{"title":"Editorial SACMAT 2007","authors":"B. Thuraisingham","doi":"10.1145/1805974.1805979","DOIUrl":null,"url":null,"abstract":"This special issue consists of enhanced versions of five of the articles presented at the ACM Symposium on Access Control Models and Technologies (SACMAT) held in Sophia Antipolis, France, in June 2007. SACMAT has become the premier forum for presentation of research results and experience reports on leading edge issues of access control including models, systems, applications, and theory. The mission of the symposium is to share novel access control solutions that fulfill the needs of heterogeneous applications and environments as well as to identify new directions for future research and development. The article “Privacy-aware Role-Based Access Control” by Q. Ni, E. Bertino, J. Lobo, C. Brodie, C.-M. Karat, J. Karat, and A. Trombetta extends the popular role-based access control model with complex and realistic privacy policies. The article describes the security model as well as the design and implementation of a system based on this privacy-aware role-based access control also known as P-RBAC. The authors also compare and contrast their system with those based on other privacy models including P3P, EPAL, and XACML. The article “On the Consistency of Distributed Proofs with Hidden Subtrees” by A. Lee, K. Minami, and M. Winslett describes a mechanism for distributed proofs appropriate for pervasive systems. The authors show that consistency constraints may be enforced in a proof system where the complete proofs are not available to the queriers. They also present their performance results that show that the overhead is modest. The article “A Logical Specification and Analysis for SELinux MLS Policy” by B. Hicks, S. Rueda, L. St. Clair, T. Jaeger, and P. McDaniel states that the SELinux multilevel security policy is difficult to verify due to its richness. They then describe a logic-based specification and implementation of this specification in Prolog. They also develop some analyses to test the properties of a policy. In the article “The Role Mining Problem: A Formal Perspective” by J. Vaidya, V. Atluri, and Q. Guo, the authors define the Role Mining Problem as the problem of discovering an optimal set of roles from existing user permissions. The article analyzes the theoretical bounds of the Role Mining Problem and shows the reducibility of this problem to several problems already identified in the data mining and data analysis literature. Subsequently, the authors borrow the existing implementation solutions that guide their research. The article “A Framework to Enforce Access Control Over Data Streams” by B. Carminati, E. Ferrari, and K. L. Tan describes an access control model for data streams. The authors specify a secure algebra for data stream query processing and describe the design of a system for access control enforcement.","PeriodicalId":50912,"journal":{"name":"ACM Transactions on Information and System Security","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2010-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Information and System Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1805974.1805979","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q","JCRName":"Engineering","Score":null,"Total":0}
引用次数: 2
摘要
本期特刊包括2007年6月在法国索菲亚安提波利斯举行的ACM访问控制模型和技术研讨会(SACMAT)上发表的五篇文章的增强版本。SACMAT已成为介绍访问控制前沿问题的研究成果和经验报告的主要论坛,包括模型、系统、应用和理论。研讨会的任务是分享新的访问控制解决方案,以满足异构应用和环境的需求,并确定未来研究和发展的新方向。本文“基于隐私的基于角色的访问控制”,作者:Q. Ni, E. Bertino, J. Lobo, C. Brodie, C. m。Karat, J. Karat和A. Trombetta用复杂和现实的隐私策略扩展了流行的基于角色的访问控制模型。本文描述了安全模型以及基于这种隐私感知的基于角色的访问控制(也称为P-RBAC)的系统的设计和实现。作者还将他们的系统与基于其他隐私模型(包括P3P、EPAL和XACML)的系统进行了比较和对比。由a . Lee、K. Minami和M. Winslett撰写的文章“关于带有隐藏子树的分布式证明的一致性”描述了一种适用于普及系统的分布式证明机制。作者表明,在查询者无法获得完整证明的证明系统中,一致性约束可以被强制执行。他们还展示了性能结果,表明开销是适度的。由B. Hicks、S. Rueda、L. St. Clair、T. Jaeger和P. McDaniel撰写的文章“SELinux MLS策略的逻辑规范和分析”指出,SELinux多级安全策略由于其丰富而难以验证。然后,他们在Prolog中描述基于逻辑的规范和该规范的实现。他们还开发了一些分析来测试策略的属性。在J. Vaidya、V. Atluri和Q. Guo的文章“角色挖掘问题:一个正式的视角”中,作者将角色挖掘问题定义为从现有用户权限中发现最优角色集的问题。本文分析了角色挖掘问题的理论边界,并展示了该问题可简化为数据挖掘和数据分析文献中已经发现的几个问题。随后,作者借用了现有的实现解决方案来指导他们的研究。B. Carminati、E. Ferrari和K. L. Tan撰写的文章“对数据流实施访问控制的框架”描述了数据流的访问控制模型。作者指定了一个用于数据流查询处理的安全代数,并描述了一个访问控制执行系统的设计。
This special issue consists of enhanced versions of five of the articles presented at the ACM Symposium on Access Control Models and Technologies (SACMAT) held in Sophia Antipolis, France, in June 2007. SACMAT has become the premier forum for presentation of research results and experience reports on leading edge issues of access control including models, systems, applications, and theory. The mission of the symposium is to share novel access control solutions that fulfill the needs of heterogeneous applications and environments as well as to identify new directions for future research and development. The article “Privacy-aware Role-Based Access Control” by Q. Ni, E. Bertino, J. Lobo, C. Brodie, C.-M. Karat, J. Karat, and A. Trombetta extends the popular role-based access control model with complex and realistic privacy policies. The article describes the security model as well as the design and implementation of a system based on this privacy-aware role-based access control also known as P-RBAC. The authors also compare and contrast their system with those based on other privacy models including P3P, EPAL, and XACML. The article “On the Consistency of Distributed Proofs with Hidden Subtrees” by A. Lee, K. Minami, and M. Winslett describes a mechanism for distributed proofs appropriate for pervasive systems. The authors show that consistency constraints may be enforced in a proof system where the complete proofs are not available to the queriers. They also present their performance results that show that the overhead is modest. The article “A Logical Specification and Analysis for SELinux MLS Policy” by B. Hicks, S. Rueda, L. St. Clair, T. Jaeger, and P. McDaniel states that the SELinux multilevel security policy is difficult to verify due to its richness. They then describe a logic-based specification and implementation of this specification in Prolog. They also develop some analyses to test the properties of a policy. In the article “The Role Mining Problem: A Formal Perspective” by J. Vaidya, V. Atluri, and Q. Guo, the authors define the Role Mining Problem as the problem of discovering an optimal set of roles from existing user permissions. The article analyzes the theoretical bounds of the Role Mining Problem and shows the reducibility of this problem to several problems already identified in the data mining and data analysis literature. Subsequently, the authors borrow the existing implementation solutions that guide their research. The article “A Framework to Enforce Access Control Over Data Streams” by B. Carminati, E. Ferrari, and K. L. Tan describes an access control model for data streams. The authors specify a secure algebra for data stream query processing and describe the design of a system for access control enforcement.
期刊介绍:
ISSEC is a scholarly, scientific journal that publishes original research papers in all areas of information and system security, including technologies, systems, applications, and policies.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
