Elisa Bertino scite author profile

In recent years, workflow management systems (WFMSs) have gained popularity in both research and commercial sectors. WFMSs are used to coordinate and streamline business processes. Very large WFMSs are often used in organizations with users in the range of several thousands and process instances in the range of tens and thousands. To simplify the complexity of security administration, it is common practice in many businesses to allocate a role for each activity in the process and then assign one or more users to each role—granting an authorization to roles rather than to users. Typically, security policies are expressed as constraints (or rules) on users and roles; separation of duties is a well-known constraint. Unfortunately, current role-based access control models are not adequate to model such constraints. To address this issue we (1) present a language to express both static and dynamic authorization constraints as clauses in a logic program; (2) provide formal notions of constraint consistency; and (3) propose algorithms to check the consistency of constraints and assign users and roles to tasks that constitute the workflow in such a way that no constraints are violated.

show abstract

A generalized temporal role-based access control model

Joshi

Bertino

Latif

et al. 2005

IEEE Trans. Knowl. Data Eng.

500

328

View full text Add to dashboard Cite

Role-based access control (RBAC) models have generated a great interest in the security community as a powerful and generalized approach to security management. In many practical scenarios, users may be restricted to assume roles only at predefined time periods. Furthermore, roles may only be invoked on prespecified intervals of time depending upon when certain actions are permitted. To capture such dynamic aspects of a role, a temporal RBAC (TRBAC) model has been recently proposed. However, the TRBAC model addresses the role enabling constraints only. In this paper, we propose a Generalized Temporal RoleBased Access Control (GTRBAC) model capable of expressing a wider range of temporal constraints. In particular, the model allows expressing periodic as well as duration constraints on roles, user-role assignments, and role-permission assignments. In an interval, activation of a role can further be restricted as a result of numerous activation constraints including cardinality constraints and maximum active duration constraints. The GTRBAC model extends the syntactic structure of the TRBAC model and its event and trigger expressions subsume those of TRBAC. Furthermore, GTRBAC allows expressing role hierarchies and separation of duty (SoD) constraints for specifying fine-grained temporal semantics.

show abstract

State-of-the-art in privacy preserving data mining

et al. 2004

View full text Add to dashboard Cite

We provide here an overview of the new and rapidly emerging research area of privacy preserving data mining. We also propose a classi cation hierarchy that sets the basis for analyzing the work which has been performed in this context. A detailed review of the work accomplished in this area is also given, along with the coordinates of each work to the classi cation hierarchy. A brief evaluation is performed, and some initial conclusions are made.

show abstract

Trbac

Bertino

Bonatti

Ferrari

2001

ACM Trans. Inf. Syst. Secur.

631

292

View full text Add to dashboard Cite

show abstract

Botnets and Internet of Things Security

2017

View full text Add to dashboard Cite

Quality Control in Crowdsourcing Systems: Issues and Directions

Allahbakhsh

Benatallah

Ignjatović

et al. 2013

IEEE Internet Comput.

335

235

View full text Add to dashboard Cite

show abstract

Efficient k-Anonymization Using Clustering Techniques

Kamra²,

et al. 2007

View full text Add to dashboard Cite

Abstract. k-anonymization techniques have been the focus of intense research in the last few years. An important requirement for such techniques is to ensure anonymization of data while at the same time minimizing the information loss resulting from data modifications. In this paper we propose an approach that uses the idea of clustering to minimize information loss and thus ensure good data quality. The key observation here is that data records that are naturally similar to each other should be part of the same equivalence class. We thus formulate a specific clustering problem, referred to as k-member clustering problem. We prove that this problem is NP-hard and present a greedy heuristic, the complexity of which is in O(n 2 ). As part of our approach we develop a suitable metric to estimate the information loss introduced by generalizations, which works for both numeric and categorical data.

show abstract

Preserving User Location Privacy in Mobile Data Management Infrastructures

et al. 2006

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

334 Leonard St

Brooklyn, NY 11211

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Elisa Bertino

The specification and enforcement of authorization constraints in workflow management systems

A generalized temporal role-based access control model

State-of-the-art in privacy preserving data mining

Trbac

Botnets and Internet of Things Security

Quality Control in Crowdsourcing Systems: Issues and Directions

Efficient k-Anonymization Using Clustering Techniques

Preserving User Location Privacy in Mobile Data Management Infrastructures

Contact Info

Product

Resources

About