Search results for "XACML"

showing 9 items of 9 documents

Enforcing mobile security with location-aware role-based access control

2013

This paper describes how location-aware role-based access control RBAC can be implemented on top of the Geospatial eXtensible Access Control Markup Language GeoXACML. It furthermore sketches how spatial separation of duty constraints both static and dynamic can be implemented using GeoXACML on top of the XACML RBAC profile. The solution uses physical addressing of geographical locations, which facilitates easy deployment of authorisation profiles to the mobile device. Location-aware RBAC can be used to implement location-dependent access control and also other security enhancing solutions on mobile devices, such as location-dependent device locking, firewall, intrusion prevention or payment…

Markup languageGeospatial analysisComputer Networks and CommunicationsComputer scienceSeparation of dutiesbusiness.industryXACML020206 networking & telecommunicationsAccess control02 engineering and technologyComputer securitycomputer.software_genreFirewall (construction)020204 information systems0202 electrical engineering electronic engineering information engineeringRole-based access controlbusinessMobile devicecomputerInformation Systemscomputer.programming_languageComputer networkSecurity and Communication Networks
researchProduct

A Scratch-based Graphical Policy Editor for XACML

2015

This paper proposes a policy-maker-friendly editor for the extensible Access Control Markup Language (XACML) based on the programming language Scratch. Scratch is a blocks-based programming language designed for teaching children programming, which allows users to build programs like a puzzle. We take this concept one step further with an XACML policy editor based on the graphic programming elements of Scratch implemented in Smalltalk. This allows for aiding the user on how to build policies by grouping blocks and operators that fit together and also indicating which blocks that will stick together. It simplifies building the XACML policies while still having an XACML “feel” of the graphic …

Markup languagebusiness.industrycomputer.internet_protocolComputer scienceProgramming languageAuthorizationXACMLAccess controlcomputer.software_genreScratchbusinesscomputerSmalltalkXMLcomputer.programming_languageProceedings of the 1st International Conference on Information Systems Security and Privacy
researchProduct

Two tiered privacy enhanced intrusion detection system architecture

2009

The paper describes an architecture for privacy-enhanced intrusion detection systems, that separates privacy-invasive and privacy-preserving operations. This can be useful in cases where less sensitive network monitoring is outsourced to a third party and more sensitive network monitoring operations and data forensics are performed in-house or by law enforcement agencies.

Network forensicsInformation privacyComputer sciencePrivacy policyLaw enforcementXACMLComputingMilieux_LEGALASPECTSOFCOMPUTINGIntrusion detection systemNetwork monitoringComputer securitycomputer.software_genreHost-based intrusion detection systemcomputercomputer.programming_language2009 IEEE International Workshop on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications
researchProduct

Mobile Security with Location-Aware Role-Based Access Control

2012

Published version of an article from the book: Security and privacy in mobile information and communication systems. Also available on SpringerLink: http://dx.doi.org/10.1007/978-3-642-30244-2_15 This paper describes how location-aware Role-Based Access Control (RBAC) can be implemented on top of the Geographically eXtensible Access Control Markup Language (GeoXACML). It furthermore sketches how spatial separation of duty constraints (both static and dynamic) can be implemented using GeoXACML on top of the XACML RBAC profile. The solution uses physical addressing of geographical locations which facilitates easy deployment of authorisation profiles to the mobile device. Location-aware RBAC c…

Software_OPERATINGSYSTEMSMarkup languagebusiness.industryComputer scienceSeparation of dutiesXACMLComputerApplications_COMPUTERSINOTHERSYSTEMSAccess controlComputer securitycomputer.software_genreFirewall (construction)Software deploymentVDP::Technology: 500::Information and communication technology: 550::Telecommunication: 552Role-based access controlbusinesscomputerMobile deviceComputer networkcomputer.programming_language
researchProduct

ViSPE: A Graphical Policy Editor for XACML

2015

In this paper we present the Visual Security Policy Editor (ViSPE), a policy-maker-friendly graphical editor for the eXtensible Access Control Markup Language (XACML). The editor is based on the programming language Scratch and implemented in Smalltalk. It uses a graphical block-based syntax for declaring access control polices that simplifies many of the cumbersome and verbose parts of XACML. Using a graphical language allows the editor to aid the policy-maker in building polices by providing visual feedback and by grouping blocks and operators that fit together and also indicating which blocks that stick together. It simplifies building policies while still maintaining the basic structure…

Structure (mathematical logic)Markup languageSyntax (programming languages)Computer sciencebusiness.industryProgramming languageXACMLAccess controlSecurity policycomputer.software_genreBlock (programming)businesscomputerSmalltalkcomputer.programming_language
researchProduct

Mikroservisa autorizēšanās sistēma balstīta uz XACML standartu

2017

Bakalaura darbā ir izpētīts XACML standarts, kas ir vecākais un populārākais no diviem atribūtu bāzētās piekļuves kontroles standartiem. Galvenais mērķis bakalaura darba izstrādē bija izstrādāt uz XACML standarta balstītu, bet ne obligāti tā implementējošu autorizēšanās sistēmu, kas ir veidota Node.js vidē TypeScript programmēšanas valodā un ir vieglāk izmantojama par esošajiem risinājumiem. Viens no veidiem, kā padarīt implementēto sistēmu vieglāk izmantojumu, bija izstrādāt jaunu, uz XML nebalstītu politiku valodu un tās apstrādes modeli. Teorētiskajā daļā ir aprakstīts XACML standarts - tā politiku valoda, darbības mehānismi un arhitektūra -, sniegts pārskats par esošajām atvērtā pirmkod…

XACMLDatorzinātneautorizēšanapolitiku valodaABACNode.js
researchProduct

A novel policy-driven reversible anonymisation scheme for XML-based services

2015

Author's version of an article in the journal: Information Systems. Also available from the publisher at: http://dx.doi.org/10.1016/j.is.2014.05.007 This paper proposes a reversible anonymisation scheme for XML messages that supports fine-grained enforcement of XACML-based privacy policies. Reversible anonymisation means that information in XML messages is anonymised, however the information required to reverse the anonymisation is cryptographically protected in the messages. The policy can control access down to octet ranges of individual elements or attributes in XML messages. The reversible anonymisation protocol effectively implements a multi-level privacy and security based approach, s…

XML Encryptioncomputer.internet_protocolComputer sciencePrivacy policyInternet privacyBig dataXACMLprivacyComputer securitycomputer.software_genreXACMLbig dataVDP::Technology: 500::Information and communication technology: 550::Telecommunication: 552XML-encryptioncomputer.programming_languagebusiness.industrydeanonymiserService-oriented architectureXML databaseHardware and Architecturebusinessreversible anonymisationcomputerSoftwareXMLInformation SystemsInformation Systems
researchProduct

Enforcing role based access control model with multimedia signatures.

2009

International audience; Recently ubiquitous technology has invaded almost every aspect of the modern life. Several application domains, have integrated ubiquitous technology to make the management of resources a dynamic task. However, the need for adequate and enforced authentication and access control models to provide safe access to sensitive information remains a critical matter to address in such environments. Many security models were proposed in the literature thus few were able to provide adaptive access decisions based on the environmental changes. In this paper, we propose an approach based on our previous work [B.A. Bouna, R. Chbeir, S. Marrara, A multimedia access control languag…

[ INFO.INFO-IR ] Computer Science [cs]/Information Retrieval [cs.IR][INFO.INFO-WB] Computer Science [cs]/WebComputer access controlComputer science[ INFO.INFO-WB ] Computer Science [cs]/Web[SCCO.COMP]Cognitive science/Computer scienceXACMLAccess control02 engineering and technologycomputer.software_genreWorld Wide Web[SCCO.COMP] Cognitive science/Computer science020204 information systems0202 electrical engineering electronic engineering information engineeringRole-based access control[INFO.INFO-DB] Computer Science [cs]/Databases [cs.DB]Intelligent environmentcomputer.programming_language[ INFO.INFO-MM ] Computer Science [cs]/Multimedia [cs.MM][INFO.INFO-MM] Computer Science [cs]/Multimedia [cs.MM][INFO.INFO-DB]Computer Science [cs]/Databases [cs.DB]Ambient intelligenceMultimediabusiness.industry[INFO.INFO-WB]Computer Science [cs]/Web[INFO.INFO-MM]Computer Science [cs]/Multimedia [cs.MM]Computer security model[ INFO.INFO-DB ] Computer Science [cs]/Databases [cs.DB]Hardware and Architecture[INFO.INFO-IR]Computer Science [cs]/Information Retrieval [cs.IR][ SCCO.COMP ] Cognitive science/Computer science020201 artificial intelligence & image processing[INFO.INFO-IR] Computer Science [cs]/Information Retrieval [cs.IR]Web servicebusinesscomputerSoftware
researchProduct

Decision-cache based XACML authorisation and anonymisation for XML documents

2012

Author's version of an article in the journal: Computer Standards and Interfaces. Also available from the publisher at: http://dx.doi.org/10.1016/j.csi.2011.10.007 This paper describes a decision cache for the eXtensible Access Control Markup Language (XACML) that supports fine-grained authorisation and anonymisation of XML based messages and documents down to XML attribute and element level. The decision cache is implemented as an XACML obligation service, where a specification of the XML elements to be authorised and anonymised is sent to the Policy Enforcement Point (PEP) during initial authorisation. Further authorisation of individual XML elements according to the authorisation specifi…

authorisationSoftware_OPERATINGSYSTEMSMarkup languageComputer sciencecomputer.internet_protocolXACMLAccess controlIntrusion detection systemcomputer.software_genrecachingXACMLcomputer.programming_languageanonymisationVDP::Mathematics and natural science: 400::Information and communication science: 420::Security and vulnerability: 424AuthenticationDatabasebusiness.industryComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMSHardware and ArchitectureCacheprivacy policyWeb servicebusinessLawcomputerSoftwareXMLComputer Standards & Interfaces
researchProduct