Creating objects in the flexible authorization framework

N. Zannone; S. Jajodia; D. Wijesekera

doi:10.1007/11805588_1

Creating objects in the flexible authorization framework

N. Zannone, S. Jajodia, D. Wijesekera

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

1 Citation (Scopus)

Abstract

Access control is a crucial concern to build secure IT systems and, more specifically, to protect the confidentiality of information. However, access control is necessary, but not sufficient. Actually, IT systems can manipulate data to provide services to users. The results of a data processing may disclose information concerning the objects used in the data processing itself. Therefore, the control of information flow results fundamental to guarantee data protection. In the last years many information flow control models have been proposed. However, these frameworks mainly focus on the detection and prevention of improper information leaks and do not provide support for the dynamical creation of new objects.

In this paper we extend our previous work to automatically support the dynamical creation of objects by verifying the conditions under which objects can be created and automatically associating an access control policy to them. Moreover, our proposal includes mechanisms tailored to control the usage of information once it has been accessed.

Original language	English
Title of host publication	Data and Applications Security XX (20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Sophia Antipolis, France, July 31-August 2, 2006, Proceedings)
Editors	Ernesto Damiani, Peng Liu
Place of Publication	Berlin
Publisher	Springer
Chapter	1
Pages	1-14
Number of pages	14
ISBN (Electronic)	978-3-540-36799-4
ISBN (Print)	3-540-36796-9, 978-3-540-36796-3
DOIs	https://doi.org/10.1007/11805588_1
Publication status	Published - 2006

Publication series

Name	Lecture Notes in Computer Science (LNCS)
Volume	4127
ISSN (Print)	0302-9743

Access to Document

10.1007/11805588_1

Cite this

Zannone, N., Jajodia, S., & Wijesekera, D. (2006). Creating objects in the flexible authorization framework. In E. Damiani, & P. Liu (Eds.), Data and Applications Security XX (20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Sophia Antipolis, France, July 31-August 2, 2006, Proceedings) (pp. 1-14). (Lecture Notes in Computer Science (LNCS); Vol. 4127). Springer. https://doi.org/10.1007/11805588_1

Zannone, N. ; Jajodia, S. ; Wijesekera, D. / Creating objects in the flexible authorization framework. Data and Applications Security XX (20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Sophia Antipolis, France, July 31-August 2, 2006, Proceedings). editor / Ernesto Damiani ; Peng Liu. Berlin : Springer, 2006. pp. 1-14 (Lecture Notes in Computer Science (LNCS)).

@inproceedings{d5f20f3d0f774cbeb2374ce1d2f31ec0,

title = "Creating objects in the flexible authorization framework",

abstract = "Access control is a crucial concern to build secure IT systems and, more specifically, to protect the confidentiality of information. However, access control is necessary, but not sufficient. Actually, IT systems can manipulate data to provide services to users. The results of a data processing may disclose information concerning the objects used in the data processing itself. Therefore, the control of information flow results fundamental to guarantee data protection. In the last years many information flow control models have been proposed. However, these frameworks mainly focus on the detection and prevention of improper information leaks and do not provide support for the dynamical creation of new objects.In this paper we extend our previous work to automatically support the dynamical creation of objects by verifying the conditions under which objects can be created and automatically associating an access control policy to them. Moreover, our proposal includes mechanisms tailored to control the usage of information once it has been accessed.",

author = "N. Zannone and S. Jajodia and D. Wijesekera",

year = "2006",

doi = "10.1007/11805588_1",

language = "English",

isbn = "3-540-36796-9",

series = "Lecture Notes in Computer Science (LNCS)",

publisher = "Springer",

pages = "1--14",

editor = "Ernesto Damiani and Peng Liu",

booktitle = "Data and Applications Security XX (20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Sophia Antipolis, France, July 31-August 2, 2006, Proceedings)",

address = "Germany",

}

Zannone, N, Jajodia, S & Wijesekera, D 2006, Creating objects in the flexible authorization framework. in E Damiani & P Liu (eds), Data and Applications Security XX (20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Sophia Antipolis, France, July 31-August 2, 2006, Proceedings). Lecture Notes in Computer Science (LNCS), vol. 4127, Springer, Berlin, pp. 1-14. https://doi.org/10.1007/11805588_1

Creating objects in the flexible authorization framework. / Zannone, N.; Jajodia, S.; Wijesekera, D.
Data and Applications Security XX (20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Sophia Antipolis, France, July 31-August 2, 2006, Proceedings). ed. / Ernesto Damiani; Peng Liu. Berlin: Springer, 2006. p. 1-14 (Lecture Notes in Computer Science (LNCS); Vol. 4127).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Creating objects in the flexible authorization framework

AU - Zannone, N.

AU - Jajodia, S.

AU - Wijesekera, D.

PY - 2006

Y1 - 2006

N2 - Access control is a crucial concern to build secure IT systems and, more specifically, to protect the confidentiality of information. However, access control is necessary, but not sufficient. Actually, IT systems can manipulate data to provide services to users. The results of a data processing may disclose information concerning the objects used in the data processing itself. Therefore, the control of information flow results fundamental to guarantee data protection. In the last years many information flow control models have been proposed. However, these frameworks mainly focus on the detection and prevention of improper information leaks and do not provide support for the dynamical creation of new objects.In this paper we extend our previous work to automatically support the dynamical creation of objects by verifying the conditions under which objects can be created and automatically associating an access control policy to them. Moreover, our proposal includes mechanisms tailored to control the usage of information once it has been accessed.

AB - Access control is a crucial concern to build secure IT systems and, more specifically, to protect the confidentiality of information. However, access control is necessary, but not sufficient. Actually, IT systems can manipulate data to provide services to users. The results of a data processing may disclose information concerning the objects used in the data processing itself. Therefore, the control of information flow results fundamental to guarantee data protection. In the last years many information flow control models have been proposed. However, these frameworks mainly focus on the detection and prevention of improper information leaks and do not provide support for the dynamical creation of new objects.In this paper we extend our previous work to automatically support the dynamical creation of objects by verifying the conditions under which objects can be created and automatically associating an access control policy to them. Moreover, our proposal includes mechanisms tailored to control the usage of information once it has been accessed.

U2 - 10.1007/11805588_1

DO - 10.1007/11805588_1

M3 - Conference contribution

SN - 3-540-36796-9

SN - 978-3-540-36796-3

T3 - Lecture Notes in Computer Science (LNCS)

SP - 1

EP - 14

BT - Data and Applications Security XX (20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Sophia Antipolis, France, July 31-August 2, 2006, Proceedings)

A2 - Damiani, Ernesto

A2 - Liu, Peng

PB - Springer

CY - Berlin

ER -

Zannone N, Jajodia S, Wijesekera D. Creating objects in the flexible authorization framework. In Damiani E, Liu P, editors, Data and Applications Security XX (20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Sophia Antipolis, France, July 31-August 2, 2006, Proceedings). Berlin: Springer. 2006. p. 1-14. (Lecture Notes in Computer Science (LNCS)). doi: 10.1007/11805588_1

Creating objects in the flexible authorization framework

Abstract

Publication series

Access to Document

Fingerprint

Cite this