Dynamic context-aware access control - Use of resource hierarchies to define fine-grained, adaptable authorization policies

SECRYPT 2007 - International Conference on Security and Cryptography, Proceedings

Volumn , Issue , 2007, Pages 386-393

  Laube, Annett ^a   Gomez, Laurent ^a  

^a SAP Labs France SA   (France)

Author keywords

Access control; Context awareness; Resource hierarchy

Indexed keywords

AUTHORIZATION POLICY; BUSINESS LOGIC; CONTEXT AWARENESS; DYNAMIC CONTEXTS; DYNAMIC POLICY ENFORCEMENT; EXPLICIT NOTATION; RESOURCE HIERARCHY; SECURITY LOGIC;

CRYPTOGRAPHY; SECURITY SYSTEMS;

ACCESS CONTROL;

EID: 67649818507     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (16)

1. Beznosov, K. (2002). Object security attributes: Enabling application-specific access control in middleware. In 4th International Symposium on Distributed Objects and Applications (DOA), pages 693-710.
2. Chen, G. and Kotz, D. (2000). A Survey of Context-Aware Mobile Computing Research. Technical Report TR2000-381, Dartmouth College, Computer Science, Hanover, NH.
3. den Bergh, J. V. and Coninx, K. (2005). Towards integrated design of context-sensitive interactive systems. In PERCOMW '05: Proceedings of the Third IEEE International Conference on Pervasive Computing and Communications Workshops.
4. Galiasso, P., Bremer, O., Hale, J., Shenoi, S., and al. (2000). Policy mediation for multi-enterprise environments. In ACSAC '00: Proceedings of the 16th Annual Computer Security Applications Conference.
5. Ilechko, P. and Kagan, M. (2006). Authorization concepts and solutions for j2ee applications.
6. Kalam, A. A. E., Benferhat, S., Miege, A., Baida, R. E., Cuppens, F., Saurel, C, Balbiani, P., Deswarte, Y, and Trouessin, G. (2003). Organization based access control. In POLICY '03: Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks, page 120, Washington, DC, USA.
7. Lachmund, S., Walter, T., Bussard, L., Gomez, L., and Oik, E. (2006). Context-aware access control. In IWUAC'06: Proceedings of the third Annual International Conference on Mobile and Ubiquitous Systems.
8. Mikalsen, M. and Kofod-Petersen, A. (2004). Representing and Reasoning about Context in a Mobile Environment. In Schulz, S. and Roth-Berghofer, T., editors, Modeling and Retrieval of Context 2004 (MRC), volume 114, pages 25-35.
9. MOSQUITO (2006). 1ST 004636 MOSQUITO Project.
10. Moyer, M., Covington, M., and Ahamad, M. (2000). Generalized role-based access control for securing future applications. In 23rd National Infromation Systems Security Conference (NISSC 2000).
11. OASIS (2003). extensible Access Control Markup Language (XACML) 1.1.
12. OASIS (2005). Web Service Trust Language (WS-Trust) 1.3.
13. OASIS (2006). Web Service Security: SOAP Message Security 1.1 (WS-Security 2004).
14. Sandhu, R. S., Coyne, E. J., Feinstein, H. L., and Youman, C. E. (1996). Role-based access control models. IEEE Computer, 29(2):38-17.
15. W3C (1999). W3C XSL transformations (XSLT) 1.0.
16. Zhang, G. and Parashar, M. (2004). Context-aware dynamic access control for pervasive computing.