oalib
Search Results: 1 - 10 of 100 matches for " "
All listed articles are free for downloading (OA Articles)
Page 1 /100
Display every page Item
Checking Security Policy Compliance  [PDF]
Vaibhav Gowadia,Csilla Farkas,Michiharu Kudo
Computer Science , 2008,
Abstract: Ensuring compliance of organizations to federal regulations is a growing concern. This paper presents a framework and methods to verify whether an implemented low-level security policy is compliant to a high-level security policy. Our compliance checking framework is based on organizational and security metadata to support refinement of high-level concepts to implementation specific instances. Our work uses the results of refinement calculus to express valid refinement patterns and their properties. Intuitively, a low-level security policy is compliant to a high-level security policy if there is a valid refinement path from the high-level security policy to the low-level security policy. Our model is capable of detecting violations of security policies, failures to meet obligations, and capability and modal conflicts.
Definition of the Constraint with Spatial Characters  [PDF]
Shiguang Ju,Yi Gu,Zhu Tang,Weihe Chen
International Journal of Distributed Sensor Networks , 2009, DOI: 10.1080/15501320802540686
Abstract: With the development of the RBAC applications, the spatial characters of those protected data objects have to be considered in many fields. In most cases, the permissions of the same user's access will be changed when the users' location changed. The roles played by the same user may be different since their spatial location is changing and then this user would have the different access authorizations in different spatial locations. Generally speaking, the permissions assigned to users depend on their position in a reference space: users often belong to well-defined categories; objects to which permissions must be granted are located in that space; access control policies must grant some privileges based on the positions of objects/users. Some considerable efforts have been recently devoted to the research of secure spatial database systems which guarantee high security and privacy. Especially the integration of the spatial dimension into RBAC-based models has been the hot topic as a consequence of the growing relevance of geo-spatial information in advanced GIS and mobile applications. In the context of mobile applications, spatial constraints are very important for supporting the definition and maintenance of access control policy. Constraint is an important matter of role-based access control policy. It is enforced on special roles in order to maintain the system security. There is only one constraint specified in the traditional RBAC, which is used to enforce the Separation of Duty (SoD) constraint. In this paper, according to the analysis of the spatial features of those protected spatial data object, combining the necessity of spatial constraints and the non-conflict conditions of spatial constraints with the satisfiability of spatial constraints sets and relevance between the different classes of constraints, the constraints with spatial characters are divided into three different classes: the constraints on spatial region, spatial separation of duty constraint, and constraints on cardinality of spatial role activation. We also present the relationship between the different constraints.
A Topology-Based Conflict Detection System for Firewall Policies using Bit-Vector-Based Spatial Calculus  [PDF]
Subana Thanasegaran, Yi Yin, Yuichiro Tateiwa, Yoshiaki Katayama, Naohisa Takahashi
Int'l J. of Communications, Network and System Sciences (IJCNS) , 2011, DOI: 10.4236/ijcns.2011.411084
Abstract: Firewalls use packet filtering to either accept or deny packets on the basis of a set of predefined rules called filters. The firewall forms the initial layer of defense and protects the network from unauthorized access. However, maintaining firewall policies is always an error prone task, because the policies are highly complex. Conflict is a misconfiguration that occurs when a packet matches two or more filters. The occurrence of conflicts in a firewall policy makes the filters either redundant or shadowed, and as a result, the network does not reflect the actual configuration of the firewall policy. Hence, it is necessary to detect conflicts to keep the filters meaningful. Even though geometry-based conflict detection provides an exhaustive method for error classification, when the number of filters and headers increases, the demands on memory and computation time increase. To solve these two issues, we make two main contributions. First, we propose a topology-based conflict detection system that computes the topological relationship of the filters to detect the conflicts. Second, we propose a systematic implementation method called BISCAL (a bit-vector-based spatial calculus) to implement the proposed system and remove irrelevant data from the conflict detection computation. We perform a mathematical analysis as well as experimental evaluations and find that the amount of data needed for topology is only one-fourth of that needed for geometry.
Security Policy Management for Systems Employing Role Based Access Control Model  [PDF]
Chao Huang,Jianling Sun,Xinyu Wang,Yuanjie Si
Information Technology Journal , 2009,
Abstract: In this study, we propose the redundancy and inconsistency checking algorithms to support the policy management of systems employing role based access control model. Present method is based on the formal definition of the policy redundancy and policy inconsistency. Via constructing the role graph, we analyze the redundancy and inconsistency one by one. According to the features of each type of redundancy and inconsistency, present algorithm checks all the possible violations and generates the related policy elements to help the security administrator to amend the policy afterwards. The performance test demonstrates that the approach is efficient enough for practical usage. Present approach could guarantee the conciseness as well as consistency of the access control policy, at same time reduce the burden of access control administration significantly.
The national spatial policy
Andrej ?erne,Peter Guli?
Urbani Izziv , 1999,
Abstract: The article presents the context, scheme, purpose and basic elements for spatial policy. The second part presents the spatial policy. Based on the guidelines and determined development conditions, a desired spatial structure is presented, as well as possible objectives and modes for their implementation. Apart from general objectives and modes for achieving the ideal spatial structure, determined in the aims of spatial development, objectives for settlements, infrastructure and landscape are separately set out. The last part of the spatial policy relates to the instruments needed for the implementation of spatial policy objectives.
Validation of access control policies of workflow management system based on model checking
基于模型检测的工作流访问控制策略验证*

CHEN Yan,TANG Cheng-hu,WU Dan,
陈妍
,唐成华,吴丹

计算机应用研究 , 2010,
Abstract: The validity of access control policies seriously affects the safe and stable operation of the workflow management system. To deal with this problem, this paper presented a validation method of access control policies of the workflow management system based on the model checking. On the basis of the establishment of the access control policy model and the task permission state of the subjects of the workflow management system the effectiveness of policies were validated. The experiments show that the algorithm is effective and rational, and provides a new solution to validate the access control polices.
Policy for access: Framing the question  [PDF]
David Allen
Computer Science , 2001,
Abstract: Five years after the '96 Telecommunications Act, we still find precious little local facilities-based competition. In response there are calls in Congress and even from the FCC for new legislation to "free the Bells." However, the same ideology drove policy, not just five years ago, but also almost twenty years back with the first modern push for "freedom," namely divestiture. How might we frame the question of policy for local access to engender a more fruitful approach? The starting point for this analysis is the network--not bits and bytes, but the human network. With the human network as starting point, the unit of analysis is the community--specifically, the individual in a tension with community. There are two core ideas. The first takes a behavioral approach to the economics--and the relative share between beneficial chaos and order, in economic affairs, becomes explicit. If the first main idea provides a conceptual base for open source, the second core idea distinguishes open source from open design, ie at the information 'frontier' we push forward. The resulting policy frame for access is worked out in the detailed, concrete steps of an extended thought experiment. A small town setting (Concord, Massachusetts) grounds the discussion in the real world. The purpose overall is to stimulate new thinking which may break out of the conundrum where periodic rounds to legislate 'freedom' produce the opposite, recursively. The ultimate aim is better fit between our analytically-driven expectations and economic outcomes.
Spatial Spectrum Access Game  [PDF]
Xu Chen,Jianwei Huang
Computer Science , 2014,
Abstract: A key feature of wireless communications is the spatial reuse. However, the spatial aspect is not yet well understood for the purpose of designing efficient spectrum sharing mechanisms. In this paper, we propose a framework of spatial spectrum access games on directed interference graphs, which can model quite general interference relationship with spatial reuse in wireless networks. We show that a pure Nash equilibrium exists for the two classes of games: (1) any spatial spectrum access games on directed acyclic graphs, and (2) any games satisfying the congestion property on directed trees and directed forests. Under mild technical conditions, the spatial spectrum access games with random backoff and Aloha channel contention mechanisms on undirected graphs also have a pure Nash equilibrium. We also quantify the price of anarchy of the spatial spectrum access game. We then propose a distributed learning algorithm, which only utilizes users' local observations to adaptively adjust the spectrum access strategies. We show that the distributed learning algorithm can converge to an approximate mixed-strategy Nash equilibrium for any spatial spectrum access games. Numerical results demonstrate that the distributed learning algorithm achieves up to superior performance improvement over a random access algorithm.
Public Policy and the Politics of Open Access  [cached]
David C. Prosser
Liber Quarterly : The Journal of European Research Libraries , 2007,
Abstract: In the five years since the launch of the Budapest Open Access Initiative in February 2002, one of the most striking developments in the scholarly communications landscape has been the increasing interest taken in open access at a policy level. Today, open access (in the form of both self-archiving and open access journals) is routinely discussed and debated at an institutional-level, within research-funding bodies, nationally, and internationally. The debate has moved out of the library and publisher communities to take a more central place in discussions on the ‘knowledge economy’, return on investment in research, and the nature of e-science. This paper looks at some of the public policy drivers that are impacting on scholarly communications and describes the major policy initiatives that are supporting a move to open access.
Visualization Analysis of Multi-Domain Access Control Policy Integration Based on Tree-Maps and Semantic Substrates  [PDF]
Li Pan, Qian Xu
Intelligent Information Management (IIM) , 2012, DOI: 10.4236/iim.2012.45028
Abstract: The complexity of multi-domain access control policy integration makes it difficult to understand and manage the policy conflict information. The policy information visualization technology can express the logical relation of the complex information intuitively which can effectively improve the management ability of the multi-domain policy integration. Based on the role-based access control model, this paper proposed two policy analyzing methods on the separated domain statistical information of multi-domain policy integration conflicts and the policy element levels of inter-domain and element mapping of cross-domain respectively. In addition, the corresponding visualization tool is developed. We use the tree-maps algorithm to statistically analyze quantity and type of the policy integration conflicts. On that basis, the semantic substrates algorithm is applied to concretely analyze the policy element levels of inter-domain and role and permission mapping of cross-domain. Experimental result shows tree-maps and semantic substrates can effectively analyze the conflicts of multi-domain policy integration and have a good application value.
Page 1 /100
Display every page Item


Home
Copyright © 2008-2017 Open Access Library. All rights reserved.