed at VLDB ’08 by Kundu and Bertino. The attack allows for changing the semantic meaning of a given tree. We introduce a rigid security model, including co...

Traditional geostatistical space-time geostatistics is not able to take account of the generally strongly non-linear dynamics of multivariate space-time processes. To this effect physico-chemical transport models are in general more suitable. However, as the latter do not fully master the complexity of the processes they attempt to describe, either because of simplifying hypotheses or because t...

In this paper, we present new attacks on the redactable signature scheme introduced by Kundu and Bertino at VLDB ’08. This extends the work done by Brzuska et al. at ACNS ’10 and Samelin et al. at ISPEC ’12. The attacks address unforgeability, transparency and privacy. Based on the ideas of Kundu and Bertino, we introduce a new provably secure construction. The corresponding security model is m...

Kundu and Bertino (VLDB 2008) recently introduced the idea of structural signatures for trees which support public redaction of subtrees (by third-party distributors) while pertaining the integrity of the remaining parts. An example is given by signed XML documents of which parts should be sanitized before being published by a distributor not holding the signing key. Kundu and Bertino also prov...

MJ Martin, Met Office, Exeter, UK. M Balmaseda, ECMWF, Reading, UK L Bertino, NERSC, Bergen, Norway P Brasseur, LEGI, Grenoble, France G Brassington, Bureau of Meteorology, Melbourne, Australia J Cummings, NRL, Monterey, USA Y Fujii, JMA/MRI, Tsukuba, Japan DJ Lea, Met Office, Exeter, UK J-M Lellouche, Mercator Ocean, Toulouse, France K Mogensen, ECMWF, Reading, UK P Oke, CSIRO, Hobart, Austral...

In this paper, we employ the view model given by Bertino to propose a new design approach for a secure multi-level object-oriented database system. The central idea is to provide the user with a multi-level view derived from a single-level secure object-oriented database. Hence the database operations performed on the multi-level views are decomposed into a set of operations on the single-level...

At ISPEC ’12, Samelin et al. show that the redactable signature scheme introduced at VLDB ’08 by Kundu and Bertino does not always preserve the structural integrity of the tree signed. In particular, they show how redaction of non-leaves promotes descendants and allows a third party to add new edges to the signed tree. This alters the semantic meaning of the tree and is not acceptable in certai...