We propose the role-and-relation-based access control (R2 BAC) model for workflow systems. In R2 BAC, in addition to a user's role memberships, the user's relationships w...
As the XML model gets more popular, new needs arise to specify access control within XML model. Various XML access control models and enforcement methods have been proposed recentl...
Anonymous communications provides an important privacy service by keeping passive eavesdroppers from linking communicating parties. However, using long-term statistical analysis of...
We present a new technique for generating a formal proof that an access request satisfies accesscontrol policy, for use in logic-based access-control frameworks. Our approach is t...
Although there exist informal design guidelines and formal development support, security protocol development is time-consuming because design is error-prone. In this paper, we int...
We present the Obligation Specification Language (OSL), a policy language for distributed usage control. OSL supports the formalization of a wide range of usage control requiremen...
Manuel Hilty, Alexander Pretschner, David A. Basin...
Abstract. Security policies, in particular access control, are fundamental elements of computer security. We address the problem of authoring and analyzing policies in a modular wa...