Access control mechanisms are widely used with the intent of enforcing confidentiality and other policies, but few formal connections have been made between information flow and...
The validation of enterprise authorization specification for conformance to enterprise security policies requires an out-of-band framework in many situations since the enforcing a...
While publishing content on the World Wide Web has moved within reach of the non-technical mainstream, controlling access to published content still requires expertise in Web serv...
We present a storage management framework for Web 2.0 services that places users back in control of their data. Current Web services complicate data management due to data lock-in...
Neal H. Walfield, Paul T. Stanton, John Linwood Gr...
The erosion of trust put in traditional database servers and in Database Service Providers, the growing interest for different forms of data dissemination and the concern for prot...
We present a model of access control which provides fine-grained data-dependent control, can express permissions about permissions, can express delegation, and can describe syste...
Dimitar P. Guelev, Mark Ryan, Pierre-Yves Schobben...
We extend a particular access control framework, the Privilege Calculus, with a possibility to override denied access for increased flexibility in hard to define or unanticipated...
Erik Rissanen, Babak Sadighi Firozabadi, Marek J. ...
Current firewall configuration languages have no well founded semantics. Each firewall implements its own algorithm that parses specific proprietary languages. The main conseq...
The situation in engineering security for Web services that access databases is as follows: On the one hand, specifications like WSSecurity are concerned with the security managem...
Martin Wimmer, Daniela Eberhardt, Pia Ehrnlechner,...
This work proposes a XML-based framework for distributing and enforcing RSVP access control policies, for RSVP-aware application servers. Policies are represented by extending XAC...