The increased awareness of the importance of data protection has made access control a relevant component of current data management systems. Moreover, emerging applications and data models call for flexible and expressive access control models. This has led to an extensive research activity that has resulted in the definition of a variety of access control models that differ greatly with respect to the access control policies they support. Thus, the need arises for developing tools for reasoning about the characteristics of these models. These tools should support users in the tasks of model specification, analysis of model properties, and authorization management. For example, they must be able to identify inconsistencies in the model specification and must support the administrator in comparing the expressive power of different models. In this paper, we make a first step in this direction by proposing a formal framework for reasoning about access control models. The framework we propose is based on a logical formalism and is general enough to model discretionary, mandatory, and role-based access control models. Each instance of the proposed framework corresponds to a C-Datalog program, interpreted according to a stable model semantics. In the paper, besides giving the syntax and the formal semantics of our framework, we show some examples of its application. Additionally, we present a number of dimensions along which access control models can be analyzed and compared. For each dimension, we show decidability results and we present some examples of its application.Additional Key Words and Phrases: Access control framework, access control models analysis, logic programming • E. Bertino et al.• 75 constraints, rather than as a pure computational model. By contrast, a logical representation allows one to use a declarative approach for representing access control models and for computing the entailed set of access authorizations. Moreover, a logical approach is better supported than a graph-based approach by a wide variety of techniques and environments for computation.Several languages, tools, and applications exist for both approaches. Among the languages and tools based on a graph representation, we recall PRO-GRES [Ehrig et al. 1999;Schurr 1991], DACTL [Glauert et al. 1991], and AGG [Ehrig et al. 1999;AGG]. Those tools provide graph editors for managing graphs and interpreters for supporting graph transformations. In general, all those tools provide several functions such as the generation and the management of different graph views, of different sections of a given graph, and of different representations of a graph. The interpreter applies rules for graph transformations and, in most cases, the user can choose to activate, either interactively or automatically, these rules. For the logic programming approach, Prolog is the most widely used language and several Prolog implementations have been developed. We recall, among the others: Strawberry Prolog [STRAWBERRY PROLOG], a 32-bit Prolog compiler supporting obje...
This paper describes the architecture and the core specification language of an extensible access control system, called MACS -Multipolicy Access Control System. Several access control models are supported by the proposed system, including the mandatory model, a flexible discretionary model, and RBAC. In addition, by using the core specification language, users can define their own access control models. The language is complemented by a number of tools supporting users in the tasks of model specification and analysis, and authorization management. The proposed system is a multipolicy system in that it allows one to apply different policies to different partitions of the set of objects to be protected. Therefore, different access control policies can co-exist, thus enhancing the flexibility of the system.
Securing access to data in location-based services and mobile applications requires the definition of spatially aware access control systems. Even if some approaches have already been proposed either in the context of geographic database systems or contextaware applications, a comprehensive framework, general and flexible enough to cope with spatial aspects in real mobile applications, is still missing. In this paper, we make one step towards this direction and we present GEO-RBAC, an extension of the RBAC model to deal with spatial and location-based information. In GEO-RBAC, spatial entities are used to model objects, user positions, and geographically bounded roles. Roles are activated based on the position of the user. Besides a physical position, obtained from a given mobile terminal or a cellular phone, users are also assigned a logical and device independent position, representing the feature (the road, the town, the region) in which they are located. To make the model more flexible and re-usable, we also introduce the concept of role schema, specifying the name of the role as well as the type of the role spatial boundary and the granularity of the logical position. We then extend GEO-RBAC to cope with hierarchies, modeling permission, user, and activation inheritance.
Methods for phenotype and outcome prediction are largely based on inductive supervised models that use selected biomarkers to make predictions, without explicitly considering the functional relationships between individuals. We introduce a novel network-based approach named Patient-Net (P-Net) in which biomolecular profiles of patients are modeled in a graph-structured space that represents gene expression relationships between patients. Then a kernel-based semi-supervised transductive algorithm is applied to the graph to explore the overall topology of the graph and to predict the phenotype/clinical outcome of patients. Experimental tests involving several publicly available datasets of patients afflicted with pancreatic, breast, colon and colorectal cancer show that our proposed method is competitive with state-of-the-art supervised and semi-supervised predictive systems. Importantly, P-Net also provides interpretable models that can be easily visualized to gain clues about the relationships between patients, and to formulate hypotheses about their stratification. Phenotype and outcome prediction using sets of selected biomarkers are well-established prediction tasks in the context of computational biology, including different prediction problems ranging from the response to a specific drug 1,2 , diagnosis and prognosis 3-5 , classification of cancer subtypes 6 , outcome and recurrence prediction 7-9 and other related prediction problems 10. State-of-the-art methods for these problems are largely based on inductive supervised models that use sets of selected biomarkers, usually represented as vectors, to predict the phenotype or outcome of interest (see, e.g. 11-13), without taking into account the relationships between individuals. Several works proposed "network-based" methods by constructing graphs of patients, in order to discover the underlying structure of the data (e.g. discovery of subtypes of diseases, clinical stratification of patients) 14-17. These methods mainly used unsupervised approaches and hence have been not specifically designed and are not appropriate for phenotype/outcome prediction problems. Recently a few works proposed semi-supervised "network-based" approaches for the prediction of the phenotype/outcome of patients, on the basis of their bio-molecular profiles (e.g. gene expression of genotypic profiles) 18,19 , including also methods able to integrate multiple sources of omics data 20 , and methods based on Supervised Random Walks 21 , specifically modified for the classification of tumors 22. In this work, we introduce a novel network-based method for modeling in the "patient space". In this context the nodes of the network represent patients through an n-dimensional set of biomarker values (e.g. a set of gene expression values), and edges represent similarities between the biomarkers of a pair of patients. Hence, this "patient-space" differs from the classical "biomarker-space", where nodes represent biomarkers and edges similarities between biomarkers and not between patients 23,24...
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.