This paper builds a bridge between permissions and ownership types. Ownership is a recognized alias control technique. With ownership, each object is assigned an owner and any acc...
Even though the final objective of an access control model is to provide a framework to decide if actions performed by subjects on objects are permitted or not, it is not convenie...
We propose a framework to evaluate the risk incurred when managing users and permissions through RBAC. The risk analysis framework does not require roles to be defined, thus making...
Alessandro Colantonio, Roberto Di Pietro, Alberto ...
Abstract. To guarantee the security of computer systems, it is necessary to define security permissions to restrict the access to the systems' resources. These permissions enf...
Making correct access-control decisions is central to security, which in turn requires accounting correctly for the identity, credentials, roles, authority, and privileges of users...
Thumrongsak Kosiyatrakul, Susan Older, Shiu-Kai Ch...