EnglishSvenskaNorsk
Ändra sökning
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Decentralised Privilege Management for Access Control
RISE., Swedish ICT, SICS.ORCID-id: 0000-0003-0231-8015
2005 (Engelska)Doktorsavhandling, monografi (Övrigt vetenskapligt)
Abstract [en]

The Internet and the more recent technologies such as web services, grid computing, utility computing and peer-to-peer computing have created possibilities for very dynamic collaborations and business transactions where information and computational resources may be accessed and shared among autonomous and administratively independent organisations. In these types of collaborations, there is no single authority who can define access policies for all the shared resources. More sophisticated mechanisms are needed to enable flexible administration and enforcement of access policies. The challenge is to develop mechanisms that preserve a high level of control on the administration and the enforcement of policies, whilst supporting the required administrative flexibility. We introduce two new frameworks to address this issue. In the first part of the thesis we develop a formal framework and an associated calculus for delegation of administrative authority, within and across organisational boundaries, with possibilities to define various restrictions on their propagation and revocation. The extended version of the framework allows reasoning with named groups of users, objects, and actions, and a specific subsumes relation between these groups. We also extend current discretionary access control models with the concept of ability, as a way of specifying when a user is able to perform an action even though not permitted to do so. This feature allows us to model detective access control (unauthorised accesses are logged for post-validation resulting in recovery and/or punitive actions) in addition to traditional preventative access control (providing mechanisms that guarantee no unauthorised access can take place). Detective access control is useful when prevention is either physically or economically impossible, or simply undesirable for one reason or another. In the second part of the thesis, we develop a formal framework for contractualbased access control to shared resources among independent organisations. We introduce the notion of entitlement in the context of access control models as an access permission supported by an obligation agreed in a contract between the access requester and the resource provider. The framework allows us to represent the obligations in a contract in structured way and to reason about their fulfilments and violations.
Ort, förlag, år, upplaga, sidor
2005, 2.
Serie
SICS dissertation series, ISSN 1101-1335
Nationell ämneskategori
Data- och informationsvetenskap
Identifikatorer
URN: urn:nbn:se:ri:diva-21293OAI: oai:DiVA.org:ri-21293DiVA, id: diva2:1041327
Tillgänglig från: 2016-10-31 Skapad: 2016-10-31 Senast uppdaterad: 2025-09-23Bibliografiskt granskad

Open Access i DiVA

Fulltext saknas i DiVA

Person

Sadighi, Babak

Sök vidare i DiVA

Av författaren/redaktören
Sadighi, Babak
Av organisationen
SICS
Data- och informationsvetenskap

Sök vidare utanför DiVA

GoogleGoogle Scholar

urn-nbn

Altmetricpoäng

urn-nbn
Totalt: 183 träffar
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
v. 2.47.0
|
WCAG