Martinelli et al., 2016 - Google Patents
Enforcement of U-XACML history-based usage control policyMartinelli et al., 2016
View PDF- Document ID
- 18165188161459841948
- Author
- Martinelli F
- Matteucci I
- Mori P
- Saracino A
- Publication year
- Publication venue
- International Workshop on Security and Trust Management
External Links
Snippet
Usage Control policies have been introduced to overcome issues related to the usage of resources. Indeed, a Usage Control policy takes into account attributes of subjects and resources which change over time. Hence, the policy is continuously enforced while an …
- 230000002708 enhancing 0 abstract description 17
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2145—Inheriting rights or properties, e.g., propagation of permissions or restrictions within a hierarchy
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2149—Restricted operating environment
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2105—Dual mode as a secondary aspect
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2101—Auditing as a secondary aspect
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Kacsuk | Science gateways for distributed computing infrastructures | |
| Nguyen et al. | Adopting provenance-based access control in OpenStack cloud IaaS | |
| CN113824764A (en) | A Robotic Process Automation System and Operation Method Based on Cloud Native Architecture | |
| Compagna et al. | Business process compliance via security validation as a service | |
| Hariri et al. | UCON+: comprehensive model, architecture and implementation for usage control and continuous authorization | |
| Dalpiaz et al. | Security requirements engineering via commitments | |
| Martinelli et al. | Enforcement of U-XACML history-based usage control policy | |
| Jung et al. | Enhancing Cloud Security with Context-aware Usage Control Policies. | |
| Wei et al. | Enhance OpenStack Access Control via Policy Enforcement Based on XACML | |
| Compagna et al. | Cerberus: Automated synthesis of enforcement mechanisms for security-sensitive business processes | |
| Lins et al. | Automation of service-based security-aware business processes in the Cloud | |
| Fuchs et al. | Supporting compliant and secure user handling-a structured approach for in-house identity management | |
| Anupa et al. | Cloud workflow and security: A survey | |
| Zimmermann et al. | Deployment enforcement rules for TOSCA-based applications | |
| El Kateb et al. | Towards a full support of obligations in xacml | |
| Camilleri | Data security in cloud-centric multi-tenant databases | |
| Nguyen | Provenance-based access control models | |
| Iyer et al. | Hybrid Cloud Security Patterns | |
| Alcañiz et al. | Security in legacy systems migration to the cloud: A systematic mapping study | |
| Yeluri et al. | Boundary control in the cloud: geo-tagging and asset tagging | |
| Morelli et al. | Assisted authoring, analysis and enforcement of access control policies in the cloud | |
| Dwivedi | Ontology-based modelling of extended web service secure conversation pattern | |
| Poniszewska-Maranda | Implementation of access control model for distributed information systems using usage control | |
| Kongsgård et al. | Policy-based labelling: A flexible framework for trusted data labelling | |
| Bijon | Constraints for attribute based access control with application in cloud IaaS |