Systematic control and management of data integrity

Byun, Ji-Won; Sohn, Yonglak; Bertino, Elisa

doi:10.1145/1133058.1133074

Cited by 9 publications

(7 citation statements)

References 18 publications

(24 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In some delegation models, delegation is managed by the delegator him/herself. Through a survey of the literature, [2] define a set of data integrity requirements; control of information-flow, data verification, prevention of fraud and error, and autonomous data validation. With these requirements in mind, they present the design of architecture for data integrity control systems.…”

Section: Introductionmentioning

confidence: 99%

“…While Algorithm 3 and 4 gives revocation procedure of delegation by the delegator and using time out respectively. PBDM WITH CWSP (first step Delegation)Input:[1] Delegation request (u, r) URA[2] user u create tdr from set of regular role RR[3] p P э p is the permission set of tdr own(u)Output:True, if the delegation is successful False, if the delegation failedBeginStep 1:tdr own (u) and delegatee information are send to Delegation Constraint Judgment for processingStep 2: for USER_O(r) = {u| where r RR and u U then (u, r) URA}.If (u, r, u') can-delegate /* u delegator and u' be delegate*/Step 3: Return True Else Step 4: Return False End ALGORITHM 2: for Multi-step delegation Input: [1] a delegation request (u, tdr) UDA [2] u create tdr from set of regular role TDR [3] p P э p is the permission set of tdr own(u) Output: True, if delegation is successful False, if delegation failed Begin Step 1: tdr own (u) and delegatee information are send to Delegation Constraint Judgment for processing Step 2: USER_D (tdr) = {u| where tdr TDR and u U then (u, tdr) UDAn}. If (u, tdr, u') can-furtherdelegate/* u delegator and u' be delegate*/ Step 3: Return True Else Step 4: Return False End 3.2.5 Architectural and Web Design of PBDM with CWSP The figure 3 below shows how permission roles are delegated from the delegator user1 on system1 to delegatee according to the following 3 phases.…”

mentioning

confidence: 99%

See 1 more Smart Citation

Toward a Secured Multi-Step Permission Based Delegation Model with Chinese Wall Security Policy

Ikuomola¹

2019

AIMS Research Journal Publication

View full text Add to dashboard Cite

The Chinese Wall Security Policy (CWSP) model is one of the access control models, which aims to prevent sensitive information concerning a company being disclosed to competitor companies through the work of financial consultants. PBDM is a flexible delegation model that supports multi-step delegation and revocation in role and permission level. This model uses the can-delegate relation with prerequisite condition to restrict delegates and adds new types of roles and permissions to address permission level delegation requirement. A multi-step or multiple permission based delegation with Chinese wall security policy is a kind of delegation that satisfies Chinese wall security policy (CWSP) as a delegation constraint. This work discusses on how multiple permissions can be delegated with the restriction of CWSP. Firstly, a secure model and algorithm was defined for multiple delegation and revocation of permissions based on the strong CWSP constraint. Secondly, different types of revocation were discussed and finally implementation was done by developing a web based application using PHP that can be used in a commercial world such as an investment or financial house where there exist a conflict of interest and where delegations of permissions in multiple steps are necessary.

show abstract

Section: Introductionmentioning

confidence: 99%

mentioning

confidence: 99%

Toward a Secured Multi-Step Permission Based Delegation Model with Chinese Wall Security Policy

Ikuomola¹

2019

AIMS Research Journal Publication

View full text Add to dashboard Cite

show abstract

“…to access to certain parts of wiki documents. Particularly, this function is essential if data integrity [4] is necessary against some attacks, e.g., scripted attacks or vandalism from malicious users.…”

Section: Introductionmentioning

confidence: 99%

Annotations on access controls in wikis

Fuchimoto

Aritsugi

2011

Proceedings of the 13th International Conference on Information Integration and Web-Based Applications and Services

View full text Add to dashboard Cite

In this paper, we propose a system which allows users to attach annotations to access controls in wikis. When managing documents in wikis, they need to have access controls for preventing the documents from being accessed inappropriately. The access controls are usually modified dynamically according to changes of needs on wiki documents. It is generally difficult to keep access controls consistent beyond the modifications. Annotations are introduced in this paper for this problem. We focus on a situation where a set of access controls that was supposed to be stable is recovered using backups, discuss contradictions between access controls potentially occurred in the situation, and propose what kind of annotations will help solve the contradictions.

show abstract

“…In [8], a rule-based framework is proposed for role-based delegation and revocation. In [9], systematic control and management architecture of data integrity based on metadata management is shown.…”

Section: Roles Prms Pamentioning

confidence: 99%

“…However, it is hard to say a particular model fits given requirements with admissible costs, because there is not an established way of comparing RBAC extensions in terms of safety and cost effectiveness. Extended RBAC models have been compared with existing ones by qualitative analysis or by evaluation on a particular implementation [9]. In this paper, we propose a systematic and qualitative risk evaluation method for RBAC models, consisting of the following elements: (1) Common fault trees [14] [15] are constructed based on the core functions of RBAC, augmented with functions for enterprise-level RBAC, and risk events obtained from past accidents and incidents [11][12]13].…”

Section: Introductionmentioning

confidence: 99%

Extending RBAC for Large Enterprises and Its Quantitative Risk Evaluation

Kondo

Iwaihara

Yoshikawa

et al.

Towards Sustainable Society on Ubiquitous Networks

View full text Add to dashboard Cite

Abstract. Systems and security products based on the RBAC model have been widely introduced to enterprises. Especially, the demands on enforcement of enterprise-level security policies and total identity management are rapidly growing. The RBAC model needs to be extended to deal with various circumstances of large enterprises, such as geographical distribution and heterogeneous environments including physical access control. In this paper, we introduce a new RBAC model, suitable for single sign-on systems. This model optimizes evaluation of rule-based RBAC so that total operation costs and productivity can be improved.Furthermore, to select most cost-effective RBAC extensions for enterprise-wide requirements, we propose a quantitative risk evaluation method based on fault trees. We construct fault trees having security violation and productivity loss as top events, and RBAC standard functions and security incidents as basic events. Probabilities of the top events are computed for given RBAC models and operation environments. We apply this method to a real enterprise system using the above RBAC extension and the proposed model realizes more safety and productivity over the base model. Please use the following format when citing this chapter:

show abstract

Systematic control and management of data integrity

Cited by 9 publications

References 18 publications

Toward a Secured Multi-Step Permission Based Delegation Model with Chinese Wall Security Policy

Toward a Secured Multi-Step Permission Based Delegation Model with Chinese Wall Security Policy

Annotations on access controls in wikis

Extending RBAC for Large Enterprises and Its Quantitative Risk Evaluation

Contact Info

Product

Resources

About