Abstract
Access control is the process of mediating every request to resources and data maintained by a system and determining whether the request should be granted or denied. Traditionally, the access control process is based on a simple paradigm with basic functionalities (e.g., simple authorization tuples), the access control rules are under the control of a single party, and relying on user's authentication. The emerging open-based scenarios make inapplicable traditional assumptions. In this paper we illustrate recent proposals and ongoing work addressing access control in emerging applications and new scenarios.
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Abadi, M., and L. Lamport, Composing specifications, ACM Transactions on Programming Languages, 14(4):1–60, October 1992.
Bell, D. E., Modeling the multipolicy machine, in Proc. of the New Security Paradigm Workshop, August 1994.
Bertino, E., S. Jajodia, and P. Samarati, A flexible authorization mechanism for relational data management systems, ACM Transactions on Information Systems, 17(2):101–140, April 1999.
Blaze, M., J. Feigenbaum, J. Ioannidis, and A.D. Keromytis, The role of trust management in distributed systems security, Secure Internet Programming: Issues in Distributed and Mobile Object Systems, Springer Verlag LNCS State-of the-Art series, 1998.
Blaze, M., J. Feigenbaum, and J. Lacy, Decentralized trust management, in Proc. of the 1996 IEEE Symposiumon Security and Privacy, Oakland, CA, USA, May 1996.
Bonatti, P., S. De Capitani di Vimercati, and P. Samarati, An algebra for composing access control policies, ACM Transactions on Information and System Security, 5(1):1–35, February 2002.
Bonatti, P. and P. Samarati, A unified framework for regulating access and information release on the web, Journal of Computer Security, 10(3):241–272, 2002.
Chu, Y-H., J. Feigenbaum, B. LaMacchia, P. Resnick, and M. Strauss, Referee: trust management forweb applications, WorldWide Web Journal, 2(3):706–734, 1997.
Damiani, E., S. De Capitani di Vimercati, C. Fugazza, and P. Samarati, Extending policy languages to the semantic web, in Proc. of the International Conference on Web Engineering, Munich, Germany, July 2004.
Farrell, S. and R. Housley, An internet attribute certificate profile for authorization. RFC 3281, April 2002.
Hosmer, H., Metapolicies ii, in Proc. of the 15th National Computer Security Conference, 1992.
Information technology—open systems interconnection—the directory: Authentication framework, 2000. Recommendation X.509 (03/00).
Jaeger, T., Access control in configurable systems, Lecture Notes in Computer Science, 1603:289–316, 2001.
Jajodia, S., P. Samarati, M.L. Sapino, and V.S. Subrahmanian, Flexible support for multiple access control policies, ACM Transactions on Database Systems, 26(2):214–260, June 2001.
Jajodia, S., P. Samarati, V.S. Subrahmanian, and E. Bertino, A unified framework for enforcing multiple access control policies, in Proc. of the 1997 ACM International SIGMOD Conference on Management of Data, Tucson, AZ, May 1997.
Landwehr, C., Formal models for computer security, Computing Surveys, 13(3):247–278, September 1981.
Li, N., J. Feigenbaum, and B. Grosof, A logic-based knowledge representation for authorization with delegation, in Proc. of the 12th IEEE Computer Security Foundations Workshop, pages 162–174, July 1999.
McLean, J., The algebra of security, in Proc. of the 1988 IEEE Computer Society Symposium on Security and Privacy, Oakland, CA, USA, April 1988.
Rabitti, F., E. Bertino, W. Kim, and D. Woelk, A model of authorization for next-generation database systems, ACM TODS, 16(1):89–131, March 1991.
Samarati, P. and S. De Capitani di Vimercati, Access control: Policies, models, and mechanisms, in R. Focardi and R. Gorrieri, editors, Foundations of Security Analysis and Design, LNCS 2171. Springer-Verlag, 2001.
Subrahmanian, V. S., S. Adali, A. Brink, J.J. Lu, A. Rajput, T.J. Rogers, R. Ross, and C. Ward, Hermes: Heterogeneous reasoning and mediator system. http://www.cs.umd.edu/projects/hermes
Wijesekera, D. and S. Jajodia, A propositional policy algebra for access control, ACM Transactions on Information and System Security, 6(2):286–325, May 2003.
Woo, T.Y.C. and S.S. Lam, Authorizations in distributed systems: A new approach, Journal of Computer Security, 2(2,3):107–136, 1993.
Yu, T., M. Winslett, and K.E. Seamons, Prunes: An efficient and complete strategy for automated trust negotiation over the internet, in Proc. of the 7th ACM Conference on Computer and Communications Security, Athens, Greece, November 2000.
Yu, T., M. Winslett, and K.E. Seamons, Interoperable strategies in automated trust negotiation, in Proc. of the 8th ACM Conference on Computer and Communications Security, Philadelphia, PA, USA, November 2001.
Yu, T., M. Winslett, and K.E. Seamons, Supporting structured credentials and sensistive policies trough interoperable strategies for automated trust, ACM Transactions on Information and System Security (TISSEC), 6(1):1–42, 2003.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer
About this paper
Cite this paper
De Capitani Vimercati, S., Samarati, P. (2005). New Directions in Access Control. In: Kowalik, J.S., Gorski, J., Sachenko, A. (eds) Cyberspace Security and Defense: Research Issues. NATO Science Series II: Mathematics, Physics and Chemistry, vol 196. Springer, Dordrecht. https://doi.org/10.1007/1-4020-3381-8_15
Download citation
DOI: https://doi.org/10.1007/1-4020-3381-8_15
Publisher Name: Springer, Dordrecht
Print ISBN: 978-1-4020-3379-7
Online ISBN: 978-1-4020-3381-0
eBook Packages: Computer ScienceComputer Science (R0)