Change search
Refine search result
1 - 9 of 9
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Rows per page
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sort
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
Select
The maximal number of hits you can export is 250. When you want to export more records please use the Create feeds function.
  • 1. Alqatawna, Ja´far
    et al.
    Rissanen, Erik
    RISE, Swedish ICT, SICS.
    Sadighi, Babak
    RISE, Swedish ICT, SICS.
    Overriding of Access Control in XACML2007In: Proceedings of the Eighth IEEE International Workshop on Policies for Distributed Systems and Networks, 2007, 1, , p. 9Conference paper (Refereed)
    Abstract [en]

    Most access control mechanisms focus on how to define the rights of users in a precise way to prevent any violation of the access control policy of an organization. However, in many cases it is hard to predefine all access needs, or even to express them in machine readable form. One example of such a situation is an emergency case which may not be predictable and would be hard to express as a machine readable condition. Discretionary overriding of access control is one way for handling such hard to define and unanticipated situations where availability is critical. The override mechanism gives the subject of the access control policy the possibility to override a denied decision, and if the subject should confirm the override, the access will be logged for special auditing. XACML, the eXtensible Access Control Markup Language, provides a standardized access control policy language for expressing access control policies. This paper introduces a discretionary overriding mechanism in XACML. We do so by means of XACML obligations and also define a general obligation combining mechanism.

  • 2.
    Rissanen, Erik
    RISE, Swedish ICT, SICS.
    Server based application level authorisation for rotor2003In: IEE Proceedings - Software, ISSN 1462-5970, E-ISSN 1463-9831, Vol. 150, no 5, p. 5p. 291-295Article in journal (Refereed)
    Abstract [en]

    Delegent is an authorisation server developed to provide a single centralised policy repository for multiple applications with support for decentralised administration by means of delegation. The author investigates how to integrate Delegent with the Rotor implementation of the .NET framework and compare the features of Delegent with those of the existing application level authorisation models of .NET. The author concludes that Delegent offers help for application developers and a decentralised administration model, which are not available in standard .NET, and that the .NET model is well suited to be extended to use an authorisation server.

  • 3.
    Rissanen, Erik
    RISE, Swedish ICT, SICS.
    Server based application level authorization for rotor2003In: IEE Proceedings - Software, ISSN 1462-5970, E-ISSN 1463-9831, Vol. 150, no 5Article in journal (Refereed)
    Abstract [en]

    Delegent is an authorization server developed to provide a single centralized policy repository for multiple applications with support for decentralized administration by means of delegation. We investigate how to integrate Delegent with the Rotor implementation of the .NET framework and compare the features of Delegent with those of the existing application level authorization models of .NET. We conclude that Delegent offers help for application developers and a decentralized administration model, that are not available in standard .NET, and that the .NET model is well suited to be extended to use an authorization server.

  • 4.
    Rissanen, Erik
    et al.
    RISE, Swedish ICT, SICS.
    Sadighi, Babak
    RISE, Swedish ICT, SICS.
    Sergot, Marek
    Discretionary overriding of access control in the privilege calculus2005In: Formal Aspects in Security and Trust: IFIP TC1 WG1.7 Workshop on Formal Aspects in Security and Trust (FAST), World Computer Congress, August 22-27, 2004, Springer , 2005, , p. 246p. 219-232Chapter in book (Refereed)
  • 5.
    Rissanen, Erik
    et al.
    RISE, Swedish ICT, SICS.
    Sadighi, Babak
    RISE, Swedish ICT, SICS.
    Sergot, Marek
    Towards a mechanism for discretionary overriding of access control: position paper2004In: Proceedings of the twelfth international workshop on security protocols, 2004, 1, , p. 9Conference paper (Refereed)
  • 6.
    Sadighi, Babak
    et al.
    RISE, Swedish ICT, SICS.
    Olsson, Olle
    RISE, Swedish ICT, SICS, Computer Systems Laboratory.
    Rissanen, Erik
    RISE, Swedish ICT, SICS.
    Managing authorisations in dynamic coalitions2003Conference paper (Refereed)
    Abstract [en]

    In this position paper we highlight issues concerning management of authorisation in coalitions. We identify two main issues related to the administration of authorisations in dynamic coalitions. The first issue concerns /decentralisation of administration/, and we show how an existing framework developed at SICS addresses this issue. The second issue concerns /decentralisation of enforcement/ of authorisation and we describe a new approach to address this issue by extending the current access control models with the notion of entitlement. The idea is that both authorisations and entitlements are specified in access contracts that coalition partners agree upon. These contracts can be used for automating access decision making by those controlling access to coalition resources.

  • 7.
    Seitz, Ludwig
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Rissanen, Erik
    RISE, Swedish ICT, SICS.
    NETCONF access control profile for XACML2008Report (Other academic)
    Abstract [en]

    The NETCONF remote network configuration protocol currently lacks an access control model. The need for such a model has been recognised within the NETCONF working group. The eXtended Access Control Markup Language (XACML) is an XML-based access control standard, with widespread acceptance from the industry and good open-source support. This document proposes a profile that defines how to use XACML to provide fine-grain access control for NETCONF commands.

  • 8. Seitz, Ludwig
    et al.
    Rissanen, Erik
    RISE, Swedish ICT, SICS.
    Sadighi, Babak
    RISE, Swedish ICT, SICS.
    A Classification of Delegation Schemes for Attribute Authority2007In: Formal Aspects in Security and Trust, Springer , 2007, 1, p. 158-169Chapter in book (Refereed)
    Abstract [en]

    Recently assertions have been explored as a generalisation of certificates within access control. Assertions are used to link arbitrary attributes (e.g. roles, security clearances) to arbitrary entities (e.g. users, resources). These attributes can then be used as identifiers in access control policies to refer to groups of users or resources. In many applications attribute management does not happen within the access control system. External entities manage attribute assignments and issue assertions that are then used in the access control system. Some approaches also allow for the delegation of attribute authority, in order to spread the administrative workload. In such systems the consumers of attribute assertions issued by a delegated authority need a delegation verification scheme. In this article we propose a classification for schemes that allow to verify delegated authority, with a focus on attribute assertion. Using our classification, one can deduce some advantages and drawbacks of different approaches to delegated attribute assertion. This work was carried out during the tenure of an ERCIM “Alain Bensoussan” Fellowship Programme.

  • 9. Seitz, Ludwig
    et al.
    Rissanen, Erik
    RISE, Swedish ICT, SICS.
    Sandholm, Toumas
    Sadighi, Babak
    RISE, Swedish ICT, SICS.
    Mulmo, Olle
    Policy Administration Control and Delegation using XACML and Delegent2005Conference paper (Refereed)
    Abstract [en]

    In this paper we present a system permitting controlled policy administration and delegation using the XACML access control system. The need for these capabilities stems from the use of XACML in the SweGrid Accounting System, which is used to enforce resource allocations to Swedish research projects. Our solution uses a second access control system Delegent, which has powerful delegation capabilities. We have implemented limited XML access control in Delegent, in order to supervise modifications of the XML-encoded XACML policies. This allows us to use the delegation capabilities of Delegent together with the expressive access level permissions of XACML.

1 - 9 of 9
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.35.8